Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: fingerd problems
From: pickerin () fuse net (Robert A. Pickering Jr.)
Date: Fri, 17 May 1996 14:08:02 -0400

On Fri, 17 May 1996, Brian Mitchell wrote:


Some www servers also include the 'finger' cgi program, which can be used
in much the same way, ie:

lynx http://www.cgis.net/cgi-bin/finger\?user () host

Brian Mitchell                  brian () saturn net

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman



Additionally, this a method often used to get past a firewall
configuration where the WWW server is a "trusted host" but the
user on the Internet is not.

We've removed all the "standard" cgi-bin programs from all our hosted
websites for this very reason.

--
Robert A. Pickering Jr.                Internet Services Manager
Cincinnati Bell Telephone              pickerin () fuse net

           A Rough Whimper of Insanity (Information Superhighway)

PGP key ID: 75CAFF7D 1995/05/09
PGP Fingerprint: B1 63 0C 09 D8 2E 5D 69  BB 61 A2 92 22 37 63 C3

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]