tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ragini <raginippa...@gmail.com>
Subject Re: exploting tomcat vulnerability with example
Date Thu, 20 Sep 2012 08:32:45 GMT
On 09/19/2012 07:55 PM, Pid * wrote:
> On 19 Sep 2012, at 13:20, Daniel Mikusa <dmikusa@vmware.com> wrote:
>
>> On Sep 19, 2012, at 5:02 AM, Ragini wrote:
>>
>>> Hi all,
>>>
>>> For my research work I want to have different attacking scenarios which exploits
vulnerability of JAVA based applications. This java applications can be just any web-application,
desktopapplication or any other.
>>>
>>> For this, I was thinking to exploit vulnerabilities of tomcat itself (because
it is in java). I went through different vulnerabilities of different versions of tomcat on
apache tomcat's official site. They have provided information about what is the vulnerability
and what is its consequences.
>>>
>>> But I am looking for some real time example by which I can exhibit the exploitation
of tomcat’s vulnerability. The version of the tomcat can be just any. I would like to try
vulnerabilities like authentication bypass, information disclosure or some other which really
compromises the security.
>> Try looking at Metasploit.
> +1
>
>
> p
>
>> Dan
>>
>>
>>> Could anybody please suggest some source where I can get step by step information
about exploiting tomcat’s vulnerability with example ? It would be nice if the example web
application used for exploitation is also in java.
>>>
>>> I would really appreciate your any kind of help regarding this.
>>>
>>> Thanks.
>>>
>>> Richa.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Thanks Dan..Metasploit sound really good...

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message