Bwahahahahah (insert world domination laugh here) ... Since I gave jconsole ROOT access to my server ... the user essentially can do anything on my machine. He just need to create a IJS file with a malicious script and my machine is pwnd!!! :D
Cool! A backdoor ... ehem ... an alternative to an SSH server. :P (cue world domination laugh) Seriously. Our internal network has an ip/port monitoring which probes a machine and its open ports at fixed intervals. The admins told me that they use this to check if a server has gone down. Well, it's not crashing the JHP server but my http://jlibrary/jijx looks like this: J Http Server |ill-formed number |ill-formed number |ill-formed number It's now a page-full of them. ;) Okay. Okay ... I'll turn it off before I go home today. I'm still playing with it and trying out what I "can" do to my server remotely though the J HTTP webserver. :D ;) >:) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Raul Miller Sent: Friday, December 04, 2009 1:48 PM To: Beta forum Subject: Re: [Jbeta] jhs version 1.5 available On Thu, Dec 3, 2009 at 11:05 PM, Alex Rufon <[email protected]> wrote: > My suggestion is to limit the web client/user to only the j701-user and the > J701 directories. J can already access any file on the system. -- Raul ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
