https://www.exploit-db.com/exploits/20408
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200101-099

DCScriptsDCForum是一个商业版CGI脚本，用于在线WWW方式讨论。DCForum实现上存在输入验证漏洞，远程攻击者可以利用此漏洞遍历服务器目录。DCScriptsDCForum未能正确检查来自用户输入的”thesection”变量值，利用”../”攻击方式，远程攻击者可以利用一个精心准备的URL请求导致脚本遍历服务器根目录，进而获取敏感信息。所能访问的文件取决于Web服务器当前启动的用户身份，一般是nobody。

source : http://www.securityfocus.com/bid/1963/info


CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums.

The script improperly validates user-supplied input to the "thesection" parameter. If an attacker supplies a carefully-formed URL contaning '/../' sequences as argument to this parameter, the script will traverse the normal directory structure of the application in order to find the specified file. As a result, it is possible to remotely view arbitrary files on the host which are readable by user 'nobody'.


http://127.0.0.1/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/passwd%00

来源:BID
名称:1963
链接:http://www.securityfocus.com/bid/1963
来源:BUGTRAQ
名称:20001120CGIForum1.0Vulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
来源:XF
名称:cgiforum-view-files(5553)
链接:http://xforce.iss.net/xforce/xfdb/5553