[ by Message ] [ by Thread ]
[ Post ][ Reply ]  

To: BugTraq 
Subject: Some holes for Win/UNIX softwares 
Date: Tue Nov 02 1999 22:39:56 
Author: UNYUN 
Message-ID: <381EE9AC140.6668SHADOWPENGUIN@fox.nightland.net> 

------------------------------------------------------------------------

(3) AN-HTTPd 1.20b

Problem:
The test CGIs which are distributed with AN-HTTPd 1.20b contain the
remote command execution problem.

Solution:
[1] remove the following test CGIs.
    cgi-bin/test.bat
    cgi-bin/input.bat
    cgi-bin/input2.bat
    ssi/envout.bat
[2] Ver1.21 has been released at the official site.
    http://www.st.rim.or.jp/~nakata/

Exploit:
(example)
http://www.xxx.yy/cgi-bin/input.bat?|dir..\..\windows