nostalgic-advisory-1999-01.txt

`------[ ADVISORY ]------------------------------------[ 1999-01 ]------  
  
XITAMI WEBSERVER SHIPS WITH TESTCGI.EXE  
  
------[ nostalgic ]-------------------[ [email protected] ]------  
  
  
  
_( 1 / PRODUCT INFORMATION )___________________________________________  
  
Product name: XITAMI WEB SERVER  
Creators: IMATIX  
URL: http://www.imatix.com/html/xitami  
  
  
  
_( 2 / PROBLEM )_______________________________________________________  
  
When installed out of the box, XITAMI allows all users to access a  
sample CGI program called TESTCGI.EXE.  
This program outputs a lot of information about the box running the  
webserver, such as environment settings, various directory   
information, current user logged in etc.  
This information can be usefull to crackers.  
  
  
_( 3 / SAMPLE OUTPUT )_________________________________________________  
  
----8<------- CUT -------8<----  
CGI Test Program  
Environment Variables  
TMP = C:\WINDOWS\TEMP  
TEMP = C:\WINDOWS\TEMP  
PROMPT = $p$g  
WINBOOTDIR = C:\WINDOWS  
PATH = C:\WINDOWS;C:\WINDOWS\COMMAND  
COMSPEC = C:\WINDOWS\COMMAND.COM  
CTSYN = C:\WINDOWS  
CMDLINE = WIN  
WINDIR = C:\WINDOWS  
BLASTER = A220 I5 D1 H5 P330 T6  
HTTP_AUTHORIZATION = Basic bm9zdGFsZzFjOnRjMTM3YjU=  
HTTP_CONNECTION = Keep-Alive  
HTTP_HOST = localhost  
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; TUCOWS)  
HTTP_ACCEPT_ENCODING = gzip, deflate  
HTTP_ACCEPT_LANGUAGE = nl-be  
HTTP_ACCEPT = application/msword, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*  
HTTP_CONTENT_LENGTH = 0  
SERVER_SOFTWARE = Xitami  
SERVER_VERSION = 2.4d4  
SERVER_NAME = localhost  
SERVER_URL = http://localhost/  
SERVER_PORT = 80  
SERVER_PROTOCOL = HTTP/1.0  
GATEWAY_INTERFACE = CGI/1.1  
REQUEST_METHOD = GET  
SCRIPT_PATH = cgi-bin  
SCRIPT_NAME = /cgi-bin/testcgi.exe  
CONTENT_TYPE =   
CONTENT_LENGTH = 0  
REMOTE_USER = nostalg1c  
REMOTE_HOST = 127.0.0.1  
REMOTE_ADDR = 127.0.0.1  
PATH_INFO =   
PATH_TRANSLATED = C:/XITAMI/webpages  
DOCUMENT_ROOT = C:/XITAMI/webpages  
CGI_ROOT = C:/XITAMI/cgi-bin  
CGI_URL = /cgi-bin  
CGI_STDIN = C:\WINDOWS\TEMP\pipe0012.cgi  
CGI_STDOUT = C:\WINDOWS\TEMP\pipe0012.cgo  
CGI_STDERR = cgierr.log  
  
Miscellaneous Information  
Working directory: C:/Xitami/cgi-bin   
  
Current date and time: 99/11/10 22:30:58   
----8<------- CUT -------8<----  
  
  
  
_( 4 / SOLUTION )_____________________________________________________  
  
Remove CGI-BIN/TESTCGI.EXE and as always, don't trust out of the box   
installations :)  
  
  
  
_( 5 / VULNERABLE VERSIONS )__________________________________________  
  
I only tested this on the Win98 version 2.4d4, probably other Windows  
versions are also vulnerable.  
  
  
  
------[ END OF ADVISORY ]----------------------------------------------  
`