Vulnerability Development mailing list archives
Re: CGI directory path
From: mock () ACTIVESTATE COM (mock () ACTIVESTATE COM)
Date: Mon, 20 Mar 2000 17:39:26 -0800
On Mon, Jul 08, 2019 at 08:54:22AM +0200, NiGHTfly wrote:
Hi I am a new system administrator for a company(by new I mean I have only worked for 2 weeks for them!) I was going throught all the setting and configurations of the servers, until I came across this on our website : In the url dialog box of netscape I typed : xxx.xxx.xxx.xxx being a replacement for the REAL address :) http://xxx.xxx.xx.xx/cgi-bin/*.pl I did this to see if I will get a directory listing of all the perl scripts. But what I did get was the following : CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. Can't open perl script "D:\data_file\*.pl" : Invalid argument. Okay I know this is bad, but in what way? How and what can a script kiddie do with a full directory path? and how can I fix this?
It's bad because it lets the kiddie know what your current working directory is. Making it much easier to determine exactly how many '../'s are needed to get at a specific file. You can fix it by setting the 'check that file exists' checkbox in the script mappings. mock
Current thread:
- Crashing Win9x with smbclient Bud Meister (Mar 13)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts David Schwartz (Mar 19)
- CGI directory path NiGHTfly (Jul 07)
- Re: CGI directory path Vladimir Dubrovin (Mar 20)
- Re: CGI directory path mock () ACTIVESTATE COM (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Crashing Win9x with smbclient Marc (Mar 14)
- Re: Crashing Win9x with smbclient Drew (Mar 14)
- Re: Crashing Win9x with smbclient Edsel Adap (Mar 15)
- Re: Crashing Win9x with smbclient Bluefish (Mar 20)
- Crashing Win9x with smbclient - But NT & W2K? Bluefish (Mar 26)
- Re: Crashing Win9x with smbclient - But NT & W2K? Magus Ba'al (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? vventura () SIA PT (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? Kenneth Ish (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? Stefan Fritsche (Mar 29)