GNUJSP 1.0 - File Disclosure

EDB-ID:

21295

CVE:

2002-0300

EDB Verified:

Author:

Thomas Springer

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2002-02-19

Vulnerable App: 
source: https://www.securityfocus.com/bid/4125/info

GNUJSP is a freely available, open-source implementation of Sun's Java Server Pages. It will run on most Unix and Linux variants, as well as Microsoft Windows NT/2000 operating systems.

It has been reported that a remote attacker may disclose the contents of directories via a specially crafted web request. This may be exploited to list directories, read the contents of arbitrary web-readable files, and disclose script source code. The attacker simply appends the name of the directory and/or file to be disclosed to a web request for /servlets/gnujsp/.

It should be noted that this may allow an attacker to circumvent .htaccess files.

This issue may be the result of a configuration error. 

http://site/servlets/gnujsp/[dirname]/[file]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services