From Tomcat JMX Proxy to RCE via AccessLogValve Injection
Disclaimer: This research is published for educational and authorized security testing purposes only. The techniques described here should only be used against systems you own or have explicit written permission to test. The author is not responsible...
hackt.us18 min read