关联漏洞
标题:Sun Cobalt RaQ目录遍历漏洞 (CVE-2002-0347)Description:Sun Cobalt RaQ是ISPs使用的一种服务方软件。 据报告,Cobalt RaQ易受目录遍历漏洞攻击。比如 http://10.0.0.1:81/.cobalt/sysManage/../admin/.htaccess 利用该漏洞,远程用户可以非法读取敏感文件,尚未得知是否可以遍历HTTP根目录之外的目录。
Description
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
介绍
# CVE-2002-0347
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
Packetstorm publication at https://packetstormsecurity.com/files/25837/Colbalt-RAQ-v4.txt.html <br>
SecurityFocus publication at https://www.securityfocus.com/bid/4208 <br>
# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>
# Vendor Reponse:
The vendor was notified
Posted List^s Security cobalt:<br>
cobalt-security@list.cobalt.com &<br>
jlovell@sun.com<br>
http://www.cobalt.com<br>
文件快照
[4.0K] /data/pocs/3abc285284a59421af03cacb3fb07445d2bf363f
├── [1.2K] CVE-2002-0347.txt
├── [ 34K] LICENSE
└── [ 653] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。