Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Apache Struts - OGNL Console

By kannthu

Vidoc logoVidoc Module

What is the "Apache Struts - OGNL Console" module?

The "Apache Struts - OGNL Console" module is a test case designed to detect the presence of the OGNL console in Apache Struts. This console allows the evaluation of OGNL expressions that could potentially lead to Remote Command Execution. The module is created by DhiyaneshDK and has an informative severity level.


If the OGNL console is accessible, it poses a significant security risk as it can be exploited to execute remote commands on the server. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.

How does the module work?

The module sends an HTTP GET request to the "/struts/webconsole.html?debug=console" path. It then applies two matching conditions to determine if the OGNL console is present:

    - The response body must contain the phrase "Welcome to the OGNL console!" - The response status code must be 200 (OK)

If both conditions are met, the module reports a vulnerability, indicating that the OGNL console is accessible and poses a potential security risk.




Restrict access to the OGNL console to authorized users only to mitigate the risk of remote command execution.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Welcome to the OGNL console!and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability