[原文]O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.
O'Reilly WebSite Pro 2.3.7版本安装带有对全部用户执行许可的uploader.exe程序。远程攻击者可以通过直接调用uploader.exe创建并执行任意文件。
-
公告与补丁
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Originally posted to NTBugtraq on September 4 1997 by Herman de Vette <herman@INFO.NL>
.
-
受影响的程序版本
OReilly Software WebSite Professional 2.3.7
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows NT 4.0
-
漏洞讨论
By default, O'Reilly WebSite Pro installs the following directories on the web root as read accessible by any user:
cgi-win cgi-shl cgi-src cgi-temp
The program uploader.exe exists in the /cgi-win directory. Any remote user can execute this program by performing a GET request for http://target/cgi-win/uploader.exe. This program will allow the user to upload any file to the remote server.
-
漏洞利用
See discussion.
-
解决方案
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
活着就是为了改变世界,难道还有其他原因吗?