ht://dig任意文件包含漏洞。

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105730 漏洞类型 输入验证
发布时间 2000-02-29 更新时间 2005-05-02
CVE编号 CVE-2000-0208 CNNVD-ID CNNVD-200002-083
漏洞平台 Unix CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19785
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-083
|漏洞详情
htdig(ht://Dig)CGI程序htsearch存在漏洞。远程攻击者通过使用htsearch参数中反引号(`)封闭文件名可以读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/1026/info

ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character ( ` ) is taken as a path to a file for inclusion, for example:
some_parameter:	`var/htdig/some_file`

htdig will also allow included files to be specified via form input. Therefore, any file can be specified for inclusion into a variable by any web user.

The URL:
http ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60
will return a page with the contents of /etc/passwd in the 'exclude' field.
|参考资料

来源:BID
名称:1026
链接:http://www.securityfocus.com/bid/1026