corben.io

corben.io


infosec write-ups and ramblings

Tags


RCE

Remote Code Execution in AT&T

I was pentesting AT&T to see if I could find a vulnerability (as one does), around 4-5 days after CVE-2017-5638 was released.   Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 are vulnerable to Server-Side Template Injection, which allows attackers to execute commands on any vulne…

Corben Leo Corben Leo