Bugtraq mailing list archives

Jetty jsp/servlet engine xss / uname disclosure vuln

From: <skinnay () skinnux com>
Date: Sat, 28 Sep 2002 13:53:17 -0400 (EDT)

Jetty is an open source jsp/servlet engine thingamabob
http://jetty.mortbay.org

observe
http://jetty.mortbay.org/%0a%0a<script>alert("jax%20is%20ereet%20:P")</script>.jsp

found by skinnay () skinnux com
www.skinnux.com
( site and email down alot, not that anyone emails me anyway :)

Current thread:

Jetty jsp/servlet engine xss / uname disclosure vuln skinnay (Sep 28)