CGI | Art Hacker

CGI::Session CGISESSID Cookie值目录遍历漏洞

Posted by Hacker on 07月 23, 2008 Leave comment

受影响系统：
CPAN CGI::Session 4.33
CPAN CGI::Session 3.95
CPAN CGI::Session 3.94
Freestyle Wiki FSWiki 3.6.3dev3
Freestyle Wiki FSWiki 3.6.2
不受影响系统：
CPAN CGI::Session 4.34
描述：BUGTRAQ ID: 30267

CGI::Session是一个Perl5库，可提供可靠易用的模块化会话管理系统。

CGI::Session没有充分的过滤CGISESSID cookie值便将其用在了File驱动中创建会话数据文件的文件名。如果远程攻击者在cookie值中注入了目录遍历序列，就会导致File驱动从配置的会话数据目录以外的任意文件读取会话数据。 Read more »

Category: Notice loopholes

Page 1 of 11

Popular
Recent Comments
Archives

Archives by date

Archives by category

Art Hacker
We advocate freedom, equality, sharing and mutual aid

CGI::Session CGISESSID Cookie值目录遍历漏洞

Popular Posts

Recent Comments

Archives by date

Archives by category

Sponsors

ADTOLL

Public Service Ads

Subscribe Me

Function

Recent Post

Tag Cloud

Advertise

BBS Links

Blog Sites

Arthack Links

Partner links

Art HackerWe advocate freedom, equality, sharing and mutual aid

CGI::Session CGISESSID Cookie值目录遍历漏洞

Popular Posts

Recent Comments

Archives by date

Archives by category

Sponsors

ADTOLL

Public Service Ads

Subscribe Me

Function

Recent Post

Tag Cloud

Advertise

BBS Links

Blog Sites

Arthack Links

Partner links

Art Hacker
We advocate freedom, equality, sharing and mutual aid