Vulnerabilities > CVE-2000-1171 - Unspecified vulnerability in Markus Triska Cgiforum 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Markus Triska CGIForum 1.0 "thesection" Directory Traversal Vulnerability. CVE-2000-1171. Remote exploit for cgi platform |
id | EDB-ID:20408 |
last seen | 2016-02-02 |
modified | 2000-11-20 |
published | 2000-11-20 |
reporter | zorgon |
source | https://www.exploit-db.com/download/20408/ |
title | Markus Triska CGIForum 1.0 - "thesection" Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | CGIFORUM.NASL |
description | The |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10552 |
published | 2000-11-20 |
reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10552 |
title | CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access |
code |
|
Seebug
bulletinFamily | exploit |
description | BugCVE: CVE-2000-1171 BUGTRAQ: 1963 DC Scripts DCForum是一个商业版CGI脚本,用于在线WWW方式讨论。DCForum实现上存在输入验证漏洞,远程攻击者可以利用此漏洞遍历服务器目录。 DC Scripts DCForum未能正确检查来自用户输入的 thesection 变量值,利用 ../ 攻击方式,远程攻击者可以利用一个精心准备的URL请求导致脚本遍历服务器根目录,进而获取敏感信息。所能访问的文件取决于Web服务器当前启动的用户身份,一般是nobody。 1.0 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: * 修改dcboard.cgi和dcadmin.cgi,在 $r_in = \%in; 后面加上: $r_in->{'forum'} =~ s/\W//g; 厂商补丁: Markus Triska ------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://freshmeat.net/projects/cgiforum/ target=_blank>http://freshmeat.net/projects/cgiforum/</a> |
id | SSV:4309 |
last seen | 2017-11-19 |
modified | 2008-10-25 |
published | 2008-10-25 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-4309 |
title | CGIForum远程目录遍历漏洞 |