Guest_imported
New member
- Jan 1, 1970
- 0
Anyone know what it is and how to fix it? I had a guy tell me that my web server "exhibits the rootdotdot failure". I have looked high and wide and still can't find it.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
rootdotdot
- Thread starter Guest_imported
- Start date
- Status
)Sure but for example. htdocs is the normal directory. Ive heard of an old bug that when typing in ../../........ you can eventually get to any file that you want. Im not sure if this is what the original question was really about, but apache had this problem a long time ago and hasnt been vulnerable in years.
Sounds like im just rambling. Sorry
Sounds like im just rambling. Sorry
Hi,
IIS used to suffer from this a lot (maybe still does) where script kiddies would run 'c:\winnt\system32\cmd.exe' by doing '..' several times to reach the root directory then append the command - e.g. :
I'm not aware that Apache has had such vunerabilities though ... Which webserver are you talking about ?
Regards
IIS used to suffer from this a lot (maybe still does) where script kiddies would run 'c:\winnt\system32\cmd.exe' by doing '..' several times to reach the root directory then append the command - e.g. :
I'm not aware that Apache has had such vunerabilities though ... Which webserver are you talking about ?
Regards
- Thread starter
- #7
Guest_imported
New member
- Jan 1, 1970
- 0
Well, I have two web servers. One is on Linux and the other is on NT. I am forced at this time to maintain both web servers and will get rid of the NT box as soon as I can.
Unfortunately the guy that said I have this problem would not say which one he found the problem on.
Since the Linux server is running 7.2 I really don't think that is the problem.
The NT system is not running IIS. We are using Web Site Pro. That product is no longer in production and is why we are phasing it out.
Oh, he also said that we had the "vulncgi failure" on one of our servers. Any idea what to heck that is. I can't find anything about that at all.
Thanks
Unfortunately the guy that said I have this problem would not say which one he found the problem on.
Since the Linux server is running 7.2 I really don't think that is the problem.
The NT system is not running IIS. We are using Web Site Pro. That product is no longer in production and is why we are phasing it out.
Oh, he also said that we had the "vulncgi failure" on one of our servers. Any idea what to heck that is. I can't find anything about that at all.
Thanks
Hi,
Looks like someone ran a scanner and found a couple of apparent weaknesses. Its difficult to comment without more info really. vulncgi justs sounds like 'cgi vulnerability'. This would be where you can pass arguments to a cgi script and get it to execute stuff - quite similar to the other one really.
I suspect the scanner may have been the 'internet scanner' from ISS. You can see the kind of stuff that reports on from examples here --> .
You could try getting hold of cgichk and running that yourself --> .
Hope this helps
Looks like someone ran a scanner and found a couple of apparent weaknesses. Its difficult to comment without more info really. vulncgi justs sounds like 'cgi vulnerability'. This would be where you can pass arguments to a cgi script and get it to execute stuff - quite similar to the other one really.
I suspect the scanner may have been the 'internet scanner' from ISS. You can see the kind of stuff that reports on from examples here --> .
You could try getting hold of cgichk and running that yourself --> .
Hope this helps
- Status