Hi,

at three time, I sent a message to Sun's web team about
a full path disclosure vulnerability they have in their
website, but withtout any acknowledge or correction of
it.

Sun's website use .jhtml files. The Java engine computing
these pages do not handle errors properly and return the
full path of the web server when you request a non-existent
file.

-->
http://store.sun.com/demo.jhtm
<--

Will return this :

-->
Error getting compiled page

Can't read source file: /eSunfe1/util/sunstore/SSDynamo/html/demo.jhtm
<--

I received this error message a first time when I did a typo
in the URL I was looking for. Requesting a non-existent
file not managed by the Java engine, so handled by the
HTTP daemon, will not disclose these informations.

(http://store.sun.com/demo.jpg)

Hope Sun will correct this in both their web sites and
their Java engine (they surely use their own tools for
that !)

Jacques Bourdeau

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]