Re: exploting tomcat vulnerability with example

Thu, 20 Sep 2012 01:33:20 -0700 

On 09/19/2012 07:55 PM, Pid * wrote:

On 19 Sep 2012, at 13:20, Daniel Mikusa <dmik...@vmware.com> wrote:


On Sep 19, 2012, at 5:02 AM, Ragini wrote:


Hi all,

For my research work I want to have different attacking scenarios which 
exploits vulnerability of JAVA based applications. This java applications can 
be just any web-application, desktopapplication or any other.

For this, I was thinking to exploit vulnerabilities of tomcat itself (because 
it is in java). I went through different vulnerabilities of different versions 
of tomcat on apache tomcat's official site. They have provided information 
about what is the vulnerability and what is its consequences.

But I am looking for some real time example by which I can exhibit the 
exploitation of tomcat’s vulnerability. The version of the tomcat can be just 
any. I would like to try vulnerabilities like authentication bypass, 
information disclosure or some other which really compromises the security.

Try looking at Metasploit.

+1


p


Dan



Could anybody please suggest some source where I can get step by step 
information about exploiting tomcat’s vulnerability with example ? It would be 
nice if the example web application used for exploitation is also in java.

I would really appreciate your any kind of help regarding this.

Thanks.

Richa.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


Thanks Dan..Metasploit sound really good...

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to