Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Kevin Spett (kspettspidynamics.com)
Date: Fri Jun 28 2002 - 14:09:43 CDT
This is not a security issue with this coding practice on any web
[application] server that I know of. As long as the include file is not of
a type that can be returned in plaintext to the server, this doesn't really
give an attacker much to work with in absence of a way to view the source
code of JSP files of your choosing.
----- Original Message -----
From: "Narsimha Mogiloji" <srin999yahoo.com>
Sent: Thursday, June 27, 2002 5:10 PM
Subject: JSP (app security)
> Hello All,
> Can somebody provide me detailed vulnerability
> information of the code snippet in any JSP file which
> is using relative PATH like
> <% include file="../filename.jsp" %>.
> Is it considered to be security issue ? If yes !! How
> Thanks in advance
> - -Chary
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup