Informix Webdriver 1.0 – Remote Administration Access

Informix Webdriver 1.0 – Remote Administration Access

漏洞ID 1053506 漏洞类型
发布时间 2000-12-30 更新时间 2000-12-30
图片[1]-Informix Webdriver 1.0 – Remote Administration Access-安全小百科CVE编号 N/A
图片[2]-Informix Webdriver 1.0 – Remote Administration Access-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20527
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2166/info

Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions.

Under very specific circumstances, if webdriver is called directly, without any additional parameters included in the URL submitted to the server, the response will take the form of a remote administration page which can permit a malicious non-local user to modify or delete database information.

John Wright <[email protected]> notes that this vulnerability will only be exploitable under a particular misconfiguration, and that by default, the above-described URL will result only in a "404 Asset not found", etc, and not in the display of a remote administration page. 

http://example.com/cgi-bin/webdriver

相关推荐: bash缓冲区溢出漏洞

bash缓冲区溢出漏洞 漏洞ID 1207292 漏洞类型 缓冲区溢出 发布时间 1998-09-05 更新时间 1998-09-05 CVE编号 CVE-1999-1048 CNNVD-ID CNNVD-199809-009 漏洞平台 N/A CVSS评分 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享