Solved

Sensitive / Unauthorized Info Accessible

Posted on 2009-05-05
4
206 Views
Last Modified: 2012-05-06
Sensitive information is available to unauthorized users through one or more of the following: * Poorly restricted web pages * Web page source code * Web pages containing sensitive content * Accessible/executable files * Office productivity files available Extension such as txt, doc, pdf, ppt, xls, csv, rtf, mdb, odc, mde, pub, wri, dif, sxw, sxi, sxc, sdw, sdd and sdc were found on a remote share.
and Evidence is :
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/shockwave/download/download.cgi (P1_Prod_Version [ShockwaveFlash] );;;The following email addresses have been gathered :;;;- 'abc@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'def@xyz.com', referenced from :; /xyz/news.html;;;- 'ghk@xyz.com', referenced from :; /xyz/contact_QP_advisors.html;;;- 'lmn@xyz.com', referenced from :; /xyz/contact_plan_sponsors.html;;;- 'tpw@xyz.com', referenced from :;
0
Comment
Question by:Brijeshk9
  • 2
  • 2
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 24314236
Where is question - sentence with question mark in the end?
0
 

Author Comment

by:Brijeshk9
ID: 24332428
this is one of the Website Vulnerabilities found on my Webserver and i want to remove  this kind of Vulnerabilities,i have shared the Website Vulnerability and Evidence in my very first commnet(question).
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 24333807
You have office documents on your webserver
- remove metadata from them, convert to pdf if you are concerned
You have email addresses in webpages
- you can use any scrambler or encoder  to hide them from spammer robots

There is no vulnerability - it is your website content you are showing to people.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31578317
Now Problem is resolved
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question