Full title: Apache Struts ClassLoader Manipulation Remote Code Execution Exploit 
Category: remote exploits
Platform: php
This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.16.2. This issue is caused because the ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation, which allows remote attackers to execute arbitrary Java code via crafted parameters.

# 0day.today @ http://0day.today/