>CGI TesterFebruary 1, 2011 at 11:38 pm | Posted in computer and high technology, Hacking | Leave a comment
in certain setups
Affected Program: test-cgi scripts found on various web servers.
Severity: Anyone can remotely inventory the files on a machine.
On many web sites there exists a file called test-cgi (usually in
the cgi-bin directory or somewhere similar). There is a problem
with many of these test-cgi files. If your test-cgi file contains
the following line (verbatim) then you are probably vulnerable.
echo QUERY_STRING = $QUERY_STRING
All of these lines should have the variables enclosed in loose
quotes (“). Without these quotes certain special characters
(specifically ‘*’) get expanded where they shouldn’t. Thus
submitting a query of ‘*’ will return the contents of the
current directory (probably where all of the cgi files are…
gee, there’s jj and phf. Hmmm what are all those other cgi’s
that I haven’t seen… wonder what holes exist in those?).
Sending in a query of ‘/*’ will list the root directory.
And so on, and so on.
This is the same as doing `echo *` when you’ve blown away ‘ls’
(not that this ever happens to anyone ).
The easiest way to list out the directories is via the query
string. However, it is possible to do the same thing through
many of the other variables (ie $REMOTE_HOST, $REMOTE_USER, etc.)
in the right situations.
More Info In This Link
file : cgi_tester.txt