Penetration Testing mailing list archives
Re: Odd server side scripts source disclosure vulnerability
From: Hugo Fortier <hugo.fortier () gmail com>
Date: Fri, 20 Aug 2004 16:25:02 -0400
I meant that the Virtual Host is correctly configured, but the default Document Root does't handle the JSP so it handle out JSP without been processed by websphere. The Document Root should probably not point to the physical location where the JSP reside, because it should be served by Websphere and in fact the Apache server does't even need the permision to read the file... This is probably a common configuration mistake done by miscomprehention on the Integration on those 2 products. I got no experience with IBM HTTP Server and Websphere, so I don't fully understand their integration, but I do have experience with Websphere and some other webserver product. Hugo Fortier On Fri, 20 Aug 2004 16:13:02 -0400, Hugo Fortier <hugo.fortier () gmail com> wrote:
I beleive your bug is probably related to Virtual Host... The target site is probably having a Virtual Host define where the handler for the JSP are't correctly configured...
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- Re: Odd server side scripts source disclosure vulnerability, (continued)
- Re: Odd server side scripts source disclosure vulnerability Marek Wójcik (Aug 20)
- Re: Odd server side scripts source disclosure vulnerability George Hedfors (Aug 20)
- Re: Odd server side scripts source disclosure vulnerability R. DuFresne (Aug 20)
- Re: Odd server side scripts source disclosure vulnerability Hugo Fortier (Aug 21)
- Re: Odd server side scripts source disclosure vulnerability R. DuFresne (Aug 21)
- Re: Odd server side scripts source disclosure vulnerability R. DuFresne (Aug 22)
- Re: Odd server side scripts source disclosure vulnerability Joey Peloquin (Aug 22)
- Re: Odd server side scripts source disclosure vulnerability R. DuFresne (Aug 21)
- Re: Odd server side scripts source disclosure vulnerability George Hedfors (Aug 20)
- Re: Odd server side scripts source disclosure vulnerability Marek Wójcik (Aug 20)
- Re: Odd server side scripts source disclosure vulnerability Peter Parker (Aug 23)
- Re: Odd server side scripts source disclosure vulnerability Hugo Fortier (Aug 21)