漏洞类别:Web server
漏洞等级: 
漏洞信息
Boa is a single-tasking, high-performance Web server for Unix-based systems.
The vulnerability allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges.
Affected version:
BOA Webserver 0.94.14rc21. Other versions may also be affected.
QID Detection Logic (Unauthenticated):
This QID matches data from etc/passwd file in the response it receives by sending a crafted HTTP GET request to target.
漏洞危害
Successful exploitation can lead to a information disclosure vulnerability.
解决方案
The vendor has not confirmed the vulnerability and no patch information is available at this time. Check Boa's Web site for the latest information.
0daybank
文章评论