Penetration Testing mailing list archives
Re: donloading jsp for pen-test
From: "Deniz CEVIK" <denizcev () gmail com>
Date: Sat, 12 Apr 2008 11:41:50 +0300
If you are asking this question, i suggest you to hire pentester. :) You cant download JSP, ASP , ASPX source code from internet unless web server or application have source code disclosure vulnerability. Some tomcat versions are affected this kind of problems. Check http://tomcat.apache.org/security.html for details. Best Regards. On Fri, Apr 11, 2008 at 5:59 PM, <victorfrankenstein () yahoo com> wrote:
Helo I'm currently doing a pen-test against my company site. We have a web application runing over tomcat - in jsp format, one of my goals is try to conect to my datebase from internet using my webapp code. I try to download the jsp files from web server but when i chek it the file contets is only a html code, for this propose i do it whit linux wget, flashget, and others but all ways whit the same result. If any one colud give me any idea about how can i downlad the full jsp file i will appreciate a lot. Tahnks very much. Regards, Victor ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- donloading jsp for pen-test victorfrankenstein (Apr 11)
- Re: donloading jsp for pen-test Todd Haverkos (Apr 12)
- Re: donloading jsp for pen-test Shreyas Zare (Apr 12)
- Re: donloading jsp for pen-test Deniz CEVIK (Apr 12)
- <Possible follow-ups>
- Re: donloading jsp for pen-test xx yy (Apr 12)
- Re: donloading jsp for pen-test arvind doraiswamy (Apr 12)