Velocity安全管理系统HTTP服务器目录遍历漏洞

Posted by ArtHack on Jul 23rd, 2008 and filed under Notice loopholes. You can follow any responses to this entry through the RSS 2.0. You can also subscribe to us, through the Top of the E-mail - 加入超级QQ群:32843311

受影响系统:
Hirsch Electronics Velocity Security Management System 1.0
描述:BUGTRAQ  ID: 30261
Hirsch公司的Velocity安全管理系统是用于访问控制和安全操作的管理软件。
Velocity安全管理系统处理畸形用户请求时存在漏洞,远程攻击者可以向Velocity安全管理系统内嵌的WEB服务器提交恶意URL请求执行目录遍历攻击,导致下载服务器上的敏感数据。
<*来源:Alexandr Polyakov

链接:http://marc.info/?l=bugtraq&m=121623854331109&w=2
*>
测试方法:
——————————————————————————–
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://[server]:[port]/../../../../../../../../../../../../../etc/passwd
建议:
——————————————————————————–
厂商补丁:
Hirsch Electronics
——————
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://hirschelectronics.com/Products_One_Velocity.asp

Classic Posts

Related Posts

Our Sponsors

Leave a Reply

Our Sponsors

Recent Posts

Recent Comments

Tag Cloud

Premium Wordpress Themes

WPZOOM
Themeforest
Gabfire Themes
WPNOW Themes
WooThemes
Translator
Chinese (Simplified) flagChinese (Traditional) flagItalian flagKorean flagPortuguese flagEnglish flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flagCatalan flagFilipino flagHebrew flagIndonesian flagLatvian flagLithuanian flagSerbian flagSlovak flagSlovenian flagUkrainian flagVietnamese flagAlbanian flagEstonian flagGalician flagMaltese flagThai flagTurkish flagHungarian flag
Log in / Art Hack.All rights reserved.