Vulnerability Development mailing list archives
Re: CGI directory path
From: vlad () SANDY RU (Vladimir Dubrovin)
Date: Mon, 20 Mar 2000 12:44:16 +0300
Hello NiGHTfly, This was discussed on the bugtraq. You can force IIS to check file existence for ISAPI filters. Check bugtraq archive for last month. You can also check http://www.securiteam.com/exploits/IIS_and_Perl_may_be_used_to_reveal_true_directory_location.html 08.07.19 9:54, you wrote: CGI directory path; N> Hi N> I am a new system administrator for a company(by new I mean I have only N> worked for 2 weeks for them!) I was going throught all the setting and N> configurations of the servers, until I came across this on our website : N> In the url dialog box of netscape I typed : N> xxx.xxx.xxx.xxx being a replacement for the REAL address :) N> http://xxx.xxx.xx.xx/cgi-bin/*.pl N> I did this to see if I will get a directory listing of all the perl scripts. N> But what I did get was the following : N> CGI Error N> The specified CGI application misbehaved by not returning a complete N> set of HTTP headers. N> Can't open perl script "D:\data_file\*.pl" : Invalid argument. N> Okay I know this is bad, but in what way? How and what can a script N> kiddie do with a full directory path? and how can I fix this? +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+
Current thread:
- Crashing Win9x with smbclient Bud Meister (Mar 13)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts David Schwartz (Mar 19)
- CGI directory path NiGHTfly (Jul 07)
- Re: CGI directory path Vladimir Dubrovin (Mar 20)
- Re: CGI directory path mock () ACTIVESTATE COM (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Crashing Win9x with smbclient Marc (Mar 14)
- Re: Crashing Win9x with smbclient Drew (Mar 14)
- Re: Crashing Win9x with smbclient Edsel Adap (Mar 15)
- Re: Crashing Win9x with smbclient Bluefish (Mar 20)
- Crashing Win9x with smbclient - But NT & W2K? Bluefish (Mar 26)
- Re: Crashing Win9x with smbclient - But NT & W2K? Magus Ba'al (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? vventura () SIA PT (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? Kenneth Ish (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? Stefan Fritsche (Mar 29)