g/websphere-portal-pt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Markdown fix

Browse Source
This commit is contained in:
Giulio 2020-07-13 17:48:45 +02:00
parent 771f5dc6dd
commit 36e3b7b322
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Readme.md
View File

@ -17,7 +17,7 @@ As Tomcat does, WAS has an administrative interface where an application can be
The main objective is to obtain at least a directory traversal vulnerability and from there gain code execution. An example of this type of vulnerability in WPS is [CVE-2012-4834](https://nvd.nist.gov/vuln/detail/CVE-2012-4834) and although old it might still be found on legacy websites. This kind of vulnerabilities can of course also be in custom portlets, JSP pages or other dynamic content. Once there's an arbitrary file read it should also be possible to get a lot of useful additional information, including JDBC objects, LDAP binds and of course administrative credentials.
### Url Scheme
(This is an interesting read)[https://www.optiv.com/explore-optiv-insights/blog/decoding-ibm-webshere-portlet-urls] and there's also a Burp plugin. URLs can also be plaintext.
[This is an interesting read](https://www.optiv.com/explore-optiv-insights/blog/decoding-ibm-webshere-portlet-urls) and there's also a Burp plugin. URLs can also be plaintext.
### Interesting paths
Here's a short list of interesting paths and what they means (assuming that the base is `/wps`:
@ -182,4 +182,3 @@ EJPXB0020I: The request was processed successfully on the server.
The webshell will be now available at `http://<target>/wps/shell/cmd.jsp` and will be working.