Home / os / bsd

Apache Struts 2 Namespace Redirect OGNL Injection

Posted on 08 September 2018

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

 

TOP

Malware :

Exploits :