Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit

The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.
Exploit type: 
Vulnerabilty ID: 
CVE-2013-2251
Product Version: 
2013 R1
Released Date: 
Tuesday, August 13, 2013 - 00:00