Owl’s Workshop多个远程文件泄露漏洞-安全小百科

Owl’s Workshop多个远程文件泄露漏洞

漏洞ID	1107733	漏洞类型	输入验证
发布时间	2004-02-18	更新时间	2005-10-20
CVE编号	CVE-2004-0303	CNNVD-ID	CNNVD-200411-038
漏洞平台	PHP	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/23727
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200411-038

|漏洞详情

OWLS1.0版本存在漏洞。远程攻击者可以借助存在于（1）/glossaries/index.php的文件参数，（2）/readings/index.php的文件名参数或（3）/multiplechoice/resultsignore.php的文件名参数中的绝对路径名来检索任意文件，正如使用/etc/passwd。

|漏洞EXP

source: http://www.securityfocus.com/bid/9689/info
     
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
     
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

http://www.example.org/owls/multiplechoice/resultsignore.php?filename=/etc/passwd

|参考资料

来源:XF
名称:owls-file-retrieval(15249)
链接:http://xforce.iss.net/xforce/xfdb/15249
来源:www.zone-h.org
链接:http://www.zone-h.org/en/advisories/read/id=3973/
来源:BID
名称:9689
链接:http://www.securityfocus.com/bid/9689
来源:BUGTRAQ
名称:20040218ZH2004-08SA(securityadvisory):OWLS1.0Remotearbitraryfiles
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107712123305706&w;=2