> Recently I scanned a Cayman DSL router and was suprised to see numerous
> warnings in Nessus for cgi scripts that were supposedly accessible. I am
> wondering how this is possible due to the fact that the router is not
> running any webserver on it. A port scan revealed that, in fact, port 80 was
> not even open..
cayman router comes with a web interface installed by default.
you sure it isn't open?
telnet {ipaddress} 80
and see.
>
> The following were a few of the supposed existant url's...
depends, did it return a valid 404 error? if it did not return a valid 404
page (ie, it asked for authentication?) you will get false positives.
>
> guestbook.cgi
> dvwssr.dll
> glimpse.cgi
> guestbook.pl
> Exair search.asp
>
> Any ideas on why these tests succeeded?
>
> Thank you,
> --TK
>
>
>
--
Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 [EMAIL PROTECTED]
http://www.secnap.net/
