27 Jul
1999
27 Jul
'99
19:45
On Sun, 11 Jul 1999, belial wrote:
Searching for test-cgi : Found!! Can somebody tell me how does this bug work and what would a cracker do to gain access. And how can i fix this bug?
Hi, it's not a bug, it's a FEATURE ! ;-) The apache paket comes with the script "/usr/local/httpd/cgi-bin/test-cgi" which shows some information about your system. You can test it yourself using the URL: http://localhost/cgi-bin/test-cgi The output will show the values of some env-variables. To disable this, you can delete this file, or make simply a chmod 600 /usr/local/httpd/cgi-bin/test-cgi Ciao, Peter P.S.: There could also be the files printenv and test.pl with similar behaviour.