Novell WebServer Examples Toolkit 2 files.pl漏洞

Novell WebServer Examples Toolkit 2 files.pl漏洞

漏洞ID 1105386 漏洞类型 未知
发布时间 1998-12-01 更新时间 2002-01-15
图片[1]-Novell WebServer Examples Toolkit 2 files.pl漏洞-安全小百科CVE编号 CVE-1999-1081
图片[2]-Novell WebServer Examples Toolkit 2 files.pl漏洞-安全小百科CNNVD-ID CNNVD-200201-009
漏洞平台 Novell CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20482
https://www.securityfocus.com/bid/88445
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200201-009
|漏洞详情
NovellWebServerExamplesToolkit2中的files.pl脚本存在漏洞。远程攻击者读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2076/info

Novell Web Server 3.x Examples Toolkit v.2 is a package containing example scripts and HTML files to help administrators design web sites. It is not a support Novell product and is provided solely as a convenience to the user. The toolkit contained a script called "FILES.PL" that could be used to view the contents of files or directories on the server by a remote attacker. This is done by passing the parameter "file=<file-or-directory-to-view>" to the script. An attacker could gain information useful in conducting subsequent attacks, or retrieve personal or proprietary information. 

http://victim.host/perl/files.pl?file=sys:system/autoexec.ncf
http://victim.host/perl/files.pl?file=sys:etc/ldremote.ncf
http://victim.host/perl/files.pl?file=vol2:apps/accounting/payroll.doc
|受影响的产品
Novell Web Server 2.0 Examples Toolkit
|参考资料

来源:XF
名称:http-nov-files(2054)
链接:http://xforce.iss.net/static/2054.php
来源:www.w3.org
链接:http://www.w3.org/Security/Faq/wwwsf8.html#Q87
来源:www.roxanne.org
链接:http://www.roxanne.org/faqs/www-secure/wwwsf4.html#Q35

相关推荐: innfeed Command-Line Buffer Overflow Vulnerability

innfeed Command-Line Buffer Overflow Vulnerability 漏洞ID 1076375 漏洞类型 Boundary Condition Error 发布时间 2001-04-18 更新时间 2001-04-18 CVE编…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享