Solved

Sensitive / Unauthorized Info Accessible

Posted on 2009-05-05
4
209 Views
Last Modified: 2012-05-06
Sensitive information is available to unauthorized users through one or more of the following: * Poorly restricted web pages * Web page source code * Web pages containing sensitive content * Accessible/executable files * Office productivity files available Extension such as txt, doc, pdf, ppt, xls, csv, rtf, mdb, odc, mde, pub, wri, dif, sxw, sxi, sxc, sdw, sdd and sdc were found on a remote share.
and Evidence is :
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/shockwave/download/download.cgi (P1_Prod_Version [ShockwaveFlash] );;;The following email addresses have been gathered :;;;- 'abc@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'def@xyz.com', referenced from :; /xyz/news.html;;;- 'ghk@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'lmn@xyz.com', referenced from :; /xyz/contact_plan_sponsors.html;;;- 'tpw@xyz.com', referenced from :;
0
Comment
Question by:Brijeshk9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 24314236
Where is question - sentence with question mark in the end?
0
 

Author Comment

by:Brijeshk9
ID: 24332428
this is one of the Website Vulnerabilities found on my Webserver and i want to remove  this kind of Vulnerabilities,i have shared the Website Vulnerability and Evidence in my very first commnet(question).
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 24333807
You have office documents on your webserver
- remove metadata from them, convert to pdf if you are concerned
You have email addresses in webpages
- you can use any scrambler or encoder  to hide them from spammer robots

There is no vulnerability - it is your website content you are showing to people.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31578317
Now Problem is resolved
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question