rguest.exe/wguest.exe程序远程遍历主机目录漏洞

29次阅读
没有评论

rguest.exe/wguest.exe程序远程遍历主机目录漏洞

漏洞ID 1105433 漏洞类型 Design Error
发布时间 1999-04-09 更新时间 1999-04-09
rguest.exe/wguest.exe程序远程遍历主机目录漏洞CVE编号 CVE-1999-0287
rguest.exe/wguest.exe程序远程遍历主机目录漏洞CNNVD-ID CNNVD-199904-024
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20447
https://www.securityfocus.com/bid/82090
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199904-024
|漏洞详情
WebComdatakommunikationGuestbook是freeware.webcom.se提供的一个免费留言本CGI程序。Guestbook软件包中的rguest.exe/wguest.exe程序在处理参数上存在漏洞,远程攻击者可以利用此漏洞遍历服务器的目录。
|漏洞EXP
source: http://www.securityfocus.com/bid/2024/info
 
The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin.

http://server/cgi-bin/rguest.exe?template=c:winntsystem32$winnt$.inf will return the $winnt$.inf file
|受影响的产品
Webcom Cgi Guestbook 0
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:webcom:cgi_guestbook*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0287

相关推荐: KDE konsole入侵或偷窥其他用户的会话漏洞

KDE konsole入侵或偷窥其他用户的会话漏洞 漏洞ID 1207192 漏洞类型 未知 发布时间 1999-01-06 更新时间 1999-01-06 CVE编号 CVE-1999-1268 CNNVD-ID CNNVD-199901-034 漏洞平台 …

正文完
 0