 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 130
 Members: 0
 Total: 130
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
JSP information disclosure vulnerability |
|
 Posted: Thu Mar 13, 2008 11:34 pm |
 |
|
| droidman |
| Active user |
 |
|
| Joined: Dec 10, 2007 |
| Posts: 31 |
|
|
|
 |
|
 |
|
I have found 2 websites one of them is a very very large website and they both ave the jsp information disclosure vulnerability in common.
BUT.... This vuln doesn't seem to be that big since i just see the source code of their JSP webpages (almost all of them work) and stuff like this:
| Code: |
import="com.genius.XXXX.front.web.pubs.*"
import="com.genius.XXXX.shared.web.fwk.html.*"
import="com.genius.XXXX.shared.web.fwk.PageLink"
... it goes on and on ...
|
Considering that i'm a perfect newbie on this kind of language (jsp) what does this type of vuln give me to explore? I have the database link on the "import" part of the website and nothing worth the job on the rest of the code unless i wanted to clone that website obviously
I searched google and yahoo to find ways to explore this and they just say that i can get the source and find passwords... well... I have found 2 websites and none of them has passwords or what so ever
is this jsp vuln that vulnerable after all?
is there any google dork to find other websites with this vuln ?
thanks in advance to all |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
