SpecView = 2.5 build 853目录遍历

Luigi Auriemma
程序:  SpecView
影响版本   <= 2.5 build 853
测试平台:    Windows
漏洞  web server directory traversal
作者  Luigi Auriemma
             
1)概述
2) Bug
3) The Code
4)修复
 
===============
1)介绍说明
===============
 
 
SpecView is an easy to use SCADA software.
 

 
======
2) Bug
======
 
 
The software has an option (disabled by default) that allows to run a
web server for providing an updated screenshot of the program.
This built-in web server is affected by a classical directory
traversal attack through the usage of more than two dots.
 

===========
3) The Code
===========
 
 
/.../.../.../.../.../.../boot.ini
/...\...\...\...\...\...\boot.ini
 
======
4) 修复
======
 
 
No fix. ，www.xuhantao.com，涛涛电脑知识网

• 没有相关文章