Answer the question
In order to leave comments, you need to log in
M
M
MrDominicana2015-10-25 18:24:26
MrDominicana, 2015-10-25 18:24:26
XSS Tomcat cal2.jsp - who can help?
I decided to do a little research on the security of web and application servers
I decided to start small
https://www.exploit-db.com/exploits/30563/
These are ancient versions of the tomket, but for some reason I, as a system administrator and not a programmer, can’t blind anything in a sensible request , neither the ls system call nor loading, for example, the remote shell i8jesus.com/stuff/pwnshell/pwn.jsp
I will be glad if someone helps with examples to deal with the issue
For these purposes, the server raised 178.175.139.233/jsp-examples/cal/cal2. jsp
1 answer(s)
@mourr
M
Mark Doe, 2015-10-25 @mourr
XSS has nothing to do with a system call and a shell friend - because XSS is entirely executed on the client. All you can do is steal cookies or a session ID, or use XSS in conjunction with CSRF with the admin to force the administrator to secretly perform the necessary actions (if there is an admin, of course). But that's a completely different story
Similar questions
P
pitimirov_a2015-07-05 21:33:07
Is it possible to exchange Android(JAVA) files with Website(PHP)?
2Reply
A
K
A
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question