Author Topic: HFS近期的漏洞 A recent HFS "search" loophole  (Read 1989 times)

0 Members and 1 Guest are viewing this topic.

Offline asfor

  • Occasional poster
  • *
  • Posts: 2
    • View Profile
HFS近期的漏洞 A recent HFS "search" loophole
« on: September 16, 2014, 05:03:51 AM »
 :(
最近网络上出现了关于 “搜索” 的漏洞
利用 HFS 的 搜索 功能进行入侵服务器

利用代码:   http://localhost:80/?search==%00{.exec|cmd.}

请尽快进行修复并且提示用户更换新版本
目前大部分的版本都有这个漏洞
请大家多关注以保证自己服务器安全
请原谅我的烂英文


Appears on the "search" vulnerabilities on the Internet these days
Intrusion server using HFS search function

The use of code:     http://localhost:80/?search==%00{.exec|cmd.}

Please as soon as possible to repair and prompts the user to replace the new version
Most of the current version has the loophole
Please pay more attention to ensure their own server security
Please forgive my bad English






Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12949
    • View Profile
Re: HFS近期的漏洞 A recent HFS "search" loophole
« Reply #1 on: September 16, 2014, 09:51:25 AM »
this was already fixed in 2.3c

Offline asfor

  • Occasional poster
  • *
  • Posts: 2
    • View Profile
Re: HFS近期的漏洞 A recent HFS "search" loophole
« Reply #2 on: September 16, 2014, 12:20:24 PM »
Leak has been repaired
Thank
Hope that the software will be better

 :D