4 Videos for CVE-2007-1860: mod_jk double-decoding

Free
Tier
difficulty_medium_icon
Medium
clock icon
1-2 Hrs.
number of users completed icon
6064
badge icon
White Badge
image of exercise CVE-2007-1860: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2007-1860: Introduction

In this video, we will explore the challenge CVE-2007-1860 as part of the white badge. We will exploit MOD_JK to gain code execution on a Tomcat server.

video duration icon04:38 number of views icon1607

 

image of exercise Exploitation of the online exercise
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
Exploitation of the online exercise

In this video, we explore the exploitation of CVE-2007-1860 in the online environment using Tomcat 7.0, highlighting the differences in security mechanisms compared to the ISO version with Tomcat 6.0. We demonstrate how to bypass CSRF protection and successfully deploy a web shell.

video duration icon06:52 number of views icon11257

 

image of exercise CVE-2007-1860: Analysis
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2007-1860: Analysis

This video covers an analysis of CVE-2007-1860, a double URL decoding vulnerability that affected Apache mod_jk in 2007. The issue arises from both Apache and Tomcat performing URL decoding, allowing attackers to bypass restrictions.

video duration icon03:11 number of views icon529

 

image of exercise CVE-2007-1860: Exploitation against the ISO
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2007-1860: Exploitation against the ISO

In this video, we explore the exploitation of CVE-2007-1860, a vulnerability in Apache mod_jk. We'll demonstrate how to bypass URL encoding to access restricted areas of a Tomcat server.

video duration icon11:40 number of views icon8105