T. Hauck Jana Server 1.45/1.46 - Hex Encoded Directory Traversal

EDB-ID:

20829

CVE:

2001-0557

EDB Verified:

Author:

neme-dhc

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2001-05-07

Vulnerable App: 
source: https://www.securityfocus.com/bid/2703/info

It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user. 

www.example.com/%2e%2e/%2e%2e/

www.example.com/%2e%2e/%2e%2e/filename
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services