Snowblind Web Server 目录遍历漏洞

Snowblind Web Server 目录遍历漏洞

漏洞ID 1107332 漏洞类型 路径遍历
发布时间 2003-05-16 更新时间 2003-06-16
图片[1]-Snowblind Web Server 目录遍历漏洞-安全小百科CVE编号 CVE-2003-0312
图片[2]-Snowblind Web Server 目录遍历漏洞-安全小百科CNNVD-ID CNNVD-200306-056
漏洞平台 Windows CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/22609
https://www.securityfocus.com/bid/87148
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-056
|漏洞详情
SnowblindWebServer1.0版本存在目录遍历漏洞。远程攻击者借助HTTP请求中..(点点)读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/7618/info

It has been announced that Snowblind Web Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information.

According to the report, Snowblind Web Server does not perform correct access validation on client requested paths which include "../" character sequences.

http://www.example.com/../../windows/system.ini
http://www.example.com/internal.sws?../../windows/system.ini
|受影响的产品
Snowblind.Net Snowblind Web Server 1.0
|参考资料

来源:BUGTRAQ
名称:20030516SnowblindWebServer:multipleissues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105311719128173&w;=2

相关推荐: PhotoDB 1.4 Administrator Access Vulnerability

PhotoDB 1.4 Administrator Access Vulnerability 漏洞ID 1102154 漏洞类型 Input Validation Error 发布时间 2002-05-04 更新时间 2002-05-04 CVE编号 N/A …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享