A collection of CGI vulnerability attacks in the network security series (Part II)

42. exprcalc. cfm

● Type: attack type

● Risk level: low

● Description: if the Web directory contains:

/cfdocs/expeval/exprcalc.cfm/cfdocs/expeval/sendmail.cfm/cfdocs/expeval/eval.cfm/cfdocs/expeval/openfile.cfm/cfdocs/expeval/displayopenedfile.cfm/cfdocs/exampleapp/email/getfile.cfm/cfdocs/exampleapp/publish/admin/addcontent.cfm

These files may be used by intruders to read all files on the system.

● Solution: delete or remove exprcalc. cfm from the Web directory.

43. displayopenedfile. cfm

● Type: attack type

● Risk level: low

● Description: if the Web directory contains:

/cfdocs/expeval/exprcalc.cfm/cfdocs/expeval/sendmail.cfm/cfdocs/expeval/eval.cfm/cfdocs/expeval/openfile.cfm/cfdocs/expeval/displayopenedfile.cfm/cfdocs/exampleapp/email/getfile.cfm/cfdocs/exampleapp/publish/admin/addcontent.cfm

These files may be used by intruders to read all files on the system.

● Solution: delete or remove displayopenedfile. cfm from the Web directory.

44. sendmail. cfm

● Type: attack type

● Risk level: Medium

● Description: The open file. cfm in the Web directory is deleted or removed from multiple webservers. the Whois. cgi vulnerability exists. They include:

Whois Internic Lookup - version: 1.02CC Whois - Version: 1.0Matt"s Whois - Version: 1

They enable intruders to execute arbitrary code on the system with the permission to start the httpd user. If the Web directory contains:

/cfdocs/expeval/exprcalc.cfm/cfdocs/expeval/sendmail.cfm/cfdocs/expeval/eval.cfm/cfdocs/expeval/openfile.cfm/cfdocs/expeval/displayopenedfile.cfm/cfdocs/exampleapp/email/getfile.cfm/cfdocs/exampleapp/publish/admin/addcontent.cfm

These files may be used by intruders to read all files on the system.

● Solution: delete or remove sendmail. cfm from the Web directory.

45. codebrws. asp

● Type: attack type

● Risk level: Medium

● Description: If Windows NT + IIS is used as a Web service, intruders can use this ASP interface to view all files enabled for http on the system.

Go to the following address to query the patch:

Internet Information Server:ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/Site Server:ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/http://www.microsoft.com/security/products/iis/checklist.asp

● Solution: delete or remove codebrws. asp from the Web directory.

46. codebrws. asp_1

● Type: Information type

● Risk level: Medium

● Description: There is a codebrws. asp file under/iissamples/exair/howitworks/. Use the following path:

http://www.xxx.com/iissamples/exair/howitworks/codebrws.asp?source=/index.asp

You can view the source code of index. asp. In fact, any ascii file can be viewed.

● Solution: delete or remove codebrws. asp from the Web directory.

Go to the following address to query the patch:

Internet Information Server:ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/Site Server:ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/http://www.microsoft.com/security/products/iis/checklist.asp