Newly added security tests, July 26, 2017: CVE-2017-9791 – 10 minute mail

To bring you the most up-to-date security service and help you stay on top of threats, we update Disposable mail on a regular basis. Here are some of the latest security tests added to the tool:

  • CVE-2017-9791 Apache Struts RCE
  • WordPress dsubscriber SQL Injection
  • WordPress wp-hide-security-enhancer LFI
  • SPF-10 module
  • SSL private key disclosure module

Happy scanning!
The Disposable mail Team

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Apache Struts Vulnerabilities | Disposable mail Blog – 10 minute mail

Apache Struts is a well-known development framework for Java-based web applications that is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks.

In this article we will go through the security history of Apache Struts, common Apache Struts security issues and the impact of these vulnerabilities.

Recent history of Apache Struts

Apache Struts have a rough security history with many critical vulnerabilities and because of these, the infamous Equifax hack was made possible as CVE-2017-5638 was mainly used to get hold of million records of creditholders’ data. Apache Struts have not only suffered from OGNL expression injection vulnerabilities, but also deserialization.

Deserialization vulnerabilities

Deserialization is the opposite of serialization; which is converting data structured from one format, and rebuilding it into an object (read more here). JSON and XML are examples of data formats for serializing. Java has a long history of deserialization bugs and Oracle has even said that they have plans to remove it due to the security implications.

OGNL expression injection

Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. These expressions can execute arbitrary Java code.

Searching for this vulnerability in a black box environment is easy, and have the same approach as searching for SSTI vulnerabilities. We can inject OGNL expressions in all user supplied data fields and see if we get any response back indicating that the expression has been handled and executed on the server.

Watch this Proof of Concept video to see how CVE-2o17-9791 can be exploited:

An example of an expression to use could be as simple as:

foobar%{191*7}

where %{191*7}is the expression. The output from this would be 1337. These expressions can of course be something other than just mathematical, but this is a way to easily detect the vulnerability.

How Disposable mail can help

Disposable mail has an ability to test against generic OGNL expression injections in Apache Struts, but also many of the known CVEs. Check your web applications against known Apache Struts vulnerabilities and more. Start your 14-day free trial today.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.