How to Hack Apache Tomcat via Malicious WAR File Upload

Web applications are a prime target for hackers, but sometimes it's not just the web apps themselves that are vulnerable. Web management interfaces should be scrutinized just as hard as the apps they manage, especially when they contain some sort of upload functionality. By exploiting a vulnerability in Apache Tomcat, a hacker can upload a backdoor and get a shell. Apache Tomcat is an open-source implementation of several Java technologies, including Java Servlet, JSP, Java EL, and WebSocket. What this does is provide an environment where Java code can run over HTTP. It was first released in... more