[19993] in bugtraq
Re: CHINANSL Security Advisory(CSA-200108)
daemon@ATHENA.MIT.EDU (Stian Myhre)
Mon Apr 2 12:13:28 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <00e001c0bb5a$f6c4fe90$150aa8c0@devsenter.local>
Date: Mon, 2 Apr 2001 11:54:52 +0200
Reply-To: Stian Myhre <niggah@ONLINE.NO>
From: Stian Myhre <niggah@ONLINE.NO>
X-To: lovehacker@263.NET
To: BUGTRAQ@SECURITYFOCUS.COM
Hi all.
It is possible not only to get the listing
but also the files.
If you use replace the last / with %5c it will
give you the file.
example:
> http://target:8080/%2e%2e/%2e%2e%5cyourfilehere%00.jsp
-Njack
