Hi!
What you could look for is JSP injection and not just SQL injections.
With JSP injections you can execute code and might even get a shell
depending on the configuration of the remote machine.
There are several ways to execute code under JSP, please check the
link below for more information:
http://marc.theaimsgroup.com/?l=tomcat-user&m=103177072408880&w=2
Best regards,
David Jacoby
rlvi_2001@yahoo.com wrote:
Hi everybody. I am wondering if a server only has port 80 and 22 open. It's
using jsp for design.It's running Openssh on port 22. Is there anyways to
penetrate this server? Also, i am able to find an injection on another site,
but i am not able to extract the Table name, and i couldn't do anything about
it. I tried to use manual guess the table name, but no goal. Could anybody
tell me why this is happening? Thank you very much. This site is running with
Apache 2.2. Thank you very much. Your reply will be greatly appriciated.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
--
David Jacoby
Vice President Customer Experience
http://www.outpost24.com
phone: +46-(0)455-612311
fax : +46-(0)455-13960
email: dj@outpost24.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
