2 writeups tagged with Tomcat
Apache Tomcat 8.0.47 on Windows with AJP exposed. Exploited Ghostcat (CVE-2020-1938) via AJP connector to read sensitive files and gain RCE.
LFI on Tomcat manager exposes credentials. WAR file deployed for RCE. ZIP password cracking, LXD container privilege escalation for root.
