How to find Tomcat, Weblogic vulnerabilities? All you need is J2EEScan (Burpsuite plugin).
Which vulnerabilities can you detect with J2EEScan?
Expression Language Injection (CVE-2011-2730)
Apache Roller OGNL Injection (CVE-2013-4212)
Local File include – /WEB-INF/web.xml Retrieved
Local File Include – Spring Application Context Retrieved
Local File Include – struts.xml Retrieved
Local File Include – weblogic.xml Retrieved
Local File Include – ibm-ws-bnd.xml Retrieved
Local File Include – ibm-web-ext.xmi Retrieved
Local File Include – ibm-web-ext.xml Retrieved
Local File Include – /etc/shadow Retrieved
Local File Include – /etc/passwd Retrieved
HTTP Auth Weak Password
WEB-INF Application Configuration Files Retrieved
Status Servlet (CVE-2008-3273)
Snoop Servlet (CVE-2012-2170)
Extended Path Traversal Scan
AJP Service Detection – thanks to @ikki
Spring Boot Actuator console
UTF8 Response Splitting
JK Management Endpoints
Pivotal Spring Traversal (CVE-2014-3625)
Important: Requires Burpsuite Professional.
Leave a Reply