LocalWEB2000 HTTP server命令泄露漏洞-安全小百科

LocalWEB2000 HTTP server命令泄露漏洞

漏洞ID	1106180	漏洞类型	路径遍历
发布时间	2001-01-22	更新时间	2005-05-02
CVE编号	CVE-2001-0189	CNNVD-ID	CNNVD-200103-087
漏洞平台	Windows	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/20585
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200103-087

|漏洞详情

LocalWEB2000HTTPserver存在目录遍历漏洞。远程攻击者可以借助HTTPGET请求中的一个..（点点）攻击读取任意命令。

|漏洞EXP

source: http://www.securityfocus.com/bid/2268/info

LocalWEB2000 is subject to a directory traversal. Requesting a specially crafted HTTP request with a known filename will enable an attacker to gain read access to the requested file. 

http://target/../../../autoexec.bat

|参考资料

来源:XF
名称:localweb2k-directory-traversal
链接:http://xforce.iss.net/static/5982.php
来源:BID
名称:2268
链接:http://www.securityfocus.com/bid/2268
来源:BUGTRAQ
名称:20010119LocalWEB2000DirectoryTraversalVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html

相关推荐: OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability

OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability 漏洞ID 1097291 漏洞类型 Boundary Condition Error 发布时间 2005-01-12 更新时间 2005…

文章版权归作者所有，未经允许请勿转载。

THE END