Netwin Netauth任意文件读取漏洞

23次阅读
没有评论

Netwin Netauth任意文件读取漏洞

漏洞ID 1105965 漏洞类型 未知
发布时间 2000-08-17 更新时间 2005-05-02
Netwin Netauth任意文件读取漏洞CVE编号 CVE-2000-0782
Netwin Netauth任意文件读取漏洞CNNVD-ID CNNVD-200010-120
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20156
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200010-120
|漏洞详情
NetwinNetauth4.2e版本及之前版本中netauth.cgi程序存在漏洞。远程攻击者可以借助..(点点)攻击来读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/1587/info

A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page' variable at the end of a request to netauth.cgi will allow a remote user to walk the entire directory tree above the Netauth directory.

For example:

http://target/cgi-bin/netauth.cgi?cmd=show&page=../../directory

will display the contents of the specified directory.
|参考资料

来源:BUGTRAQ
名称:20000817Netauth:WebBasedEmailManagementSystem
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:1587
链接:http://www.securityfocus.com/bid/1587
来源:netwinsite.com
链接:http://netwinsite.com/netauth/updates.htm
来源:XF
名称:netwin-netauth-dir-traverse(5090)
链接:http://xforce.iss.net/xforce/xfdb/5090

相关推荐: Linksys WRT54G Router Blank HTTP GET Request Denial Of Service Vulnerability

Linksys WRT54G Router Blank HTTP GET Request Denial Of Service Vulnerability 漏洞ID 1099228 漏洞类型 Failure to Handle Exceptional Condi…

正文完
 0