Bot24.com

Scan On Target Host: www.polnet.be In Action

2012-11-06

As you will see the scan is run against the notable Open Source Vulnerability Database (OSVDB)

+ Target Host: www.polnet.be
+ Target Port: 80
+ GET /: Retrieved x-powered-by header: PHP/5.3.16
+ GET /scgi-bin/cart32.exe: /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist
+ GET /scgi-bin/classified.cgi: /scgi-bin/classified.cgi: Check Phrack 55 for info by RFP
+ GET /scgi-bin/download.cgi: /scgi-bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
+ GET /scgi-bin/flexform.cgi: /scgi-bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ GET /scgi-bin/flexform: /scgi-bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ GET /scgi-bin/lwgate.cgi: /scgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ GET /scgi-bin/LWGate.cgi: /scgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ GET /scgi-bin/lwgate: /scgi-bin/lwgate: Check Phrack 55 for info by RFP
+ GET /scgi-bin/LWGate: /scgi-bin/LWGate: Check Phrack 55 for info by RFP
+ GET /scgi-bin/perlshop.cgi: /scgi-bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
+ GET /scgi-bin/handler.cgi: /scgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ GET /scgi-bin/finger: /scgi-bin/finger: finger other users, may be other commands?
+ GET /scgi-bin/finger.pl: /scgi-bin/finger.pl: finger other users, may be other commands?
+ GET /scgi-bin/get32.exe: /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ GET /scgi-bin/gm-authors.cgi: /scgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
+ GET /scgi-bin/guestbook/passwd: /scgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ GET /scgi-bin/photo/protected/manage.cgi: /scgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ GET /scgi-bin/wrap.cgi: /scgi-bin/wrap.cgi: possible variation: comes with IRIX 6.2; allows to view directories
+ GET /cgi-sys/formmail.pl: /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ GET /scgi-bin/formmail.pl: /scgi-bin/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ GET /scgi-bin/visadmin.exe: /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ GET /scgi-bin/html2chtml.cgi: /scgi-bin/html2chtml.cgi: Html2Wml
/sbcgi/sitebuilder.cgi?username=
&password=
&selectedpage=../../../../../../../../../../etc/passwd
+ GET /scgi-bin/classifieds/index.cgi: /scgi-bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ GET /scgi-bin/myguestbook.cgi?action=view: /scgi-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version from http://www.levcgi.com/. CA-2000-02.
+ OSVDB-21366: GET /scgi-bin/diagnose.cgi: /scgi-bin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ OSVDB-19772: GET /scgi-bin/title.cgi: /scgi-bin/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS CA-2000-02) in version 2.00 and earlier, and Lite 0.8 and earlier.
+ OSVDB-21365: GET /scgi-bin/compatible.cgi: /scgi-bin/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ GET /scgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: /scgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
+ GET /scgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer: /scgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
+ GET /scgi-bin/retrieve_password.pl: /scgi-bin/retrieve_password.pl: May not be vulnerable, but see http://www.dcscripts.com/bugtrac/DCForumID7/3.html for information.
+ GET /scgi-bin/wwwadmin.pl: /scgi-bin/wwwadmin.pl: Administration CGI?
+ GET /scgi-bin/webmap.cgi: /scgi-bin/webmap.cgi: nmap front end... could be fun
+ GET /scgi-bin/admin/admin.cgi: /scgi-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ GET /scgi-bin/admin/setup.cgi: /scgi-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ GET /scgi-bin/mt-static/mt-load.cgi: /scgi-bin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ GET /scgi-bin/mt/mt-load.cgi: /scgi-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ GET /scgi-bin/dbman/db.cgi?db=no-db: /scgi-bin/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information.
+ OSVDB-17111: GET /scgi-bin/dcshop/auth_data/auth_user_file.txt: /scgi-bin/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-17111: GET /scgi-bin/DCShop/auth_data/auth_user_file.txt: /scgi-bin/DCShop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /scgi-bin/dcshop/orders/orders.txt: /scgi-bin/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /scgi-bin/DCShop/orders/orders.txt: /scgi-bin/DCShop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ GET /scgi-bin/dumpenv.pl: /scgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers.
+ GET /scgi-bin/mkilog.exe: /scgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
+ GET /scgi-bin/mkplog.exe: /scgi-bin/mkplog.exe: This CGI can give an attacker a lot of information.
