Joe Testa hellbent Information Leak Vulnerability

Joe Testa hellbent Information Leak Vulnerability

hellbent is a java web server maintained by Joe Testa.

hellbent contains a file called 'hellbent.prefs', this file contains the web root, paths to the access and error logs, and IP access lists.

If a user creates a file in the web root named after one of the preferences within the 'hellbent.prefs' file, and submits a GET request, the server will return the entry for the corresponding preference.

For example, if a user names a file index.webroot, and submits a GET request for that file, hellbent will return the corresponding entry within 'hellbent.prefs' for webroot.