漏洞描述
An Apache Tomcat Manager panel was discovered.
app="APACHE-Tomcat"
tomcat-detect: Apache Tomcat Detect
PoC代码[已公开]
id: tomcat-detect
info:
name: Apache Tomcat Detect
author: philippedelteil,dhiyaneshDk
severity: info
verified: true
description: |
An Apache Tomcat Manager panel was discovered.
app="APACHE-Tomcat"
tags: tomcat,detect,panel
created: 2023/10/14
set:
randstr: randomLowercase(12)
rules:
r0:
request:
method: GET
path: /{{randstr}}
expression: response.raw_header.bcontains(b'tomcat') || response.body.ibcontains(b'apache tomcat') || response.body.ibcontains(b'/manager/html') || response.body.ibcontains(b'/manager/status') || "Apache Tomcat.*([0-9].[0-9]+.[0-9]+)".bmatches(response.body)
extractors:
- type: regex
extractor:
ext1: '"(?i)Apache Tomcat.*(?P<version>[1-9][0-9]?\\.[0-9]+\\.([0-9]+|x))".bsubmatch(response.raw)'
version: ext1["version"]
expression: r0()