Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-10 18:17:20 +01:00
Code Issues Projects Releases Wiki Activity

Support for CVE-2007-1860 mod_jk double encoding

Browse source 
Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel.
Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course
This commit is contained in:
Tiago Sintra 2016-07-28 14:10:42 +02:00 committed by GitHub
parent c8741490de
commit fff5faa976
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Discovery/Web_Content/tomcat.txt
View file

@ -21,6 +21,9 @@ examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
examples/servlet/snoop
examples/servlets/index.html
examples/../manager/html
examples/%2e%2e/manager/html
examples/%252e%252e/manager/html
host-manager
host-manager/add
host-manager/host-manager.xml