On 19 Sep 2012, at 13:20, Daniel Mikusa <dmik...@vmware.com> wrote: > On Sep 19, 2012, at 5:02 AM, Ragini wrote: > >> Hi all, >> >> For my research work I want to have different attacking scenarios which >> exploits vulnerability of JAVA based applications. This java applications >> can be just any web-application, desktopapplication or any other. >> >> For this, I was thinking to exploit vulnerabilities of tomcat itself >> (because it is in java). I went through different vulnerabilities of >> different versions of tomcat on apache tomcat's official site. They have >> provided information about what is the vulnerability and what is its >> consequences. >> >> But I am looking for some real time example by which I can exhibit the >> exploitation of tomcat’s vulnerability. The version of the tomcat can be >> just any. I would like to try vulnerabilities like authentication bypass, >> information disclosure or some other which really compromises the security. > > Try looking at Metasploit.
+1 p > Dan > > >> Could anybody please suggest some source where I can get step by step >> information about exploiting tomcat’s vulnerability with example ? It would >> be nice if the example web application used for exploitation is also in java. >> >> I would really appreciate your any kind of help regarding this. >> >> Thanks. >> >> Richa. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
