Hi there,

I was testing out the packet forgery example (at 
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698)
to see if my site was vulnerable and got the following results.
I'm not sure looking at the code comments in ForwardRequestForgeryExample.java
if the output below means it's vulnerable and what exactly that exploited.

Could someone give me a hand please?

Thanks,

Ed.

C:>java -cp . ForwardRequestForgeryExample
Sending AJP Forward-Request Packet...
End

$ tail -f catalina.out
Invoke HelloWorldExample.doPost method:
-------------------------------------------
Host: my.evil-site.com
RemoteAddr: 1.2.3.4
LocalPort: 999
woo: I am here





________________________________
The information contained in this email is strictly confidential and for the 
use of the addressee only, unless otherwise indicated. If you are not the 
intended recipient, please do not read, copy, use or disclose to others this 
message or any attachment. Please also notify the sender by replying to this 
email or by telephone (+44 (0)20 7896 0011) and then delete the email and any 
copies of it. Opinions, conclusions (etc) that do not relate to the official 
business of this company shall be understood as neither given nor endorsed by 
it. IG Group Holdings plc is a company registered in England and Wales under 
number 01190902. VAT registration number 761 2978 07. Registered Office: Cannon 
Bridge House, 25 Dowgate Hill, London EC4R 2YA. Authorised and regulated by the 
Financial Services Authority. FSA Register number 114059.

Reply via email to