Merge pull request #325 from heinosasshallik/patch-3

Fix typo and grammar issue in tomcat.md
This commit is contained in:
Carlos Polop 2022-04-29 00:06:56 +01:00 committed by GitHub
commit 1cabde5448
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -104,9 +104,9 @@ The following example scripts that come with Apache Tomcat v4.x - v7.x and can b
### Path Traversal (..;/)
In some **[vulnerable configurations of Tomcat](https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/)** you can access to protected directories in Tomcat using the path: `/..;/`
In some **[vulnerable configurations of Tomcat](https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/)** you can gain access to protected directories in Tomcat using the path: `/..;/`
So, for example, you might be able to **access the Tomcat manager** page accessing: `www.vulnerable.com/lalala/..;/manager/html`
So, for example, you might be able to **access the Tomcat manager** page by accessing: `www.vulnerable.com/lalala/..;/manager/html`
**Another way** to bypass protected paths using this trick is to access `http://www.vulnerable.com/;param=value/manager/html`