|
Vulnerability Development
mailing list archives
Re: jsp malicious coding
From: drizzt.dourden () INAME COM
Date: Wed, 30 Aug 2000 09:29:56 +0200
DecĂa Bruno Cardoso:
I'm not really into jsp, but something came up and I would appreciate
any insights on this matter.
Is there any kind of malicious coding on jsp? Something like the fopen
function on php. I'm really concerned about this because I have some
clients using jps over Apache and I wouldn't enjoy any kind of malicious
activity such as gettin' my /etc/passwd or /etc/shadow via jps
scripting...
Yes, you can open a file everywhere in the file System. Look at this code:
<%@ page
import="java.io.*,
java.util.*"
%><%
String path = request.getParameter("imagePath");
try
{
response.setContentType("image/gif");
fis = new FileInputStream(path);
OutputStream os = response.getOutputStream();
int len = 0;
byte[] buffer = new byte[1024];
while (len != (-1))
{
len = fis.read(buffer, 0, 1024);
if (len != (-1)) os.write(buffer, 0, len);
}
}
catch (Exception e)
{
System.out.println(e.toString());
out.println(e.toString());
}
finally
{
if (fis != null) fis.close();
}
%>
If you don't control the variable path you can open any file ( including
/etc/password).
Thx to Ulandron by the code
--
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." -- Jeremy Anderson
 By Date 
By Thread
Current thread:
|
Intro
