-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
158 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <module version="4"> | ||
| <component name="FacetManager"> | ||
| <facet __external-system-id="Maven" type="web" name="Web"> | ||
| <facet type="Struts2" name="Struts 2"> | ||
| <configuration> | ||
| <propertiesKeys disabled="false" /> | ||
| </configuration> | ||
| </facet> | ||
| </facet> | ||
| </component> | ||
| </module> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
|
|
||
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <groupId>SimpleStruts</groupId> | ||
| <artifactId>SimpleStruts</artifactId> | ||
| <version>1.0-SNAPSHOT</version> | ||
| <packaging>war</packaging> | ||
|
|
||
| <name>SimpleStruts Maven Webapp</name> | ||
| <!-- FIXME change it to the project's website --> | ||
| <url>http://www.example.com</url> | ||
|
|
||
| <properties> | ||
| <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
| <maven.compiler.source>1.8</maven.compiler.source> | ||
| <maven.compiler.target>1.8</maven.compiler.target> | ||
| </properties> | ||
|
|
||
| <dependencies> | ||
| <dependency> | ||
| <groupId>junit</groupId> | ||
| <artifactId>junit</artifactId> | ||
| <version>4.11</version> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.apache.struts</groupId> | ||
| <artifactId>struts2-core</artifactId> | ||
| <version>2.5.25</version> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>commons-collections</groupId> | ||
| <artifactId>commons-collections</artifactId> | ||
| <version>3.2.2</version> | ||
| </dependency> | ||
| </dependencies> | ||
| <build> | ||
| <finalName>SimpleStruts</finalName> | ||
| <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --> | ||
| <plugins> | ||
| <plugin> | ||
| <artifactId>maven-clean-plugin</artifactId> | ||
| <version>3.1.0</version> | ||
| </plugin> | ||
| <!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --> | ||
| <plugin> | ||
| <artifactId>maven-resources-plugin</artifactId> | ||
| <version>3.0.2</version> | ||
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-compiler-plugin</artifactId> | ||
| <version>3.8.0</version> | ||
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-surefire-plugin</artifactId> | ||
| <version>2.22.1</version> | ||
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-war-plugin</artifactId> | ||
| <version>3.2.2</version> | ||
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-install-plugin</artifactId> | ||
| <version>2.5.2</version> | ||
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-deploy-plugin</artifactId> | ||
| <version>2.8.2</version> | ||
| </plugin> | ||
| </plugins> | ||
| </pluginManagement> | ||
| </build> | ||
| </project> |
17 changes: 17 additions & 0 deletions
17
CVE-2020-17530/src/main/java/org/heptagram/action/IndexAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package org.heptagram.action; | ||
|
|
||
| import com.opensymphony.xwork2.ActionSupport; | ||
| public class IndexAction extends ActionSupport { | ||
|
|
||
| private String id; | ||
|
|
||
| public String getId() { | ||
| return id; | ||
| } | ||
| public void setId(String id) { | ||
| this.id = id; | ||
| } | ||
| public String Test(){ | ||
| return SUCCESS; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| <?xml version="1.0" encoding="UTF-8" ?> | ||
| <!DOCTYPE struts PUBLIC | ||
| "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" | ||
| "http://struts.apache.org/dtds/struts-2.0.dtd"> | ||
| <struts> | ||
|
|
||
| <constant name="struts.devMode" value="false"/> | ||
| <package name="default" namespace="/" extends="struts-default"> | ||
| <default-action-ref name="index"/> | ||
| <action name="S2061" class="org.heptagram.action.IndexAction" method="Test"> | ||
| <result>S2061.jsp</result> | ||
| </action> | ||
| </package> | ||
|
|
||
| </struts> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <%@ page | ||
| language="java" | ||
| contentType="text/html; charset=UTF-8" | ||
| pageEncoding="UTF-8" %> | ||
| <%@ taglib prefix="s" uri="/struts-tags" %> | ||
| <html> | ||
| <head> | ||
| <title>S2061</title> | ||
| </head> | ||
| <body> | ||
| <s:a id="%{id}">SimpleTest</s:a> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| <!DOCTYPE web-app PUBLIC | ||
| "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" | ||
| "http://java.sun.com/dtd/web-app_2_3.dtd" > | ||
|
|
||
| <web-app> | ||
| <display-name>Archetype Created Web Application</display-name> | ||
| <filter> | ||
| <filter-name>struts2</filter-name> | ||
| <filter-class> | ||
| org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter | ||
| </filter-class> | ||
| </filter> | ||
| <filter-mapping> | ||
| <filter-name>struts2</filter-name> | ||
| <url-pattern>/*</url-pattern> | ||
| </filter-mapping> | ||
| </web-app> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| <html> | ||
| <head> | ||
| <title>Hello</title> | ||
| </head> | ||
| <body> | ||
| <h3>Hello World!</h3> | ||
| </body> | ||
| </html> |