Environment and Setup Variables can be Viewed through webpage.cgi

[UkR-XblP <cuctema () OK RU>]

Name: Environment and Setup Variables can be Viewed through
webpage.cgi
Date: 28.01.2001
Problems:The script allows several environment variables to
be viewed by the attacker, who can gain useful information
on the site, making further attacks more feasible.
Analysis:webpage.cgi dumps useful information (e.g. script
location, HTTP root, version of Perl, server_admin,
server_name, path) to the browser when the database file
provided is incorrect. Exploits: If site does not contain a
file named ukr.htm, thus the following URL displays the
environment dump (note: this url may not work as the vendor
has applied the patch to the site. However, a similar url,
when applied within the necessary modifications to an
unprotected site would yield the desired result.)
Author: UkR_XblP
Exploit: http://www.victim.org/cgi-bin/replicator/webpage.cgi/313373/ukr.htm
Get your free e-mail address at http://www.zmail.ru