Bugtraq mailing list archives
JWSDK *add-on
From: Phuong Nguyen <dphuong () yahoo com>
Date: Mon, 20 Aug 2001 06:13:47 -0700 (PDT)
Javaserver Web Dev Kit version 1.0 (JWSDK) JWSDK directory traversal vulnerability is found by CHINANSL Security Advisory(CSA-200106), i want to add another thing, it's also vulnerable to other operating system like redhat 6.1 and this nasty bug allows you to browse and read any file with ROOT previledge , so you can read shadow file and stuff http://localhost:8080/../examples//WEB-INF/../../../../../ __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
Current thread:
- JWSDK *add-on Phuong Nguyen (Aug 20)
- Re: JWSDK *add-on KF (Aug 20)