Apache Tomcat penetration test

From: a007 (a007@ixi.ru)
Date: Fri Nov 17 2006 - 01:53:12 EST

• Next message: Eric Hacker: "Re: IDS Assessments....and the I{D|P}S evasion research project"
• Previous message: Eric Hacker: "Re: IDS Assessments....and the I{D|P}S evasion research project"
• Next in thread: Danux: "Re: Apache Tomcat penetration test"
• Reply: Danux: "Re: Apache Tomcat penetration test"
• Reply: Christine Kronberg: "Re: Apache Tomcat penetration test"
• Maybe reply: email-fulldisclosure@hotmail.com: "Re: Apache Tomcat penetration test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

I am looking for the way to penetrate Apache Tomcat server. Does anybody
know useful link on this? There is not much information on Web.

I need to analyze Apache Tomcat Apache Tomcat/5.5.17 server. After URI
manipulation I've found some server debug messages like this:

HTTP Status 500 - java.lang.NoSuchMethodException:
partners.service.PartnersService.getLink(javax.servlet.http.HttpServletRequest)
at java.lang.Class.getMethod(Class.java:1581) at
web.AjaxService.doGet(AjaxService.java:80) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)

Thanks in advance,
        
a007
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFXVxXMoMPiPgGoAcRAqv4AJ9OyDznLWS4lNLkinyVo2pmpQDkvQCfX88z
+hDZNLvvi9qDA8k5el4Xwns=
=C/+x
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Eric Hacker: "Re: IDS Assessments....and the I{D|P}S evasion research project"
• Previous message: Eric Hacker: "Re: IDS Assessments....and the I{D|P}S evasion research project"
• Next in thread: Danux: "Re: Apache Tomcat penetration test"
• Reply: Danux: "Re: Apache Tomcat penetration test"
• Reply: Christine Kronberg: "Re: Apache Tomcat penetration test"
• Maybe reply: email-fulldisclosure@hotmail.com: "Re: Apache Tomcat penetration test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:20 EDT