Exploiting Java Tomcat With a Crazy JSP Web Shell – Real World CTF 2022
This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.
Alternative writeups: https://github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
Fuzzing log4j with Jazzer: https://www.youtube.com/watch?v=kvREvOvSWt4
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Comments are closed.