|
Family: CGI abuses --> Category: infos
ftp.pl shows the listing of any dir Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /cgi-bin/ftp/ftp.pl
Detailed Explanation for this Vulnerability Test
The remote ftp.pl cgi can be used to get the listing
of the content of arbitrary directories, using a simple
request like :
http://target/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
Solution : disable this CGI as no fix is available at this
time (see http://www.feartech.com/vv/ftp.shtml for details
regarding the availability of a patch)
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|