Re: CGI directory path

[vlad () SANDY RU (Vladimir Dubrovin)]

Hello NiGHTfly,

This  was  discussed  on  the bugtraq. You can force IIS to check file
existence for ISAPI filters. Check bugtraq archive for last month. You
can also check

http://www.securiteam.com/exploits/IIS_and_Perl_may_be_used_to_reveal_true_directory_location.html

08.07.19 9:54, you wrote: CGI directory path;

N> Hi

N>  I am a new system administrator for a company(by new I mean I have only
N>  worked for 2 weeks for them!) I was going throught all the setting and
N>  configurations of the servers, until I came across this on our website :

N>  In the url dialog box of netscape I typed :

N>  xxx.xxx.xxx.xxx being a replacement for the REAL address :)

N>  http://xxx.xxx.xx.xx/cgi-bin/*.pl

N>  I did this to see if I will get a directory listing of all the perl scripts.
N>  But what I did get was the following :

N>  CGI Error

N>  The specified CGI application misbehaved by not returning a complete
N>  set of HTTP headers.

N>  Can't open perl script "D:\data_file\*.pl" : Invalid argument.

N> Okay I know this is bad, but in what way? How and what can a script
N>  kiddie do with a full directory path? and how can I fix this?

  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+