AN-HTTPd CGI漏洞-安全小百科

AN-HTTPd CGI漏洞

漏洞ID	1105586	漏洞类型	未知
发布时间	1999-11-02	更新时间	2005-05-02
CVE编号	CVE-1999-0947	CNNVD-ID	CNNVD-199911-010
漏洞平台	Windows	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/19587
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199911-010

|漏洞详情

AN-HTTPd提供的实例CGI脚本test.bat、input.bat、input2.bat以及envout.bat存在漏洞。远程攻击者可以通过shell元字符执行任意命令。

|漏洞EXP

source: http://www.securityfocus.com/bid/762/info

Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. 

http://www.xxx.yy/cgi-bin/input.bat?|dir....windows

|参考资料

来源:BID
名称:762
链接:http://www.securityfocus.com/bid/762
来源:BUGTRAQ
名称:19991102SomeholesforWin/UNIXsoftwares
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=94157187815629&w;=2

相关推荐: Tripwire Insecure Temporary File Symbolic Link Vulnerability

Tripwire Insecure Temporary File Symbolic Link Vulnerability 漏洞ID 1103083 漏洞类型 Origin Validation Error 发布时间 2001-07-09 更新时间 2001-0…

文章版权归作者所有，未经允许请勿转载。

THE END