Secret Retrieving via Expression Language Injection Using Client Side Inference
This page tries to retrieve victim's JSESSIONID using inference against an application vulnerable to
Expression Language injection.
Loading victim server on an iframe just to be sure we have a session.
This page is used for pure demonstration. Use at your own risk!
Authors: Stefano Di Paola and Arshan Dabirsiaghi
Date: September 2011