摘要:
涉及程序:
jrun
描述:
allaire jrun 2.3 查看任意文件漏洞
详细:
allaire 的 jrun 服务器 2.3上存在多重显示代码漏洞。该漏洞允许攻击者在 web 服务器上查看根目录下的任意文件的源代码。
jrun 2.3 使用 java servlets 解析各种各样类型的页面(例如:html, jsp等等)。基于rules.properties 和 s......
摘要:
涉及程序: ibm websphere application server 3.0.2及更低版本 描述: ibm websphere application server 暴露jsp文件内容 详细: java server pages (jsp)类型的文件是以.jsp扩展名在websphere application serve 上注册,websphere 是文件名大小写敏感的,.jsp和......
apachetomcat的snoopservlet漏洞上一页 ...rse different types of content, jhtml, html, jsp, etc.) this default servlet will display the document/page without parsing/compiling it hence allowing the code to be viewed by the end user.
the foundstone, inc. advisory which covered this problem detailed the following method of verifying the vulnerability - full text of this advisory is available in the credit section of this entry: 【程序编程相关:
C# AOP微型框架实现(二)
】
【推荐阅读:
使用AOP微型框架的例子
】
"it is easy to verify this vulnerability for a given system. prefixing the path to web pages with "/servlet/file/" in the url causes the file to be displayed without being 【扩展信息:
C# AOP微型框架实现(一)
】
parsed or compiled. for example if the url for a file "login.jsp" is:
http://site.running.websphere/login.jsp
then accessing
http://site.running.websphere/servlet/file/login.jsp
would cause the unparsed contents of the file to show up in the web browser."
摘要:
tomcat 暴露jsp文件内容涉及程序: tomcat详细: java server pages (jsp)类型的文件是以.jsp扩展名在tomcat 上注册,tomcat 是文件名大小写敏感的,.jsp和.jsp是不同类型的文件扩展名。如果提交有.jsp的链接给tomcat,而tomcat找不到.jsp就会以默认的.text文件类型来响应请求。因为在nt系统中大小写文件名是非敏感的,所以......
