SecuriTeam™ - Xitami Web/FTP Server security vulnerability (testcgi)

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

Black Box Testing
Vulnerability Assessment
Vulnerability Scanner

	SecuriTeam™ in Your Inbox

	E-mail this article to a friend

New vulnerability?
New tool?
Tell us

Xitami web server default's installation of the CGI bin directory contains a test CGI that allows remote users to view information regarding the operating system and web server's directory.

Credit:
The information has been provided by zer0-logic.

Audit your web server for security holes - see what the hackers see.
Sign up for a scan today - risk free!

Vulnerable systems:
Xitami WEB/FTP release 2.5b4

Example:
http://www.example.com/cgi-bin/testcgi

will produce the following output:

Environment Variables

COMPUTERNAME = MYSERVER
COMSPEC = C:\WINNT\system32\cmd.exe
HOMEDRIVE = C:
HOMEPATH = \
LOGONSERVER = \\MYSERVER
NUMBER_OF_PROCESSORS = 1
OS = Windows_NT
OS2LIBPATH = C:\WINNT\system32\os2\dll;
PATH = C:\WINNT\system32;C:\WINNT
PROCESSOR_ARCHITECTURE = x86
PROCESSOR_IDENTIFIER = x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL = 6
PROCESSOR_REVISION = 0803
SYSTEMDRIVE = C:
SYSTEMROOT = C:\WINNT
TEMP = C:\TEMP
TMP = C:\TEMP
USERDOMAIN = MYSERVER
USERNAME = Administrator
USERPROFILE = C:\WINNT\Profiles\Administrator
WINDIR = C:\WINNT
HTTP_ACCEPT_CHARSET = iso-8859-1,*,utf-8
HTTP_ACCEPT_LANGUAGE = en
HTTP_ACCEPT_ENCODING = gzip
HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
HTTP_HOST = 127.0.0.1
HTTP_USER_AGENT = Mozilla/4.75 [en] (WinNT; U)
HTTP_CONNECTION = Keep-Alive
HTTP_CONTENT_LENGTH = 0
SERVER_SOFTWARE = Xitami
SERVER_VERSION = 2.5b4
SERVER_NAME = 127.0.0.1
SERVER_URL = http://127.0.0.1/
SERVER_PORT = 0
SERVER_PROTOCOL = HTTP/1.1
SERVER_SECURITY = -
GATEWAY_INTERFACE = CGI/1.1
REQUEST_METHOD = GET
QUERY_METHOD = GET
SCRIPT_PATH = cgi-bin
SCRIPT_NAME = /cgi-bin/testcgi
CONTENT_TYPE =
CONTENT_LENGTH = 0
REMOTE_USER = -
REMOTE_HOST = 127.0.0.1
REMOTE_ADDR = 127.0.0.1
PATH_INFO =
PATH_TRANSLATED = C:/Xitami/webpages
DOCUMENT_ROOT = C:/Xitami/webpages
CGI_ROOT = C:/Xitami/cgi-bin
CGI_URL = /cgi-bin
CGI_STDIN = C:\TEMP\pipe0001.cgi
CGI_STDOUT = C:\TEMP\pipe0001.cgo
CGI_STDERR = cgierr.log

Workaround:
Delete testcgi.exe file, or disable the cgi-bin directory in Xitami Administration under CGI properties configuration menu.

Subject:		Date:
From:

	Cisco BBSM Captive Portal Cross-site Scripting
	Cisco Unified Communications Manager Denial of Service Vulnerabilities
	Novell eDirectory Unauthenticated Access to SOAP Interface
	Call of Duty Denial of Service
	Wonderware SuiteLink Denial of Service Vulnerability
	WebMod Multiple Vulnerabilities
	IAX2 Incomplete 3-Way Handshake (Spoofing)
	Multiple Vendor OpenOffice Vulnerabilities
	Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
	Cisco Network Admission Control Shared Secret Vulnerability
	ClamAV libclamav PeSpin Heap Overflow Vulnerability
	ClamAV libclamav PE WWPack Heap Overflow Vulnerability
	IBM Informix Pre-Authentication Stack Overflow
	Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
	HP OpenView NNM Buffer Overflow