tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <...@pidster.com>
Subject Re: exploting tomcat vulnerability with example
Date Wed, 19 Sep 2012 17:55:47 GMT
On 19 Sep 2012, at 13:20, Daniel Mikusa <dmikusa@vmware.com> wrote:

> On Sep 19, 2012, at 5:02 AM, Ragini wrote:
>
>> Hi all,
>>
>> For my research work I want to have different attacking scenarios which exploits
vulnerability of JAVA based applications. This java applications can be just any web-application,
desktopapplication or any other.
>>
>> For this, I was thinking to exploit vulnerabilities of tomcat itself (because it
is in java). I went through different vulnerabilities of different versions of tomcat on apache
tomcat's official site. They have provided information about what is the vulnerability and
what is its consequences.
>>
>> But I am looking for some real time example by which I can exhibit the exploitation
of tomcat’s vulnerability. The version of the tomcat can be just any. I would like to try
vulnerabilities like authentication bypass, information disclosure or some other which really
compromises the security.
>
> Try looking at Metasploit.

+1


p

> Dan
>
>
>> Could anybody please suggest some source where I can get step by step information
about exploiting tomcat’s vulnerability with example ? It would be nice if the example web
application used for exploitation is also in java.
>>
>> I would really appreciate your any kind of help regarding this.
>>
>> Thanks.
>>
>> Richa.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message