Citrix Nfuse获取web根绝对路径漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106420 漏洞类型 未知
发布时间 2001-07-02 更新时间 2005-05-02
CVE编号 CVE-2001-0760 CNNVD-ID CNNVD-200110-063
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20987
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-063
|漏洞详情
CitrixNfuse1.51版本存在漏洞。远程攻击者借助不提供session字段对的launch.asp的畸形请求获取web根的绝对路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/2956/info

Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver.

It has been reported that a remote attacker can learn the location of the webroot simply by submitting a request to the launcher application without specifying the additional required information. This has been reported to not be reliably replicable. 

http://target/path/launch.asp?
|参考资料

来源:BID
名称:2956
链接:http://www.securityfocus.com/bid/2956
来源:BUGTRAQ
名称:20010702Re:Nfuserevealsfullpath
链接:http://www.securityfocus.com/archive/1/194522
来源:BUGTRAQ
名称:20010630Nfuserevealsfullpath
链接:http://www.securityfocus.com/archive/1/194449
来源:XF
名称:citrix-nfuse-path-disclosure(6786)
链接:http://xforce.iss.net/static/6786.php