хохма

From

Eugeny Dzhurinsky (2:4641/666.534)

To

All ()

Date

2002-09-28T02:05:16Z

Area

RU.JAVA

ПpЮвет тебе, all!.. Дай, дyмаю, напомню о себе...

=== Cut ===
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.


2. Details:
Let say you have valid URL like http://my.site/login.jsp, then an URL
like
http://my.site/servlet/org.apache.catalina.servlets.DefaultServlet/login.jsp
will give you the source code of  the JSP page.

The full syntaxes of the exposure URL is:

http://{server}[:port]/[Context/]org.apache.catalina.servlets.DefaultServlet
/[context_relative_path/]file_name.jsp
=== Cut ===

С pегаpдами, Eugeny

---
 * Origin: 15 CPS на handshake EMSI, Yo-Hoo-Hoo и бyтылка пива (2:4641/666.534)