Home page logo

bugtraq logo Bugtraq mailing list archives

KPMG-2002020: Resin view_source.jsp Arbitrary File Reading
From: Peter Gründl <pgrundl () kpmg dk>
Date: Mon, 17 Jun 2002 09:16:18 +0200


Title: Resin view_source.jsp Arbitrary File Reading

BUG-ID: 2002020
Released: 17th Jun 2002

In a default installation of Resin server, the examples folder will
be installed as well. This folder contains a jsp script that can be
used to view arbitrary file contents with the permissions of the
web service.

- view_source.jsp from Resin 2.1.2 standalone on Windows 2000 Server

The sample script view_source.jsp tries to chroot to the folder
where it is located. If you look at the sourcecode, it says:

"// Chroot to the current directory so no one can use this as a p
 // security hold"

Attempts to use /../ to break out of the examples folder are also
foiled by the script. However, if you replace the /../ with \..\
you can access any file on the drive that Resin has access to.

Vendor URL:
You can visit the vendor webpage here: http://www.caucho.com

Corrective action:
Remove the examples folder from your website.

Author: Peter Gründl (pgrundl () kpmg dk)

KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.

  By Date           By Thread  

Current thread:
  • KPMG-2002020: Resin view_source.jsp Arbitrary File Reading Peter Gründl (Jun 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]