Netwin Netauth任意文件读取漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105965 漏洞类型 未知
发布时间 2000-08-17 更新时间 2005-05-02
CVE编号 CVE-2000-0782 CNNVD-ID CNNVD-200010-120
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20156
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200010-120
|漏洞详情
NetwinNetauth4.2e版本及之前版本中netauth.cgi程序存在漏洞。远程攻击者可以借助..(点点)攻击来读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/1587/info

A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page' variable at the end of a request to netauth.cgi will allow a remote user to walk the entire directory tree above the Netauth directory.

For example:

http://target/cgi-bin/netauth.cgi?cmd=show&page=../../directory

will display the contents of the specified directory.
|参考资料

来源:BUGTRAQ
名称:20000817Netauth:WebBasedEmailManagementSystem
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com
来源:BID
名称:1587
链接:http://www.securityfocus.com/bid/1587
来源:netwinsite.com
链接:http://netwinsite.com/netauth/updates.htm
来源:XF
名称:netwin-netauth-dir-traverse(5090)
链接:http://xforce.iss.net/xforce/xfdb/5090