Thread: Cgi

**Digital0101** · October 8th, 2004, 03:14 AM

I was reading one of the tuts and it was telling me about CGI exploits. It said:

This exploit can be used to display information about a web site/server if you know how to use it properly! Here is what you do:

1) Type the url into your web browser.

2) Add this to the end: /cgi-bin/nph-test-cgi

My first question is this illegal?

Second does this still work?

***©opy®ight*** · October 8th, 2004, 04:01 AM

My first question is this illegal?

If you use it on a site thats not your to do bad stuff or even get the listing of the /cgi-bin directory, pretty much YES !

Second does this still work?

Not if the admin removed /nph-test-cgi from /cgi-bin

**Neptune0z** · October 8th, 2004, 08:11 PM

Ok, executing that script on a machine would in most cases be totally legal. As long as this script was available to you by default, and you did nothing to escalt your privilages to get to it. However, your information is outdated, that script probally doesn't exist on most modern setups. I think it came installed as default on older Apache and NCSA Web servers. It gave you information about the files in the cgi-bin directory. Used mostly for information gather and exploit hunting...

Thread: Cgi

Thread Tools

Display

Cgi

Posting Permissions