Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "CGI script environment variable" module is a test case designed to detect a specific vulnerability related to Common Gateway Interface (CGI) scripts. It targets servers that have a CGI script called "printenv.pl" located in the "/cgi-bin/" directory. This module checks if the CGI script leaks a list of server environment variables in its response page.
This module has a medium severity level, indicating that the vulnerability it detects could potentially lead to security issues if exploited.
This module was authored by emadshanab.
If the "CGI script environment variable" module detects the vulnerability, it means that the server's CGI script is leaking a list of server environment variables. This information leakage can potentially provide valuable insights to attackers, allowing them to gather sensitive information about the server's configuration and potentially exploit other vulnerabilities.
The "CGI script environment variable" module works by sending a GET request to the "/cgi-bin/printenv.pl" path on the target server. It then applies two matching conditions to determine if the vulnerability exists:
If both matching conditions are met, the module reports the vulnerability.
For more information, you can refer to the Acunetix website.