forked from PortSwigger/BChecks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Apache Tomcat Manager Path Normalization Panel.bcheck
31 lines (27 loc) · 1.4 KB
/
Apache Tomcat Manager Path Normalization Panel.bcheck
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
metadata:
language: v1-beta
name: "Apache Tomcat Manager Path Normalization Panel - Detect"
author: "Parimal Shaw"
description: "Apache Tomcat Manager Path Normalization login panel was discovered via path normalization. Normalizing a path involves modifying the string that identifies a path or file so that it confirms to a valid path on the target operating system."
tags: "Apache Tomcat Misconfiguration"
run for each:
potential_path =
"/..;/manager/html",
"/..;/..;/manager/html;/",
"/..;/hostmanager/html",
"/..;/..;/hostmanager/html;/",
"/bchecktest/..;/manager/html",
"/bchecktest/..;/hostmanager/html"
given host then
send request called check:
method: "GET"
path: {potential_path}
if {check.response.status_code} is "403" or "401" in {check.response.status_code}
and "username=\"[.*.]\" password=\"[.*.]\"" in {check.response.body}
or "manager-gui" in {check.response.body} then
report issue:
severity: info
confidence: certain
detail: "Apache Tomcat Manager Path Normalization login panel was discovered via path normalization. Normalizing a path involves modifying the string that identifies a path or file so that it conforms to a valid path on the target operating system."
remediation: "Ensure to accept only the whitelisted path and directory or implement proper access control to the following directory"
end if