9,506
社区成员
发帖
与我相关
我的任务
分享cgi-bin/test-cgi可以执行恶意的 QUERY_STRING 么?
像这样
http://210.77.157.9/cgi-bin/test-cgi?QUERY_STRING
返回
CGI/1.0 test script report:
argc is 1. argv is QUERY_STRING.
SERVER_SOFTWARE = Apache/1.3.12 (Unix) PHP/4.0.1pl2
SERVER_NAME = url1.hichina.com
GATEWAY_INTERFACE = CGI/1.1
SERVER_PROTOCOL = HTTP/1.1
SERVER_PORT = 80
REQUEST_METHOD = GET
HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
PATH_INFO =
PATH_TRANSLATED =
SCRIPT_NAME = /cgi-bin/test-cgi
QUERY_STRING = QUERY_STRING <--------我所说的就是这里,这里可以执行恶意请求,从而打开主机上的文件么?
REMOTE_HOST =
REMOTE_ADDR = 61.158.61.65
REMOTE_USER =
AUTH_TYPE =
CONTENT_TYPE =
CONTENT_LENGTH =
QUERY_STRING 该是什么呢?????
http://210.77.157.9/cgi-bin/test-cgi?QUERY_STRING
返回
CGI/1.0 test script report:
argc is 1. argv is QUERY_STRING.
SERVER_SOFTWARE = Apache/1.3.12 (Unix) PHP/4.0.1pl2
SERVER_NAME = url1.hichina.com
GATEWAY_INTERFACE = CGI/1.1
SERVER_PROTOCOL = HTTP/1.1
SERVER_PORT = 80
REQUEST_METHOD = GET
HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
PATH_INFO =
PATH_TRANSLATED =
SCRIPT_NAME = /cgi-bin/test-cgi
QUERY_STRING = QUERY_STRING <--------我所说的就是这里,这里可以执行恶意请求,从而打开主机上的文件么?
REMOTE_HOST =
REMOTE_ADDR = 61.158.61.65
REMOTE_USER =
AUTH_TYPE =
CONTENT_TYPE =
CONTENT_LENGTH =
QUERY_STRING 该是什么呢?????
...全文
请发表友善的回复…
发表回复
sundna 2001-07-24
- 打赏
- 举报
QUERY_STRING 是特殊构造的攻击代码,多到些站去找资料吧
