Can someone pls tellme the useage of ServletContext.getRealPath(param1)...
I'm getting the strange answer, it seems always it's returning the
document_root directory + param1 - value
Regards
G S Sundaram
Tim Panton-Westhawk Ltd wrote:
> I've been working with some web
> vulnerability tools (see www.westpoint.ltd.uk).
> They all address vulnerabilities in
> cgi and asp. They don't seem to
> cover servlets and jsp's.
>
> The only things I could come up with
> were:
> default demo servlets still installed (eg finger, snoop etc), I'm
> not aware of any that pose a real threat.
> ability to run arbitrary servlets, even when they aren't
> explicitly mapped. Eg
> /servlets/net.ibm.servlets.Mytest
>
> How many servlet engines support
> the above form of invocation?
> Do any support it without the
> servlet needing to be mentioned
> in a config file? ( this last raises
> the prospect of invoking servlet
> base classes, or the servlets that
> underlie jsp's)
>
> If I can come up with a useful set of
> tests, I'll contribute them to
> nessus- an open source vulnerability
> scanner.
>
> Tim
> http://www.westhawk.co.uk/
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
