LocalWEB2000远程文件泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106746 漏洞类型 未知
发布时间 2002-05-24 更新时间 2005-10-12
CVE编号 CVE-2002-0897 CNNVD-ID CNNVD-200210-193
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21475
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-193
|漏洞详情
LocalWEB2000是一款适合个人用户的Web服务器程序,可使用在Windows操作系统下。LocalWEB2000在文件保护机制实现中存在漏洞,可导致远程攻击者绕过保护访问文件内容。LocalWEB2000存在文件保护功能,不过由于设计错误,攻击者可以提交包含'./'并追加相应要查看文件名的URL来绕过文件保护功能,造成敏感信息泄露。此漏洞测试于LocalWEB2000StandardVersion2.1.0,其他版本也可能存在此漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/4820/info

A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' (current) directory. If the file http://server/file.txt is set to be password protected, the protection will be bypassed if a request is made for http://server/./file.txt. This is likely due to a design error in the protection component.

This vulnerability was reported for LocalWEB2000 Standard Version 2.1.0. Other versions (such as the Professional Edition) may also be affected by this issue. 

http://target/./protectedfolder/protectedfile.htm
|参考资料

来源:BID
名称:4820
链接:http://www.securityfocus.com/bid/4820
来源:XF
名称:localweb2k-protection-bypass(9165)
链接:http://www.iss.net/security_center/static/9165.php
来源:BUGTRAQ
名称:20020524[SecurityOffice]LocalWeb2000WebServerProtectedFileAccessVulnerability
链接:http://online.securityfocus.com/archive/1/274020
来源:VULNWATCH
名称:20020524[SecurityOffice]LocalWeb2000WebServerProtectedFileAccessVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html