W3Mail文件泄漏漏洞

W3Mail文件泄漏漏洞

漏洞ID 1107092 漏洞类型 路径遍历
发布时间 2002-11-12 更新时间 2002-12-31
图片[1]-W3Mail文件泄漏漏洞-安全小百科CVE编号 CVE-2002-2399
图片[2]-W3Mail文件泄漏漏洞-安全小百科CNNVD-ID CNNVD-200212-689
漏洞平台 CGI CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/22015
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-689
|漏洞详情
W3Mail1.0.6版本的viewAttachment.cgi存在目录遍历漏洞。远程攻击者借助file参数的..(点点)读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/6170/info

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. 

viewAttachment.cgi?file=../../../../../etc/passwd
|参考资料

来源:BID
名称:6170
链接:http://www.securityfocus.com/bid/6170
来源:XF
名称:w3mail-argument-read-files(10612)
链接:http://www.iss.net/security_center/static/10612.php
来源:BUGTRAQ
名称:20021112FreshholeinW3Mail(fwd)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-11/0150.html

相关推荐: Halflife Linux Server rcon Vulnerabilities

Halflife Linux Server rcon Vulnerabilities 漏洞ID 1103708 漏洞类型 Boundary Condition Error 发布时间 2000-10-24 更新时间 2000-10-24 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享