Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Does it work without Struts Convention Plugin? #3

Open
yasserzamani opened this issue Aug 25, 2018 · 2 comments
Open

[Question] Does it work without Struts Convention Plugin? #3

yasserzamani opened this issue Aug 25, 2018 · 2 comments

Comments

@yasserzamani
Copy link

Struts showcase does have almost all plugins included. Does your exploit work on a simple hello-world Struts 2 webapp or a webapp like showcase but without Struts Convention Plugin?
@1c3z
Copy link

1c3z commented Aug 27, 2018

namespace value isn't set for a result defined in underlying configurations。

namespace is empty without Struts Convention Plugin。

so, it doesn't work

@yasserzamani
Copy link
Author

Here says:

both of the following conditions should hold: 1) The alwaysSelectFullNamespace flag is set to true in the Struts configuration. Note that this is automatically the case if your application uses the popular Struts Convention plugin.

It seems PoCs works only when alwaysSelectFullNamespace is set to true which is false by default except when user or Struts Convention Plugin set it to true . @jas502n , could you check please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yasserzamani @1c3z