On Tue, 18 Jan 2000, back up account wrote:
The tool SAINT found a venerability with a test-cgi file that I had on my site. By executing http://hostname/cgi-bin/test-cgi?/* one could gather that's sites configuration information. I also notice by default
The test-cgi here from the package apache-1.3.9-18 (suse 6.3) starts with: # disable filename globbing set -f and so should not be able to do this. The set -f also appears in the Suse 6.2 installation (apache-1.3.6). So, what version of Suse are you using, what is the date on the file and the version of the package (do a rpm -qf /path/to/test-cgi). -- ============================================================================== Erwin Andreasen Herlev, Denmark <erw@dde.dk> UNIX System Programmer URL:http://www.andreasen.org <*> (not speaking for) DDE ==============================================================================