Results 1 to 3 of 3

Thread: Cgi

  1. #1
    Junior Member
    Join Date
    Oct 2004


    I was reading one of the tuts and it was telling me about CGI exploits. It said:

    This exploit can be used to display information about a web site/server if you know how to use it properly! Here is what you do:

    1) Type the url into your web browser.

    2) Add this to the end: /cgi-bin/nph-test-cgi

    My first question is this illegal?

    Second does this still work?

  2. #2
    My first question is this illegal?
    If you use it on a site thats not your to do bad stuff or even get the listing of the /cgi-bin directory, pretty much YES !

    Second does this still work?
    Not if the admin removed /nph-test-cgi from /cgi-bin
    StreetsCrack.com Join The Best Music Social Network Online. Music downloads, promotions, forums, profile, games etc...

  3. #3
    Ok, executing that script on a machine would in most cases be totally legal. As long as this script was available to you by default, and you did nothing to escalt your privilages to get to it. However, your information is outdated, that script probally doesn't exist on most modern setups. I think it came installed as default on older Apache and NCSA Web servers. It gave you information about the files in the cgi-bin directory. Used mostly for information gather and exploit hunting...
    We are a generation without a middle. We have no great war or depression. Our war is a spiritual one, our depression is our lives. We were all raised to believe that we\'ll all be millionaires and rockstars - But we won\'t.
    And we are slowly learning this fact...And we are VERY pissed off about it!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts