Miva htmlscript远程察看任意文件漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105341 漏洞类型 未知
发布时间 1998-01-26 更新时间 2006-10-06
CVE编号 CVE-1999-0264 CNNVD-ID CNNVD-199801-020
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20434
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199801-020
|漏洞详情
Mivahtmlscript是MivaScript的前身,一种跨平台的CGI脚本语言,由Miva.com开发。某些老版本的htmlscript存在漏洞,远程攻击者可以利用此漏洞以Web服务进程的权限查看主机上的任意文件。htmlscript2.99x或者更早版本,由于脚本没有过滤用户输入中可能夹带的"../"字串,远程攻击者可能以httpd进程的权限来遍历主机上的目录,察看任意有权限读取的文件,如用以下的URL可以读取系统的passwd文件:http://www.vulnerable.server.com/cgi-bin/htmlscript?../../../../etc/passwd
|漏洞EXP
source: http://www.securityfocus.com/bid/2001/info

Miva's htmlscript CGI program provides a unique scripting language with HTML type tags. (Note that htmlscript is an older product no longer distributed by Miva under that name.) Versions of the htmlscript interpreter (a CGI script) prior to 2.9932 are vulnerable to a file reading directory traversal attack using relative paths (eg., "../../../../../../etc/passwd"). An attacker need only append this path as a variable passed to the script via a URL. The contents of any file to which the web server process has read access can be retrieved using this method. 

http://host/cgi-bin/htmlscript?../../../../../../../etc/somefile
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:miva:htmlscript*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0264