3R Soft MailStudio 2000多重漏洞

3R Soft MailStudio 2000多重漏洞

漏洞ID 1105883 漏洞类型 设计错误
发布时间 2000-06-09 更新时间 2005-10-20
图片[1]-3R Soft MailStudio 2000多重漏洞-安全小百科CVE编号 CVE-2000-0526
图片[2]-3R Soft MailStudio 2000多重漏洞-安全小百科CNNVD-ID CNNVD-200006-044
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20008
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-044
|漏洞详情
MailStudio20002.0和更早的版本的mailview.cgiCGI程序存在漏洞。远程攻击者借助..(点点)攻击可以读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/1335/info
 
MailStudio 2000 is vulnerable to multiple attacks.
 
It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI, thereby compromising the confidentiality of other users email and password, as well as other configuration and password files on the system.
 
It is also possible to set a password for those system user accounts which don't have one in place (ex: operator, gopher etc).
 
There is also a input validation vulnerability in the userreg.cgi. This CGI uses a shell to execute certain commands. Passing any command directly after %0a in the arguments of the CGI will allow a remote user to execute the commands as root.
 
userreg.cgi also has an unchecked which could allow remote attackers to execute arbitrary code as root.

Mail view vulnerability:
mailview.cgi?cmd=view&fldrname=inbox&select=1&html=../../../../../../etc/passwd

userreg.cgi vulnerability:
userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0acat</var/spool/mail/login>>/etc/passwd
|参考资料

来源:BID
名称:1335
链接:http://www.securityfocus.com/bid/1335
来源:BUGTRAQ
名称:20000609Mailstudio2000CGIVulnerabilities[S0ftPj.4]
链接:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html

相关推荐: Surfnet Unauthorized Account Depositing Vulnerability

Surfnet Unauthorized Account Depositing Vulnerability 漏洞ID 1099026 漏洞类型 Access Validation Error 发布时间 2004-01-02 更新时间 2004-01-02 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享