?
Solved

Sensitive / Unauthorized Info Accessible

Posted on 2009-05-05
4
Medium Priority
?
211 Views
Last Modified: 2012-05-06
Sensitive information is available to unauthorized users through one or more of the following: * Poorly restricted web pages * Web page source code * Web pages containing sensitive content * Accessible/executable files * Office productivity files available Extension such as txt, doc, pdf, ppt, xls, csv, rtf, mdb, odc, mde, pub, wri, dif, sxw, sxi, sxc, sdw, sdd and sdc were found on a remote share.
and Evidence is :
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/shockwave/download/download.cgi (P1_Prod_Version [ShockwaveFlash] );;;The following email addresses have been gathered :;;;- 'abc@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'def@xyz.com', referenced from :; /xyz/news.html;;;- 'ghk@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'lmn@xyz.com', referenced from :; /xyz/contact_plan_sponsors.html;;;- 'tpw@xyz.com', referenced from :;
0
Comment
Question by:Brijeshk9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 24314236
Where is question - sentence with question mark in the end?
0
 

Author Comment

by:Brijeshk9
ID: 24332428
this is one of the Website Vulnerabilities found on my Webserver and i want to remove  this kind of Vulnerabilities,i have shared the Website Vulnerability and Evidence in my very first commnet(question).
0
 
LVL 62

Accepted Solution

by:
gheist earned 1500 total points
ID: 24333807
You have office documents on your webserver
- remove metadata from them, convert to pdf if you are concerned
You have email addresses in webpages
- you can use any scrambler or encoder  to hide them from spammer robots

There is no vulnerability - it is your website content you are showing to people.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31578317
Now Problem is resolved
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question