Vulnerabilities (Page 5)

Exploiting Struts RCE on 2.5.26


For some UIBean tags the name field was vulnerable to a double OGNL evaluation when there was no corresponding value field which could lead to remote code execution.


Uninitalized value

An uninitalized “Fast Tracker” in the Window’s HTTP Protocol stack as used by IIS. Despite providing a bit of a crash analysis and a POC the post is missing information about the vulnerability as their primary focus was on building out the exploit.


Untrusted `.git` folder in Parent Directory Enabled Code Execution [CVE-2022-24765]

This one is a bit of a cross-user attack on the same machine, as git when executed in a directory that doesn’t have a .git folder, will traverse upward looking for the .git/ of the repo.The problem is if one accidentally invokes git while not in a repository it’ll look in some potentially untrusted locations as it traverses by defualt all the way to the root of the storage…