AHG搜索程序Search.CGI可执行任意命令漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106593 漏洞类型 输入验证
发布时间 2002-01-29 更新时间 2006-01-25
CVE编号 CVE-2002-2113 CNNVD-ID CNNVD-200212-291
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21257
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-291
|漏洞详情
Search.CGI是HTMLsearch搜索引擎的一个程序,它由AHG分发,可以运行于各种系统。由于脚本search.cgi没有彻底过滤用户的输入,造成远程攻击者可以执行任意的命令。一个远程攻击者可以在搜索请求里加入分号(;)和管道符(|),而这些字符都不会被过滤掉,使的攻击者在搜索请求里夹带的命令能够以web服务器的权限执行。
|漏洞EXP
source: http://www.securityfocus.com/bid/3985/info

Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms.

The search.cgi script included with the AHG Search Engine does not adequately filter input. Due to lack of sufficient input sanitization, it is possible for a remote user to pass semi-colon (;) and pipe (|) characters through a search request. This can result in the commands encapsulated between the symbols being executed with the privileges of the web server.

http://www.example.com/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10
|参考资料

来源:BID
名称:3985
链接:http://www.securityfocus.com/bid/3985
来源:www.securiteam.com
链接:http://www.securiteam.com/securitynews/5WP0R2K60O.html
来源:XF
名称:ahg-search-execute-commands(8032)
链接:http://www.iss.net/security_center/static/8032.php
来源:NSFOCUS
名称:2237
链接:http://www.nsfocus.net/vulndb/2237