https://www.exploit-db.com/exploits/20940
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-034

TarantellaEnterprise3是一个数据和应用程序集中管理工具，提供Web管理接口，可以运行于大多数Unix和Linux平台。Tarantella包含的一个CGI脚本ttawebtop.cgi，远程攻击者可以利用此漏洞遍历服务器的目录。由于没有对”../”进行过滤，导致远程攻击者通过提交一个特殊请求遍历服务器目录或读取任意文件。

source: http://www.securityfocus.com/bid/2890/info

Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions.

ttawebtop.cgi is a CGI script included with the Tarantella, formerly SCO. ttawebtop.cgi is designed as management tool, designed to allow a user clicking a link to display and resume an application at any time.

ttawebtop.cgi does not sufficiently validate input. In not doing so, it's possible for a remote user to traverse the directory structure, and view any file that is readable by the webserver process. 


http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

来源:XF
名称:tarantella-ttawebtop-read-files(6723)
链接:http://xforce.iss.net/static/6723.php
来源:BID
名称:2890
链接:http://www.securityfocus.com/bid/2890
来源:BUGTRAQ
名称:20010619Re:SCOTarantellaRemotefilereadviattawebtop.cgi
链接:http://www.securityfocus.com/archive/1/[email protected]
来源:BUGTRAQ
名称:20010618SCOTarantellaRemotefilereadviattawebtop.cgi
链接:http://www.securityfocus.com/archive/1/[email protected]