How can you enumerate registered JspServletWrapper instances in a Zimbra JSP file?
By using reflection in a JSP file, you can access the request object's '_scope' field, then traverse through '_servlet', 'rctxt', and 'jsps' fields to retrieve a ConcurrentHashMap containing all JspServletWrapper instances. You can then iterate over the keys and output them, which reveals which JSPs have been accessed and remain registered.
---
**Related reading:**
- Setting up Zimbra Vulnerability Debugging Environment — original article
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
- Penetration Techniques - Enabling Anonymous Access Shares on Windows Systems via Command Line
- Penetration Technique: Python Implementation of Exchange PowerShell
---
**Related reading:**
- Setting up Zimbra Vulnerability Debugging Environment — original article
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
- Penetration Techniques - Enabling Anonymous Access Shares on Windows Systems via Command Line
- Penetration Technique: Python Implementation of Exchange PowerShell
JSPenumerationreflectionJspServletWrapperConcurrentHashMapZimbra