special

Уязвимость teehonya.ru скрипт var.pl

 

вот нашел на сайте www.teehonya.ru скрипт var.pl.
при запросе к нему:
http://www.teehonya.ru/cgi-bin/var.pl выдает следующую информацию:

Environment variables ...
DOCUMENT_ROOT=/bhome/part2/01/teehonya/www/
GATEWAY_INTERFACE=CGI/1.1
GECOS=teehonya.ru
HOME=/bhome/part2/01/teehonya
HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/msword, application/x-shockwave-flash, application/vnd.ms-excel, */*
HTTP_ACCEPT_LANGUAGE=ru
HTTP_CONNECTION=close
HTTP_HOST=www.teehonya.ru
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP_X_FORWARDED_FOR_ORIG=125.196.164.209
LD_PRELOAD=/usr/local/lib/libpwd_dbenv.so
PATH=/usr/bin:/bin
PERLLIB=/bhome/part2/01/teehonya/perllib
PROF_SRV=1
QUERY_STRING=
REMOTE_ADDR=125.196.164.209
REMOTE_PORT=0
REQUEST_METHOD=GET
REQUEST_URI=/cgi-bin/var.pl
SCRIPT_FILENAME=/bhome/part2/01/teehonya/vcgi/var.pl
SCRIPT_NAME=/cgi-bin/var.pl
SERVER_ADDR=195.2.72.2
[email protected]
SERVER_NAME=www.teehonya.ru
SERVER_PORT=1615
SERVER_PROTOCOL=HTTP/1.0
SERVER_SIGNATURE=
SERVER_SOFTWARE=Apache/1.3.27 (Unix) PHP/4.3.1 FrontPage/3.0.4.2 mod_perl/1.26
AuthMySQL/2.20
SHELL=/usr/local/sbin/rtsh
TZ=Europe/Moscow
UNIQUE_ID=P4KRBcMCSCUAANdkBiI
USER=teehonya
YANDEX_RPC_SERVER_ADDR=yandex.zenon.net
YANDEX_RPC_SERVER_PORT=17000

Form input values ...

--------------------------------------------------------------------------------
New session ID set 884173656 till Tuesday, 7-10-2003 11:15:13 GMT

Вот и думаю, не дохрена ли информации он выдает;-). Главное, нигде не нашел информации о назначении скрипта.
Кто знает откликнитесь, интересно ведь;-).

такая же проблема и со скриптом info.cgi на сайте www.kaisertool.com вот что он выдает:

Display info: what do I know?
Environment:
SERVER_SOFTWARE : Apache/1.3.6 (Unix) mod_perl/1.21 mod_ssl/2.2.8 OpenSSL/0.9.2b
GATEWAY_INTERFACE : CGI/1.1
DOCUMENT_ROOT : /home/sites/home/web
REMOTE_ADDR : 125.196.164.209
REQUEST_METHOD : GET
QUERY_STRING :
HTTP_ACCEPT : */*
REMOTE_PORT : 1835
HTTP_ACCEPT_LANGUAGE : ru
HTTP_CACHE_CONTROL : max-age=259200
REDIRECT_UNIQUE_ID : P40DSkUAgBkAAHsNBzo
SCRIPT_FILENAME : /home/sites/home/web/store/cgi-bin/ssinstall/info.cgi
REDIRECT_STATUS : 200
SERVER_NAME : www.kaisertool.com
HTTP_X_FORWARDED_FOR : unknown
SERVER_PORT : 80
PATH_TRANSLATED : /home/sites/home/web/store/cgi-bin/ssinstall/info.cgi
SERVER_ADMIN : home
UNIQUE_ID : P40DSkUAgBkAAHsNBzo
REDIRECT_URL : /store/cgi-bin/ssinstall/info.cgi
SCRIPT_URI : http://www.kaisertool.com/store/cgi-bin/ssinstall/info.cgi
SCRIPT_URL : /store/cgi-bin/ssinstall/info.cgi
SERVER_SIGNATURE :
SERVER_PROTOCOL : HTTP/1.0
HTTP_REFERER : http://altavista.com/web/results?q=web_store.cgi&kgs=0&kls=0&avkw=aapt&stq=80
HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
PATH : /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
HTTP_CONNECTION : keep-alive
REDIRECT_SCRIPT_URI : http://www.kaisertool.com/store/cgi-bin/ssinstall/info.cgi
SCRIPT_NAME : /store/cgi-bin/ssinstall/info.cgi
REDIRECT_SCRIPT_URL : /store/cgi-bin/ssinstall/info.cgi
REQUEST_URI : /store/cgi-bin/ssinstall/info.cgi
PATH_INFO : /store/cgi-bin/ssinstall/info.cgi
HTTP_HOST : www.kaisertool.com
HTTP_VIA : 1.0 proxy:3128 (squid/2.5.STABLE4)

--------------------------------------------------------------------------------

Other Interesting Info:
Uname info : Linux www.kaisertool.com 2.2.16C32_III #1 Fri Nov 9 21:54:54 PST 2001 i586 unknown
Working directory : drwxrwsr-x 3 admin home 1024 Feb 7 2003 .
Path to current directory : /home/sites/home/web/store/cgi-bin/ssinstall
Ids : uid=110(admin) gid=27(admin) groups=27(admin),10(wheel),110(home),111(site-adm),112(site1)
Sendmail found : /usr/sbin/sendmail
Tar found : /bin/tar
Perl found : /usr/bin/perl
Perl version : This is perl, version 5.005_03 built for i386-linux Copyright 1987-1999, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5.0 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using `man perl' or `perldoc perl'. If you have access to the Internet, point your browser at http://www.perl.com/, the Perl Home Page.

этот даже uid выдает;-).

Твой bug Durito.
_________________
EAT THE RICH!


Дата створення/оновлення: 25.05.2018

';