Okay so i just woke up and have seen that there is a new 0 day exploit. This exploit affects apache struts 2. Using burp or the python code below we can specially craft the contents of the http header. The attack works because the specially crafted requests throws an error. This error relates the “Content type” part of the header. So what? This vulnerability will allow a malicious attacker to send a request that can perform remote code execution. Therefore an attacker can download some script such as a backdoor and run the backdoor on the server making this a deadly attack. Tutorial:
