What Are The Problems Faced While Uploading The Cgi Scripts?

Started by stellarhomes, Sep 06, 2022, 12:02 AM

Previous topic - Next topic

stellarhomesTopic starter

What Are The Problems Faced While Uploading The Cgi Scripts?


The first, but not the main reason, may be an incorrect server configuration.
Most likely, he simply does not have the right to run scripts from this directory.
I always consider only the Apache Web server, so I will give the settings for it.

Incorrect attribute on the script directory.
Many scripts not only output some information, but also write something to certain folders or files. Here it is necessary to provide proper access to these resources.

Any Web server does not work on your behalf, but on behalf of another, so when running a script, it does not provide it with your capabilities. You must put attributes on the directory in which the script is written for full access, i.e. for writing to anyone.
To set such attributes in FAR, put all the crosses. In ftp.exe the command is like this:
CHMOD 777 <directory>
Therefore, the ADVICE. Create separate directories specifically for scripts and use them to write data. And it is best to access only a separate file (in that case, the access mask is not 777, but 666 )


What are the problems with CGI scripts?
The problem is that any of them may contain an error that can be exploited. CGI scripts should be written with the same care and attention as the programs of the server itself, because in fact they are small servers.
Unfortunately, for many authors of programs in the Web, CGI scripts are the first experience of programming in networks.

CGI scripts can open loopholes in two ways:
They may, accidentally or intentionally, provide information about the system that can be used by a hаcker.
Scripts that process data entered by a remote user through input forms may be subject to attacks in which the user forces them to execute arbitrary commands.
CGI scripts are potential loopholes even if you run the server with "nobody" user rights. The hаcked script, working with nobody's rights, nevertheless enjoys the rights sufficient to send a password file by e-mail, receive local network cards or initiate login via a port with a large number (to do this, you only need to execute a few commands in Perl). Even if your server is running in a chroot environment, an erroneous script can give out information sufficient to hаck the system.

What is safer is to store scripts in the cgi-bin directory, or store them somewhere in the document directories, assigning them an extension.cgi?
Although there is no particular danger in storing scripts together with documents, it is better to store them in a separate directory. It is much easier to control access to CGI scripts, which may represent security loopholes, when they are stored separately than if they are scattered in different directories. This is especially true in a situation where many authors of Web documents work on the server.
The author can very easily write a script containing a random error and place it among the documents. By limiting the script placement area to the cgi-bin directory with access rights allowing the installation of new scripts only to the system administrator, you avoid chaos on the server.

There is also a danger that a hаcker will be able to place a file with an extension.cgi in the documents directory, and then run it for execution by making a request to the server. Using the cgi-bin directory with properly set access rights reduces the likelihood of such an event.