Apache Tomcat Remote File Disclosure.

Publicated on : 1193141997
Yep, tomcat is owned again. What a surprise, but what is most important it uses a very clever technique that was described by Gareth Heyes. for Javascript or to embed chrome files or variables in Firefox. With XML it is possible to check files or embed files. It works like this:

Reference a file:
<!ENTITY RemoteX SYSTEM "$remotefile">

So that

<RemoteX>&RemoteX;</RemoteX>
Contains the file if it exists, pretty clever!