漏洞类别:Web server漏洞等级: 
漏洞信息
OmniHTTPD is a compact Windows-based Web server by Omnicron Technologies.
OmniHTTPD has various features, such as multiple domain support, keep-alive connections, virtual IP and non-IP server support, and standard CGI support. Due to the implementation of 'statsconfig.pl', multiple vulnerabilities exist in OmniHTTPD. It's possible to corrupt various known filenames and execute arbitrary commands. By appending a known filename to the 'cgidir' form variable accompanied with a null argument, the known filename becomes corrupt.
Additionally, it's possible to execute commands on the target server. This is due to statsconfig.pl creating a perl script on the file. When the perl script is created, user-supplied data (the 'mostbrowsers' form variable if it is present) is written directly to the perl script file. If a malicious user sets this value to semi-colon separated perl commands, they will be executed when statsconfig runs the script. This may result in a malicious user gaining interactive access on the target host with the privilege level of the Web server/CGI process.
漏洞危害
Successful exploitation of this vulnerability could lead to a denial of service or a complete comprimise of the host.
解决方案
As a workaround, erase 'statsconfig.pl', along with any other unnecessary files in your 'cgi-bin'.
You an also download the latest version of OmniHTTPD from the Omnicron Technologies Web site.
0day
文章评论