Apache Win32 PHP.EXE远程文件泄露漏洞

Apache Win32 PHP.EXE远程文件泄露漏洞

漏洞ID 1106560 漏洞类型 设计错误
发布时间 2002-01-04 更新时间 2005-10-20
图片[1]-Apache Win32 PHP.EXE远程文件泄露漏洞-安全小百科CVE编号 CVE-2002-2029
图片[2]-Apache Win32 PHP.EXE远程文件泄露漏洞-安全小百科CNNVD-ID CNNVD-200212-115
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21204
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-115
|漏洞详情
PHP在安装到带Apache和ScriptAlias的Windows上将/php/调到c:/php/时存在漏洞。远程攻击者借助带查询字符串文件名的php.exe的HTTP请求读取任意文件和可能执行任意程序。
|漏洞EXP
source: http://www.securityfocus.com/bid/3786/info

A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers.

As a result, it is possible for an attacker to append a filepath to the end of web request for php.exe. Files targetted in this manner will be served to the attacker.

It is also possible to run executables in the PHP directory via successful exploitation of this vulnerability.

http://[targethost]/php/php.exe?c:[filepath]
|参考资料

来源:BID
名称:3786
链接:http://www.securityfocus.com/bid/3786
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5ZP030U60U.html
来源:XF
名称:apache-php-view-files(7815)
链接:http://www.iss.net/security_center/static/7815.php

相关推荐: QNX RTOS PKG-Installer Buffer Overflow Vulnerability

QNX RTOS PKG-Installer Buffer Overflow Vulnerability 漏洞ID 1101933 漏洞类型 Boundary Condition Error 发布时间 2002-06-03 更新时间 2002-06-03 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享