BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
struts2 xsltResult Local code execution vulnerability
Mar 22 2012 08:11AM
voidloafer gmail com
the file:
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/
org/apache/struts2/views/xslt/XSLTResult.java
String pathFromRequest = ServletActionContext.getRequest().getParameter("xslt.location");
path = pathFromRequest;
URL resource = ServletActionContext.getServletContext()....
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/
org/apache/struts2/views/xslt/XSLTResult.java
String pathFromRequest = ServletActionContext.getRequest().getParameter("xslt.location");
path = pathFromRequest;
URL resource = ServletActionContext.getServletContext()....
[ more ]