SBox 1.0.4 – Full Path Disclosure

SBox 1.0.4 – Full Path Disclosure

漏洞ID 1054187 漏洞类型
发布时间 2003-09-25 更新时间 2003-09-25
图片[1]-SBox 1.0.4 – Full Path Disclosure-安全小百科CVE编号 N/A
图片[2]-SBox 1.0.4 – Full Path Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23187
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8705/info

sbox has been reported prone to a path disclosure vulnerability.

The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an error message that contains path information.

Information contained in this error message may aid an attacker in further attacks mounted against a vulnerable system. 

http://www.example.com/cgi-bin/non-existent.pl

Will result in:
Sbox Error
The sbox program encountered an error while processing this request.
Please note the time of the error, anything you might have been doing at
the time to trigger the problem, and forward the information to this
site's Webmaster ([email protected]).

Stat failed. /home/jcf/cgi-bin/a.pl: No such file or directory

sbox version 1.04
$Id: sbox.c,v 1.9 2000/03/28 20:12:40 lstein Exp $

相关推荐: Symantec Enterprise Firewall Notify Daemon SNMP Data Loss Vulnerability

Symantec Enterprise Firewall Notify Daemon SNMP Data Loss Vulnerability 漏洞ID 1102436 漏洞类型 Failure to Handle Exceptional Conditions…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享