From fa33cdc45629dcf802c22d24d1cb4e47c9f49ae4 Mon Sep 17 00:00:00 2001
From: ARZ <60057481+AbdullahRizwan101@users.noreply.github.com>
Date: Mon, 12 Jul 2021 23:58:08 +0500
Subject: [PATCH] Update Cheat Sheet.md

---
 Cheat Sheet.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Cheat Sheet.md b/Cheat Sheet.md
index 5299bce..5e89a32 100644
--- a/Cheat Sheet.md	
+++ b/Cheat Sheet.md	
@@ -563,6 +563,21 @@ To get a RCE
 * Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell.
 * Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one) 
 
+### Apache Tomcat
+
+```
+If we have access to /manager/html , we can upload a WAR payload (arz.war) and access it through http://ip/arz
+```
+#### Apache Tomcat used with nginx 
+
+```
+If we nginx is being used as a reverse proxy to apache tom we can abuse it through Path Traversal Trough Reverse Proxy Mapping
+```
+https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/
+
+https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
+
+
 # Wordlists
 
 ### Directory Bruteforcing