![]() An attacker could potentially execute code arbitrarily on the affected server by deploying a new application. This poses a massive risk for our client, as it may allow an attacker to login and manage the virtual hosts within Tomcat. The Findingĭuring web application testing, one of our experienced testers, Adam, was able to discover that the Tomcat Host Manager was operating with the default credentials of “admin” & “admin” for the username and password. In addition to facilitating the management of deployed applications, it also allows us to view the server's status and configuration, as well as that of its applications. The application comes with pre-packed several features and services. It offers fundamental functionality for managing deployed web applications. The Tomcat Manager App is a built-in web application that comes bundled with the Tomcat server. ![]() Once an attacker has achieved RCE, they can establish Command & Control (C2) over the endpoint and then take action on objectives to achieve their goals. Instead, it was due to a common misconfiguration. However, the situation being discussed was not specifically an RCE vulnerability caused by unsafe input. This can occur through various methods, such as SQL injection, passing user input into unsafe functions like system() in PHP, or memory-based exploits. Remote Code Execution (RCE) vulnerabilities are often caused by handling user input in an unsafe manner, which can lead to the execution of commands on the affected endpoint. These findings are taken from real reports, anonymised, and published with kind permission from our clients.Īdam discovered that the Tomcat Host Manager on the remote server was found to be operating with the documented default credentials, this often leads to attackers being able to deploy malicious content to the application. Welcome to our Pentest Files blog series.Įach blog post will present an interesting or dangerous finding one of our testers has identified in an actual recent pen-test, so you can see the kinds of cool things our pen-testers get up to, and also to help you take steps to prevent similar vulnerabilities in your own assets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |