Ikonboard远程文件泄露漏洞

漏洞信息详情

Ikonboard远程文件泄露漏洞

• CNNVD编号：CNNVD-200106-201
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0360
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2001-06-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2009-04-03
  
• 厂        商：
  
  ikonboard.com
• 漏洞来源：
  on March 11, 2001.’);”>Reported to bugtra…

Ikonboard 2.1.7b及其早期版本的help.cgi存在目录遍历漏洞。远程攻击者借助helpon参数的.. (点 点)攻击读取任意文件。

From “Martin J. Muench” :
You could fix the script temporary by inserting the following line under line 45 in ‘help.cgi’:
$inhelpon =~ s/\///g;
From decker@n3t.net:
My fix for this was to simply insert as line 45:
if($inhelpon =~ /\.\./) { &hackdetected; }
then at the bottome append:
sub hackdetected {
print “Content-type: text/plain\n\n”;
print “sorry, this hole was patched :)\n”;
print “you have been logged.\n”;
exit;
}
@gmc-online.de>

来源: XF
名称: ikonboard-cgi-read-files
链接:http://xforce.iss.net/static/6216.php

来源: BID
名称: 2471
链接:http://www.securityfocus.com/bid/2471

来源: BUGTRAQ
名称: 20010311 Ikonboard v2.1.7b “show files” vulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-03/0124.html