Secret Retrieving via Expression Language Injection Using Client Side Inference

This page tries to retrieve victim's JSESSIONID using inference against an application vulnerable to Expression Language injection.
See ExpressionLanguage Injection paper for more information.
Attack information:  
Found:  
 
Loading victim server on an iframe just to be sure we have a session.
This page is used for pure demonstration. Use at your own risk!
Authors: Stefano Di Paola and Arshan Dabirsiaghi
Date: September 2011