CGI

Common Gateway Interface, also known as CGI, is a software that helps a web-server to display dynamic web-pages, in other words, to create an adjustable answer based on the user’s request. The data transfer process between the web-server and application is called a Common Gateway Interface (CGI).

The goal of the CGI applications is to get access to other running apps on the server. The web-server uses CGI to search for documents, run the authorized commands, or store information on the server. The CGI application is smart enough to detect and provide information to a certain user all while identifying him.

However, using the CGI scripts to launch other applications on the server makes the data vulnerable. That grants access to hackers.

 

CGI vulnerabilities

CVE-1999-0174 A CGI-app for a source review allows the hackers to read files with a dot-dot-slash attack.
CVE-1999-0237 The remote commands running by means of the CGI Guestbook application.
CVE-1999-0260 Jj CGI application allows running commands through the framework metacharacters.
PHF Attack  The wrong use of PHF script allows a hacker to receive confidential information such as personal data and passwords.
Lesen Sie auch