[3769] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

test-cgi and nph-test-cgi

daemon@ATHENA.MIT.EDU (dscan)
Wed Dec 11 03:32:16 1996

Date: Wed, 11 Dec 1996 00:15:41 -0600
To: www-security@ns2.rutgers.edu
From: dscan <bhazard@vicksburg.com>
Errors-To: owner-www-security@ns2.rutgers.edu

I have been reading a lot lately about the test-cgi vulnerabilities,
but I have`nt seen anybody talk about nph-test-cgi.While run like this,
"/cgi-bin/test/cgi/*" can give an attacker valuable information about the
server,like list the directory in the machine and list the files in the 
cgi-bin directory.In the other hand when run like this "/cgi-bin/nph-test-cgi/*"
you`ll also see in the  "PATH_TRANSLATED" line a list of the html files the
server is using in their system(their homepage).Just a little food for thought.

---
UNDER A PALE GREY SKY,WE SHALL ARISE


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3769] in WWW Security List Archive

test-cgi and nph-test-cgi

daemon@ATHENA.MIT.EDU (dscan)Wed Dec 11 03:32:16 1996

daemon@ATHENA.MIT.EDU (dscan)
Wed Dec 11 03:32:16 1996