Re: Apache Tomcat 5.5.9 pen-test questions.

From: David Jacoby (dj@outpost24.com)
Date: Tue Nov 21 2006 - 05:46:12 EST


Hi!

What you could look for is JSP injection and not just SQL injections.
With JSP injections you can execute code and might even get a shell
depending on the configuration of the remote machine.

There are several ways to execute code under JSP, please check the
link below for more information:

http://marc.theaimsgroup.com/?l=tomcat-user&m=103177072408880&w=2

Best regards,
David Jacoby

rlvi_2001@yahoo.com wrote:
> Hi everybody. I am wondering if a server only has port 80 and 22 open. It's using jsp for design.It's running Openssh on port 22. Is there anyways to penetrate this server? Also, i am able to find an injection on another site, but i am not able to extract the Table name, and i couldn't do anything about it. I tried to use manual guess the table name, but no goal. Could anybody tell me why this is happening? Thank you very much. This site is running with Apache 2.2. Thank you very much. Your reply will be greatly appriciated.
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>

-- 
David Jacoby
Vice President Customer Experience
http://www.outpost24.com
phone: +46-(0)455-612311
fax  : +46-(0)455-13960
email: dj@outpost24.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:20 EDT