DBMan db.cgi泄漏敏感信息漏洞
发布日期:2000-05-10
更新日期:2000-05-10
受影响系统:Gossamer Threads DBMan 2.0.4
- Microsoft Windows 98
- Microsoft Windows 95
- Linux kernel 2.2.x
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
- HP HP-UX 9.0
描述:
当向一个正在运行Gossamer Threads DBMan脚本的web服务器请求一个不存在的数据库文
件时,web服务器将返回一个错误信息,里面包含环境变量信息,这些环境变量信息包含
web服务器的document root路径以及管理员账号名,web服务器版本,平台等等敏感信息。
<* 来源:Black Watch Labs <blackwatchlabs@perfectotech.com> *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.victim.com/scripts/dbman/db.cgi?db=blahblah
将会返回一些环境变量的信息
建议:
Gossamer Threads 已经发布了下列解决方案。在配置文件里将$db_debug关闭,并且在db.cgi
中将cgierr函数用下面的代码代替:
sub cgierr {
# --------------------------------------------------------
# Displays any errors and prints out FORM and ENVIRONMENT
# information. Useful for debugging.
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "DBMan encountered an internal error. ";
if ($db_debug) {
print
"</font></p>
<div align="left"><pre><font size="3"
face="Arial, Helvetica, sans-serif">\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
$db_setup and print "Setup File : $db_setup.cfg\n";
$db_userid and print "User ID : $db_userid\n";
$db_uid and print "Session ID : $db_uid\n";
print "\nForm Variables\n-------------------------------------------\n";
foreach $key (sort keys %in) {
my $space = " " x (20 - length($key));
print "$key$space: $in{$key}\n";
}
print "\nEnvironment Variables\n-------------------------------------------\n";
foreach $env (sort keys %ENV) {
my $space = " " x (20 - length($env));
print "$env$space: $ENV{$env}\n";
}
print "\n</font></pre>
</div><p><font size="3"
face="Arial, Helvetica, sans-serif">"; } else {
print "Please enable debugging to view."; }
exit -1; }
浏览次数:9238
严重程度:0(网友投票)
