source: wwwsecurityfocuscom/bid/1485/info
Alibaba Web Server fails to filter piped commands when executing cgi-scripts This can be used to execute commands with the privileges of the web server process on a target machine
victim/cgi-bin/post32exe|echo%20>c:\texttxt
victim/cgi-bin/lsindex2bat|dir%20c:\[dir]
...
source: wwwsecurityfocuscom/bid/1482/info
It is possible for a user to initiate a denial of service against Alibaba Web Server Sending an unusually long GET request (> 8000 bytes) to the server will cause the service to stop responding A restart of the server service is required in order to gain normal functionality
/*
Descriptio ...