Allaire JRun ACL bypassing/soure disclosure vulnerability

From: Gregory Duchemin (c3rb3rat_private)
Date: Sun Dec 02 2001 - 23:54:26 PST

Next message: Jedi/Sector One: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"

Previous message: Sebastian Krahmer: "SuSE Security Announcement: OpenSSH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <009a01c1792a$d8a23160$0205a8c0@athlon> hi, just an add on for the Jrun indexing vulnerability, the same %3f.jsp trick allows to view server scripts sources by using : GET /scripts.asp%3f.jsp HTTP/1.0 and can be used to bypass IIS directories ACLs too while indexing the content and/or viewing files. GET /ACL-protected/%3f.jsp tested on IIs 4.0 Have a nice day Gregory

Next message: Jedi/Sector One: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
Previous message: Sebastian Krahmer: "SuSE Security Announcement: OpenSSH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 15:08:00 PST