Collaborate Disseminate
I am trying to exploit a vulnerability in tomcat based on CVE-2020-13935.
I found online this interesting poc https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/
In my case, the tomcat server is exposed through a revers… Continue reading can a tomcat application sitting behind a reverse proxy be exploited
I am new to WampServer related securities. I am basically a cyber-security researcher. I want to know what the problems are if WampServer’s add_vhost.php page is publicly available. It would be helpful if some more relevant information or … Continue reading What are the security issues that can arise due to public access of Apache Wampserver’s add_vhost.php? [closed]
I’m trying to reproduce some of the Tomcat 9.x.x vulnerabilities from this list, in particular the HTTP smuggling vulnerabilities. However, so far I haven’t been able to reproduce any of them. Currently I’m running Tomcat 9.0.0.M1 behind a… Continue reading How to reproduce Tomcat 9.0.0.M1 HTTP smuggling vulnerabilities?
I am practicing initial access & privilege escalation using legacy vulnerabilities, particularly the RCE vulnerability on the Tomcat Manager.
I have been trying to use Nikto to first scan the Tomcat instance for default credentials, bu… Continue reading Using Nikto to scan for default credentials on Tomcat
I have to get rid of so called "weak security" in a Tomcat application.
A penetration test identified services that accept connections with insecure TLS encryption and hashing algorithms: TLS 1.0/1.1,SHA1,CBC
Without being a Tomc… Continue reading Disabling weak cipher suites in Tomcat does not work as expected
I know that Apache Tomcat can communicate with US_ASCII encoding, which gives an interesting vector to XSS, such as:
¼script¾alert(¢XSS¢)¼/script¾
Is there a request syntax that would make other servers possibly vulnerable in the same way… Continue reading XSS by methods of ASCII on servers other than Apache Tomcat
Using auxiliary/scanner/http/tomcat_mgr_login, I get the following reply after run the exploit command: authorization not requested.
I have set rhosts and my test server is listening on rport 80. Can anyone help me out on this?
Continue reading Authorization not requested tomcat_mgr_login [closed]
I’m currently playing with cmd.jsp webshells on a Java webapp in tomcat.
This is the request (sending via burpsuite)
PUT /path/cmd.jsp HTTP/1.1
Host: 69.69.69.69
Content-Length: 579
<%@ page import="java.util.*,java.io.*"… Continue reading cmd.jsp – Tomcat – Understanding HTTP Status Code (302)
We use Tomcat, and version Tomcat 9.0.62 is supposed to fix the spring4shell vuln. To what extent is it the case? Are we safe not to upgrade to the latest Spring version?
I’m working with Tomcat and nginx as a reverse proxy and I’m trying to have a better understanding of how the traffic flows and of what the security issues are. Picture this as what I have in mind:
Tomcat and a webapp are installed on ser… Continue reading Encryption with Tomcat & Nginx reverse proxy