|
-
March 27th, 2002, 08:40 PM
#1
Member
What Leakage Happened Here?
I Was Researching The Source Of A download To Check Out Any Reviews
Complaints,And to See If There Is Help Files Etc On the Product and
Once I got To The URL This (Lotta Stuff Emitted) Was What Greeted Me
CGI environment on www.subnet.dk
Status: 403
Environment variables
Name: Value:
BACKEND_NAME cgi
BACKEND_PORT 4290
DOCUMENT_ROOT /www/soldk/www.subnet.dk
I hAD nO mALICIOUS iNTENT but It Seems Wierd That
Normal Surfing Brought That Up?
-
March 27th, 2002, 08:41 PM
#2
I think that was an error with the webserver and not something you did. Isn't 403 something like page not found?
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
March 27th, 2002, 08:45 PM
#3
Member
Yes But it Also listed port numbers my ip remote port sever type name on and on
usually my 403 error pages are just plain blank ....with of course the 403 error
-
March 27th, 2002, 08:45 PM
#4
nope...403 is 'forbidden"
and for your enjoyment...all http error codes... 
100 Continue
101 Switching Protocols
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Time-Out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URL Too Large
415 Unsupported Media Type
500 Server Error
501 Not Implemented
502 Bad Gateway
503 Out of Resources
504 Gateway Time-Out
505 HTTP Version not supported
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 27th, 2002, 08:47 PM
#5
Member
-
March 27th, 2002, 08:51 PM
#6
Member
it was this
CGI environment on www.subnet.dk
Status: 403
Environment variables
Name: Value:
BACKEND_NAME cgi
BACKEND_PORT 4290
DOCUMENT_ROOT /www/soldk/www.subnet.dk
GATEWAY_INTERFACE CGI/1.1
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_ACCEPT_LANGUAGE en-us
HTTP_HOST cgi.sol.basefarm.net:4290
HTTP_USER_AGENT Mozilla/4.0 (xxxxxxxxxxxx)
HTTP_WEFERER HPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMN
KVASIRDB no
LAND_TLD dk
PATH /sbin:/usr/sbin:/local/bin:/local/sbin:/local/gnu/bin:/usr/bin:/bin:/usr/sbin:/sbin
QUERY_STRING User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/&User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/
REMOTE_ADDR xxxxxxxxxxxxxxxxx
REMOTE_PORT xxxxxxxxxxxxxxxxxxxx
REQUEST_METHOD GET
REQUEST_URI /tools/error/403/index.cgi?User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/&User=internettet&Home=/www/home/dk/i/in/internettet&URI=/cover/
SCRIPT_FILENAME /www/soldk/www.subnet.dk/tools/error/403/index.cgi
SCRIPT_NAME /tools/error/403/index.cgi
SERVER_ADDR 10.17.32.33
SERVER_ADMIN [email protected]
SERVER_NAME www.subnet.dk
SERVER_PORT 80
SERVER_PROTOCOL HTTP/1.0
SERVER_SIGNATURE Apache/1.3.20 Server at www.subnet.dk Port 80
SERVER_SOFTWARE Apache/1.3.20
SYBASE /local/syb-client
UMA_ROOT /www/common/uma
UNIQUE_ID PKANkQoSICEAAHbAhF0
Runtime environment
uid 103
euid 103
gid 103
egid 103
umask 022
pwd /www/soldk/www.subnet.dk/tools/error/403
-
March 27th, 2002, 08:54 PM
#7
if it was a 404...the info you saw was probably diagnostic...if my website throws an error while accessing the database...(of it never does...hehe)...i have it email me all the particulars...
referring page
user IP
error message etc...
this however is hidden from the user ..since i don't want folks seeing error codes...for most..they don't know what to do...and some could use it as a way to gain information about my database structure...so it is a security risk not to have some kind of general error handling form...
things like
Environment variables
Name: Value:
BACKEND_NAME cgi
BACKEND_PORT 4290
DOCUMENT_ROOT /www/soldk/www.subnet.dk
might tell you a bunch of things about what is running behind the scenes...which could be a bad thing for the site...
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 27th, 2002, 09:59 PM
#8
SCRIPT_FILENAME /www/soldk/www.subnet.dk/tools/error/403/index.cgi
SCRIPT_NAME /tools/error/403/index.cgi
This looks like a script setup to show this page on any 403 error. Probably emails all the same info to the admin also.
REMOTE_ADDR xxxxxxxxxxxxxxxxx
REMOTE_PORT xxxxxxxxxxxxxxxxxxxx
Also sends your info to the admin, so he can check on who you are and keep an eye on you. If you get a 403, it means you are trying to access something you are not supposed to have access to.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
