Is there a way to turn off ognl, so to prevent this exploit? https://github.com/rapid7/metasploit-framework/issues/8064
I found someone trying to break into my server and was able to issue system level commands by injecting this ognl language into the content header of a multipart form. I'm currently using: struts2-core-2.5.2.jar ognl-3.1.10.jar Any help would be appreciated. Thanks... Jim --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
