27 Jul
1999
27 Jul
'99
18:34
On Sun, 11 Jul 1999, belial wrote:
hi Today i downloaded CGI-scanner and scanned my PC(SuseLinux 6.0).The scanner founds only one bug: Searching for test-cgi : Found!! Can somebody tell me how does this bug work and what would a cracker do to gain access. And how can i fix this bug?
Th@nx
Christian
fixing it is easy either chmod 0 /usr/local/httpd/cgi-bin/test-cgi or rm /usr/local/httpd/cgi-bin/test-cgi the script contains a line that reads echo argc is $#. argv is "$*". so you could probably send a nasty url to it like http://your.domain.tld/cgi-bin/test-cgi?;cat%20/etc/shadow%0a wid.