Full title: Apache Struts 2 Namespace Redirect OGNL Injection Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

# 0day.today @ http://0day.today/