source: http://www.securityfocus.com/bid/8705/info
sbox has been reported prone to a path disclosure vulnerability.
The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an error message that contains path information.
Information contained in this error message may aid an attacker in further attacks mounted against a vulnerable system.
http://www.example.com/cgi-bin/non-existent.pl
Will result in:
Sbox Error
The sbox program encountered an error while processing this request.
Please note the time of the error, anything you might have been doing at
the time to trigger the problem, and forward the information to this
site's Webmaster ([email protected]).
Stat failed. /home/jcf/cgi-bin/a.pl: No such file or directory
sbox version 1.04
$Id: sbox.c,v 1.9 2000/03/28 20:12:40 lstein Exp $
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666