Collaborate Disseminate
I’m working on a JAVA web application running on Tomcat. A session token is generated and stored in a cookie when a user authenticates.
Unfortunately, when tracing is enabled, Tomcat dumps the value of the cookies of incoming HTTP requests… Continue reading Session token shown in the log file
I had Eclipse and Tomcat installed and when I started it up, the window security asked me the following question:
Translation:
Do you want to allow public and private networks to access this app?
Allow access to these networks:
[X] Publi… Continue reading Does windows security mean from the outside or from the inside?
I am trying to exploit a vulnerability in tomcat based on CVE-2020-13935.
I found online this interesting poc https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/
In my case, the tomcat server is exposed through a revers… Continue reading can a tomcat application sitting behind a reverse proxy be exploited
I am new to WampServer related securities. I am basically a cyber-security researcher. I want to know what the problems are if WampServer’s add_vhost.php page is publicly available. It would be helpful if some more relevant information or … Continue reading What are the security issues that can arise due to public access of Apache Wampserver’s add_vhost.php? [closed]
I’m trying to reproduce some of the Tomcat 9.x.x vulnerabilities from this list, in particular the HTTP smuggling vulnerabilities. However, so far I haven’t been able to reproduce any of them. Currently I’m running Tomcat 9.0.0.M1 behind a… Continue reading How to reproduce Tomcat 9.0.0.M1 HTTP smuggling vulnerabilities?
I am practicing initial access & privilege escalation using legacy vulnerabilities, particularly the RCE vulnerability on the Tomcat Manager.
I have been trying to use Nikto to first scan the Tomcat instance for default credentials, bu… Continue reading Using Nikto to scan for default credentials on Tomcat
I have to get rid of so called "weak security" in a Tomcat application.
A penetration test identified services that accept connections with insecure TLS encryption and hashing algorithms: TLS 1.0/1.1,SHA1,CBC
Without being a Tomc… Continue reading Disabling weak cipher suites in Tomcat does not work as expected
I know that Apache Tomcat can communicate with US_ASCII encoding, which gives an interesting vector to XSS, such as:
¼script¾alert(¢XSS¢)¼/script¾
Is there a request syntax that would make other servers possibly vulnerable in the same way… Continue reading XSS by methods of ASCII on servers other than Apache Tomcat
Using auxiliary/scanner/http/tomcat_mgr_login, I get the following reply after run the exploit command: authorization not requested.
I have set rhosts and my test server is listening on rport 80. Can anyone help me out on this?
Continue reading Authorization not requested tomcat_mgr_login [closed]
I’m currently playing with cmd.jsp webshells on a Java webapp in tomcat.
This is the request (sending via burpsuite)
PUT /path/cmd.jsp HTTP/1.1
Host: 69.69.69.69
Content-Length: 579
<%@ page import="java.util.*,java.io.*"… Continue reading cmd.jsp – Tomcat – Understanding HTTP Status Code (302)