PHPix Photo Album目录遍历漏洞

PHPix Photo Album目录遍历漏洞

漏洞ID 1106033 漏洞类型 路径遍历
发布时间 2000-10-07 更新时间 2005-05-02
图片[1]-PHPix Photo Album目录遍历漏洞-安全小百科CVE编号 CVE-2000-0919
图片[2]-PHPix Photo Album目录遍历漏洞-安全小百科CNNVD-ID CNNVD-200012-164
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20278
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-164
|漏洞详情
PHPixPhotoAlbum1.0.2以及之前版本存在目录遍历漏洞。远程攻击者借助..(点点)攻击读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/1773/info

PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The problem is that "../" character sequences can be supplied by the user in an http variable that is used to reference a file on the webservers filesystem. As a result, the attacker can construct a path relative to the current working directory of the webserver using ".."'s and then the target filename/path to read any readable (to the uid of the httpd process) file on the filesystem. The information gained may make it easier to compromise the system in other ways.

Example:

http://target.com/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0

The above line if given will output all the directories that are nested within /etc
directory. Other more sinister content can be revealed from there.
|参考资料

来源:XF
名称:phpix-dir-traversal
链接:http://xforce.iss.net/static/5331.php
来源:BID
名称:1773
链接:http://www.securityfocus.com/bid/1773
来源:OSVDB
名称:472
链接:http://www.osvdb.org/472
来源:BUGTRAQ
名称:20001007PHPixadvisory
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html

相关推荐: Bavo Message Editing Insecure CGI Vulnerability

Bavo Message Editing Insecure CGI Vulnerability 漏洞ID 1102422 漏洞类型 Input Validation Error 发布时间 2002-02-12 更新时间 2002-02-12 CVE编号 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享