Just create a jsp page with a text input that whatever you submit there is executed at a shell and returns the result.
On 4/11/07, Jasbinder Singh Bali <[EMAIL PROTECTED]> wrote:
To clarify it further, I need demonstrate someone entering the chroot jail where tomcat is running and then he can issue all his commands there but won't be able to see the actual root being in chroot jail On 4/11/07, Jasbinder Singh Bali <[EMAIL PROTECTED]> wrote: > > I didn't get that. Can you please explain what are you trying to say here. > Thanks > > On 4/11/07, Tim Lucia <[EMAIL PROTECTED] > wrote: > > > > You could create a file, write to it, and observe where it appears. > > > > > > > -----Original Message----- > > > From: Jasbinder Singh Bali [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, April 11, 2007 6:50 PM > > > To: users@tomcat.apache.org > > > Subject: Demonstration of Chroot when tomcat running in jail > > > > > > Hi, > > > How can the Chroot be demostrated in a very simple way without > > > actually hacking the tomcat. > > > I just need to show that someone has taken control of tomcat and now > > > he's in the directory (chroot jail) where tomcat is running but won't > > > be able to access the actual root of the webserver. > > > What would a good way to demostrate this. > > > > > > Any kind of help would be highly appreciated. > > > > > > Thanks > > > ~Jas > > > > > > --------------------------------------------------------------------- > > > To start a new topic, e-mail: users@tomcat.apache.org > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
