Exploit SuSE Linux 6.3/6.4 - Installed Package Disclosure

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
20236
Проверка EDB
  1. Пройдено
Автор
T0MASZEK
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2000-1016
Дата публикации
2000-09-21
Код:
source: https://www.securityfocus.com/bid/1707/info

By submitting a specific url to the web server ("http://hosts.any/doc/packages/") , any user from any host may obtain a list of packages installed on a S.u.S.E 6.3 or 6.4 system. This problem is due to a configuration in the Apache httpd.conf supplied with S.u.S.E that permits anyone to request documents from this webroot subdirectory. The end result is that attackers will know what packages the victim has installed, which can assist in executing more complicated attacks.

Request "http://target/doc/packages/" with a web browser.
 
Источник
www.exploit-db.com

Похожие темы