Vulnerability Development mailing list archives
Re: jsp malicious coding
From: drizzt.dourden () INAME COM
Date: Wed, 30 Aug 2000 09:29:56 +0200
DecĂa Bruno Cardoso:
I'm not really into jsp, but something came up and I would appreciate any insights on this matter. Is there any kind of malicious coding on jsp? Something like the fopen function on php. I'm really concerned about this because I have some clients using jps over Apache and I wouldn't enjoy any kind of malicious activity such as gettin' my /etc/passwd or /etc/shadow via jps scripting...
Yes, you can open a file everywhere in the file System. Look at this code: <%@ page import="java.io.*, java.util.*" %><% String path = request.getParameter("imagePath"); try { response.setContentType("image/gif"); fis = new FileInputStream(path); OutputStream os = response.getOutputStream(); int len = 0; byte[] buffer = new byte[1024]; while (len != (-1)) { len = fis.read(buffer, 0, 1024); if (len != (-1)) os.write(buffer, 0, len); } } catch (Exception e) { System.out.println(e.toString()); out.println(e.toString()); } finally { if (fis != null) fis.close(); } %> If you don't control the variable path you can open any file ( including /etc/password). Thx to Ulandron by the code -- "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." -- Jeremy Anderson
Current thread:
- jsp malicious coding Bruno Cardoso (Aug 29)
- Re: jsp malicious coding drizzt . dourden (Aug 30)
- Re: jsp malicious coding Stephane Pierre Bordas (Aug 30)
- Re: jsp malicious coding Jurriaan Kamer (Aug 31)