Hello,
My site is being bombarded with requests like this one:
GET/index.action?debug=browser&object=(#[email protected]@DEFAULT_MEMBER_ACCESS)?(#context[#parameters.rpsobj[0]].getWriter().println(#context[#parameters.reqobj[0]].getRealPath(#parameters.pp[0]))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=/&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest
Those request are trying to exploit a vulnerability in the way OGNL expressions are being processed in Struts.
I’m trying to create a firewall rule to block them, without success. I suspect that it is because the code being injected appears as a #fragment part in the url and is not being filtered.
I’m right? Is there any way I can block those requests?
Thank you,
Senen