Hi folks,

Something i came across while testing some of our WebSphere installations
(these have been fixed in the current versions of vanilla Apache, so i assume
these are just an inherited problem from the old Apache codebase.. Makes
you wonder what else there is? :^) )



Retreiving:

http://our.websphere.server/<script>alert('helloworld')</script>

Returns the properly parsed output.. However, trying to access outside of
the webroot, results in some CSS issues:

http://our.websphere.server/../<script>alert('helloworld')</script>

My test servers were running:

IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)
IBM_HTTP_Server/1.3.6.3 Apache/1.3.7-dev (Win32)



Cheers,

Twi.

Reply via email to