+ OSVDB-596: GET /scgi-bin/orders/orders.txt: /scgi-bin/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ GET /scgi-bin/processit.pl: /scgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ GET /scgi-bin/rpm_query: /scgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs
+ OSVDB-17111: GET /scgi-bin/shop/auth_data/auth_user_file.txt: /scgi-bin/shop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /scgi-bin/shop/orders/orders.txt: /scgi-bin/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ GET /scgi-bin/ws_ftp.ini: /scgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites
+ GET /scgi-bin/WS_FTP.ini: /scgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites
+ GET /scgi-bin/view-source?view-source: /scgi-bin/view-source?view-source: This allows remote users to view source code.
+ OSVDB-13978: GET /scgi-bin/ibill.pm: /scgi-bin/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords.
+ OSVDB-9332: GET /scgi-bin/scoadminreg.cgi: /scgi-bin/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web.
+ OSVDB-4663: GET /scgi-bin/SGB_DIR/superguestconfig: /scgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file.
+ GET /scgi-bin/icat: /scgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ GET /scgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: /scgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug
+ OSVDB-6192: GET /scgi-bin/update.dpgs: /scgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. See http://b0iler.eyeonsecurity.net for details. This could not be remotely tested.
+ GET /scgi-bin/view-source: /scgi-bin/view-source: This may allow remote arbitrary file retrieval.
+ GET /scgi-bin/wrap: /scgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ GET /cgi-sys/Count.cgi: /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ GET /scgi-bin/Count.cgi: /scgi-bin/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ GET /scgi-bin/echo.bat: /scgi-bin/echo.bat: This CGI may allow attackers to execute remote commands.
+ OSVDB-4571: GET /scgi-bin/ImageFolio/admin/admin.cgi: /scgi-bin/ImageFolio/admin/admin.cgi: ImageFolio (default accout Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
+ GET /scgi-bin/info2www: /scgi-bin/info2www: This CGI allows attackers to execute commands.
+ GET /scgi-bin/infosrch.cgi: /scgi-bin/infosrch.cgi: This CGI allows attackers to execute commands.
+ GET /scgi-bin/listrec.pl: /scgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host.
+ GET /scgi-bin/mailnews.cgi: /scgi-bin/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove.
+ GET /scgi-bin/mmstdod.cgi: /scgi-bin/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher.
+ GET /scgi-bin/pagelog.cgi: /scgi-bin/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try.
+ GET /scgi-bin/perl?-v: /scgi-bin/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ GET /scgi-bin/perl.exe?-v: /scgi-bin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ GET /scgi-bin/perl.exe: /scgi-bin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ GET /scgi-bin/perl: /scgi-bin/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ GET /scgi-bin/plusmail: /scgi-bin/plusmail: This CGI may allow attackers to execute commands remotely.
+ OSVDB-10944: GET /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid fileNikto]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
+ OSVDB-10944: GET fileNikto]: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid fileNikto]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
+ OSVDB-10944: GET /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
+ OSVDB-10944: GET filename]: /scgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]: SalesLogix WebClient may allow attackers to execute arbitrary commands on the host.
+ OSVDB-54034: GET /scgi-bin/spin_client.cgi?aaaaaaaa: /scgi-bin/spin_client.cgi?aaaaaaaa: This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message)
+ OSVDB-10598: GET /scgi-bin/sscd_suncourier.pl: /scgi-bin/sscd_suncourier.pl: Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.
+ OSVDB-13981: GET /scgi-bin/viralator.cgi: /scgi-bin/viralator.cgi: May be vulnerable to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed.
+ OSVDB-4854: GET /scgi-bin/virgil.cgi: /scgi-bin/virgil.cgi: The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax like virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337.
+ OSVDB-2088: GET /scgi-bin/vpasswd.cgi: /scgi-bin/vpasswd.cgi: Some versions of this CGI allow attackers to execute commands on your system. Verify this is the latest version available.
+ OSVDB-236: GET /scgi-bin/webgais: /scgi-bin/webgais: The webgais allows attackers to execute commands.
+ OSVDB-237: GET /scgi-bin/websendmail: /scgi-bin/websendmail: This CGI may allow attackers to execute arbitrary commands remotely.
+ GET /scgi-bin/wwwwais: /scgi-bin/wwwwais: wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.
+ GET /scgi-bin/common/listrec.pl: /scgi-bin/common/listrec.pl: This CGI allows attackers to execute commands on the host.
+ OSVDB-59031: GET /scgi-bin/stat.pl: /scgi-bin/stat.pl: Uninets StatsPlus 1.25 from http://www.uninetsolutions.com/stats.html may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER.
