BRS WebWeaver存在目录遍历漏洞发布时间:2001-05-07 更新时间:2001-05-07 严重程度:中 威胁程度:远程非授权文件存取 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 BRS WebWeaver 0.62beta详细描述 BRS WebWeaver存在目录遍历漏洞,可以使远程攻击者请求获得 WEB ROOT目录以外的文件,通过请求带'../'字符的URL请求,攻击者 可以获得一些额外的文件内容。 测试代码 见描述部分。 解决方案 下载新的程序: BRS WebWeaver 0.62beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.61beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.60beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.52beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.51beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.50beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe BRS WebWeaver 0.49beta: BRS upgrade 0.63 beta WebWeaver063.exe http://members.nbci.com/_XMCM/BSoutham/download/WebWeaver063.exe 相关信息 |
