This paper discusses a vulnerability class called “Expression Language Injection (EL Injection)”. Although several security researchers have published details in the past, the bug class is still fairly unknown. EL Injection is a serious security threat over the Internet for the various dynamic applications. In today’s world, there is a universal need present for dynamic applications. As the use of dynamic applications for various online services is rising, so is the security threats increasing. This paper defines a methodology for detecting and exploiting EL injection.
You can download it from the following link: https://packetstormsecurity.com/files/download/151464/el-injection.pdf
Source: https://packetstormsecurity.com/files/151464/Remote-Code-Execution-With-EL-Injection-Vulnerabiltiies.html