On Wed, Sep 19, 2012 at 10:02 AM, Ragini <raginippa...@gmail.com> wrote:For my research work I want to have different attacking scenarios which exploits vulnerability of JAVA based applications. This java applications can be just any web-application, desktopapplication or any other.For this, I was thinking to exploit vulnerabilities of tomcat itself (because it is in java). I went through different vulnerabilities of different versions of tomcat on apache tomcat's official site. They have provided information about what is the vulnerability and what is its consequences.
> But I am looking for some real time example by which I can exhibit the > exploitation of tomcat’s vulnerability. The version of the tomcat can be > just any. I would like to try vulnerabilities like authentication bypass, > information disclosure or some other which really compromises the security. > > Could anybody please suggest some source where I can get step by step > information about exploiting tomcat’s vulnerability with example ? It would > be nice if the example web application used for exploitation is also in > java. > > I would really appreciate your any kind of help regarding this. > > Thanks. > > Richa. Have you tried webgoat? Chris