Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MrDominicana2015-10-25 18:24:26
Java
MrDominicana, 2015-10-25 18:24:26

XSS Tomcat cal2.jsp - who can help?

I decided to do a little research on the security of web and application servers
I decided to start small
https://www.exploit-db.com/exploits/30563/
These are ancient versions of the tomket, but for some reason I, as a system administrator and not a programmer, can’t blind anything in a sensible request , neither the ls system call nor loading, for example, the remote shell i8jesus.com/stuff/pwnshell/pwn.jsp
I will be glad if someone helps with examples to deal with the issue
For these purposes, the server raised 178.175.139.233/jsp-examples/cal/cal2. jsp

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
Mark Doe, 2015-10-25
@mourr

XSS has nothing to do with a system call and a shell friend - because XSS is entirely executed on the client. All you can do is steal cookies or a session ID, or use XSS in conjunction with CSRF with the admin to force the administrator to secretly perform the necessary actions (if there is an admin, of course). But that's a completely different story

Similar questions
K
Kitoved2017-01-14 10:44:34
How to stop timer when Activity is closed? 2Reply
M
MotorKa2021-01-29 00:36:29
How to disable SwipeRefresh for a specific page? 0Reply
A
Alexey2015-01-16 16:25:20
Application android authorization from Vkontakte? 1Reply
Y
yourisus2017-01-15 11:45:27
Runtime library what is it? 0Reply
A
Andrey Lyubimenko2019-06-09 09:35:58
How to get an element from a collection when working with an iterator? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question