I've been studying CVE-2023-45648 and trying to reproduce it on a vulnerable version of tomcat and failing. and the usual tools aren't finding it. And...making matters worse these types of tests/reproductions are very hard to pull off. If anyone has a better understanding of what the Request should look like (or a poc guide) I'd appreciate a share or a PM. TIA. submitted by /u/777swordfish
[link] [comments]
http://dlvr.it/T0DmC1
Full width home advertisement
Blog Archive
-
▼
2023
(178)
-
▼
December
(45)
- Considering moving from Sophos Intercept X to Hunt...
- HTTPX Troubleshooting Issue
- OTP-Bot Tool CLICK HERE
- CVE-2023–51356: ARMember
- Inside the Digital Vault: How I Unearthed PII Gold...
- 1.12 Lab: Blind SQL injection with out-of-band int...
- Incident handling and threat detection training re...
- What is LFI (Local File Inclusion) Vulnerability ?
- Hackeando GraphQL: Introducción
- Responsible (and ethnical) disclosure dilemma
- The ART of Chaining Vulnerabilities
- PJWT Certification
- A list of 50 tools every hacker should know
- Top Burp Suite Extensions Used by Penetration Testers
- #6.TryHackMe Series writeups: Brooklyn Nine Nine
- Lets Open(Dir) Some Presents: An Analysis of a Per...
- CyberSecurity Day 01 to 100: DAY 08 | A Comprehens...
- Update: Need advice to protect on-prem Windows Ser...
- V3 Testnet Bug Bounty
- How to reproduce CVE-2023-45648?
- SSTI gave me T-Shirt + € 50
- Subdomain Takeover in Azure Trafficmanager for Fun...
- So you found Auth0 secrets, now what?
- Most used DFIR tools
- CORS Misconfiguration -> PII Leak
- HTTP Noir: The Dark Art of Smuggling Bytes
- What are your go-to tools for task management and/...
- Blind XSS on Registration System
- URGENT: Normalized logs
- Exploring New Vulnerability Vectors: A Systematic ...
- API Documentation Tips
- Dragos Launches Program to Provide Water, Electric...
- Certificate Search via DumpCrt for wide recon
- Admin Panel Access
- Cybersecurity startup Klarytee raises £700k for en...
- Newbie: Want to simulate attack signatures in my l...
- Bug Hunter journal day #3 and #4
- Is there a demand for endpoint protection tools am...
- Streamable Finance Bug Bounty Campaign is live!
- Bug bounty questions
- “Shipping Securely Cyber Risks and Solutions in Ma...
- Navigating the Bug Bounty Arena: Earn $605,000 Rew...
- Survey shows AI-powered cybersecurity tools adopti...
- Anyone here that has used a multi-cloud IAM or Ide...
- Rise of Broken Access Control
-
▼
December
(45)
Advertisement
LIVE CYBERTHREAT
Latest Trends
Contact Form
amcat question search
search Pentest tools
Total Pageviews
Search Blog
Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib
No comments:
Post a Comment