| Ãë¾àÁ¡ID |
21180 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Interactive Story ÇÁ·Î±×·¥Àº µð·ºÅ丮 Ž»ö Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù.
Interactive Story´Â Perl·Î ¸¸µé¾îÁø ÇÁ¸®¿þ¾î·Î ¹èÆ÷µÇ´Â À¥±â¹ÝÀÇ ¾ÖÇø®ÄÉÀ̼ÇÀÌ´Ù. Interactive Story 1.3ÀÇ story.pl¿¡ ÀÖ´Â µð·ºÅ丮 Ž»ö Ãë¾àÁ¡Àº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ "next" Àμö¿¡ .. (dot dot) °ø°ÝÀ» ÅëÇÏ¿© À¥¼¹ö»ó¿¡ ÀÖ´Â ÀÓÀÇÀÇ ÆÄÀϵéÀ» Àо ¼ö ÀÖµµ·Ï ÇØ ÁØ´Ù.
¸¸¾à ±× °ø°ÝÀÚ°¡ "next" Çʵ忡 ´ÙÀ½°ú °°ÀÌ ¹º°¡¸¦ ¼³Á¤Çϸé:
http://target/cgi-bin/story.pl?next=../../../../../../../../etc/passwd%00
Interactive Story´Â Æнº¿öµå ÆÄÀϵéÀ» ¿ÀÇÂÇÏ¿© µð½ºÇ÷¹À̽ÃÄÑ ÁÙ °ÍÀÌ´Ù. |
| ÇØ°áÃ¥ |
Interactive Story ¹öÀü 1.4·Î story.plÀ» ¾÷±×·¹À̵å ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2001-0804 (CVE) |
| °ü·Ã URL |
3028 (SecurityFocus) |
| °ü·Ã URL |
6843 (ISS) |
|
