Xweb目录遍历漏洞-安全小百科

Xweb目录遍历漏洞

漏洞ID	1107815	漏洞类型	路径遍历
发布时间	2004-03-22	更新时间	2005-10-20
CVE编号	CVE-2004-1838	CNNVD-ID	CNNVD-200403-094
漏洞平台	Linux	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/23864
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-094

|漏洞详情

xweb1.0版本存在目录遍历漏洞。远程攻击者借助RUL中的..（点点）下载任意文件。

|漏洞EXP

source: http://www.securityfocus.com/bid/9937/info

XWeb is reportedly prone to directory traversal attacks. Remote attackers may exploit this issue to gain access to sensitive files outside of the server root. This would occur in the context of the server, i.e.: any files the server could access would also be accessible to the attacker.

http://www.example.com/../../../../etc/passwd

|参考资料

来源:BID
名称:9937
链接:http://www.securityfocus.com/bid/9937
来源:www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/xweb1.0-adv.txt
来源:SECTRACK
名称:1009514
链接:http://securitytracker.com/id?1009514
来源:SECUNIA
名称:11186
链接:http://secunia.com/advisories/11186
来源:BUGTRAQ
名称:20040322directorytraversalinxweb1.0
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107997946623770&w;=2
来源:XF
名称:xweb-dotdot-directory-traversal(15567)
链接:http://xforce.iss.net/xforce/xfdb/15567
来源:OSVDB
名称:4460
链接:http://www.osvdb.org/4460

相关推荐: FreeBSD Ports Collection slashem-tty漏洞

FreeBSD Ports Collection slashem-tty漏洞漏洞ID 1202118 漏洞类型权限许可和访问控制发布时间 2003-12-31 更新时间 2003-12-31 CVE编号 CVE-2003-1474 CNNVD-ID CN…

文章版权归作者所有，未经允许请勿转载。

THE END