Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

CGI script environment variable

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#generic#cgi
Description

What is the "CGI script environment variable?" module?

The "CGI script environment variable" module is a test case designed to detect a specific vulnerability related to Common Gateway Interface (CGI) scripts. It targets servers that have a CGI script called "printenv.pl" located in the "/cgi-bin/" directory. This module checks if the CGI script leaks a list of server environment variables in its response page.

This module has a medium severity level, indicating that the vulnerability it detects could potentially lead to security issues if exploited.

This module was authored by emadshanab.

Impact

If the "CGI script environment variable" module detects the vulnerability, it means that the server's CGI script is leaking a list of server environment variables. This information leakage can potentially provide valuable insights to attackers, allowing them to gather sensitive information about the server's configuration and potentially exploit other vulnerabilities.

How does the module work?

The "CGI script environment variable" module works by sending a GET request to the "/cgi-bin/printenv.pl" path on the target server. It then applies two matching conditions to determine if the vulnerability exists:

    - The module checks if the response page contains any of the following words: "MYSQL_HOME", "OPENSSL_CONF", "REMOTE_ADDR", "SERVER_ADMIN", or "Environment Variables:". If any of these words are found, it indicates that the CGI script is leaking server environment variables. - The module also checks if the response status code is 200, indicating a successful request. This condition ensures that the CGI script is accessible and functioning properly.

If both matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the Acunetix website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/printenv.pl
Matching conditions
word: MYSQL_HOME, OPENSSL_CONF, REMOTE_ADDR, S...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability