|
|
Agora.CGI 调试模式可导致路径泄露漏洞
发布时间:2002-01-31
更新时间:2002-01-31
严重程度:中
威胁程度:服务器信息泄露
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:3976
受影响系统Agora.cgi Agora.cgi 3.2r
Agora.cgi Agora.cgi 3.2q
Agora.cgi Agora.cgi 3.2p
Agora.cgi Agora.cgi 3.2n
Agora.cgi Agora.cgi 3.2m
Agora.cgi Agora.cgi 3.2l
Agora.cgi Agora.cgi 3.2k
Agora.cgi Agora.cgi 3.2ja
Agora.cgi Agora.cgi 3.2j
Agora.cgi Agora.cgi 3.2i
Agora.cgi Agora.cgi 3.2h
Agora.cgi Agora.cgi 3.2g
Agora.cgi Agora.cgi 3.2f
Agora.cgi Agora.cgi 3.2e
Agora.cgi Agora.cgi 3.2d
Agora.cgi Agora.cgi 3.2c
Agora.cgi Agora.cgi 3.2b
Agora.cgi Agora.cgi 3.2a
Agora.cgi Agora.cgi 3.2
Agora.cgi Agora.cgi 3.3j
Agora.cgi Agora.cgi 3.3i
Agora.cgi Agora.cgi 3.3f
Agora.cgi Agora.cgi 3.3e
Agora.cgi Agora.cgi 3.3d
Agora.cgi Agora.cgi 3.3c
Agora.cgi Agora.cgi 3.3b
Agora.cgi Agora.cgi 3.3a
Agora.cgi Agora.cgi 4.0e
Agora.cgi Agora.cgi 4.0d
Agora.cgi Agora.cgi 4.0c
Agora.cgi Agora.cgi 4.0b
Agora.cgi Agora.cgi 4.0a
Agora.cgi Agora.cgi 4.0 详细描述
Agora.cgi 一款免费开放源代码的电子购物系统。
当调式模式使能的时候,可以导致远程攻击者通过请求不存在的页面,而泄露
Agora.cgi所存储的物理路径。
测试代码
http://agoracgistorehost/cgi-bin/store/agora.cgi?page=pretendpage.html
解决方案
关闭调式模式
相关信息
<superpetz@hushmail.com>.
参考:http://www.securityfocus.com/archive/1/252761
相关主页:http://www.agoracgi.com/
|
