HFS近期的漏洞 A recent HFS "search" loophole

[asfor]

 
最近网络上出现了关于 “搜索” 的漏洞
利用 HFS 的 搜索 功能进行入侵服务器

利用代码：   http://localhost:80/?search==%00{.exec|cmd.}

请尽快进行修复并且提示用户更换新版本
目前大部分的版本都有这个漏洞
请大家多关注以保证自己服务器安全
请原谅我的烂英文


Appears on the "search" vulnerabilities on the Internet these days
Intrusion server using HFS search function

The use of code：     http://localhost:80/?search==%00{.exec|cmd.}

Please as soon as possible to repair and prompts the user to replace the new version
Most of the current version has the loophole
Please pay more attention to ensure their own server security
Please forgive my bad English

[rejetto]

this was already fixed in 2.3c

[asfor]

Leak has been repaired
Thank
Hope that the software will be better