When installed out of the box, XITAMI allows all users to access a sample CGI program called TESTCGI.EXE. This program outputs a lot of information about the box running the webserver, such as environment settings, various directory information, current user logged in etc. This information can be usefull to crackers.
e490f819bf469767694bdb66cc208f53decd72b89aa917eb62974baf262b8b50------[ ADVISORY ]------------------------------------[ 1999-01 ]------
XITAMI WEBSERVER SHIPS WITH TESTCGI.EXE
------[ nostalgic ]-------------------[ nostalgic@nostalg1c.org ]------
_( 1 / PRODUCT INFORMATION )___________________________________________
Product name: XITAMI WEB SERVER
Creators: IMATIX
URL: http://www.imatix.com/html/xitami
_( 2 / PROBLEM )_______________________________________________________
When installed out of the box, XITAMI allows all users to access a
sample CGI program called TESTCGI.EXE.
This program outputs a lot of information about the box running the
webserver, such as environment settings, various directory
information, current user logged in etc.
This information can be usefull to crackers.
_( 3 / SAMPLE OUTPUT )_________________________________________________
----8<------- CUT -------8<----
CGI Test Program
Environment Variables
TMP = C:\WINDOWS\TEMP
TEMP = C:\WINDOWS\TEMP
PROMPT = $p$g
WINBOOTDIR = C:\WINDOWS
PATH = C:\WINDOWS;C:\WINDOWS\COMMAND
COMSPEC = C:\WINDOWS\COMMAND.COM
CTSYN = C:\WINDOWS
CMDLINE = WIN
WINDIR = C:\WINDOWS
BLASTER = A220 I5 D1 H5 P330 T6
HTTP_AUTHORIZATION = Basic bm9zdGFsZzFjOnRjMTM3YjU=
HTTP_CONNECTION = Keep-Alive
HTTP_HOST = localhost
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; TUCOWS)
HTTP_ACCEPT_ENCODING = gzip, deflate
HTTP_ACCEPT_LANGUAGE = nl-be
HTTP_ACCEPT = application/msword, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
HTTP_CONTENT_LENGTH = 0
SERVER_SOFTWARE = Xitami
SERVER_VERSION = 2.4d4
SERVER_NAME = localhost
SERVER_URL = http://localhost/
SERVER_PORT = 80
SERVER_PROTOCOL = HTTP/1.0
GATEWAY_INTERFACE = CGI/1.1
REQUEST_METHOD = GET
SCRIPT_PATH = cgi-bin
SCRIPT_NAME = /cgi-bin/testcgi.exe
CONTENT_TYPE =
CONTENT_LENGTH = 0
REMOTE_USER = nostalg1c
REMOTE_HOST = 127.0.0.1
REMOTE_ADDR = 127.0.0.1
PATH_INFO =
PATH_TRANSLATED = C:/XITAMI/webpages
DOCUMENT_ROOT = C:/XITAMI/webpages
CGI_ROOT = C:/XITAMI/cgi-bin
CGI_URL = /cgi-bin
CGI_STDIN = C:\WINDOWS\TEMP\pipe0012.cgi
CGI_STDOUT = C:\WINDOWS\TEMP\pipe0012.cgo
CGI_STDERR = cgierr.log
Miscellaneous Information
Working directory: C:/Xitami/cgi-bin
Current date and time: 99/11/10 22:30:58
----8<------- CUT -------8<----
_( 4 / SOLUTION )_____________________________________________________
Remove CGI-BIN/TESTCGI.EXE and as always, don't trust out of the box
installations :)
_( 5 / VULNERABLE VERSIONS )__________________________________________
I only tested this on the Win98 version 2.4d4, probably other Windows
versions are also vulnerable.
------[ END OF ADVISORY ]----------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed