W3Mail文件泄漏漏洞

25次阅读
没有评论

W3Mail文件泄漏漏洞

漏洞ID 1107092 漏洞类型 路径遍历
发布时间 2002-11-12 更新时间 2002-12-31
W3Mail文件泄漏漏洞CVE编号 CVE-2002-2399
W3Mail文件泄漏漏洞CNNVD-ID CNNVD-200212-689
漏洞平台 CGI CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/22015
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-689
|漏洞详情
W3Mail1.0.6版本的viewAttachment.cgi存在目录遍历漏洞。远程攻击者借助file参数的..(点点)读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/6170/info

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. 

viewAttachment.cgi?file=../../../../../etc/passwd
|参考资料

来源:BID
名称:6170
链接:http://www.securityfocus.com/bid/6170
来源:XF
名称:w3mail-argument-read-files(10612)
链接:http://www.iss.net/security_center/static/10612.php
来源:BUGTRAQ
名称:20021112FreshholeinW3Mail(fwd)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-11/0150.html

相关推荐: Halflife Linux Server rcon Vulnerabilities

Halflife Linux Server rcon Vulnerabilities 漏洞ID 1103708 漏洞类型 Boundary Condition Error 发布时间 2000-10-24 更新时间 2000-10-24 CVE编号 N/A CN…

正文完
 0