On 09/19/2012 01:49 PM, chris derham wrote:
On Wed, Sep 19, 2012 at 10:02 AM, Ragini <raginippa...@gmail.com> wrote:For
my research work I want to have different attacking scenarios which
exploits vulnerability of JAVA based applications. This java applications
can be just any web-application, desktopapplication or any other.For this,
I was thinking to exploit vulnerabilities of tomcat itself (because it is
in java). I went through different vulnerabilities of different versions of
tomcat on apache tomcat's official site. They have provided information
about what is the vulnerability and what is its consequences.
But I am looking for some real time example by which I can exhibit the
exploitation of tomcat’s vulnerability. The version of the tomcat can be
just any. I would like to try vulnerabilities like authentication bypass,
information disclosure or some other which really compromises the security.
Could anybody please suggest some source where I can get step by step
information about exploiting tomcat’s vulnerability with example ? It would
be nice if the example web application used for exploitation is also in
java.
I would really appreciate your any kind of help regarding this.
Thanks.
Richa.
Have you tried webgoat?
Chris
Yes Chris. I have already gone through webgoat..I am looking for some
real world application exploitation. but of course it should be open
source and in java...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
