tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <r...@apache.org>
Subject Re: CHINANSL Security Advisory(CSA-200108)
Date Mon, 02 Apr 2001 17:16:25 GMT
> ----------
> From: Stian Myhre <niggah@ONLINE.NO>
> Reply-To: Stian Myhre <niggah@ONLINE.NO>
> Date: Mon, 2 Apr 2001 11:54:52 +0200
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: CHINANSL Security Advisory(CSA-200108)
>
> Hi all.
>
> It is possible not only to get the listing
> but also the files.
> If you use replace the last / with %5c it will
> give you the file.
>
> example:
> > http://target:8080/%2e%2e/%2e%2e%5cyourfilehere%00.jsp

Did you try it ? I can't reproduce that one. It was probably a pre b2
problem.

Remy


Mime
View raw message