Qbik WinGate Standard 3.0.5 – Log Service Directory Traversal

Qbik WinGate Standard 3.0.5 – Log Service Directory Traversal

漏洞ID 1053385 漏洞类型
发布时间 1999-02-22 更新时间 1999-02-22
图片[1]-Qbik WinGate Standard 3.0.5 – Log Service Directory Traversal-安全小百科CVE编号 N/A
图片[2]-Qbik WinGate Standard 3.0.5 – Log Service Directory Traversal-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19383
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/507/info


The WinGate log service is configured by default to only allow connections from 127.0.0.1, but can be set to allow connections from anywhere. Either way, there is a vulnerability that will allow any file to be read through the log service port over an http connection.

Update (October 16, 2000):

Blue Panda <[email protected]> has discovered that a variation of the vulnerability exists in recent versions. Using escaped characters, one can achieve the same effect. 

There are various ways of exploiting this.
NT and Win9x:
h t t p://www.server.com:8010/c:/
h t t p://www.server.com:8010//
Win9x only:
h t t p://www.server.com:8010/..../

相关推荐: GlimpseHTTP and WebGlimpse Piped Command Vulnerability

GlimpseHTTP and WebGlimpse Piped Command Vulnerability 漏洞ID 1105155 漏洞类型 Input Validation Error 发布时间 1996-07-03 更新时间 1996-07-03 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享