# IBM WebSphere

WebSphere is a Java EE application server provided by IBM, used to deploy and manage enterprise-level Java applications.

## Discovery & Fuzzing

Fuzz for IBM WebSphere specific endpoints using this wordlist: <https://github.com/kkrypt0nn/wordlists/blob/main/wordlists/vulnerabilities/websphere.txt>

Fuzz for files with the following extensions:\
`*.do`
&#x20;`*.jsp` `*.jsv`
&#x20;`*.jsw`

***

## Missing Authorization in administrative servlets

You may find some interesting administrative endpoints lacking authentication.\
One particular endpoint is the `snoop` servlet, typically located at the server's webroot: `https://example.com/snoop/`

{% hint style="info" %}
IBM WebSphere contains several default servlets. Check them out here:\
<https://www.ibm.com/docs/en/was/8.5.5?topic=applications-default-application>
{% endhint %}

*`snoop`* is a diagnostic servlet that displays detailed information about incoming HTTP requests, including headers, parameters, session attributes, and environment details.

It’s intended for **debugging** and administration, and should not be exposed in production environments due to the amount of internal data it reveals.

***

### HTTPOnly cookie Theft via snoop (requires XSS)&#x20;

While uncommon, you may find that the `snoop` servlet lacks authentication. In that case, you can chain it with an XSS vulnerability (if present) to gain access to any user's session cookies.&#x20;

In particular, the `snoop` endpoint prints back the request's headers, i**ncluding cookies with HTTPOnly set**, just like an `HTTP TRACE` request.

By leveraging this mechanism, you can read the user's session cookie inside the snoop response body and access the web application with it.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.sfoffo.com/web-applications/web-technologies/ibm-websphere.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.