Full title: Apache Struts Developer Mode OGNL Execution Exploit 
Category: remote exploits
Platform: linux
This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully in Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.

# 0day.today @ http://0day.today/