This module exploits a vulnerability in Apache Struts 2. The specific vulnerability happens when using the "includeParams" attribute in the URL or A tag.