Solved

Sensitive / Unauthorized Info Accessible

Posted on 2009-05-05
4
207 Views
Last Modified: 2012-05-06
Sensitive information is available to unauthorized users through one or more of the following: * Poorly restricted web pages * Web page source code * Web pages containing sensitive content * Accessible/executable files * Office productivity files available Extension such as txt, doc, pdf, ppt, xls, csv, rtf, mdb, odc, mde, pub, wri, dif, sxw, sxi, sxc, sdw, sdd and sdc were found on a remote share.
and Evidence is :
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/shockwave/download/download.cgi (P1_Prod_Version [ShockwaveFlash] );;;The following email addresses have been gathered :;;;- 'abc@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'def@xyz.com', referenced from :; /xyz/news.html;;;- 'ghk@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'lmn@xyz.com', referenced from :; /xyz/contact_plan_sponsors.html;;;- 'tpw@xyz.com', referenced from :;
0
Comment
Question by:Brijeshk9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 24314236
Where is question - sentence with question mark in the end?
0
 

Author Comment

by:Brijeshk9
ID: 24332428
this is one of the Website Vulnerabilities found on my Webserver and i want to remove  this kind of Vulnerabilities,i have shared the Website Vulnerability and Evidence in my very first commnet(question).
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 24333807
You have office documents on your webserver
- remove metadata from them, convert to pdf if you are concerned
You have email addresses in webpages
- you can use any scrambler or encoder  to hide them from spammer robots

There is no vulnerability - it is your website content you are showing to people.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31578317
Now Problem is resolved
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question