download cgi script
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: download cgi script

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    download cgi script

    Is it possible to download a cgi script or view the script source if you know the name and location of the script on a webserver?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    If the webserver is configured for execute the script type, it should not list the script contents.

  3. #3
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    hmmmm am sure you could grab the file using something like teleport pro

    v_Ln

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I've tried a couple of things already. wget, just entering the CGI location into the browser, etc. Those just redirect me to the homepage... (first page of the site)

    I'll try teleport pro and httrack when I get home. I'm just curious what a certain cgi does.
    The filename peaked my interest.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Why not write the site maintainers then instead of just going out and trying to steal the script?
    Sheesh, if it were a newbie to the site asking this they'd be negged off...
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  6. #6
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Normally Phish you should not be able to since a well configured server should not let you view the source and should only parse/run it and send the output to you. I remember there being a bug in some older versions of IIS that would reveal the source code to an asp file if you put an extra dot (.) on the end of the file name. Short of findings an exploit like that I think the only option (and best one anyway) is to email the maintainer of that site and ask him if you can have the source.

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    chsh: I understand your concern. This is for a wargame that I'm doing with a buddy. It is my buddies server and I do have authorization to try and grab the script. Or anything else I want for that matter. I'm not all that familiar with web security and I'm trying to learn more. How would you propose I go about it? I should have posted that in my original post but I was rushing around.

    To everyone else, thanks for the responses. I should hope by now that people here won't mistake my questions for malicious intent. Have you ever had reason to think so before? I think not.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Why not write the site maintainers then instead of just going out and trying to steal the script?
    Sheesh, if it were a newbie to the site asking this they'd be negged off...
    Yep, not much has changed since I have been gone.

    Anyways, the only way to view a cgi-script is if the file isn't marked executable. If it is, then the file will run and give you its output.

    What is your friends wargames site? Sounds like fun (if you can't pass it out I understand).
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  9. #9
    Originally posted here by ss2chef
    If the webserver is configured for execute the script type, it should not list the script contents.
    Yes he is correct,By the way it is not possible coz alomost all scripts listed would have configured to execute alone.

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If it's your friends server (wargame) try shoving in unexpected input and see if it chokes. You may get some interresting error messages that will give you a clue what it does or how it's made.

    If the webserver is properly configured and there are no known exploits there's no way to get the source of the cgi script.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •