Solved

test-cgi

Posted on 2001-07-19
8
315 Views
Last Modified: 2012-08-13
I would like to know if this test-cgi exploit is really a security vulnerability.  If so, please explaine how so.  What could someone do with this information.  And how is this so valueable.  Airn't you able to get this info other ways?

Thank you
0
Comment
Question by:Boot_Disk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6304466
which test-cgi?
0
 

Author Comment

by:Boot_Disk
ID: 6304669
lets say:  http://www.site.com/cgi-bin/test-cgi?/*
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6304707
which exploit?
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:Boot_Disk
ID: 6305277
The exploit of test-cgi!!  what do you think.  If you don't know anything about it, then forget answering me.  Thank you.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
ID: 6305734
hmm, you're speaking in miracles (at least to me):

I've hundreds of "test-cgi"s, and most of them have no exploits (exceptions see below;-)

So it would be nice if you give an example (link or code) of YOUR TEST-CGI.
Or if you like a general answer:
  - each test-cgi has exploits, somehow, somewhere
  - each test-cgi is vulnerable in that way that it allows to read and/or modify data on the server or on your client somehow
Just a test-cgi which is never executed is not vulnerable, 'cause its exploits never occour, some kind of write-only program ;-)
Probably not the answer you expect, so please give some more details.
0
 

Author Comment

by:Boot_Disk
ID: 6306224
That is great.  Thank you :)  That was just what I was looking for.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6306341
thought you need an explanation of a special exploit, didn't expect that you're interrested in such a general answer ;-)

BTW, I made a mistake: test-cgi cannot read/modify data on the client, just on the server
0
 

Author Comment

by:Boot_Disk
ID: 6306478
the exploit I was really looking at waht this one:

http://packetstormsecurity.org/advisories/l0pht/l0pht.test-cgi

If yha want to have another look.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ProxyPass - Problem 5 248
Internal wordpress pages 404 5 48
Best IDE for PHP starters 11 151
Apache module 5 87
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question