Jarull
Сообщений: 358
Оценки: 0
Присоединился: 2007-04-04 21:08:21.733333
|
найдена уязвимость
DoS-атака
описание уязвимости:
Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1:
(disclose physical path, DoS, directory travesal)
It is possible to invoke the class 'com.newatlanta.servletexec.JSP10Servlet'
directly by requesting a url such as:
/servlet/com.newatlanta.servletexec.JSP10Servlet/
If no filename is supplied to it, then it returns an error message:
Error. The file was not found. (filename =
f:\inetpub\wwwroot\servlet\com.newatlanta.servletexec.JSP10Servlet\)
disclosing the physical path of the web root.
By invoking the JSP10Servlet (or simply JSPServlet) using the URL described
above, it is possible to read files from within the web root.
It did not appear to be possible to 'break out' of the web root and read
files from other parts of the file system.
The path must be URL encoded for this to work. For instance, a request such
as
/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5c\global.asa
will retrieve the global.asa file, which is normally not served.
By making a request for an overly long named .jsp file, Internet Information
Server can be crashed.
The denial of service condition can be triggered by either requesting an
overly long named .jsp file:
i.e. /servlet/AAAAAAAAAAAAAAA....AAAAAAAAAAAAAA.jsp
or by invoking the JSPServlet or JSP10Servlet directly:
or/servlet/com.newatlanta.servletexec.JSPServlet/AAAAAAAA....AAAA
Solution: Patch.
Patch: ftp://ftp.newatlanta.com/public/4_1/patches/
Url:
http://online.securityfocus.com/archive/1/273615/2002-05-22/2002-05-28/0
что из этого можно выудить???как взломать???работает под PHP-Fusion Обзор уязвимостей PHP-Fusion http://www.xakep.ru/vulnerability/PHP-Fusion/ http://forum.antichat.ru/showthread.php?p=598048 http://www.securitylab.ru/vulnerability/PHP%2BFusion/ c этими уязвимостями тож не могу разобраться,что и как делать???
|