|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kevin Spett (kspett
spidynamics.com)Date: Fri Jun 28 2002 - 14:09:43 CDT
This is not a security issue with this coding practice on any web
[application] server that I know of. As long as the include file is not of
a type that can be returned in plaintext to the server, this doesn't really
give an attacker much to work with in absence of a way to view the source
code of JSP files of your choosing.
Kevin Spett
SPI Labs
http://www.spidynamics.com/
----- Original Message -----
From: "Narsimha Mogiloji" <srin999yahoo.com>
To: <webappsecsecurityfocus.com>
Cc: <srin999yahoo.com>
Sent: Thursday, June 27, 2002 5:10 PM
Subject: JSP (app security)
>
> Hello All,
> Can somebody provide me detailed vulnerability
> information of the code snippet in any JSP file which
> is using relative PATH like
> <% include file="../filename.jsp" %>.
>
> Is it considered to be security issue ? If yes !! How
> ?
>
> Thanks in advance
> - -Chary
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]