Hi!
What you could look for is JSP injection and not just SQL injections.
With JSP injections you can execute code and might even get a shell
depending on the configuration of the remote machine.
There are several ways to execute code under JSP, please check the
link below for more information:
http://marc.theaimsgroup.com/?l=tomcat-user&m=103177072408880&w=2
Best regards,
David Jacoby
rlvi_2001@yahoo.com wrote:
> Hi everybody. I am wondering if a server only has port 80 and 22 open. It's
> using jsp for design.It's running Openssh on port 22. Is there anyways to
> penetrate this server? Also, i am able to find an injection on another site,
> but i am not able to extract the Table name, and i couldn't do anything about
> it. I tried to use manual guess the table name, but no goal. Could anybody
> tell me why this is happening? Thank you very much. This site is running with
> Apache 2.2. Thank you very much. Your reply will be greatly appriciated.
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
--
David Jacoby
Vice President Customer Experience
http://www.outpost24.com
phone: +46-(0)455-612311
fax : +46-(0)455-13960
email: dj@outpost24.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|