Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: jana2.htm

Jana HTTP Server Directory traversal vulnerability

    Jana HTTP Server


    Jana HTTP Server


    eAX found following.  He  found a directory travelling bug  again,
    this time in JANA HTTP Server software available as freeware  from

    Here is how to exploit the bug for cracking systems running  Jana.
    eAX tested it with Jana 1.45 on Windows 98 and Windows 2000:

        1. Open a browser window
        2. Type i.e

    You will  notice that  the server  offers you  to download win.ini
    (if  Jana  is   installed  in  the   default  path,  otherwise   a
    modification is  requiered).   You can  imagine how  to modify the
    URL, to download any file you want.


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH