swannsecurity DVR4-SecuraNet WEB管理服务器 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117383 漏洞类型 路径遍历
发布时间 2009-02-10 更新时间 2009-02-20
CVE编号 CVE-2009-0640 CNNVD-ID CNNVD-200902-467
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/32796
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-467
|漏洞详情
VR4-SecuraNet是Swann公司生产制造的视频监控系统。DVR4-SecuraNet的管理web服务器中存在目录遍历漏洞。远程攻击者可以借助URI中的一个..,读取任意文件,例如读取包含密码的vy_netman.cfg文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/33716/info

Swann DVR4 SecuraNet is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. 

http://www.example.com/../../var/run/vy_netman.cfg
|参考资料

来源:BID
名称:33716
链接:http://www.securityfocus.com/bid/33716
来源:BUGTRAQ
名称:20090210RemoteAuthenticationBypass-SwannDVR4SecuraNet(possiblyDVR9aswell)
链接:http://www.securityfocus.com/archive/1/archive/1/500789/100/0/threaded
来源:SECUNIA
名称:33861
链接:http://secunia.com/advisories/33861
来源:MISC
链接:http://packetstorm.linuxsecurity.com/0902-exploits/cctv-disclose.txt
来源:OSVDB
名称:51897
链接:http://osvdb.org/51897