EvilZone
Hacking and Security => Hacking and Security => : sn0wm4n February 20, 2014, 04:24:25 AM
-
I found a site that starts at a .jsp page. Deeper down there is an unsecured uploader. I've tried uploading a simple .jsp script to try to get it to execute but no matter what I do, I can't get it to render. I've tried different file extensions, hell I've even tried asp and php scripts but instead of anything rendering, they just download when you try to access them on the server. Now why would it respond to the first .jsp but not anyone uploaded ones?
-
So it look like it lacks the executeable flag .
You tried explicitly changing +x for the file ?
-
So it look like it lacks the executeable flag .
You tried explicitly changing +x for the file ?
I haven't but I thought that it was irrelevant since scripts like that are only read by the php or httpd or whatever servers and not executed like a script would be. Is that incorrect?
-
I haven't but I thought that it was irrelevant since scripts like that are only read by the php or httpd or whatever servers and not executed like a script would be. Is that incorrect?
As long as they don't have that executeable flag nothing is gonna happen, that is correct.
-
I just tried a php script on my server and it still renders the php correctly even when its not the +x flag isn't set for anyone. rw-rw-rw still renders fine. Is that different for JSP?