[22325] in bugtraq
JWSDK *add-on
daemon@ATHENA.MIT.EDU (Phuong Nguyen)
Mon Aug 20 13:27:27 2001
Message-ID: <20010820131347.35342.qmail@web13407.mail.yahoo.com>
Date: Mon, 20 Aug 2001 06:13:47 -0700 (PDT)
From: Phuong Nguyen <dphuong@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Javaserver Web Dev Kit version 1.0 (JWSDK)
JWSDK directory traversal vulnerability is found by
CHINANSL Security Advisory(CSA-200106), i want to add
another thing, it's also vulnerable to other operating
system like redhat 6.1 and this nasty bug allows you
to browse and read any file with ROOT previledge , so
you can read shadow file and stuff
http://localhost:8080/../examples//WEB-INF/../../../../../
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
