EditTag edittag.cgi远程文件泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1203112 漏洞类型 路径遍历
发布时间 2003-01-24 更新时间 2007-10-17
CVE编号 CVE-2003-1351 CNNVD-ID CNNVD-200312-392
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100052
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-392
|漏洞详情
EditTag是一款网站内容管理脚本。程序包含的edittag.cgi脚本对用户提交的CGI参数输入缺少正确过滤,远程攻击者可以利用这个漏洞以WEB进程权限查看系统任意文件内容。edittag.cgi脚本对'%2F..'字符缺少正确过滤,攻击者提交多个'%2F..'字符并追加要查看的文件名作为'file'参数数据,可能以WEB进程权限查看系统任意文件内容。
|漏洞EXP


EditTag is a script which facilitates website content management. EditTag allows users to edit pages using a web interface, but restricts editing to specific tagged areas of the document. This feature enables website managers to create a way for content authors who may not know HTML to update a web page in real time without having to worry about adversely affecting the underlying HTML code.

The website is here http://www.thebilberry.com/greg/edittag/

The problem with the script lies in the fact that it can be easily tricked into allowing any file to be called up from the remote server. An example exploit is as follows:

http://www.anything.com/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F
..%2Fetc/passwd

This example will grab the passwd file from the remote webserver, this is potentially dangerous.

The vendor has been contacted
|参考资料

来源:XF
名称:edittag-dotdot-directory-traversal(11159)
链接:http://xforce.iss.net/xforce/xfdb/11159
来源:BID
名称:6675
链接:http://www.securityfocus.com/bid/6675
来源:BUGTRAQ
名称:20030124Vulnerabilityinedittag.pl
链接:http://www.securityfocus.com/archive/1/308162
来源:SREASON
名称:3231
链接:http://securityreason.com/securityalert/3231
来源:NSFOCUS
名称:4283
链接:http://www.nsfocus.net/vulndb/4283