• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

test-cgi

I would like to know if this test-cgi exploit is really a security vulnerability.  If so, please explaine how so.  What could someone do with this information.  And how is this so valueable.  Airn't you able to get this info other ways?

Thank you
0
Boot_Disk
Asked:
Boot_Disk
  • 4
  • 4
1 Solution
 
ahoffmannCommented:
which test-cgi?
0
 
Boot_DiskAuthor Commented:
lets say:  http://www.site.com/cgi-bin/test-cgi?/*
0
 
ahoffmannCommented:
which exploit?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Boot_DiskAuthor Commented:
The exploit of test-cgi!!  what do you think.  If you don't know anything about it, then forget answering me.  Thank you.
0
 
ahoffmannCommented:
hmm, you're speaking in miracles (at least to me):

I've hundreds of "test-cgi"s, and most of them have no exploits (exceptions see below;-)

So it would be nice if you give an example (link or code) of YOUR TEST-CGI.
Or if you like a general answer:
  - each test-cgi has exploits, somehow, somewhere
  - each test-cgi is vulnerable in that way that it allows to read and/or modify data on the server or on your client somehow
Just a test-cgi which is never executed is not vulnerable, 'cause its exploits never occour, some kind of write-only program ;-)
Probably not the answer you expect, so please give some more details.
0
 
Boot_DiskAuthor Commented:
That is great.  Thank you :)  That was just what I was looking for.
0
 
ahoffmannCommented:
thought you need an explanation of a special exploit, didn't expect that you're interrested in such a general answer ;-)

BTW, I made a mistake: test-cgi cannot read/modify data on the client, just on the server
0
 
Boot_DiskAuthor Commented:
the exploit I was really looking at waht this one:

http://packetstormsecurity.org/advisories/l0pht/l0pht.test-cgi

If yha want to have another look.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now