Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-41080 PoC — Apache Tomcat: Open redirect with FORM authentication

Source
https://github.com/shiomiyan/CVE-2023-41080
Associated Vulnerability
Title:Apache Tomcat: Open redirect with FORM authentication (CVE-2023-41080)
Description:URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.
Readme
- vulnerable: http://localhost:8081//secret.html;@example.com
    - Redirect to arbitrary web site (in this case, https://example.com).
- patched: http://localhost:8082//secret.html;@example.com

ref: https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
File Snapshot

 [4.0K]  /data/pocs/207afefeecda2ac91eabb7567937cec4b69f0456
├── [ 561]  compose.yml
├── [4.0K]  conf
│   ├── [2.8K]  tomcat-users.xml
│   └── [169K]  web.xml
├── [ 251]  README.md
└── [4.0K]  webapps
    └── [4.0K]  ROOT
        ├── [   8]  error.html
        ├── [ 478]  login.html
        └── [  21]  secret.html

3 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →