Shulou(Shulou.com)05/31 Report--

How to achieve Apache Tomcat sample directory session manipulation vulnerability, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

The default installation of Apache Tomcat includes the examples directory, in which there are many samples, in which the session sample (target / examples/servlets/servlet/SessionExample) allows users to manipulate session. Because session is universal, users can obtain administrator privileges by manipulating session.

0x001 preparation 1.1Writing preparation

Goby

Information related to vulnerabilities

1.2 authoring region

Vulnerability-PoC Management-Custom PoC

Custom PoC screenshot

1.3 points for consideration

The name cannot be filled in Chinese, otherwise the generation will make an error, but it can be modified later (only letters, numbers and underscores are supported).

If the vulnerability is written in Chinese, it will cause the solution to display an exception.

0x002 vulnerability observation

Address: / examples/servlets/servlet/SessionExample title: Apache Tomcat Information: Value of Session Attribute: information: Name of Session Attribute:0x003 fill in content 3.1 vulnerability information

Just fill in according to the content, but note that the name should be in English. If you need to fill in other information, click "Advanced configuration".

3.2 Test

Fill in according to the request and response information, please note that in response to the test content, if you want to add more content, click the first group (add according to the demand) or edit the PoC file separately.

3.3 Click to submit

3.4 write monitoring

Monitor the PoC write location through the velvet sword to prepare for later modification.

Goby installation directory\ golib\ exploits\ user\ English_name.json

0x004 PoC modification

"Name": "English name" corresponds to the display name

Add key information according to the rules

{"type": "item", "variable": "$body", "operation": "contains", "value": "Value of Session Attribute:", "bz": ""}

0x005 scan test

Note: this vulnerability is often used for the submission of vulnerabilities in security projects and is rarely used in actual combat.

0x006 check defects and make up for gaps

Tests have found that some sites have different interface languages, making keywords worthless.

Then I found a good keyword to replace: SessionExample.

After reading the above, have you mastered how to implement the session manipulation vulnerability in the Apache Tomcat sample directory? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.