Renaud, Thank you! This is interesting indeed.
With Nessus I've been tuning my system, with a focus on the web server. I had a rather vanilla Apache installed with Options Indexes ExecCGI on BY DEFAULT. I knew these eventually needed changing but I'm amazed at how much exposure is offered by these defaults. I generally understand the Apache directives, but feeding url strings is new to me. I'm looking for a way to have Nessus really beat on the web server or another tool which might find an exhaustive list of shortcomings. Any suggestions as to tools or reading material on how these url strings work? Thanks again, -zeek > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Renaud Deraison > Sent: Wednesday, May 28, 2003 10:05 AM > To: [EMAIL PROTECTED] > Subject: Re: Q: CGI Discovery > > > On Wed, May 28, 2003 at 09:45:50AM -0400, zeek wrote: > > > > Greetings Nessusians, > > > > I ran Nessus against a web server and received the following in my report: > > > > --- > > The following CGI have been discovered : > > > > Syntax : cginame (arguments [default value]) > > > > /babyspice/ (O [D] C [N] ) > > /dingus/camera/ (gal [0] ) > > /include/ (O [D] C [N] ) > > > > Directory index found at /include/ > > --- > > > > > > I'm not able to find an explanation of what these mean. Could > someone offer some > > advice as > > to where to get an answer? > > It means that /babyspice/ is a CGI with two arguments : O and C, and the > default value of each is 'D' (for O) and 'N'. > > ie: you can do : /babyspice/?O=D&C=N > /dingus/camera/?gal=0 > /include/?O=D&C=N > > > -- Renaud >
