Apache Tomcat AJP Connector Request Injection (Ghostcat)
Apache Tomcat AJP Connector Request Injection (Ghostcat)- Ghostcat [CVE-2020–1938] is a LFI vulnerability in AJP service. An attacker can exploit Ghostcat vulnerability and read the contents of configuration files and source code files of all webapps deployed on Tomcat. For example, the /WEB-INF/web.xml file is the Web Root directory who’s access is restricted and cannot be accessed by anyone over HTTP Tomcat server. So by exploiting the Ghostcat [CVE-2020–1938] vulnerability, it is possible to read contents of the files in the Web server directory from AJP13 protocol (LFI vulnerability). In our case the /WEB-INF/web.xml file. Run below command from the terminal- (Downloaded exploit at https://github.com/00theway/Ghostcat-CNVD-2020-10487/blob/master/ajpShooter.py Location) python3 ajpShooter.py http://IP:8080 8009 /WEB-INF/web.xml read Impact-A file read/inclusion vulnerability was found in AJP connector. A remote, unauthenticated attacker could exploit this vulnerability to read web a...