Exploit Database - Logo

Blazix 1.2 - Special Character Handling Server Side Script Information Disclosure

EDB-ID: 21751 Author: Auriemma Luigi Published: 2002-08-24
CVE: CVE-2002-1451 Type: Remote Platform: Multiple
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/5566/info

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

When a user passes a request to the web server that ends in either a plus (+) or backslash (\), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file. 

http://www.example.com/jsptest.jsp+
http://www.example.com/jsptest.jsp\

Related Exploits

Trying to match CVEs (1): CVE-2002-1451
Trying to match OSVDBs (1): 10466
Other Possible E-DB Search Terms: Blazix 1.2,  Blazix
Date D V Title Author
2002-08-25Download Exploit Code Verified Blazix 1.2 - Password Protected Directory Information DisclosureAuriemma Luigi
Menu