Netwin Netauth任意文件读取漏洞-安全小百科

Netwin Netauth任意文件读取漏洞

漏洞ID	1105965	漏洞类型	未知
发布时间	2000-08-17	更新时间	2005-05-02
CVE编号	CVE-2000-0782	CNNVD-ID	CNNVD-200010-120
漏洞平台	CGI	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/20156
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200010-120

|漏洞详情

NetwinNetauth4.2e版本及之前版本中netauth.cgi程序存在漏洞。远程攻击者可以借助..（点点）攻击来读取任意文件。

|漏洞EXP

source: http://www.securityfocus.com/bid/1587/info

A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page' variable at the end of a request to netauth.cgi will allow a remote user to walk the entire directory tree above the Netauth directory.

For example:

http://target/cgi-bin/netauth.cgi?cmd=show&page=../../directory

will display the contents of the specified directory.

|参考资料

来源:BUGTRAQ
名称:20000817Netauth:WebBasedEmailManagementSystem
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:1587
链接:http://www.securityfocus.com/bid/1587
来源:netwinsite.com
链接:http://netwinsite.com/netauth/updates.htm
来源:XF
名称:netwin-netauth-dir-traverse(5090)
链接:http://xforce.iss.net/xforce/xfdb/5090

相关推荐: Linksys WRT54G Router Blank HTTP GET Request Denial Of Service Vulnerability

Linksys WRT54G Router Blank HTTP GET Request Denial Of Service Vulnerability 漏洞ID 1099228 漏洞类型 Failure to Handle Exceptional Condi…

文章版权归作者所有，未经允许请勿转载。

THE END