Allaire JRun 2.3 – File Source Code Disclosure

Allaire JRun 2.3 – File Source Code Disclosure

漏洞ID 1053471 漏洞类型
发布时间 2000-10-23 更新时间 2000-10-23
图片[1]-Allaire JRun 2.3 – File Source Code Disclosure-安全小百科CVE编号 N/A
图片[2]-Allaire JRun 2.3 – File Source Code Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20315
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/1833/info

Allaire JRun is a web application development suite with JSP and Java Servlets. 

JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed URL using the SSIFilter servlet, a remote user will gain read access to any file on a hosts filesystem. This is due to improper checking of where "../" paths lead (eg, outside of the webroot). In addition to disclosing the contents of arbitrary files, this vulnerability could allow a user to gain access to the source code of any file within the web document root of the web server.

Successful exploitation of this vulnerability will enable an attacker to read any file the webserver has access to, this information can lead to other compromises.

http://target/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../filename

http://target/servlet/ssifilter/../../filename

相关推荐: BeOS 4.5/5.0 Invalid System Call Vulnerability

BeOS 4.5/5.0 Invalid System Call Vulnerability 漏洞ID 1104316 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2000-04-10 更新时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享