Re: donloading jsp for pen-test

["Deniz CEVIK" <denizcev () gmail com>]

If you are asking this question, i suggest you to hire pentester. :)
You cant download JSP, ASP , ASPX source code from internet unless web
server or application have source code disclosure vulnerability. Some
tomcat versions are affected this kind of problems. Check
http://tomcat.apache.org/security.html for details.

Best Regards.

On Fri, Apr 11, 2008 at 5:59 PM,  <victorfrankenstein () yahoo com> wrote:
> Helo
>
> I'm currently doing a pen-test against my company site. We have a web application runing over tomcat - in jsp format, 
> one of my goals is try to conect to my datebase from internet using my webapp code. I try to download the jsp files 
> from web server but when i chek it the file contets is only a html code, for this propose i do it whit linux wget, 
> flashget, and others but all ways whit the same result. If any one colud give me any idea about how can i downlad the 
> full jsp file i will appreciate a lot.
>
>
> Tahnks very much.
>
>
> Regards,
>
> Victor
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------