Re: jsp malicious coding

[drizzt.dourden () INAME COM]

Decía Bruno Cardoso:
> I'm not really into jsp, but something came up and I would appreciate
> any insights on this matter.
> Is there any kind of malicious coding on jsp? Something like the fopen
> function on php. I'm really concerned about this because I have some
> clients using jps over Apache and I wouldn't enjoy any kind of malicious
> activity such as gettin' my /etc/passwd or /etc/shadow via jps
> scripting...

Yes, you can open a file everywhere in the file System. Look at this code:


<%@ page
   import="java.io.*,
           java.util.*"
%><%
  String path = request.getParameter("imagePath");

  try
  {
    response.setContentType("image/gif");
        fis = new FileInputStream(path);
    OutputStream os = response.getOutputStream();

    int len = 0;

    byte[] buffer = new byte[1024];

    while (len != (-1))
    {
      len = fis.read(buffer, 0, 1024);
      if (len != (-1)) os.write(buffer, 0, len);
    }
  }
  catch (Exception e)
  {
    System.out.println(e.toString());
    out.println(e.toString());
  }
  finally
  {
    if (fis != null) fis.close();
  }
%>

If you don't control the variable path you can open any file ( including
/etc/password).

Thx to Ulandron by the code
--
"There are two major products that come out of Berkeley: LSD and UNIX.
 We don't believe this to be a coincidence." -- Jeremy Anderson