https://www.exploit-db.com/exploits/19745
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-029

TheFingerServer0.82版本存在漏洞。远程攻击者可以借助shell元变量执行命令。

source: http://www.securityfocus.com/bid/974/info

'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver. 

A request like:
http ://target/finger.cgi?action=archives&cmd=specific
&filename=99.10.28.15.23.username.|<shell command>|
(split for readability)
will cause the server to execute whatever command is specified.

来源:www.glazed.org
链接:http://www.glazed.org/finger/changelog.txt
来源:OSVDB
名称:7610
链接:http://www.osvdb.org/7610