開放原始碼,支援 JSP 和 servlets 的 Web 應用伺服器
切勿使用 root 執行 Tomcat
useradd -d /tomcat -u 501 tomcat
passwd tomcat
su - tomcat
關閉目錄顯示
DefaultServlet False
修改預設 port & 版本資訊
vim $TOMCAT_HOME/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" server="App service版本資訊"/>
Tomcat 預設範例 /examples/servlets/servlet/SessionExample
log
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
CVE-2020-1938:Tomcat Ghostcat
參考網址
Oracle 公司開發的 Web 應用伺服器
基於 Java EE 架構
用於開發、部署 Java 的應用程式
啟動 Weblogic 權限
chown -R weblogic:weblogic "Weblogic資料夾"
修改預設 port
config/config.xml
AdminServer
<listen-port>7005</listen-port>
目錄列表
weblogic.xml
<index-directory-enabled>
敏感路徑
config/config.xml
Weblogic SSRF
docker-compose up -d
http://漏洞ip:7001/uddiexplorer/
http://漏洞ip:7001/uddiexplorer/SearchPublicRegistries.jsp
/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.0.0.1:7001
Weblogic 反序列化
log
\user_projects\domains\<domain_name>\servers\<server_name>\logs\access.log
\user_projects\domains\<domain_name>\<server_name>\access.log
\user_projects\domains\<domain_name>\servers\<server_name>\logs\<server_name>.log
\user_projects\domains\<domain_name>\<server_name>\<server_name>.log
\user_projects\domains\<domain_name>\servers\<adminserver_name>\logs\<domain_name>.log
\user_projects\domains\<domain_name>\<domain_name>.log
參考網址
was_install_dir\bin\manageprofiles.bat –listProfiles
was_install_dir/bin/manageprofiles.sh –listProfiles
http://localhost:9060/ibm/console
/jboss/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
<security-domain>java:/jaas/jmx-console</security-domain>
/jboss/server/default/deploy/jmx-console.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
/jboss/server/default/conf/props/jmx-console-users.properties
/jboss/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml
<security-domain>java:/jaas/web-console</security-domain>
/jboss/server/defualt/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
/jboss/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties