Sun One WebServer 6.1 JSP Source Viewing Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Sun One WebServer 6.1 JSP Source Viewing Vulnerability
# Published : 2009-07-09
# Author : kcope
# Previous Title : Windows Live Messenger Plus! FileServer 1.0 Directory Traversal Vuln
# Next Title : Green Dam Remote Change System Time Exploit

Sun One WebServer 6.1 JSP Source Viewing vulnerability

System: Sun-ONE-Web-Server/6.1, Windows Server 2003

SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose
JSP Source code.

A normal URL would look like:

http://server/hello.jsp

To disclose the contents including source code of a JSP file:

http://server/hello.jsp::$DATA

Best Regards,

Nikolaos Rangos

# www.Syue.com [2009-07-09]