Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
jsp:include and WEB-INF content read access
Posted by: beaule
Date: March 01, 2007 02:34AM

Maybe well known for the most part of readers but i (re)notice:

<jsp:include page="/dir1/dir2/myPage<%=myIndex%>.jsp"/>

where "myIndex" comes from the request.
Maybe some people thinks that putting !!!ONLY!!! the "myIndex" in the jsp include string does not allow a hacker to access some protected resources on your server.

False of course ,
just inject in myIndex the string "../../WEB-INF/web.xml?"
and the content of your web.xml is shown in your webbrowser...

Options: ReplyQuote
Re: jsp:include and WEB-INF content read access
Posted by: trev
Date: March 01, 2007 03:01AM

See http://sla.ckers.org/forum/read.php?3,3098

Options: ReplyQuote


Sorry, only registered users may post in this forum.