+ OSVDB-28: GET /scgi-bin/cachemgr.cgi: /scgi-bin/cachemgr.cgi: Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans.
+ OSVDB-142: GET /scgi-bin/ppdscgi.exe: /scgi-bin/ppdscgi.exe: PowerPlay Web Edition may allow unauthenticated users to view pages.
+ GET /scgi-bin/webif.cgi: /scgi-bin/webif.cgi: HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier.
+ GET /scgi-bin/.cobalt/siteUserMod/siteUserMod.cgi: /scgi-bin/.cobalt/siteUserMod/siteUserMod.cgi: Older versions of this CGI allow any user to change the administrator password.
+ GET /scgi-bin/webdriver: /scgi-bin/webdriver: This CGI often allows anyone to access the Informix DB on the host.
+ GET /scgi-bin/c32web.exe/ChangeAdminPassword: /scgi-bin/c32web.exe/ChangeAdminPassword: This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.
+ GET /scgi-bin/cgi-lib.pl: /scgi-bin/cgi-lib.pl: CGI Library. If retrieved check to see if it is outdated, it may have vulns
+ GET /scgi-bin/log/nether-log.pl?checkit: /scgi-bin/log/nether-log.pl?checkit: Default Pass: nethernet-rules
+ GET /scgi-bin/mini_logger.cgi: /scgi-bin/mini_logger.cgi: Default password: guest
+ GET /scgi-bin/mt-static/: /scgi-bin/mt-static/: Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.
+ GET /scgi-bin/mt/: /scgi-bin/mt/: Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.
+ GET /scgi-bin/nimages.php: /scgi-bin/nimages.php: Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.
+ GET /scgi-bin/robadmin.cgi: /scgi-bin/robadmin.cgi: Default password: roblog
+ GET /scgi-bin/netpad.cgi: /scgi-bin/netpad.cgi: netpad.cgi may be an indication of a malicious user on the system, as it allows web access to the file system. It may also have remote vulnerabilities itself. This should be removed or protected.
+ GET /scgi-bin/troops.cgi: /scgi-bin/troops.cgi: This CGI may be a leftover from a hacked site; may be used to attempt to hack other sites. It should be investigated further.
+ GET /scgi-bin/unlg1.1: /scgi-bin/unlg1.1: web backdoor by ULG
+ GET /scgi-bin/unlg1.2: /scgi-bin/unlg1.2: web backdoor by ULG
+ GET /scgi-bin/rwwwshell.pl: /scgi-bin/rwwwshell.pl: THC reverse www shell
+ GET /scgi-bin/photo/manage.cgi: /scgi-bin/photo/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more.
+ OSVDB-3233: GET /mailman/listinfo: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-3093: GET /scgi-bin/ccbill-local.pl?cmd=MENU: /scgi-bin/ccbill-local.pl?cmd=MENU: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /scgi-bin/ccbill-local.cgi?cmd=MENU: /scgi-bin/ccbill-local.cgi?cmd=MENU: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /scgi-bin/mastergate/search.cgi?search=0&search_on=all: /scgi-bin/mastergate/search.cgi?search=0&search_on=all: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /scgi-bin/Backup/add-passwd.cgi: /scgi-bin/Backup/add-passwd.cgi: This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-136: GET /scgi-bin/phf: /scgi-bin/phf: This allows attackers to read arbitrary files on the system and perhaps execute commands.
+ OSVDB-228: GET /scgi-bin/upload.cgi: /scgi-bin/upload.cgi: The upload.cgi allows attackers to upload arbitrary files to the server.
+ OSVDB-127: GET /scgi-bin/nph-publish.cgi: /scgi-bin/nph-publish.cgi: This CGI may allow attackers to execute arbitrary commands on the server.
+ OSVDB-128: GET /scgi-bin/nph-test-cgi: /scgi-bin/nph-test-cgi: This CGI lets attackers get a directory listing of the CGI directory.
+ OSVDB-2695: GET /scgi-bin/photo/: /scgi-bin/photo/: My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.
+ OSVDB-2717: GET /scgi-bin/include/new-visitor.inc.php: /scgi-bin/include/new-visitor.inc.php: Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example.
