RobTex Viking Web服务器目录遍历漏洞

RobTex Viking Web服务器目录遍历漏洞

漏洞ID 1106317 漏洞类型 路径遍历
发布时间 2001-04-23 更新时间 2005-05-02
图片[1]-RobTex Viking Web服务器目录遍历漏洞-安全小百科CVE编号 CVE-2001-0467
图片[2]-RobTex Viking Web服务器目录遍历漏洞-安全小百科CNNVD-ID CNNVD-200106-122
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20793
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-122
|漏洞详情
RobTexVikingWeb服务器1.07-381之前版本存在目录遍历漏洞。远程攻击者可以借助HTTPURL请求中的…(修改过的点点)读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2643/info

The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems.

A problem in the software package could make it possible for remote users to gain access to sensitive system files. Due to the improper handling of relative paths by the HTTP serving portion of the Viking Server, a user requesting a relative path such as "..." can gain access to the root directory, breaking out of the webroot.

This problem makes it possible for remote user to gain access to sensitive system files, and potentially local access. 

http://vulnerable.system/...
|参考资料

来源:BID
名称:2643
链接:http://www.securityfocus.com/bid/2643
来源:BUGTRAQ
名称:20010423VulnerabilityinVikingWebServer
链接:http://www.securityfocus.com/archive/1/178935
来源:www.robtex.com
链接:http://www.robtex.com/files/viking/beta/chglog.txt
来源:XF
名称:viking-dot-directory-traversal(6450)
链接:http://xforce.iss.net/static/6450.php

相关推荐: CartWIZ ASP Cart多个SQL注入漏洞

CartWIZ ASP Cart多个SQL注入漏洞 漏洞ID 1199784 漏洞类型 SQL注入 发布时间 2005-04-23 更新时间 2005-04-23 CVE编号 CVE-2005-1291 CNNVD-ID CNNVD-200504-085 漏洞…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享