diff --git a/vulnerabilities/struts-dev-mode-ognl-injection.yaml b/vulnerabilities/backdoor/struts2-ognl-backdoor.yaml
similarity index 67%
rename from vulnerabilities/struts-dev-mode-ognl-injection.yaml
rename to vulnerabilities/backdoor/struts2-ognl-backdoor.yaml
index 3e69a94191..59d14f2980 100644
--- a/vulnerabilities/struts-dev-mode-ognl-injection.yaml
+++ b/vulnerabilities/backdoor/struts2-ognl-backdoor.yaml
@@ -1,4 +1,4 @@
-id: struts-dev-mode-ognl-injection
+id: struts2-ognl-backdoor
 
 info:
   name: Apache Struts Dev Mode OGNL Injection
@@ -10,18 +10,23 @@ info:
   metadata:
     verified: true
     shodan-query: html:"Struts Problem Report"
-  tags: apache,struts,ognl,misconfig
+  tags: apache,struts,ognl,misconfig,injection
+
+variables:
+  first: "{{rand_int(1000, 9999)}}"
+  second: "{{rand_int(1000, 9999)}}"
+  result: "{{to_number(first)*to_number(second)}}"
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{7*7}}'
+      - '{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}'
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - '[[49]]'
+          - '{{result}}'
 
       - type: status
         status: