Solved

test-cgi

Posted on 2001-07-19
8
291 Views
Last Modified: 2012-08-13
I would like to know if this test-cgi exploit is really a security vulnerability.  If so, please explaine how so.  What could someone do with this information.  And how is this so valueable.  Airn't you able to get this info other ways?

Thank you
0
Comment
Question by:Boot_Disk
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
which test-cgi?
0
 

Author Comment

by:Boot_Disk
Comment Utility
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
which exploit?
0
 

Author Comment

by:Boot_Disk
Comment Utility
The exploit of test-cgi!!  what do you think.  If you don't know anything about it, then forget answering me.  Thank you.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
Comment Utility
hmm, you're speaking in miracles (at least to me):

I've hundreds of "test-cgi"s, and most of them have no exploits (exceptions see below;-)

So it would be nice if you give an example (link or code) of YOUR TEST-CGI.
Or if you like a general answer:
  - each test-cgi has exploits, somehow, somewhere
  - each test-cgi is vulnerable in that way that it allows to read and/or modify data on the server or on your client somehow
Just a test-cgi which is never executed is not vulnerable, 'cause its exploits never occour, some kind of write-only program ;-)
Probably not the answer you expect, so please give some more details.
0
 

Author Comment

by:Boot_Disk
Comment Utility
That is great.  Thank you :)  That was just what I was looking for.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
thought you need an explanation of a special exploit, didn't expect that you're interrested in such a general answer ;-)

BTW, I made a mistake: test-cgi cannot read/modify data on the client, just on the server
0
 

Author Comment

by:Boot_Disk
Comment Utility
the exploit I was really looking at waht this one:

http://packetstormsecurity.org/advisories/l0pht/l0pht.test-cgi

If yha want to have another look.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now