I. PHF Vulnerability
This PHF loophole seems to be the most classic, almost all articles will be introduced, you can execute the server commands, such as display
/ETC/PASSWD:
Lynx
cgi| Security | Security vulnerabilities CGI security vulnerability data Quick Check v1.0
Date: 2000-8-15
#############################################################################
This article is taken from a friend. This is not a precious
Abstr:CGI specifies the interface protocol standard for the Web server to call other executable programs (CGI program. The Web server calls the CGI program to interact with the web browser. CGI programs can be written in any programming language,
PHP operating mode has 5 minutes:1) CGI Universal Gateway Interface (Common Gateway Interface))2) fast-cgi resident (long-live) type CGI3) CLI command line run (Interface)4) ISAPI mode (used in Windows)5) Web module mode (module mode for Web server
With the rise of internet technology, web-based applications have become the mainstream in the management and interaction of embedded devices. This program structure is the B/S structure that everyone is very familiar, that is, running a web server
1. Why CGI?
As we have seen above, any HTML is a static webpage, and it cannot implement some complex functions, while CGI can be implemented for us. For example,. list files in a directory on the server and operate on the files in the directory. B.
cgi| Security | Security Vulnerabilities 26
Type: Attack type
Name: webwho.pl
Risk Rating: Medium
Description: If you have webwho.pl this CGI script in your Web executable directory, the intruder will be able to use it to read and write any files
This article is written to the C + + program Ape, also suitable for other programs interested in history ape=============================================When it comes to web development, you first think of PHP, javaee/jsp,. net/asp, Ruby on Rails,
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.