[18964] in bugtraq
WebSphere - Minor CSS Issue.
daemon@ATHENA.MIT.EDU (twi252@HUSHMAIL.COM)
Fri Feb 2 15:31:09 2001
Content-Type: multipart/mixed;
boundary="Hushpart_boundary_miYhhSdLYjlSRfTrziYoIrgdUHOScgxd"
Mime-Version: 1.0
Message-Id: <200102021319.FAA15717@user3.hushmail.com>
Date: Fri, 2 Feb 2001 07:50:45 -0500
Reply-To: twi252@HUSHMAIL.COM
From: twi252@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_miYhhSdLYjlSRfTrziYoIrgdUHOScgxd
Content-type: text/plain
Hi folks,
Something i came across while testing some of our WebSphere installations
(these have been fixed in the current versions of vanilla Apache, so i assume
these are just an inherited problem from the old Apache codebase.. Makes
you wonder what else there is? :^) )
Retreiving:
http://our.websphere.server/<script>alert('helloworld')</script>
Returns the properly parsed output.. However, trying to access outside of
the webroot, results in some CSS issues:
http://our.websphere.server/../<script>alert('helloworld')</script>
My test servers were running:
IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)
IBM_HTTP_Server/1.3.6.3 Apache/1.3.7-dev (Win32)
Cheers,
Twi.
--Hushpart_boundary_miYhhSdLYjlSRfTrziYoIrgdUHOScgxd--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
