19 Jan
2000
19 Jan
'00
05:58
The tool SAINT found a venerability with a test-cgi file that I had on my site. By executing http://hostname/cgi-bin/test-cgi?/* one could gather that's sites configuration information. I also notice by default SuSE also puts printenv (gives lots, lots info), info2html & some other files in the cgi-bin directory. Any of these files can be executed by type http://hostname/cgi-bin/filename?/* - from any site on the internet. I changed my file permissions on theses files - problem corrected. Is this a SuSE standard configuration - or did I screw my installation some where. Thanks Lee