Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

test-cgi

Posted on 2001-07-19
8
Medium Priority
?
330 Views
Last Modified: 2012-08-13
I would like to know if this test-cgi exploit is really a security vulnerability.  If so, please explaine how so.  What could someone do with this information.  And how is this so valueable.  Airn't you able to get this info other ways?

Thank you
0
Comment
Question by:Boot_Disk
  • 4
  • 4
8 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6304466
which test-cgi?
0
 

Author Comment

by:Boot_Disk
ID: 6304669
lets say:  http://www.site.com/cgi-bin/test-cgi?/*
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6304707
which exploit?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Boot_Disk
ID: 6305277
The exploit of test-cgi!!  what do you think.  If you don't know anything about it, then forget answering me.  Thank you.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 900 total points
ID: 6305734
hmm, you're speaking in miracles (at least to me):

I've hundreds of "test-cgi"s, and most of them have no exploits (exceptions see below;-)

So it would be nice if you give an example (link or code) of YOUR TEST-CGI.
Or if you like a general answer:
  - each test-cgi has exploits, somehow, somewhere
  - each test-cgi is vulnerable in that way that it allows to read and/or modify data on the server or on your client somehow
Just a test-cgi which is never executed is not vulnerable, 'cause its exploits never occour, some kind of write-only program ;-)
Probably not the answer you expect, so please give some more details.
0
 

Author Comment

by:Boot_Disk
ID: 6306224
That is great.  Thank you :)  That was just what I was looking for.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6306341
thought you need an explanation of a special exploit, didn't expect that you're interrested in such a general answer ;-)

BTW, I made a mistake: test-cgi cannot read/modify data on the client, just on the server
0
 

Author Comment

by:Boot_Disk
ID: 6306478
the exploit I was really looking at waht this one:

http://packetstormsecurity.org/advisories/l0pht/l0pht.test-cgi

If yha want to have another look.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month7 days, 17 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question