Free On-Line Dictionary of Computing (FOLDOC) template.cgi漏洞

47次阅读
没有评论

Free On-Line Dictionary of Computing (FOLDOC) template.cgi漏洞

漏洞ID 1106249 漏洞类型 未知
发布时间 2001-03-09 更新时间 2005-05-02
Free On-Line Dictionary of Computing (FOLDOC) template.cgi漏洞CVE编号 CVE-2001-0461
Free On-Line Dictionary of Computing (FOLDOC) template.cgi漏洞CNNVD-ID CNNVD-200106-153
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20686
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-153
|漏洞详情
FreeOn-LineDictionaryofComputing(FOLDOC)的template.cgi存在漏洞。远程攻击者借助参数的shell元字符到template.cgi读取文件和执行命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/2484/info

A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing".

Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as executing certain commands (those requiring no command line parameters) with the privilege level of the webserver process. 

http://example.com/foldoc/template.cgi?template.cgi
|参考资料

来源:XF
名称:foldoc-cgi-execute-commands
链接:http://xforce.iss.net/static/6217.php
来源:BUGTRAQ
名称:20010309Cgisecurity.comadvisory#4TheFreeOn-lineDictionaryofComputing
链接:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
来源:wombat.doc.ic.ac.uk
链接:http://wombat.doc.ic.ac.uk/foldoc/index.html
来源:OSVDB
名称:5591
链接:http://www.osvdb.org/5591

相关推荐: IRIX登录程序漏洞

IRIX登录程序漏洞 漏洞ID 1105305 漏洞类型 未知 发布时间 1997-05-26 更新时间 2005-05-02 CVE编号 CVE-1999-0036 CNNVD-ID CNNVD-199705-022 漏洞平台 IRIX CVSS评分 7.2…

正文完
 0