Home page logo

bugtraq logo Bugtraq mailing list archives

Re: fingerd problems
From: pickerin () fuse net (Robert A. Pickering Jr.)
Date: Fri, 17 May 1996 14:08:02 -0400

On Fri, 17 May 1996, Brian Mitchell wrote:

Some www servers also include the 'finger' cgi program, which can be used
in much the same way, ie:

lynx http://www.cgis.net/cgi-bin/finger\?user () host

Brian Mitchell                  brian () saturn net

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

Additionally, this a method often used to get past a firewall
configuration where the WWW server is a "trusted host" but the
user on the Internet is not.

We've removed all the "standard" cgi-bin programs from all our hosted
websites for this very reason.

Robert A. Pickering Jr.                Internet Services Manager
Cincinnati Bell Telephone              pickerin () fuse net

           A Rough Whimper of Insanity (Information Superhighway)

PGP key ID: 75CAFF7D 1995/05/09
PGP Fingerprint: B1 63 0C 09 D8 2E 5D 69  BB 61 A2 92 22 37 63 C3

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]