On my suse 6.4 i had only found this one /usr/doc/LDP/cgi-bin/test.cgi
=============
#!/bin/sh
echo Content-type: text/plain
echo
echo CGI/1.0 test script report:
echo
echo argc is $#. argv "$*".
echo
printenv
=============
Some example from Linux Documentation Project ...
[ ]'s Bacano
----- Original Message -----
From: "Grant M***"
ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer
http://localhost/cgi-bin/test.cgi?*/
now i isntalled everything and have no clue whether it came on default installation, but this exploit could be wrather dangerous so if you could appoint me to a patch to fix this problem, i would be very greatful ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com