What Leakage Happened Here?
Results 1 to 8 of 8

Thread: What Leakage Happened Here?

  1. #1
    Member
    Join Date
    Mar 2002
    Posts
    88

    What Leakage Happened Here?

    I Was Researching The Source Of A download To Check Out Any Reviews
    Complaints,And to See If There Is Help Files Etc On the Product and
    Once I got To The URL This (Lotta Stuff Emitted) Was What Greeted Me
    CGI environment on www.subnet.dk
    Status: 403
    Environment variables
    Name: Value:
    BACKEND_NAME cgi
    BACKEND_PORT 4290
    DOCUMENT_ROOT /www/soldk/www.subnet.dk

    I hAD nO mALICIOUS iNTENT but It Seems Wierd That
    Normal Surfing Brought That Up?

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    I think that was an error with the webserver and not something you did. Isn't 403 something like page not found?
    If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
    -- former White House cybersecurity adviser Richard Clarke

  3. #3
    Member
    Join Date
    Mar 2002
    Posts
    88
    Yes But it Also listed port numbers my ip remote port sever type name on and on
    usually my 403 error pages are just plain blank ....with of course the 403 error

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    nope...403 is 'forbidden"

    and for your enjoyment...all http error codes...

    100 Continue
    101 Switching Protocols
    200 OK
    201 Created
    202 Accepted
    203 Non-Authoritative Information
    204 No Content
    205 Reset Content
    206 Partial Content
    300 Multiple Choices
    301 Moved Permanently
    302 Moved Temporarily
    303 See Other
    304 Not Modified
    305 Use Proxy
    400 Bad Request
    401 Unauthorized
    402 Payment Required
    403 Forbidden
    404 Not Found
    405 Method Not Allowed
    406 Not Acceptable
    407 Proxy Authentication Required
    408 Request Time-Out
    409 Conflict
    410 Gone
    411 Length Required
    412 Precondition Failed
    413 Request Entity Too Large
    414 Request-URL Too Large
    415 Unsupported Media Type
    500 Server Error
    501 Not Implemented
    502 Bad Gateway
    503 Out of Resources
    504 Gateway Time-Out
    505 HTTP Version not supported
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  5. #5
    Member
    Join Date
    Mar 2002
    Posts
    88
    or was it 404 ooops

  6. #6
    Member
    Join Date
    Mar 2002
    Posts
    88
    it was this
    CGI environment on www.subnet.dk
    Status: 403
    Environment variables
    Name: Value:
    BACKEND_NAME cgi
    BACKEND_PORT 4290
    DOCUMENT_ROOT /www/soldk/www.subnet.dk
    GATEWAY_INTERFACE CGI/1.1
    HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    HTTP_ACCEPT_ENCODING gzip, deflate
    HTTP_ACCEPT_LANGUAGE en-us
    HTTP_HOST cgi.sol.basefarm.net:4290
    HTTP_USER_AGENT Mozilla/4.0 (xxxxxxxxxxxx)
    HTTP_WEFERER HPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMN
    KVASIRDB no
    LAND_TLD dk
    PATH /sbin:/usr/sbin:/local/bin:/local/sbin:/local/gnu/bin:/usr/bin:/bin:/usr/sbin:/sbin
    QUERY_STRING User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/&User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/
    REMOTE_ADDR xxxxxxxxxxxxxxxxx
    REMOTE_PORT xxxxxxxxxxxxxxxxxxxx
    REQUEST_METHOD GET
    REQUEST_URI /tools/error/403/index.cgi?User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/&User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/
    SCRIPT_FILENAME /www/soldk/www.subnet.dk/tools/error/403/index.cgi
    SCRIPT_NAME /tools/error/403/index.cgi
    SERVER_ADDR 10.17.32.33
    SERVER_ADMIN webmaster@sol.dk
    SERVER_NAME www.subnet.dk
    SERVER_PORT 80
    SERVER_PROTOCOL HTTP/1.0
    SERVER_SIGNATURE Apache/1.3.20 Server at www.subnet.dk Port 80
    SERVER_SOFTWARE Apache/1.3.20
    SYBASE /local/syb-client
    UMA_ROOT /www/common/uma
    UNIQUE_ID PKANkQoSICEAAHbAhF0


    Runtime environment
    uid 103
    euid 103
    gid 103
    egid 103
    umask 022
    pwd /www/soldk/www.subnet.dk/tools/error/403

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    if it was a 404...the info you saw was probably diagnostic...if my website throws an error while accessing the database...(of it never does...hehe)...i have it email me all the particulars...


    referring page
    user IP
    error message etc...

    this however is hidden from the user ..since i don't want folks seeing error codes...for most..they don't know what to do...and some could use it as a way to gain information about my database structure...so it is a security risk not to have some kind of general error handling form...


    things like

    Environment variables
    Name: Value:
    BACKEND_NAME cgi
    BACKEND_PORT 4290
    DOCUMENT_ROOT /www/soldk/www.subnet.dk

    might tell you a bunch of things about what is running behind the scenes...which could be a bad thing for the site...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    SCRIPT_FILENAME /www/soldk/www.subnet.dk/tools/error/403/index.cgi
    SCRIPT_NAME /tools/error/403/index.cgi
    This looks like a script setup to show this page on any 403 error. Probably emails all the same info to the admin also.
    REMOTE_ADDR xxxxxxxxxxxxxxxxx
    REMOTE_PORT xxxxxxxxxxxxxxxxxxxx
    Also sends your info to the admin, so he can check on who you are and keep an eye on you. If you get a 403, it means you are trying to access something you are not supposed to have access to.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •