Login
Register
Menu
Home
Help
Search
rejetto forum
PROBLEMS? QUESTIONS? CLICK HERE!
rejetto forum
»
Software
»
HFS ~ HTTP File Server
»
Bug reports
»
HFS近期的漏洞 A recent HFS "search" loophole
HFS近期的漏洞 A recent HFS "search" loophole
asfor
·
3 ·
4251
« previous
next »
Print
Pages:
1
0 Members and 1 Guest are viewing this topic.
asfor
Occasional poster
Posts:
2
HFS近期的漏洞 A recent HFS "search" loophole
on:
September 16, 2014, 05:03:51 AM
最近网络上出现了关于 “搜索” 的漏洞
利用 HFS 的 搜索 功能进行入侵服务器
利用代码:
http://localhost:80/?search==%00{.exec
|cmd.}
请尽快进行修复并且提示用户更换新版本
目前大部分的版本都有这个漏洞
请大家多关注以保证自己服务器安全
请原谅我的烂英文
Appears on the "search" vulnerabilities on the Internet these days
Intrusion server using HFS search function
The use of code:
http://localhost:80/?search==%00{.exec
|cmd.}
Please as soon as possible to repair and prompts the user to replace the new version
Most of the current version has the loophole
Please pay more attention to ensure their own server security
Please forgive my bad English
rejetto
Administrator
Tireless poster
Posts:
13510
Re: HFS近期的漏洞 A recent HFS "search" loophole
Reply #1 on:
September 16, 2014, 09:51:25 AM
this was already fixed in 2.3c
asfor
Occasional poster
Posts:
2
Re: HFS近期的漏洞 A recent HFS "search" loophole
Reply #2 on:
September 16, 2014, 12:20:24 PM
Leak has been repaired
Thank
Hope that the software will be better
Print
Pages:
1
rejetto forum
»
Software
»
HFS ~ HTTP File Server
»
Bug reports
»
HFS近期的漏洞 A recent HFS "search" loophole
Search
Username
Password
Always stay logged in
Forgot your password?