Last active
September 3, 2015 20:25
-
-
Save kjlubick/560dda55c47dd3a53643 to your computer and use it in GitHub Desktop.
Example Jetty Exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.eclipse.jetty.server.Server; | |
| public static HTTPServer startUpAnHTTPServer(WebQueryInterface wqi, UserManager um) | |
| { | |
| HTTPServer httpServer = new HTTPServer(); | |
| if (HTTPServer.getUserManager() == null) | |
| { | |
| userManager = um; | |
| } | |
| //Exploitable, this port can be accessed by anyone on the local network | |
| httpServer.underlyingServer = new Server(SERVER_PORT); | |
| //Safe, only can be accessed by localhost | |
| //httpServer.underlyingServer = new Server(new InetSocketAddress("localhost", SERVER_PORT)); | |
| httpServer.underlyingServer.setHandler(HandlerManager.makeHandler(wqi)); | |
| try | |
| { | |
| httpServer.underlyingServer.start(); | |
| } | |
| catch (Exception e) | |
| { | |
| logger.error("There was a problem starting the server", e); | |
| } | |
| return httpServer; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment