https://www.exploit-db.com/exploits/23629
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-648

LeifM.WrightWebBlog1.1版本及1.1.5版本的blog.cgi存在漏洞。远程攻击者可以借助shell元字符，例如ViewFile请求的文件参数中的’|’，执行任意命令。

source: http://www.securityfocus.com/bid/9539/info

Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables which will be used as an argument to a function that invokes the shell directly.

http://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=|command|

来源:XF
名称:webblog-file-command-execution(15019)
链接:http://xforce.iss.net/xforce/xfdb/15019
来源:BID
名称:9539
链接:http://www.securityfocus.com/bid/9539
来源:BUGTRAQ
名称:20040129WebBlog1.1RemoteExecuteCommandsBug
链接:http://www.securityfocus.com/archive/1/352303
来源:SECUNIA
名称:10776
链接:http://secunia.com/advisories/10776/
来源:OSVDB
名称:3793
链接:http://www.osvdb.org/3793
来源:leifwright.com
链接:http://leifwright.com/scripts/Blog.html