The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

2.  Vulnerable CGI programs and application extensions (e.g., ColdFusion) installed on web servers.

VLAD scans for the following CGI vulnerabilities.

 /Admin_files/order.log (online shopping log files)
 administrators.pwd (recover passwords)
 /admin-serv/config/admpw (get password hashes)
 alibaba.pl (Alibaba Web Server, directory viewing)
 aliredir.exe (Alibaba Web Server, directory viewing)
 AnyForm2 (run arbitrary commands)
 AnyForm (run arbitrary commands)
 application.cfm (determine webroot directory)
 architext_query.pl (run arbitrary commands)
 args.bat (Website Pro - execute arbitrary commands)
 ash (execute arbitrary commands)
 authors.pwd (recover passwords)
 bash (execute arbitrary commands)
 bb-hostsvc.sh (view files on target)
 ~bin (reveals world-readable files)
 bizdb1-search.cgi (read files on target)
 bnbform.cgi (mail files off system)
 bnbform (mail files off system)
 campas (run arbitrary commands)
 carbo.dll (iCat Carbo Server dll allows viewing any file)
 /cfappman/index.cfm (read files)
 /cfdocs/exampleapp/email/getfile.cfm (read files)
 /cfdocs/exampleapp/publish/admin/addcontent.cfm (read files)
 /cfdocs/examples/cvbeans/beaninfo.cfm (read files)
 /cfdocs/examples/parks/detail.cfm (read files)
 /cfdocs/snippets/evaluate.cfm (read files, DoS, proxy)
 /cfdocs/snippets/fileexists.cfm (read files, DoS, proxy)
 /cfdocs/snippets/gettempdirector.cfm (read files, DoS, proxy)
 /cfdocs/snippets/viewexample.cfm (read files, DoS, proxy)
 /cfide/Administrator/startstop.html (DoS)
 classified.cgi (view files on target)
 classifieds.cgi (run arbitrary commands)
 classifieds (run arbitrary commands)
 code.asp (view files on target)
 codebrws.asp (view files on target)
 Cognos Powerplay (leaks info in temp dir)
 convert (read files on target)
 count (buffer overflow in older versions)
 counterfiglet (run arbitrary commands)
 counter (run arbitrary commands)
 csh (execute arbitrary commands)
 Dansie cart.cgi (contains vendor backdoor)
 Dansie cart.pl (retrieve cart info and change prices)
 Dansie scripts/cart.pl (retrieve cart info and change prices) 
 displayopenedfile.cfm (read or delete files)
 download.cgi (run arbitrary commands)
 edit.pl (run arbitrary commands)
 environ.cgi (run arbitrary commands)
 envout.bat (execute arbitrary commands)
 eval.cfm (read or delete files)
 /examples/applications/bboard/bboard_frames.html (run arbitrary code)
 exprcalc.cfm (read or delete files)
 filemail.pl (run arbitrary commands)
 files.pl (read files on system)
 finger.cgi (gather system info)
 finger (gather system info)
 finger.pl (gather system info)
 flexform (append info to files)
 flexform.cgi (append info to files)
 get16.exe (Alibaba Web Server, arbitrary command execution)
 get32.exe (Alibaba Web Server, arbitrary command execution)
 glimpse (run arbitrary commands)
 /guestbook.cgi (run arbitrary commands)
 guestbook.cgi (run arbitrary commands)
 handler (run arbitrary commands on Irix 5.3 - 6.4)
 /.htaccess (reveals authentication info)
 .htaccess (reveals authentication info)
 htmlscript (read files on target)
 hylafax (run arbitrary commands)
 iisadmin (shouldn't be accessible)
 imapcern.exe (Alibaba Web Server, directory viewing)
 imapncsa.exe (Alibaba Web Server, directory viewing)
 index.cgi (Selena Sol script, read files on target)
 info2www (run arbitrary commands)
 input2.bat (execute arbitrary commands)
 input.bat (execute arbitrary commands)
 ism.dll (view files on target)
 jana (retrieve files from target)
 jj (unfiltered call to /bin/mail)
 ksh (execute arbitrary commands)
 lsindex2.bat (Alibaba Web Server, directory viewing)
 lsin.exe (Alibaba Web Server, directory viewing)
 LWGate.cgi (read files on target)
 lwgate.cgi (read files on target)
 LWGate (read files on target)
 lwgate (read files on target)
 MachineInfo (gives out info about machine on Irix)
 maillist.pl (run arbitrary commands)
 /mall_log_files/order.log (online shopping log files)
 man.sh (run arbitrary commands)
 mountain.cfg (online shopping config files)
