← Back to All Scanners
Injection AttacksCritical Severity

OGNL Injection Scanner

Detects OGNL injection in Struts and other Java frameworks.

Try This Scanner

What is OGNL Injection?

Object-Graph Navigation Language (OGNL) Injection occurs when untrusted input is evaluated as OGNL expressions in Java frameworks, primarily Apache Struts. OGNL is extremely powerful, allowing access to static methods, class loaders, and system commands, making it one of the most dangerous injection types.

Why is This Important?

OGNL Injection has caused some of the most severe breaches in history, including the Equifax breach affecting 147 million people. Struts vulnerabilities like CVE-2017-5638 are actively exploited by attackers. OGNL's power means exploitation almost always leads to complete server compromise.

How It Works

1. Input Discovery

Maps all user input points including forms, headers, cookies, and API parameters for injection testing.

2. Injection Testing

Executes sophisticated injection payloads designed to bypass filters and WAFs while detecting vulnerabilities.

3. Exploitation Validation

Confirms vulnerabilities through safe exploitation, providing proof-of-concept and impact assessment.

Key Capabilities

Advanced injection detection engine combining signature-based and AI-powered analysis for comprehensive coverage.

  • Multi-vector injection testing across all input types
  • WAF and filter bypass techniques built-in
  • Database-specific payload optimization
  • Out-of-band detection for blind vulnerabilities
  • Automated proof-of-concept generation

Frequently Asked Questions

Why is OGNL more dangerous than other expression languages?

OGNL can access static methods, instantiate classes via class loaders, modify security managers, and directly execute system commands. It was designed for flexibility without security considerations. A single injection point typically means full compromise.

What famous attacks used OGNL injection?

The Equifax breach (2017) exploited CVE-2017-5638 in Struts. Other notable Struts OGNL vulnerabilities include CVE-2017-9805 (REST plugin), CVE-2018-11776, and CVE-2020-17530. Each caused widespread exploitation.

How do attackers exploit OGNL?

Attackers inject expressions like #cmd='whoami',#p=new java.lang.ProcessBuilder({'bash','-c',#cmd}),#p.start() into HTTP parameters, headers, or other user input that's processed by OGNL. Struts processes these before reaching the application.

How do I prevent OGNL Injection?

Update Struts to the latest version immediately (critical), avoid using dynamic OGNL evaluation, implement Web Application Firewall rules, migrate away from Struts if possible, monitor for known exploit patterns, and apply security patches within days of release.

Related Scanners

NoSQL Injection - MongoDBCritical
Learn more →
NoSQL Injection - RedisCritical
Learn more →
NoSQL Injection - CouchDBCritical
Learn more →
NoSQL Injection - CassandraCritical
Learn more →

Ready to secure your application?

Start testing for ognl injection vulnerabilities today.

Get Started Free