├── .gitignore ├── pom.xml ├── src ├── main │ ├── java │ │ └── com │ │ │ └── mkyong │ │ │ └── web │ │ │ └── controller │ │ │ └── HelloController.java │ └── webapp │ │ ├── META-INF │ │ └── context.xml │ │ ├── WEB-INF │ │ ├── pages │ │ │ ├── hello.jsp │ │ │ └── hello1.jsp │ │ ├── spring-web-config.xml │ │ ├── test.txt │ │ └── web.xml │ │ └── resources │ │ ├── test.txt │ │ └── theme1 │ │ ├── css │ │ └── main.css │ │ └── js │ │ ├── jquery.1.10.2.min.js │ │ └── main.js └── test │ ├── java │ ├── com │ │ └── mkyong │ │ │ └── web │ │ │ └── controller │ │ │ ├── ExplorativeTestNoauto.java │ │ │ ├── FailingRequest.java │ │ │ ├── FailingServletContext.java │ │ │ └── NoautoTestInvalidPath.java │ └── org │ │ └── springframework │ │ └── web │ │ └── servlet │ │ └── resource │ │ └── ILoveProtectedAccess.java │ └── resources │ └── com │ └── mkyong │ └── web │ └── controller │ ├── test │ ├── bar.css │ └── foo.css │ └── testsecret │ └── secret.txt └── stealfile.sh /.gitignore: -------------------------------------------------------------------------------- 1 | /target/ -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/pom.xml -------------------------------------------------------------------------------- /src/main/java/com/mkyong/web/controller/HelloController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/java/com/mkyong/web/controller/HelloController.java -------------------------------------------------------------------------------- /src/main/webapp/META-INF/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/META-INF/context.xml -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/pages/hello.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/WEB-INF/pages/hello.jsp -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/pages/hello1.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/WEB-INF/pages/hello1.jsp -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/spring-web-config.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/WEB-INF/spring-web-config.xml -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/test.txt: -------------------------------------------------------------------------------- 1 | testtxt -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /src/main/webapp/resources/test.txt: -------------------------------------------------------------------------------- 1 | testtxt -------------------------------------------------------------------------------- /src/main/webapp/resources/theme1/css/main.css: -------------------------------------------------------------------------------- 1 | h1{ 2 | color:red; 3 | } 4 | -------------------------------------------------------------------------------- /src/main/webapp/resources/theme1/js/jquery.1.10.2.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/resources/theme1/js/jquery.1.10.2.min.js -------------------------------------------------------------------------------- /src/main/webapp/resources/theme1/js/main.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/main/webapp/resources/theme1/js/main.js -------------------------------------------------------------------------------- /src/test/java/com/mkyong/web/controller/ExplorativeTestNoauto.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/test/java/com/mkyong/web/controller/ExplorativeTestNoauto.java -------------------------------------------------------------------------------- /src/test/java/com/mkyong/web/controller/FailingRequest.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/test/java/com/mkyong/web/controller/FailingRequest.java -------------------------------------------------------------------------------- /src/test/java/com/mkyong/web/controller/FailingServletContext.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/test/java/com/mkyong/web/controller/FailingServletContext.java -------------------------------------------------------------------------------- /src/test/java/com/mkyong/web/controller/NoautoTestInvalidPath.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/test/java/com/mkyong/web/controller/NoautoTestInvalidPath.java -------------------------------------------------------------------------------- /src/test/java/org/springframework/web/servlet/resource/ILoveProtectedAccess.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/test/java/org/springframework/web/servlet/resource/ILoveProtectedAccess.java -------------------------------------------------------------------------------- /src/test/resources/com/mkyong/web/controller/test/bar.css: -------------------------------------------------------------------------------- 1 | h2 { color:white; } -------------------------------------------------------------------------------- /src/test/resources/com/mkyong/web/controller/test/foo.css: -------------------------------------------------------------------------------- 1 | h1 { color:red; } -------------------------------------------------------------------------------- /src/test/resources/com/mkyong/web/controller/testsecret/secret.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/src/test/resources/com/mkyong/web/controller/testsecret/secret.txt -------------------------------------------------------------------------------- /stealfile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ilmila/springcss-cve-2014-3625/HEAD/stealfile.sh --------------------------------------------------------------------------------