Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: anhttpd.htm

Windows98J with AN-HTTPd 1.20b CGI remote command exploit



Vulnerability

    AN-HTTPd

Affected

    Windows98J with AN-HTTPd 1.20b

Description

    UNYUN found following.  The  test CGIs which are distributed  with
    AN-HTTPd  1.20b  contain  the  remote  command  execution problem.
    Exploit (example):

        http://www.xxx.yy/cgi-bin/input.bat?|dir..\..\windows

Solution

    Remove the following test CGIs:

        cgi-bin/test.bat
        cgi-bin/input.bat
        cgi-bin/input2.bat
        ssi/envout.bat

    Ver1.21 has been released at the official site:

        http://www.st.rim.or.jp/~nakata/


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH