ObsoleteFile-Detection-Evaluation web.xml copy dirs

Question

ObsoleteFile-Detection-Evaluation web.xml copy dirs

Opened this issue 8 years ago · 1 comments

Hi,
Using the docker branch, I tried to find the exploits of WEB-INF/web.xml with these links:

http://localhost:8098/wavsep/WEB-INF (copy)/web.xml
http://localhost:8098/wavsep/WEB-INF - Copy/web.xml
http://localhost:8098/wavsep/Copy of WEB-INF/web.xml

All of them returned 404. I remember this worked in older versions.

(Also, same in pico's version)

Thanks,
Dave.

Answer 1 · 2016-05-05T04:59:31.000Z

Hi Dave,
They still should work, and do in internal tests when wavsep is hosted on
Tomcat 7.

Should probably check the docker version, or see if some patch in tomcat is
the cause.

There's an upcoming update to wavsep, and I'll try and check the "missing"
test case behaviors prior to its release.

On Mon, May 2, 2016 at 10:55 AM, davesave notifications@github.com wrote:

Hi,
Using the docker branch, I tried to find the exploits of WEB-INF/web.xml
with these links:

http://localhost:8098/wavsep/WEB-INF (copy)/web.xml
http://localhost:8098/wavsep/WEB-INF - Copy/web.xml
http://localhost:8098/wavsep/Copy of WEB-INF/web.xml

All of them returned 404. I remember this worked in older versions.

(Also, same in pico's version)

Thanks,
Dave.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#7