Progress 3.1 - Webspeed _CPYFile.P Unauthorized Access

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056227 漏洞类型
发布时间 2007-04-24 更新时间 2007-04-24
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/29897
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/23634/info

Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts.

An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserver. Such unauthorized access may help the attacker launch other attacks.

WebSpeed 3.1a, 3.1d, and 3.1e are vulnerable; other versions may also be affected.

NOTE: Further reports suggest that this issue affects only the 'Development Mode' of the application. This mode is not intended to be used in production systems. This issue is also present when the 'tty' directory is installed. 

http://www.example.com/scripts/cgiip.exe/WService=wsbroker1/webutil/_cpyfile.p?options=save,editor&tempFile=dummy.tmp&fil
eName=C:/root.txt&action=last&section=1&txt0=Test