https://www.exploit-db.com/exploits/20462
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199808-008
Hylafax Faxsurvey远程命令执行漏洞






漏洞ID | 1105377 | 漏洞类型 | 输入验证 |
发布时间 | 1998-08-04 | 更新时间 | 2006-11-16 |
![]() |
CVE-1999-0262 | ![]() |
CNNVD-199808-008 |
漏洞平台 | Unix | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
运行于Linux上的HylafaxfaxsurveyCGI脚本存在漏洞。远程攻击者可以借助查询字符串中的shell元字符执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/2056/info
Hylafax is a popular fax server software package designed to run on multiple UNIX operating systems. Unpatched version of Hylafax ship with an insecure script, faxsurvey, which allows remote command execution with the privileges of the web server process. This can be exploited simply by passing the command as a parameter to the script - see exploit. Consequences could include web site defacements, exploiting locally accessible vulnerabilities to gain further privileges, etc.
http://target.host/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
|参考资料
来源:XF
名称:http-cgi-faxsurvey(1532)
链接:http://xforce.iss.net/xforce/xfdb/1532
来源:BID
名称:2056
链接:http://www.securityfocus.com/bid/2056
检索漏洞
开始时间
结束时间