Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

JWSDK *add-on

From: Phuong Nguyen <dphuong () yahoo com>
Date: Mon, 20 Aug 2001 06:13:47 -0700 (PDT)
Javaserver Web Dev Kit version 1.0 (JWSDK) 

JWSDK directory traversal vulnerability is found by
CHINANSL Security Advisory(CSA-200106), i want to add
another thing, it's also vulnerable to other operating
system like redhat 6.1 and this nasty bug allows you
to browse and read any file with ROOT previledge , so
you can read shadow file and stuff


http://localhost:8080/../examples//WEB-INF/../../../../../




__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: