[24009] in bugtraq
Full path disclosure vulnerabilty in Sun's Web site
daemon@ATHENA.MIT.EDU (J_Bourdeau@videotron.ca)
Mon Jan 28 14:56:53 2002
From: J_Bourdeau@videotron.ca
Date: Sat, 26 Jan 2002 21:02:31 GMT
Message-ID: <20020126.21023100@E2.>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Hi,
at three time, I sent a message to Sun's web team about
a full path disclosure vulnerability they have in their
website, but withtout any acknowledge or correction of
it.
Sun's website use .jhtml files. The Java engine computing
these pages do not handle errors properly and return the
full path of the web server when you request a non-existent
file.
-->
http://store.sun.com/demo.jhtm
<--
Will return this :
-->
Error getting compiled page
Can't read source file: /eSunfe1/util/sunstore/SSDynamo/html/demo.jhtm
<--
I received this error message a first time when I did a typo
in the URL I was looking for. Requesting a non-existent
file not managed by the Java engine, so handled by the
HTTP daemon, will not disclose these informations.
(http://store.sun.com/demo.jpg)
Hope Sun will correct this in both their web sites and
their Java engine (they surely use their own tools for
that !)
Jacques Bourdeau
