| Ãë¾àÁ¡ID |
21080 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ "search.cgi" CGI°¡ Á¸ÀçÇÑ´Ù.
ÀÌ CGI´Â SolutionScripts Home Free ÆÐÅ°Áö¿¡ µþ·Á ³ª¿À¸ç, Home Free´Â Windows NT¿Í UNIX ½Ã½ºÅÛ¿¡¼ freeÇÏ°Ô »ç¿ëÇÒ ¼ö ÀÖ´Â Perl ½ºÅ©¸³Æ®ÀÇ ¸ðÀ½ÀÌ´Ù. search.cgi¿¡ ÀÖ´Â Ãë¾àÁ¡Àº ´©±º°¡°¡ httpd µ¥¸óÀÇ ±ÇÇÑ (root ȤÀº nobody)ÀÇ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÆÄÀÏÀ» Àо ¼ö ÀÖ´Â Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù. ´ÙÀ½°ú °°ÀÌ Å×½ºÆ®ÇØ º¼ ¼ö ÀÖ´Ù.
GET /cgi-bin/search.cgi?letter=\\..\\..\\..\\file_to_read
¡Ø BUGTRAQ:20000104 Another search.cgi vulnerability
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
2014³â 4¿ù ÇöÀç ÇØ°á¹æ¹ýÀº /cgi-bin µð·ºÅ丮·Î ºÎÅÍ search.cgi¸¦ »èÁ¦ÇÏ´Â °ÍÀÌ´Ù. |
| °ü·Ã URL |
CVE-2000-0054 (CVE) |
| °ü·Ã URL |
921 (SecurityFocus) |
| °ü·Ã URL |
3882 (ISS) |
|
