|
Vulnerability AN-HTTPd Affected Windows98J with AN-HTTPd 1.20b Description UNYUN found following. The test CGIs which are distributed with AN-HTTPd 1.20b contain the remote command execution problem. Exploit (example): http://www.xxx.yy/cgi-bin/input.bat?|dir..\..\windows Solution Remove the following test CGIs: cgi-bin/test.bat cgi-bin/input.bat cgi-bin/input2.bat ssi/envout.bat Ver1.21 has been released at the official site: http://www.st.rim.or.jp/~nakata/