+ OSVDB-2735: GET /scgi-bin/musicqueue.cgi: /scgi-bin/musicqueue.cgi: Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/
+ OSVDB-279: GET /scgi-bin/windmail: /scgi-bin/windmail: Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file
+ OSVDB-279: GET /scgi-bin/windmail.exe: /scgi-bin/windmail.exe: Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file
+ OSVDB-2873: GET /scgi-bin/gbadmin.cgi?action=change_adminpass: /scgi-bin/gbadmin.cgi?action=change_adminpass: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
+ OSVDB-2873: GET /scgi-bin/gbadmin.cgi?action=change_automail: /scgi-bin/gbadmin.cgi?action=change_automail: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
+ OSVDB-2873: GET /scgi-bin/gbadmin.cgi?action=colors: /scgi-bin/gbadmin.cgi?action=colors: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
+ OSVDB-2873: GET /scgi-bin/gbadmin.cgi?action=setup: /scgi-bin/gbadmin.cgi?action=setup: RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200
+ OSVDB-2915: GET /scgi-bin/gbpass.pl: /scgi-bin/gbpass.pl: RNN Guestbook 1.2 password storage file. Administrative password should be stored in plaintext. Access gbadmin.cgi in the same directory to (ab)use. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 2003 BugTraq post by brainrawt@ha
+ OSVDB-3092: GET /scgi-bin/addalink.cgi: /scgi-bin/addalink.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/cgiecho: /scgi-bin/cgiecho: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/cgiemail: /scgi-bin/cgiemail: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/countedit: /scgi-bin/countedit: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/domainredirect.cgi: /scgi-bin/domainredirect.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/entropybanner.cgi: /scgi-bin/entropybanner.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
+ OSVDB-3092: GET /cgi-sys/FormMail-clone.cgi: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/FormMail-clone.cgi: /scgi-bin/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/helpdesk.cgi: /scgi-bin/helpdesk.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/mchat.cgi: /scgi-bin/mchat.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/randhtml.cgi: /scgi-bin/randhtml.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/realhelpdesk.cgi: /scgi-bin/realhelpdesk.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/realsignup.cgi: /scgi-bin/realsignup.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /cgi-sys/scgiwrap: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/scgiwrap: /scgi-bin/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/signup.cgi: /scgi-bin/signup.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /scgi-bin/GW5/GWWEB.EXE: /scgi-bin/GW5/GWWEB.EXE: Groupwise web interface
+ OSVDB-3092: GET /scgi-bin/dbmlparser.exe: /scgi-bin/dbmlparser.exe: This might be interesting...
+ OSVDB-3092: GET /forums/: /forums/: This might be interesting...
+ OSVDB-3092: GET /mail/: /mail/: This might be interesting...
- Nikto v2.1.5/2.1.5
+ Target Host: www.polnet.be
+ Target Port: 80
+ GET /: Retrieved x-powered-by header: PHP/5.3.16
+ GET /scgi-bin/cart32.exe: /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist
+ GET /scgi-bin/classified.cgi: /scgi-bin/classified.cgi: Check Phrack 55 for info by RFP
+ GET /scgi-bin/download.cgi: /scgi-bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
+ GET /scgi-bin/flexform.cgi: /scgi-bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ GET /scgi-bin/flexform: /scgi-bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ GET /scgi-bin/lwgate.cgi: /scgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ GET /scgi-bin/LWGate.cgi: /scgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ GET /scgi-bin/lwgate: /scgi-bin/lwgate: Check Phrack 55 for info by RFP
+ GET /scgi-bin/LWGate: /scgi-bin/LWGate: Check Phrack 55 for info by RFP
+ GET /scgi-bin/perlshop.cgi: /scgi-bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
+ GET /scgi-bin/handler.cgi: /scgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ GET /scgi-bin/finger: /scgi-bin/finger: finger other users, may be other commands?
+ GET /scgi-bin/finger.pl: /scgi-bin/finger.pl: finger other users, may be other commands?
+ GET /scgi-bin/get32.exe: /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ GET /scgi-bin/gm-authors.cgi: /scgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
+ GET /scgi-bin/guestbook/passwd: /scgi-bin/guestbook/passwd: GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.
+ GET /scgi-bin/photo/protected/manage.cgi: /scgi-bin/photo/protected/manage.cgi: My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
+ GET /scgi-bin/wrap.cgi: /scgi-bin/wrap.cgi: possible variation: comes with IRIX 6.2; allows to view directories
+ GET /cgi-sys/formmail.pl: /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ GET /scgi-bin/formmail.pl: /scgi-bin/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ GET /scgi-bin/visadmin.exe: /scgi-bin/visadmin.exe: This CGI allows an attacker to crash the web server. Remove it from the CGI directory.
