February 11th, 2006, 02:24 AM
Suprisingly easy CGI dictionary attack...
Before reading, please know that my intent is not malicious. I seek only to point out the poor security of many CGI login forms.
I recently wrote a simple batch file that ultilized cURL to carry out a limited dictionary attack on a CGI program. If anyone is unfamiliar with this, cURL is basically a command line tool for making HTTP, FTP, etc requests. I used 2,000 common passwords. It was suprisingly easy, and could be summed up in one line:
FOR %%pass IN (list) DO CURL -d "username=username&password=%%pass" site.com/cgiprogram>>results.html
I tested it out on a smaller scale on my own account on one of the various webservices I use, and suprisingly, it worked. It scares me that with my limited experience in programming, I was still able to do this. It's also alarming that many sites still have unlimited login attempts.