eXtropia bbs_forum.cgi目录遍历漏洞

27次阅读
没有评论

eXtropia bbs_forum.cgi目录遍历漏洞

漏洞ID 1106156 漏洞类型 路径遍历
发布时间 2001-01-07 更新时间 2005-05-02
eXtropia bbs_forum.cgi目录遍历漏洞CVE编号 CVE-2001-0123
eXtropia bbs_forum.cgi目录遍历漏洞CNNVD-ID CNNVD-200103-028
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20533
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200103-028
|漏洞详情
eXtropiabbs_forum.cgi1.0版本存在目录遍历漏洞。远程攻击者借助file参数中..(点点)攻击读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2177/info

bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums.

Version 1.0 of bbs_forum.cgi fails to properly validate user-supplied, URL-encoded input to the read environment variable. Maliciously-formed URLs submitted to the script may contain references to files on the host's filesystem, as well as shell commands which will be run with the privilege level of the webserver (ie, user 'nobody'). As a result, unpatched affected versions of the script permit an attacker to execute arbitrary code and to read arbitrary files on the vulnerable system. 

www.web*site.com/cgi-bin/bbs_forum.cgi?forum=<forum_name>&read=../../../../../../etc/hosts.allow

note: The section: <forum_name> must be a valid forum on the webserver.
|参考资料

来源:BID
名称:2177
链接:http://www.securityfocus.com/bid/2177
来源:BUGTRAQ
名称:20010107Cgisecurity.comAdvisory#3.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=97905792214999&w;=2
来源:www.extropia.com
链接:http://www.extropia.com/hacks/bbs_security.html
来源:XF
名称:http-cgi-bbs-forum(5906)
链接:http://xforce.iss.net/static/5906.php
来源:OSVDB
名称:3546
链接:http://www.osvdb.org/3546

相关推荐: ACS Blog Administrative Access Authentication Bypass Vulnerability

ACS Blog Administrative Access Authentication Bypass Vulnerability 漏洞ID 1096853 漏洞类型 Design Error 发布时间 2005-04-24 更新时间 2005-04-24 …

正文完
 0