Full title: Apache Struts Jakarta Multipart Parser OGNL Injection Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

# 0day.today @ http://0day.today/