CVE-2008-6528

TmaxSoft JEUS 5 - Unauthenticated Source Code Disclosure via NTFS Alternate Data Stream

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6528. PoCs published by Simon Ryeo.

AI-analyzed exploit summary This is a writeup describing a vulnerability in TmaxSoft JEUS where Alternate Data Streams (ADS) on NTFS can be exploited to disclose web application source files. The exploit involves appending '::$DATA' to a file request, bypassing normal file handling.

Description

NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Simon Ryeo · textremotewindows

https://www.exploit-db.com/exploits/7442

View Code ZIP pw:eip

This is a writeup describing a vulnerability in TmaxSoft JEUS where Alternate Data Streams (ADS) on NTFS can be exploited to disclose web application source files. The exploit involves appending '::$DATA' to a file request, bypassing normal file handling.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TmaxSoft JEUS < 5: Fix#26 on NTFS

No auth needed

Prerequisites: Target running JEUS on NTFS · Network access to the web server

MITRE ATT&CK