/auth.jsp
and if you are very lucky it might disclose the password in a backtrace./..;/
www.vulnerable.com/lalala/..;/manager/html
http://www.vulnerable.com/;param=value/manager/html
/usr/share/tomcat9/etc/tomcat-users.xml
(it vary between versions) (see POST section).