# # This script was written by Renaud Deraison # # See the Nessus Scripts License for details # if(description) { script_id(10246); script_version ("$Revision$"); script_bugtraq_id(1002); script_cve_id("CAN-2000-0213"); name["english"] = "Sambar Web Server CGI scripts"; name["francais"] = "Scripts CGI du serveur web Sambar"; script_name(english:name["english"], francais:name["francais"]); desc["english"] = " At least one of these CGI scripts is installed : hello.bat echo.bat They allow any attacker to execute commands with the privileges of the web server process. Solution : Delete all the *.bat files from your cgi-bin/ directory Risk factor : High"; desc["francais"] = " Au moins un de ces CGI est installé : hello.bat echo.bat Ils permettent à n'importe quel pirate d'executer des commandes arbitraires sur ce système, avec les privilèges du serveur web. Solution : effacez tous les fichiers .bat du répèrtoire cgi-bin/ Facteur de risque : Elevé"; script_description(english:desc["english"], francais:desc["francais"]); summary["english"] = "Checks for the presence of /cgi-bin/{hello,echo}.bat"; summary["francais"] = "Vérifie la présence de /cgi-bin/{hello,echo}.bat"; script_summary(english:summary["english"], francais:summary["francais"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison", francais:"Ce script est Copyright (C) 2000 Renaud Deraison"); family["english"] = "CGI abuses"; family["francais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("find_service.nes", "no404.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/sambar"); exit(0); } # # The script code starts here # hello = is_cgi_installed("hello.bat"); echo = is_cgi_installed("echo.bat"); if(hello) security_hole(hello); else if(echo) security_hole(echo);