Solved

Sensitive / Unauthorized Info Accessible

Posted on 2009-05-05
4
202 Views
Last Modified: 2012-05-06
Sensitive information is available to unauthorized users through one or more of the following: * Poorly restricted web pages * Web page source code * Web pages containing sensitive content * Accessible/executable files * Office productivity files available Extension such as txt, doc, pdf, ppt, xls, csv, rtf, mdb, odc, mde, pub, wri, dif, sxw, sxi, sxc, sdw, sdd and sdc were found on a remote share.
and Evidence is :
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/shockwave/download/download.cgi (P1_Prod_Version [ShockwaveFlash] );;;The following email addresses have been gathered :;;;- 'abc@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'def@xyz.com', referenced from :; /xyz/news.html;;;- 'ghk@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'lmn@xyz.com', referenced from :; /xyz/contact_plan_sponsors.html;;;- 'tpw@xyz.com', referenced from :;
0
Comment
Question by:Brijeshk9
  • 2
  • 2
4 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 24314236
Where is question - sentence with question mark in the end?
0
 

Author Comment

by:Brijeshk9
ID: 24332428
this is one of the Website Vulnerabilities found on my Webserver and i want to remove  this kind of Vulnerabilities,i have shared the Website Vulnerability and Evidence in my very first commnet(question).
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 24333807
You have office documents on your webserver
- remove metadata from them, convert to pdf if you are concerned
You have email addresses in webpages
- you can use any scrambler or encoder  to hide them from spammer robots

There is no vulnerability - it is your website content you are showing to people.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31578317
Now Problem is resolved
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now