Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: fingerd problems

Re: fingerd problems

From: Robert A. Pickering Jr. <pickerin_at_fuse.net>
Date: Fri, 17 May 1996 14:08:02 -0400

On Fri, 17 May 1996, Brian Mitchell wrote:

> Some www servers also include the 'finger' cgi program, which can be used
> in much the same way, ie:
>
> lynx http://www.cgis.net/cgi-bin/finger\?user@host
>
> Brian Mitchell brian_at_saturn.net
>
> "I never give them hell. I just tell the truth and they think it's hell"
> - H. Truman
>

Additionally, this a method often used to get past a firewall
configuration where the WWW server is a "trusted host" but the
user on the Internet is not.

We've removed all the "standard" cgi-bin programs from all our hosted
websites for this very reason. 

--
Robert A. Pickering Jr.                Internet Services Manager
Cincinnati Bell Telephone              pickerin_at_fuse.net
           A Rough Whimper of Insanity (Information Superhighway)
PGP key ID: 75CAFF7D 1995/05/09
PGP Fingerprint: B1 63 0C 09 D8 2E 5D 69  BB 61 A2 92 22 37 63 C3
Received on May 17 1996
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos