rguest.exe/wguest.exe程序远程遍历主机目录漏洞

rguest.exe/wguest.exe程序远程遍历主机目录漏洞

漏洞ID 1105433 漏洞类型 Design Error
发布时间 1999-04-09 更新时间 1999-04-09
图片[1]-rguest.exe/wguest.exe程序远程遍历主机目录漏洞-安全小百科CVE编号 CVE-1999-0287
图片[2]-rguest.exe/wguest.exe程序远程遍历主机目录漏洞-安全小百科CNNVD-ID CNNVD-199904-024
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20447
https://www.securityfocus.com/bid/82090
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199904-024
|漏洞详情
WebComdatakommunikationGuestbook是freeware.webcom.se提供的一个免费留言本CGI程序。Guestbook软件包中的rguest.exe/wguest.exe程序在处理参数上存在漏洞,远程攻击者可以利用此漏洞遍历服务器的目录。
|漏洞EXP
source: http://www.securityfocus.com/bid/2024/info
 
The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin.

http://server/cgi-bin/rguest.exe?template=c:winntsystem32$winnt$.inf will return the $winnt$.inf file
|受影响的产品
Webcom Cgi Guestbook 0
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:webcom:cgi_guestbook*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0287

相关推荐: KDE konsole入侵或偷窥其他用户的会话漏洞

KDE konsole入侵或偷窥其他用户的会话漏洞 漏洞ID 1207192 漏洞类型 未知 发布时间 1999-01-06 更新时间 1999-01-06 CVE编号 CVE-1999-1268 CNNVD-ID CNNVD-199901-034 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享