Hello ;
i want to know if there are any methode to disable running cgi script with other extention and outside the cgi-bin directory ???
today i have found someone has made the fallowing
Create .htaccess with the fallowing content :
and has rename script.cgi to script.gif & chmod the script.gif to 755 .
and all is done .
this script is the famous cgi-telnet . after he can get the list users and make symlink to another files user with this command :
and when yo put the file1.txt you can see the content og this file .
anyone has this isseu ? or any suggestion solution to prevent like this attack .
i want to know if there are any methode to disable running cgi script with other extention and outside the cgi-bin directory ???
today i have found someone has made the fallowing
Create .htaccess with the fallowing content :
Code:
Options +FollowSymLinks
DirectoryIndex seees.html
Options +Indexes
Options +ExecCGI
AddType text/plain .php
AddHandler server-parsed .php
Addhandler cgi-script .gif
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>and has rename script.cgi to script.gif & chmod the script.gif to 755 .
and all is done .
this script is the famous cgi-telnet . after he can get the list users and make symlink to another files user with this command :
Code:
ln -s /home/USERNAME/public_html/config.php file1.txtand when yo put the file1.txt you can see the content og this file .
anyone has this isseu ? or any suggestion solution to prevent like this attack .
. I received report from my tester team, when symlink: