Bypassing OGNL sandboxes for fun and charities

// by @pwntester @githubsecurity

“Object Graph Notation Language ( #OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache #Struts and Atlassian #Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.”

https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/

PoC Exploit Targeting Apache Struts Surfaces on GitHub - Researchers have discovered freely available PoC code and exploit that can be used to attack unpat... https://threatpost.com/poc-exploit-github-apache-struts/158393/ #object-graphnavigationlanguage #apachestrutssecurityteam #proof-of-concept #vulnerabilities #apachestruts2 #cve-2019-0230 #cve-2019-0233 #websecurity #github #hacks #ognl #dos #poc