Các chương trình CGI có thể được một lợi ích lớn hoặc một gánh nặng lớn, tùy thuộc vào liệu bạn đã bảo vệ bạn chống lại các lỗ hổng có thể có thể được sử dụng để hack có thể được thông qua tiếp cận với mã nguồn của kịch bản và tìm kiếm các lỗ hổng chứa trong chúng, | Vulnerable CGI Scripts Chapter 4 161 Summary CGI programs can be a great benefit or a great burden depending on whether you ve protected yourself against possible vulnerabilities that can be used to hack your saw in this chapter that CGI programs and scripts run on the server side and act as a middleman between the Web server and an external are used on numerous sites on the Web and for a variety of purposes. In terms of e-commerce sites they are essential to the method in which business is conducted and many sites cannot function without them. Break-ins resulting from weak CGI scripts can occur in a variety of may be through gaining access to the source code of the script and finding vulnerabilities contained in them or by viewing information showing directory structure usernames and or passwords. By manipulating these scripts a hacker can modify or view sensitive data or even shut down a server so that users are unable to use the site. In most cases the cause of a poor CGI script can be traced back to the person who wrote the program. However by following good coding practices and avoiding common problems you can avoid such problems and you will be able to use CGI programs without compromising the security of your site. Solutions Fast Track What Is a CGI Script and What Does It Do 0 CGI is used by Web servers to connect to external applications. It provides a way for data to be passed back and forth between the visitor to a site and a program residing on the Web server. CGI isn t the program itself but the medium used to exchange information between the Web server and the Internet application or script. 162 Chapter 4 Vulnerable CGI Scripts 0 CGI uses server-side scripting and programs. Code is executed on the server so it doesn t matter what type of browser the user is using when visiting your site. 0 Uses for CGI are found at sites such as eBay and e-commerce sites that may use more complex CGI scripts and .