+ GET /scgi-bin/html2chtml.cgi: /scgi-bin/html2chtml.cgi: Html2Wml
/sbcgi/sitebuilder.cgi?username=
&password=
&selectedpage=../../../../../../../../../../etc/passwd
+ GET /scgi-bin/classifieds/index.cgi: /scgi-bin/classifieds/index.cgi: My Classifieds pre 2.12 is vulnerable to SQL injection attacks.
+ GET /scgi-bin/myguestbook.cgi?action=view: /scgi-bin/myguestbook.cgi?action=view: myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version from http://www.levcgi.com/. CA-2000-02.
+ OSVDB-21366: GET /scgi-bin/diagnose.cgi: /scgi-bin/diagnose.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ OSVDB-19772: GET /scgi-bin/title.cgi: /scgi-bin/title.cgi: HNS's title.cgi is vulnerable to Cross Site Scripting (XSS CA-2000-02) in version 2.00 and earlier, and Lite 0.8 and earlier.
+ OSVDB-21365: GET /scgi-bin/compatible.cgi: /scgi-bin/compatible.cgi: This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.
+ GET /scgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: /scgi-bin/probecontrol.cgi?command=enable&userNikto=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
+ GET /scgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer: /scgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer: This might be interesting... has been seen in web logs from a scanner.
+ GET /scgi-bin/retrieve_password.pl: /scgi-bin/retrieve_password.pl: May not be vulnerable, but see http://www.dcscripts.com/bugtrac/DCForumID7/3.html for information.
+ GET /scgi-bin/wwwadmin.pl: /scgi-bin/wwwadmin.pl: Administration CGI?
+ GET /scgi-bin/webmap.cgi: /scgi-bin/webmap.cgi: nmap front end... could be fun
+ GET /scgi-bin/admin/admin.cgi: /scgi-bin/admin/admin.cgi: May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.
+ GET /scgi-bin/admin/setup.cgi: /scgi-bin/admin/setup.cgi: May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.
+ GET /scgi-bin/mt-static/mt-load.cgi: /scgi-bin/mt-static/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ GET /scgi-bin/mt/mt-load.cgi: /scgi-bin/mt/mt-load.cgi: Movable Type weblog installation CGI found. May be able to reconfigure or reload.
+ GET /scgi-bin/dbman/db.cgi?db=no-db: /scgi-bin/dbman/db.cgi?db=no-db: This CGI allows remote attackers to view system information.
+ OSVDB-17111: GET /scgi-bin/dcshop/auth_data/auth_user_file.txt: /scgi-bin/dcshop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-17111: GET /scgi-bin/DCShop/auth_data/auth_user_file.txt: /scgi-bin/DCShop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /scgi-bin/dcshop/orders/orders.txt: /scgi-bin/dcshop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /scgi-bin/DCShop/orders/orders.txt: /scgi-bin/DCShop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ GET /scgi-bin/dumpenv.pl: /scgi-bin/dumpenv.pl: This CGI gives a lot of information to attackers.
+ GET /scgi-bin/mkilog.exe: /scgi-bin/mkilog.exe: This CGI can give an attacker a lot of information.
+ GET /scgi-bin/mkplog.exe: /scgi-bin/mkplog.exe: This CGI can give an attacker a lot of information.
+ OSVDB-596: GET /scgi-bin/orders/orders.txt: /scgi-bin/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ GET /scgi-bin/processit.pl: /scgi-bin/processit.pl: This CGI returns environment variables, giving attackers valuable information.
+ GET /scgi-bin/rpm_query: /scgi-bin/rpm_query: This CGI allows anyone to see the installed RPMs
+ OSVDB-17111: GET /scgi-bin/shop/auth_data/auth_user_file.txt: /scgi-bin/shop/auth_data/auth_user_file.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ OSVDB-596: GET /scgi-bin/shop/orders/orders.txt: /scgi-bin/shop/orders/orders.txt: The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.
+ GET /scgi-bin/ws_ftp.ini: /scgi-bin/ws_ftp.ini: Can contain saved passwords for ftp sites
+ GET /scgi-bin/WS_FTP.ini: /scgi-bin/WS_FTP.ini: Can contain saved passwords for ftp sites
+ GET /scgi-bin/view-source?view-source: /scgi-bin/view-source?view-source: This allows remote users to view source code.
+ OSVDB-13978: GET /scgi-bin/ibill.pm: /scgi-bin/ibill.pm: iBill.pm is installed. This may allow brute forcing of passwords.
+ OSVDB-9332: GET /scgi-bin/scoadminreg.cgi: /scgi-bin/scoadminreg.cgi: This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web.
