Fsboard default.asp 目录遍历漏洞-安全小百科

Fsboard default.asp 目录遍历漏洞

漏洞ID	1108904	漏洞类型	路径遍历
发布时间	2005-06-30	更新时间	2005-10-20
CVE编号	CVE-2005-2140	CNNVD-ID	CNNVD-200507-037
漏洞平台	ASP	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/25924
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-037

|漏洞详情

Fsboard是一套Web公告板系统。FSboard2.0中的default.asp存在目录遍历漏洞。远程攻击者可通过再filename参数中使用”..”(参数中包含’..’)的方式，读取任意文件

|漏洞EXP

source: http://www.securityfocus.com/bid/14111/info

FSboard is prone to a directory traversal vulnerability.

This could allow a remote attacker to read files outside the Web root. This could only be used to access files to which the Web server has permission.

All versions of FSboard are vulnerable to this issue at the moment. 

http://www.example.com/forum/default.asp?db=general&mode=download&idx=507&fileNum=1&filename=../conf.asp&nav=viewcontents&srhctgr=&srhstr=&page=1

|参考资料

来源:BID
名称:14111
链接:http://www.securityfocus.com/bid/14111

相关推荐: PHPGroupWare Plaintext Cookie Authentication Credentials Information Disclosure Vulnerability

PHPGroupWare Plaintext Cookie Authentication Credentials Information Disclosure Vulnerability 漏洞ID 1098110 漏洞类型 Design Error 发布时间 …

文章版权归作者所有，未经允许请勿转载。

THE END