Full title: Apache Roller OGNL Injection Vulnerability 
Category: remote exploits
Platform: multiple
This Metasploit module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method. This Metasploit module has been tested successfully on Apache Roller 5.0.1 on Ubuntu 10.04.

# 0day.today @ http://0day.today/