SnoopServlet suffers from a cross site scripting vulnerability.
08189fb09759a46c7037f8bbc057c6a790aa22e93ed798f3f66f84feb4d6871a
SnoopServlet simply echos back the request line and the headers that
were sent by the client, plus any HTTPS information.
Search Google for: j2ee/servlet/snoopservlet to find a lot of vuln sites.
PoC:
http://apad1.aduana.gob.bo:7777/j2ee/servlet/SnoopServlet/%3Cscript%3Ealert%28%27bo9lo7%27%29%3C/script%3E
--
Saleh Alsanad
PACI computer engineer
q8mosfet@gmail.com
I'm an FSF member -- Help us support software freedom! http://www.fsf.org/jf?referrer=2442