P. 1


|Views: 1,268|Likes:
Published by api-82206812

More info:

Published by: api-82206812 on Jun 16, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Any area of the Web site or Web application that contains sensitive information or access to
privileged functionality (such as remote site administration) requires the file extension of all
scripts to be checked as it may lead to information disclosure related to the technology used by
the application. The use of certain CGI-related file extensions can indicate certain types of
technology in use, which results in a mild information disclosure. The default list of check
input values is generally applicable, but some sites may legitimately use a certain technology
(such as Perl) and this check may incorrectly elicit false-positive issues in flagging all Perl
extensions (.pl). In such cases, you should remove the legitimate extensions from the list.

Required Input: File extensions of scripts used in the Web application (such as cgi, pl, and py).

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->