Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd) | allinfosecnews.com

April 23, 2024, 1:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Like many similar frameworks and languages, Struts 2 has a “developer mode” (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a “web shell” built into devmode.

Article Link: Struts "devmode": Still a problem ten years later? - SANS Internet Storm Center

1 post - …

aid can console debugging developer end error features frameworks graph java language languages messages mode navigation object ognl problem results struts struts 2

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Feds warn of new Kimsuky phishing attack techniques an hour ago | malware.news

advanced advisory agency apt43 +29

The Impact of Cyber Attacks on the Stock Markets 2 hours ago | malware.news

attacks companies corporate cyber +13

Note to investors and security pros: drive innovation by going on the offensive 2 hours ago | malware.news

article cybersecurity drive innovation +10

New network to target migrant smugglers in the digital domain 3 hours ago | malware.news

alliance april aspect counter +17

New High-Severity Vulnerability in Apache ActiveMQ Poses Risk of Unauthorized Access: CVE-2024-32114 3 hours ago | malware.news

access activemq apache apache activemq +15

My impression of Botconf 2024 4 hours ago | malware.news

analysis botconf channel dotnet +13

Top 10 Free IoC Search & Enrichment Platforms 5 hours ago | malware.news

amp assets attacks breaches +33

ISC Stormcast For Friday, May 3rd, 2024 https://isc.sans.edu/podcastdetail/8966, (Fri, May 3rd) 12 hours ago | malware.news

Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360 15 hours ago | malware.news

article incident incident response link +4

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote

View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US

View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA

View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco

View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com