Penetration Testing mailing list archives
Re: Apache Tomcat 5.5.9 pen-test questions.
From: David Jacoby <dj () outpost24 com>
Date: Tue, 21 Nov 2006 11:46:12 +0100
Hi! What you could look for is JSP injection and not just SQL injections. With JSP injections you can execute code and might even get a shell depending on the configuration of the remote machine. There are several ways to execute code under JSP, please check the link below for more information: http://marc.theaimsgroup.com/?l=tomcat-user&m=103177072408880&w=2 Best regards, David Jacoby rlvi_2001 () yahoo com wrote:
Hi everybody. I am wondering if a server only has port 80 and 22 open. It's using jsp for design.It's running Openssh on port 22. Is there anyways to penetrate this server? Also, i am able to find an injection on another site, but i am not able to extract the Table name, and i couldn't do anything about it. I tried to use manual guess the table name, but no goal. Could anybody tell me why this is happening? Thank you very much. This site is running with Apache 2.2. Thank you very much. Your reply will be greatly appriciated. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
-- David Jacoby Vice President Customer Experience http://www.outpost24.com phone: +46-(0)455-612311 fax : +46-(0)455-13960 email: dj () outpost24 com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Apache Tomcat 5.5.9 pen-test questions. rlvi_2001 (Nov 19)
- Re: Apache Tomcat 5.5.9 pen-test questions. David Jacoby (Nov 21)