i just went to google and searched for a known cgi bug which has been around for a long time it is no new i hope most of you are familier with this.
yeah sure it is called google hacking(or URL hacking).
to get an understanding of cgi bug i am talking aboot see this url :
http://www.google.co.in/search?hl=en...%3D+.txt&meta=
this perticular bug allows remote command execution on those sites.A lot of web sites have been hacked(or defaced)using this mathod by hackers.
what amazed me was that two of the site listed in google search have been there for a long time.
I mailed them(long time ago) to inform them that there is a bug on there site which allow remote command execution.there was no response from them!!!
http://www.a-sup.jp/cgi-bin/shop/cgi...2003-06-30.txt|ls%20-l|
http://www.cdfilm.h1.ru/cgi-bin/shop...ke=1_2_329.txt|ls%20-l|
see these two urls executing ls command.
and this URL executing id command.
http://www.a-sup.jp/cgi-bin/shop/cgi...2003-06-30.txt|id|
it has been a long time since i mailed them last time and i will do it again today.But i don't get it why don't these pplz patch it.
It is like an Open invitation to anyone with an internet and a keyboard to hack these sites.
i am not giving a full detail of bug and exploits coz i don't want pplz to misuse that information.