>CGI Tester

February 1, 2011 at 11:38 pm | Posted in computer and high technology, Hacking | Leave a comment

>

L0pht Report

test-cgi vulnerability
in certain setups

Affected Program: test-cgi scripts found on various web servers.

Severity: Anyone can remotely inventory the files on a machine.

Author: mudge@l0pht.com

Synopsis:

On many web sites there exists a file called test-cgi (usually in
the cgi-bin directory or somewhere similar). There is a problem
with many of these test-cgi files. If your test-cgi file contains
the following line (verbatim) then you are probably vulnerable.

echo QUERY_STRING = $QUERY_STRING

All of these lines should have the variables enclosed in loose
quotes (“). Without these quotes certain special characters
(specifically ‘*’) get expanded where they shouldn’t. Thus
submitting a query of ‘*’ will return the contents of the
current directory (probably where all of the cgi files are…
gee, there’s jj and phf. Hmmm what are all those other cgi’s
that I haven’t seen… wonder what holes exist in those?).
Sending in a query of ‘/*’ will list the root directory.
And so on, and so on.

This is the same as doing `echo *` when you’ve blown away ‘ls’
(not that this ever happens to anyone ).

The easiest way to list out the directories is via the query
string. However, it is possible to do the same thing through
many of the other variables (ie $REMOTE_HOST, $REMOTE_USER, etc.)
in the right situations.

More Info In This Link
file : cgi_tester.txt

Guest Post : http://xrobot.mobi

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: