White Box Testing Tomcat and Struts

Tomcat is always an easy target and low hanging fruit in a pentest and I always aim to scan the network for port 8080 as tomcat runs by default on this port. If you are lucky enough, you can login to the “Manager App” with default credentials and upload a .war file to get shell … Read more White Box Testing Tomcat and Struts