|
|
Hosting Controller存在目录遍历漏洞
发布时间:2002-03-21
更新时间:2002-03-21
严重程度:中
威胁程度:远程非授权文件存取
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:4311
受影响系统Hosting Controller Hosting Controller 1.4
- Microsoft Windows 2000 Advanced Server 0.0
- Microsoft Windows 2000 Advanced Server 0.0SP1
- Microsoft Windows 2000 Advanced Server 0.0SP2
- Microsoft Windows 2000 Professional 0.0
- Microsoft Windows 2000 Professional 0.0SP1
- Microsoft Windows 2000 Professional 0.0SP2
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6a
Hosting Controller Hosting Controller 1.4.1
- Microsoft Windows 2000 Advanced Server 0.0
- Microsoft Windows 2000 Advanced Server 0.0SP1
- Microsoft Windows 2000 Advanced Server 0.0SP2
- Microsoft Windows 2000 Server 0.0
- Microsoft Windows 2000 Server 0.0SP1
- Microsoft Windows 2000 Server 0.0SP2
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6
- Microsoft Windows NT Server 4.0SP6a 详细描述
Hosting Controller是集中化所有主机任务操作的应用程序。
其中在对请求受限制WEB页面时没有正确检查用户权限,攻击者可以利用包含'../'字符的请求给'folderactions.asp' 或者 'file_editor.asp',可导致用户修改删除建立WEBROOT以外的文件和目录。
测试代码
尚无
解决方案
尚无
相关信息
Phuong Nguyen <dphuong@yahoo.com>.
参考:http://online.securityfocus.com/archive/1/262734
相关主页:http://www.hostingcontroller.com/
|
