发布时间 :2001-07-02 00:00:00
修订时间 :2017-12-18 21:29:20

[原文]dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.

[CNNVD]DCForum 'AZ'字段远程命令执行漏洞(CNNVD-200107-005)

        DCForum 2000 1.0版本的dcboard.cgi存在漏洞。远程攻击者通过上传Perl程序到服务器和使用AZ参数的 .. (点 点)引用程序执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20010416 qDefense Advisory: DCForum allows remote read/write/execute
(UNKNOWN)  XF  dcforum-az-expr(6392)

- 漏洞信息

DCForum 'AZ'字段远程命令执行漏洞
高危 输入验证
2001-07-02 00:00:00 2005-10-20 00:00:00
        DCForum 2000 1.0版本的dcboard.cgi存在漏洞。远程攻击者通过上传Perl程序到服务器和使用AZ参数的 .. (点 点)引用程序执行任意命令。

- 公告与补丁

        Excerpted from Baba :
        Apparently the DCForum bug was discovered in an internal security audit, and patches were sent out to all licensed users on 30-31 March 2001 ... .
        The patch is available from:

- 漏洞信息

DCForum dcboard.cgi AZ Field Traversal Arbitrary File Upload
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

DCForum contains a flaw that allows a remote attacker to upload arbitrary files to the server. The issue is due to improper sanity checking on the "az=" hidden field. By changing it to "az=upload_file", an attacker can specify arbitrary files to be uploaded.

- 时间线

2003-03-31 Unknow
2001-04-16 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

DCForum 'AZ' Field Remote Command Execution Vulnerability
Input Validation Error 2611
Yes No
2001-04-17 12:00:00 2009-07-11 06:06:00
Reported to bugtraq by Franklin DeMatto <> on 17 Apr 2001

- 受影响的程序版本

DC Scripts DCForum 2000 1.0
DC Scripts DCForum 6.0
DC Scripts DCForum 5.0
DC Scripts DCForum 4.0
DC Scripts DCForum 3.0
DC Scripts DCForum 2.0
DC Scripts DCForum 1.0

- 漏洞讨论

DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.

All versions of DCForum are vulnerable to remote execution of arbitrary commands.

DCForum fails to properly validate user-supplied input to the script. By inserting shell commands in submitted querystrings, an attacker can cause the script to open and parse commands in an external file on the target system.

By supplying a long path (containing '/../' sequences) an attacker can force the script to open a file from arbitrary locations on the filesystem. Commands in this file will be executed with the privilege level of the webserver - usually 'nobody'.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: &lt;;.

- 解决方案

Excerpted from Baba <>:

Apparently the DCForum bug was discovered in an internal security audit, and patches were sent out to all licensed users on 30-31 March 2001 ... .

The patch is available from:

- 相关参考