Fsboard default.asp 目录遍历漏洞

54次阅读
没有评论

Fsboard default.asp 目录遍历漏洞

漏洞ID 1108904 漏洞类型 路径遍历
发布时间 2005-06-30 更新时间 2005-10-20
Fsboard default.asp 目录遍历漏洞CVE编号 CVE-2005-2140
Fsboard default.asp 目录遍历漏洞CNNVD-ID CNNVD-200507-037
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25924
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-037
|漏洞详情
Fsboard是一套Web公告板系统。FSboard2.0中的default.asp存在目录遍历漏洞。远程攻击者可通过再filename参数中使用”..”(参数中包含’..’)的方式,读取任意文件
|漏洞EXP
source: http://www.securityfocus.com/bid/14111/info

FSboard is prone to a directory traversal vulnerability.

This could allow a remote attacker to read files outside the Web root. This could only be used to access files to which the Web server has permission.

All versions of FSboard are vulnerable to this issue at the moment. 

http://www.example.com/forum/default.asp?db=general&mode=download&idx=507&fileNum=1&filename=../conf.asp&nav=viewcontents&srhctgr=&srhstr=&page=1
|参考资料

来源:BID
名称:14111
链接:http://www.securityfocus.com/bid/14111

相关推荐: PHPGroupWare Plaintext Cookie Authentication Credentials Information Disclosure Vulnerability

PHPGroupWare Plaintext Cookie Authentication Credentials Information Disclosure Vulnerability 漏洞ID 1098110 漏洞类型 Design Error 发布时间 …

正文完
 0