JBoss.txt

JBoss.txt: Posted Jun 3, 2003; Authored by Marc Schoenefeld | Site illegalaccess.org; Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.; tags | exploit; SHA-256 | 5fa351f9ce58e57f2eea703a4be52cd1c81ec605244c7ecb9a5c8efb1cfdf9cf; Download | Favorite | View

JBoss.txt


Hi,

jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure.

Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source
code of this JSP. Seems to be a forgotten debug feature :-]

http://192.168.0.4:8080/web-console/ServerInfo.jsp%00

Sincerely
Marc Schoenefeld
(www.illegalaccess.org)

- --

Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous

Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (AIX)
Comment: For info see http://www.gnupg.org

iD8DBQE+15vvqCaQvrKNUNQRAmlxAJ0SUWM8q1cv2qpt1TjkuC2RuhkLXgCeLUN4
beFf0+xrJmL/ex+e/nTlKUA=
=rfSA
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

JBoss.txt

JBoss.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

JBoss.txt

Share This

JBoss.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems