Microsoft Frontpage服务器扩展shtml.exe/shtml.dll绝对路径泄露漏洞

Microsoft Frontpage服务器扩展shtml.exe/shtml.dll绝对路径泄露漏洞

漏洞ID 1105819 漏洞类型 设计错误
发布时间 2000-05-06 更新时间 2005-10-20
图片[1]-Microsoft Frontpage服务器扩展shtml.exe/shtml.dll绝对路径泄露漏洞-安全小百科CVE编号 CVE-2000-0413
图片[2]-Microsoft Frontpage服务器扩展shtml.exe/shtml.dll绝对路径泄露漏洞-安全小百科CNNVD-ID CNNVD-200005-031
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19897
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-031
|漏洞详情
FrontPage98Extensions是Microsoft的一个产品,包括PWS和IIS版本,可以让网页设计人员方便的直接用FrontPage直接连接到PWS或者IIS上进行网页创作。shtml.exe和shtml.dll是FrontPage服务器扩展的组件之一。shtml.exe和shtml.dll存在一个设计失误可导致服务器绝对路径泄露。1.1版本以下的FrontPage,当shtml.exe或shtml.dll收到请求处理一个不存在的文件时,会报告一个错误,在这个错误信息中会泄露服务器当前的绝对路径。攻击者由此可以得知Web服务器主目录安装的绝对路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/1174/info

The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to the shtml.exe or shtml.dll (depending on platform) program will display an error message stating that the file cannot be found accompanied by the full local path to the web root. For example, performing a request for http://target/_vti_bin/shtml.dll/non_existant_file.html will produce an error message stating "Cannot open "C:localpathnon_existant_file.html": no such file or folder"

http://target/_vti_bin/shtml.exe/non-existent-file.html
http://target/_vti_bin/shtml.exe/non-existent-file.htm
http://target/_vti_bin/shtml.exe/non-existent-file.shtml
http://target/_vti_bin/shtml.exe/non-existent-file.asp
http://target/_vti_bin/shtml.dll/non_existant_file.html
|参考资料

来源:BID
名称:1174
链接:http://www.securityfocus.com/bid/1174
来源:BUGTRAQ
名称:20000506shtml.exereveallocalpathofIISwebdirectory
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
来源:NSFOCUS
名称:3378
链接:http://www.nsfocus.net/vulndb/3378

相关推荐: Thomason cable modem RgSecurity表单验证远程攻击漏洞

Thomason cable modem RgSecurity表单验证远程攻击漏洞 漏洞ID 1108472 漏洞类型 未知 发布时间 2005-02-19 更新时间 2005-02-21 CVE编号 CVE-2005-0494 CNNVD-ID CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享