CVE-2002-0288 PoC — Phusion Webserver目录遍历漏洞

Source

https://github.com/alt3kx/CVE-2002-0288

Associated Vulnerability

Title:Phusion Webserver目录遍历漏洞 (CVE-2002-0288)
Description:Phusion Webserver是一个商业的HTTP服务器，它运行于Microsoft Windows平台。 Phusion Webserver存在目录遍历漏洞。使用连续几个".../"的HTTP请求可以突破wwwroot的限制。一个恶意用户可以浏览目标主机上web用户可读的所有文件，这样会泄漏目标主机上的敏感信息。 Microsoft Windows平台上的web服务器通常以SYSTEM权限运行。

Description

Phusion WebServer 1.0 - Directory Traversal

Readme

# CVE-2002-0288
Phusion WebServer 1.0 - Directory Traversal (1)

Exploit-db publication at https://www.exploit-db.com/exploits/21291/

# CVE-2002-0288
Phusion WebServer 1.0 - Directory Traversal (2)

Exploit-db publication at https://www.exploit-db.com/exploits/21292/

# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>

File Snapshot


 [4.0K]  /data/pocs/2340c3573a0e88b6829872cf73c0d29fda8bb1ed
├── [5.4K]  1_CVE-2002-0288.txt
├── [2.0K]  2_CVE-2002-0288.txt
├── [ 34K]  LICENSE
└── [ 381]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!