bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/20719.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

22 lines
No EOL
913 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/2527/info
BEA Systems WebLogic Server is an enterprise level web and wireless application server.
Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat ships with a built in web server.
Tomcat and WebLogic's inbuilt webserver will return the source code of JSP files when an HTTP request contains URL encoded replacements for characters in the filename.
If successfully exploited this vulnerability could lead to the disclosure of sensitive information contained within JSP pages. This information may assist in further attacks against the host.
WebLogic:
http://www.example.com/index.js%70
Tomcat:
http://www.example.com/examples/jsp/num/numguess.js%70
The following variant URL for Tomcat has been provided by lovehacker <lovehacker@263.net>:
http://www.example.com/examples/snp/snoop%252ejsp
Reference in a new issue View git blame Copy permalink