ObsoleteFile-Detection-Evaluation web.xml copy dirs

[davesave]

Hi,
Using the docker branch, I tried to find the exploits of WEB-INF/web.xml with these links:

http://localhost:8098/wavsep/WEB-INF (copy)/web.xml
http://localhost:8098/wavsep/WEB-INF - Copy/web.xml
http://localhost:8098/wavsep/Copy of WEB-INF/web.xml

All of them returned 404. I remember this worked in older versions.

(Also, same in pico's version)

Thanks,
Dave.

[sectooladdict]

Hi Dave,
They still should work, and do in internal tests when wavsep is hosted on
Tomcat 7.

Should probably check the docker version, or see if some patch in tomcat is
the cause.

There's an upcoming update to wavsep, and I'll try and check the "missing"
test case behaviors prior to its release.

On Mon, May 2, 2016 at 10:55 AM, davesave [email protected] wrote:

Hi,
Using the docker branch, I tried to find the exploits of WEB-INF/web.xml
with these links:

http://localhost:8098/wavsep/WEB-INF (copy)/web.xml
http://localhost:8098/wavsep/WEB-INF - Copy/web.xml
http://localhost:8098/wavsep/Copy of WEB-INF/web.xml

All of them returned 404. I remember this worked in older versions.

(Also, same in pico's version)

Thanks,
Dave.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#7