Advisories : Xitami Web/FTP Server security vulnerability (testcgi)

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Xitami Web/FTP Server security vulnerability (testcgi)

Title:	Xitami Web/FTP Server security vulnerability (testcgi)
Released by:	zer0-logic
Date:	7th December 2000
Printable version:	Click here

  Xitami Web/FTP Server security vulnerability (testcgi)

------------------------------------------------------------------------





SUMMARY



Xitami web server default's installation of the CGI bin directory contains 

a test CGI that allows remote users to view information regarding the 

operating system and web server's directory.



DETAILS



Vulnerable systems:

Xitami WEB/FTP release 2.5b4



Example:

http://www.example.com/cgi-bin/testcgi 



will produce the following output:

 

 

 Environment Variables

 

COMPUTERNAME   = MYSERVER

COMSPEC              = C:\WINNT\system32\cmd.exe

HOMEDRIVE           = C:

HOMEPATH            = \

LOGONSERVER     = \\MYSERVER

NUMBER_OF_PROCESSORS = 1

OS                   = Windows_NT

OS2LIBPATH           = C:\WINNT\system32\os2\dll;

PATH                 = C:\WINNT\system32;C:\WINNT

PROCESSOR_ARCHITECTURE = x86

PROCESSOR_IDENTIFIER = x86 Family 6 Model 8 Stepping 3, GenuineIntel

PROCESSOR_LEVEL      = 6

PROCESSOR_REVISION   = 0803

SYSTEMDRIVE          = C:

SYSTEMROOT           = C:\WINNT

TEMP                 = C:\TEMP

TMP                  = C:\TEMP

USERDOMAIN           = MYSERVER

USERNAME             = Administrator

USERPROFILE          = C:\WINNT\Profiles\Administrator

      WINDIR               = C:\WINNT

HTTP_ACCEPT_CHARSET  = iso-8859-1,*,utf-8

HTTP_ACCEPT_LANGUAGE = en

HTTP_ACCEPT_ENCODING = gzip

HTTP_ACCEPT          = image/gif, image/x-xbitmap, image/jpeg, 

image/pjpeg, image/png, */*

HTTP_HOST            = 127.0.0.1

HTTP_USER_AGENT      = Mozilla/4.75 [en] (WinNT; U)

HTTP_CONNECTION      = Keep-Alive

HTTP_CONTENT_LENGTH  = 0

SERVER_SOFTWARE      = Xitami

SERVER_VERSION       = 2.5b4

SERVER_NAME          = 127.0.0.1

SERVER_URL           = http://127.0.0.1/

SERVER_PORT          = 0

SERVER_PROTOCOL      = HTTP/1.1

SERVER_SECURITY      = -

GATEWAY_INTERFACE    = CGI/1.1

REQUEST_METHOD       = GET

QUERY_METHOD         = GET

SCRIPT_PATH          = cgi-bin

SCRIPT_NAME          = /cgi-bin/testcgi

CONTENT_TYPE         =

CONTENT_LENGTH       = 0

REMOTE_USER          = -

REMOTE_HOST          = 127.0.0.1

REMOTE_ADDR          = 127.0.0.1

PATH_INFO            =

PATH_TRANSLATED      = C:/Xitami/webpages

DOCUMENT_ROOT        = C:/Xitami/webpages

CGI_ROOT             = C:/Xitami/cgi-bin

CGI_URL              = /cgi-bin

CGI_STDIN            = C:\TEMP\pipe0001.cgi

CGI_STDOUT           = C:\TEMP\pipe0001.cgo

CGI_STDERR           = cgierr.log



Workaround:

Delete testcgi.exe file, or disable the cgi-bin directory in Xitami 

Administration under CGI properties configuration menu.





ADDITIONAL INFORMATION



The information has been provided by   

zer0-logic.