Something is wrong on the University of Mauritius webserver

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Ish Sookun <ish_at_hacklog.in>
Date: Thu, 2 Apr 2015 20:37:18 +0400

Hello,

I found a Java based web application[1] running on the University of
Mauritius webserver. The application is currently in public view and allows
anyone from the Internet to modify, delete or add resources.

Someone with an Internet access could thus upload malicious code on the
webserver and remotely execute it.

I thus trigger it as a vulnerability. If it's not, I apologize for
triggering a false alarm, if it is, you can thank me later.

[1]
http://aap-server.uom.ac.mu:8080/repository/entry/show/RAMADDA+repository+-+AAP+Mauritius/AAP+Mauritius+Workshop+-+Participants?entryid=1de74fdb-5a30-4956-a6d2-0c0f2ca21868

Regards,

Ish Sookun

- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.

https://twitter.com/IshSookun ^^ Do you tweet?
Received on Thu Apr 02 2015 - 16:37:44 PST

This archive was generated by hypermail 2.3.0 : Thu Apr 02 2015 - 16:45:00 PST