This article is taken from a friend. this is not a precious thing. if you pay attention to the collection, I believe many people will have more comprehensive and better information than this one. but for some reason. these materials have never been disclosed. however, I am a littleguys who advocates full freedom, full openness, and full sharing. so I made this document public. hope that friend will not blame
◆ Quick query of CGI security vulnerability information v1.0
Date: 2000-8-15
######################################## #####################################
This article is taken from a friend. this is not a precious thing. if you pay attention to collection, I believe many people will
I have more comprehensive and better information than this one, but for some reason, these materials have never been made public.
This is a free, fully open, and fully shared little guys. so I made this information public. I hope that this friend will not blame you :)
# If any security organization or individual is willing to maintain, update, or modify this article for a long time, without interruption, please
You don't have to discuss it with me, but the requirement is that the results must be completely made public to the internet.
Welcome.
# In this article, you are welcome to repeat these statements.
# If you have any questions or suggestions, please mailto: iwillsurewin@163.net
# Iwillsurewin 2000.7.28
######################################## ####################################
1
Type: attack type
Name: phf
Risk Level: Medium
Description: there is a program util. c in NCSA or Apache (version 1.1.1 or earlier) non-commercial Web Server that allows hackers to execute any command as root:
Http://www.xxx.com/cgi-bin/phf? Qname = root % 0 Asome % 20 command % 20 here
Suggestion:
Solution: upgrade Apache web server to 1.1.1 or above, or upgrade NCSA web server to the latest version.
_________________________________________________________________
2
Type: attack type
Name: wguset.exe
Risk Level: Medium
Description: If you use NTPs as your Web server operating system and wguest.exe is stored in your Web executable Directory, intruders can use it to read all USR _ Files that users can read
Suggestion: remove or delete wguset.exe from your Web directory.
Solution: remove or delete wguset.exe from your Web directory.
___________________________________________________________________
3
Type: attack type
Name: rguset.exe
Risk Level: Medium
Description: If you use NTPs as your Web server operating system and rguest.exe is stored in your Web executable Directory, intruders can use it to read all USR _ Files that users can read
Suggestion: remove or delete rguset.exe from your Web directory.
Solution: remove or delete rguset.exe from your Web directory.
_______________________________________________________________________
4
Type: attack type
Name: perl.exe
Risk level: low
Description: perl.exe exists in the cgi-binexecution directory, which is a serious configuration error. A hacker can add a command after perl.exe to execute any script program on the server using a browser.
Suggestion: perl.exe is not safe to be placed in any web directory with execution permission.
Solution: remove perl.exe from the webdirectory.
____________________________________________________________________
5
Type: attack type
Name: shtml.exe
Risk level: low
Description: If you use Front Page as your WebServer, intruders can use IUSR _ Users and shtml.exe intrude into your machine and do things you don't want
Suggestion: remove or delete shtml.exe from your Web directory.
Solution: remove or delete shtml.exe from your Web directory.
___________________________________________________________________
6
Type: attack type
Name: wwwboard. pl
Risk level: low
Description: The wwwboard. pl program can easily cause attackers to launch D. O.S attacks on the server.
Suggestion: delete the file unless necessary.
Solution: In the following section of the get_variables subroutine:
If ($ FORM {'followup'}) {$ followup = "1 ";
@ Followup_num = split (//,/, $ FORM {'followup '});
$ Num_followups = @ followups = @ followup_num;
$ Last_message = pop (@ followups );
$ Origdate = "$ FORM {'date date '}";
$ Origname = "$ FORM {'origin '}";
$ Origsubject = "$ FORM {'originobject '}";}
Replace:
If ($ FORM {'followup '}){
$ Followup = "1 ";
@ Followup_num = split (//,/, $ FORM {'followup '});
$ Num_followups = @ followups = @ followup_num;
$ Last_message = pop (@ followups );
$ Origdate = "$ FORM {'date date '}";
$ Origname = "$ FORM {'origin '}";
$ Origsubject = "$ FORM {'originobject '}";
# WWWBoard Bomb Patch
# Written By: Samuel Sparling sparling@slip.net)
$ Fn = 0;
While ($ fn <$ num_followups)
{
$ Cur_fup = @ followups $ fn];
$ Dfn = 0;
Foreach $ fm (@ followups)
{
If (@ followups [$ dfn] ==@ followups [$ fn] & $ dfn! = $ Fn)
{
& Error (board_bomb );
}
$ Dfn ++;
}
$ Fn ++;
}
# End WWWBoard Bomb Patch
}
Related connection: http: // hgfr
_________________________________________________________________________
7
Type: attack type
Name: uploader.exe
Risk Level: Medium
Description: If you use ntact as the webserver's operating system, the attacker can use uploader.exe to upload any file.
Suggestion: remove or delete uploader.exe from your Web directory.
Solution: remove or delete uploader.exe from your Web directory.
________________________________________________________________
8
Type: attack type
Name: bdir. htr
Risk level: High
Description: If you use NT as the operating system of your WebServer, and bdir. if htr exists in your Web executable Directory, intruders will be able to use it to create ODBC databases on your servers and generate executable files.
Suggestion: remove or delete bdir. htr from your Web directory.
Solution: remove or delete bdir. htr from your Web directory.
__________________________________________________________________
9
Type: attack type
Name: Count. cgi
Risk level: High
Description: The Count. cgi program (wwwcount2.3) in the/cgi-bin directory has an overflow error that allows intruders to remotely execute any commands without logging on.
Suggestion: delete the file unless necessary.
Solution: upgrade wwwcount to 2.4 or above.
_________________________________________________________________
10
Type: attack type
Name: test-cgi
Risk level: High
Description: The file test-cgi can be used by intruders to view important information on the server.
Suggestion: We recommend that you review the execution programs in the cgi-bin directory and strictly control the access permissions.
Solution: delete the test-cgi file.