+ OSVDB-4663: GET /scgi-bin/SGB_DIR/superguestconfig: /scgi-bin/SGB_DIR/superguestconfig: Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file.
+ GET /scgi-bin/icat: /scgi-bin/icat: Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.
+ GET /scgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: /scgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0: nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug
+ OSVDB-6192: GET /scgi-bin/update.dpgs: /scgi-bin/update.dpgs: Duma Photo Gallery System may allow remote users to write to any file on the system. See http://b0iler.eyeonsecurity.net for details. This could not be remotely tested.
+ GET /scgi-bin/view-source: /scgi-bin/view-source: This may allow remote arbitrary file retrieval.
+ GET /scgi-bin/wrap: /scgi-bin/wrap: This CGI lets users read any file with 755 perms. It should not be in the CGI directory.
+ GET /cgi-sys/Count.cgi: /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ GET /scgi-bin/Count.cgi: /scgi-bin/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ GET /scgi-bin/echo.bat: /scgi-bin/echo.bat: This CGI may allow attackers to execute remote commands.
+ OSVDB-4571: GET /scgi-bin/ImageFolio/admin/admin.cgi: /scgi-bin/ImageFolio/admin/admin.cgi: ImageFolio (default accout Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
+ GET /scgi-bin/info2www: /scgi-bin/info2www: This CGI allows attackers to execute commands.
+ GET /scgi-bin/infosrch.cgi: /scgi-bin/infosrch.cgi: This CGI allows attackers to execute commands.
+ GET /scgi-bin/listrec.pl: /scgi-bin/listrec.pl: This CGI allows attackers to execute commands on the host.
+ GET /scgi-bin/mailnews.cgi: /scgi-bin/mailnews.cgi: Some versions allow attacker to execute commands as http daemon. Upgrade or remove.
+ GET /scgi-bin/mmstdod.cgi: /scgi-bin/mmstdod.cgi: May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher.
+ GET /scgi-bin/pagelog.cgi: /scgi-bin/pagelog.cgi: Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try.
+ GET /scgi-bin/perl?-v: /scgi-bin/perl?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ GET /scgi-bin/perl.exe?-v: /scgi-bin/perl.exe?-v: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.
+ GET /scgi-bin/perl.exe: /scgi-bin/perl.exe: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ GET /scgi-bin/perl: /scgi-bin/perl: Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.
+ GET /scgi-bin/plusmail: /scgi-bin/plusmail: This CGI may allow attackers to execute co- Nikto v2.1.5/2.1.5
- Nikto v2.1.5/2.1.5
+ Target Host: www.polnet.be
+ Target Port: 80
+ GET /: Retrieved x-powered-by header: PHP/5.3.16
+ GET /scgi-bin/cart32.exe: /scgi-bin/cart32.exe: request cart32.exe/cart32clientlist
+ GET /scgi-bin/classified.cgi: /scgi-bin/classified.cgi: Check Phrack 55 for info by RFP
+ GET /scgi-bin/download.cgi: /scgi-bin/download.cgi: v1 by Matt Wright; check info in Phrack 55 by RFP
+ GET /scgi-bin/flexform.cgi: /scgi-bin/flexform.cgi: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ GET /scgi-bin/flexform: /scgi-bin/flexform: Check Phrack 55 for info by RFP, allows to append info to writable files.
+ GET /scgi-bin/lwgate.cgi: /scgi-bin/lwgate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ GET /scgi-bin/LWGate.cgi: /scgi-bin/LWGate.cgi: Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7
+ GET /scgi-bin/lwgate: /scgi-bin/lwgate: Check Phrack 55 for info by RFP
+ GET /scgi-bin/LWGate: /scgi-bin/LWGate: Check Phrack 55 for info by RFP
+ GET /scgi-bin/perlshop.cgi: /scgi-bin/perlshop.cgi: v3.1 by ARPAnet.com; check info in Phrack 55 by RFP
+ GET /scgi-bin/handler.cgi: /scgi-bin/handler.cgi: Variation of Irix Handler? Has been seen from other CGI scanners.
+ GET /scgi-bin/finger: /scgi-bin/finger: finger other users, may be other commands?
+ GET /scgi-bin/finger.pl: /scgi-bin/finger.pl: finger other users, may be other commands?
+ GET /scgi-bin/get32.exe: /scgi-bin/get32.exe: This can allow attackers to execute arbitrary commands remotely.
+ GET /scgi-bin/gm-authors.cgi: /scgi-bin/gm-authors.cgi: GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.
+ GET /sc