CGIForum远程目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106089 漏洞类型 未知
发布时间 2000-11-20 更新时间 2005-10-12
CVE编号 CVE-2000-1171 CNNVD-ID CNNVD-200101-099
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20408
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200101-099
|漏洞详情
DCScriptsDCForum是一个商业版CGI脚本,用于在线WWW方式讨论。DCForum实现上存在输入验证漏洞,远程攻击者可以利用此漏洞遍历服务器目录。DCScriptsDCForum未能正确检查来自用户输入的"thesection"变量值,利用"../"攻击方式,远程攻击者可以利用一个精心准备的URL请求导致脚本遍历服务器根目录,进而获取敏感信息。所能访问的文件取决于Web服务器当前启动的用户身份,一般是nobody。
|漏洞EXP
source : http://www.securityfocus.com/bid/1963/info


CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums.

The script improperly validates user-supplied input to the "thesection" parameter. If an attacker supplies a carefully-formed URL contaning '/../' sequences as argument to this parameter, the script will traverse the normal directory structure of the application in order to find the specified file. As a result, it is possible to remotely view arbitrary files on the host which are readable by user 'nobody'.


http://127.0.0.1/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/passwd%00
|参考资料

来源:BID
名称:1963
链接:http://www.securityfocus.com/bid/1963
来源:BUGTRAQ
名称:20001120CGIForum1.0Vulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
来源:XF
名称:cgiforum-view-files(5553)
链接:http://xforce.iss.net/xforce/xfdb/5553