CGI is the name of the standard that allows a web-server to call an external program in order to generate "dynamic" content. This has enormous implications for security. Not only must security managers harden the web-server against attack, they must also harden each and every CGI program. This task enormous, which leads to numerous failures. Most defaced web pages are through CGI programs.
Scanning a website for CGI programs is almost as popular as port scanning. A broad-spectrum scanner is used to enumerate through hundreds of CGI programs that have known vulnerabilities in them. If a vulnerable CGI program is found, then it will be exploited in order to break into a server.
There are many classes of vulnerable programs:
- defaults
- Some programs do not contain security holes themselves, but the default configuration may lead to compromise. For example, RedHat 6.0 includes the default Squid cachemgr.cgi in its cgi-bin directory without any password in the squid.conf file to protect it.
-
