https://www.exploit-db.com/exploits/20878
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-117

MIMAnetviewsrc.cgi2.0版本存在目录遍历漏洞。远程攻击者可以借助’loc’变量的’..'(点点)攻击读取任意文件。

source: http://www.securityfocus.com/bid/2762/info

MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server.

Source Viewer accepts an argument, 'loc', which it uses as the filename when opening the requested file. Unfortunately it does not filter '..' and '/' characters, which can be misinterpreted by the script and cause files outside of the intended directory to be opened. As a result, it may be possible for attackers to view the contents of arbitrary webserver-readable files on the filesystem.

The following URL demonstrates the problem:

http://localhost/cgi-bin/viewsrc.cgi?
loc=../[any file outside restricted directory]

来源:BID
名称:2762
链接:http://www.securityfocus.com/bid/2762
来源:BUGTRAQ
名称:20010523Vulnerabilityinviewsrc.cgi
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html
来源:XF
名称:viewsrc-cgi-view-files(6583)
链接:http://xforce.iss.net/static/6583.php
来源:OSVDB
名称:5565
链接:http://www.osvdb.org/5565