https://www.exploit-db.com/exploits/20533
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200103-028

eXtropiabbs_forum.cgi1.0版本存在目录遍历漏洞。远程攻击者借助file参数中..(点点)攻击读取任意文件。

source: http://www.securityfocus.com/bid/2177/info

bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums.

Version 1.0 of bbs_forum.cgi fails to properly validate user-supplied, URL-encoded input to the read environment variable. Maliciously-formed URLs submitted to the script may contain references to files on the host's filesystem, as well as shell commands which will be run with the privilege level of the webserver (ie, user 'nobody'). As a result, unpatched affected versions of the script permit an attacker to execute arbitrary code and to read arbitrary files on the vulnerable system. 

www.web*site.com/cgi-bin/bbs_forum.cgi?forum=<forum_name>&read=../../../../../../etc/hosts.allow

note: The section: <forum_name> must be a valid forum on the webserver.

来源:BID
名称:2177
链接:http://www.securityfocus.com/bid/2177
来源:BUGTRAQ
名称:20010107Cgisecurity.comAdvisory#3.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=97905792214999&w;=2
来源:www.extropia.com
链接:http://www.extropia.com/hacks/bbs_security.html
来源:XF
名称:http-cgi-bbs-forum(5906)
链接:http://xforce.iss.net/static/5906.php
来源:OSVDB
名称:3546
链接:http://www.osvdb.org/3546