Snowblind Web Server 目录遍历漏洞

27次阅读
没有评论

Snowblind Web Server 目录遍历漏洞

漏洞ID 1107332 漏洞类型 路径遍历
发布时间 2003-05-16 更新时间 2003-06-16
Snowblind Web Server 目录遍历漏洞CVE编号 CVE-2003-0312
Snowblind Web Server 目录遍历漏洞CNNVD-ID CNNVD-200306-056
漏洞平台 Windows CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/22609
https://www.securityfocus.com/bid/87148
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-056
|漏洞详情
SnowblindWebServer1.0版本存在目录遍历漏洞。远程攻击者借助HTTP请求中..(点点)读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/7618/info

It has been announced that Snowblind Web Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information.

According to the report, Snowblind Web Server does not perform correct access validation on client requested paths which include "../" character sequences.

http://www.example.com/../../windows/system.ini
http://www.example.com/internal.sws?../../windows/system.ini
|受影响的产品
Snowblind.Net Snowblind Web Server 1.0
|参考资料

来源:BUGTRAQ
名称:20030516SnowblindWebServer:multipleissues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105311719128173&w;=2

相关推荐: PhotoDB 1.4 Administrator Access Vulnerability

PhotoDB 1.4 Administrator Access Vulnerability 漏洞ID 1102154 漏洞类型 Input Validation Error 发布时间 2002-05-04 更新时间 2002-05-04 CVE编号 N/A …

正文完
 0