https://www.exploit-db.com/exploits/20686
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-153

FreeOn-LineDictionaryofComputing(FOLDOC)的template.cgi存在漏洞。远程攻击者借助参数的shell元字符到template.cgi读取文件和执行命令。

source: http://www.securityfocus.com/bid/2484/info

A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing".

Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as executing certain commands (those requiring no command line parameters) with the privilege level of the webserver process. 

http://example.com/foldoc/template.cgi?template.cgi

来源:XF
名称:foldoc-cgi-execute-commands
链接:http://xforce.iss.net/static/6217.php
来源:BUGTRAQ
名称:20010309Cgisecurity.comadvisory#4TheFreeOn-lineDictionaryofComputing
链接:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
来源:wombat.doc.ic.ac.uk
链接:http://wombat.doc.ic.ac.uk/foldoc/index.html
来源:OSVDB
名称:5591
链接:http://www.osvdb.org/5591