 msadcs.dll (RDS exploit, remote compromise)
 msproxy (anonymous use of ms proxy server)
 newdsn.exe (create mdb files, useful in ODBC and RDS exploits)
 nph-publish (overwrite world-writable files)
 nph-test-cgi (read files)
 onrequestend.cfm (determine webroot directory)
 openfile.cfm (read or delete files)
 order.log (online shopping log files)
 order_log_v12.dat (online shopping log files)
 orders.log (online shopping log files)
 orders.txt (online shopping log files)
 /PDG_Cart/order.log (online shopping log files)
 perl (execute arbitrary commands)
 perl.exe (execute arbitrary commands)
 perlshop.cgi (run arbitrary commands)
 pfdisplay.cgi (run arbitrary commands on Irix 6.2 - 6.4)
 phf (run arbitrary commands)
 php.cgi (buffer overflow, run arbitrary commands)
 plusmail (run arbitrary commands)
 /pollit/Poll_It_SSI_v2.0.cgi (read files on target)
 pollit/Poll_It_SSI_v2.0.cgi (read files on target)
 /pollit/Poll_It_v2.0.cgi (read files on target)
 pollit/Poll_It_v2.0.cgi (read files on target)
 /Poll_It_SSI_v2.0.cgi (read files on target)
 Poll_It_SSI_v2.0.cgi (read files on target)
 /Poll_It_v2.0.cgi (read files on target)
 Poll_It_v2.0.cgi (read files on target)
 post16.exe (Alibaba Web Server, arbitrary command execution)
 post32.exe (Alibaba Web Server, arbitrary command execution)
 printenv (learn info about target)
 /quikstore.cfg (online shopping config files)
 quikstore.cfg (online shopping config files)
 rguest.exe (read any file on target)
 rksh (execute arbitrary commands)
 ~root (reveals world-readable files)
 rpm_query (learn info about target)
 rsh (execute arbitrary commands)
 saleslogix (admin commands not password protected)
 sendmail.cfm (send anonymous mail, gather some system info)
 service.pwd (recover passwords)
 sh (execute arbitrary commands)
 shopper.conf (online shopping config files)
 showcode.asp (view files on target)
 site.csc (Microsoft Site Server 3.0, contains user and password)
 /siteserver/publishing/viewcode.asp (view asp source on target)
 /sites/knowledge/membership/inspiredtutorial/viewcode.asp (view asp source)
 /sites/knowledge/membership/inspired/viewcode.asp (view asp source)
 /sites/samples/knowledge/membership/inspiredtutorial/viewcode.asp (view asp source)
 /sites/samples/knowledge/membership/inspired/viewcode.asp (view asp source)
 /sites/samples/knowledge/push/viewcode.asp (view asp source)
 /sites/samples/knowledge/search/viewcode.asp (view files on target)
 sojourn (view text files on target)
 sourcewindow.cfm (determine webroot directory)
 survey.cgi (run arbitrary commands)
 survey (run arbitrary commands)
 syntaxcheck (denial of service)
 talentsoft (read files on target)
 tcsh (execute arbitrary commands)
 test.bat (execute arbitrary commands)
 test-cgi (read files)
 textcounter.pl (run arbitrary commands)
 textcounter (run arbitrary commands)
 tst2.bat (Alibaba Web Server, directory viewing)
 tst.bat (Alibaba Web Server, directory viewing)
 uploader.exe (Website Pro - upload files)
 users.pwd (recover passwords)
 verity97.vts (read files on target)
 /_vti_bin/shtml.dll (gather Windows system info)
 /_vti_bin/shtml.exe (gather Windows system info)
 webdist.cgi (run arbitrary commands on Irix 5.3 - 6.4)
 webgais (run arbitrary commands)
 websendmail (run arbitrary commands)
 /Web_Store/Admin_files/order.log (online shopping log files)
 wguest.exe (read any file on target)
 whois.cgi (run arbitrary commands)
 whois_raw.cgi (run arbitrary commands)
 win-c-sample.exe (Website Pro - buffer overflow)
 windmail (mail files off site)
 /..\..\..\winnt\repair\sam._ (recover sam._ file)
 wrap (view directories on Irix 5.3 - 6.4)
 /WS_FTP.INI (it should not be accessible)
 WS_FTP.INI (it should not be accessible)
 /ws_ftp.ini (it should not be accessible)
 ws_ftp.ini (it should not be accessible)
 /.wwwacl (reveals authentication info)
 .wwwacl (reveals authentication info)
 /wwwboard/passwd.txt (grab passwords)
 wwwboard/passwd.txt (grab passwords)
 zeus (read files on target)
 zsh (execute arbitrary commands)



Contact: info@razor.bindview.com | | Bindview Home