exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,047 RSS Feed

CGI Files

Supermicro Onboard IPMI CGI Scanner
Posted Sep 1, 2024
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.

tags | exploit, overflow, cgi, vulnerability
advisories | CVE-2013-3621, CVE-2013-3623
SHA-256 | 25146ab0a527b2c20a4d174368a8756c57f0f973644733c599eb8239270f30b0
Zen Load Balancer Directory Traversal
Posted Sep 1, 2024
Authored by Dhiraj Mishra, Basim Alabdullah | Site metasploit.com

This Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.

tags | exploit, arbitrary, cgi
SHA-256 | 011af6df07f2ee11564536666bb82966d29715170c3c7d030a6d4aaa8987376b
DnaLIMS Directory Traversal
Posted Sep 1, 2024
Authored by h00die, Nicholas von Pechmann | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.

tags | exploit, cgi
advisories | CVE-2017-6527
SHA-256 | 51e9c7257950972cb9c2f3eadb03402eb6967e9df8461564e00e53de1edcfeba
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
Posted Sep 1, 2024
Authored by Dhiraj Mishra, mekhalleh, Ash Daulton | Site metasploit.com

This Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

tags | exploit, remote, arbitrary, cgi, root
advisories | CVE-2021-41773, CVE-2021-42013
SHA-256 | 8661970ef7fbc7bc8a93b978a820b094101fa41f1545520eb469ee134ef69aa9
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
Posted Sep 1, 2024
Authored by Michal Zalewski, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.

tags | exploit, web, shell, cgi, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 87c833264ee49ea156b8462740c64928a943a3c37c5f3d9c388659dfaa1d03a0
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
Posted Sep 1, 2024
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.

tags | exploit, web, cgi
SHA-256 | 2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397
ZyXEL GS1510-16 Password Extractor
Posted Aug 31, 2024
Authored by Sven Vetsch, Daniel Manser | Site metasploit.com

This Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached end of life for support from the manufacturer, so it is unlikely this problem will be addressed.

tags | exploit, cgi
SHA-256 | f64ee1ebff3c90a08beadeb514409a3b5bbf36e3c99ab50125bfcad7485c04c5
Sophos Web Protection Appliance Patience.cgi Directory Traversal
Posted Aug 31, 2024
Authored by juan vazquez, Wolfgang Ettlingers | Site metasploit.com

This Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.

tags | exploit, web, cgi
advisories | CVE-2013-2641
SHA-256 | 3d4fc09d9f6482421e030cede564961a2b390c83045857868d24748e125478ec
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
Posted Aug 31, 2024
Authored by Grant Willcox, colorlight2019, SSD Disclosure | Site metasploit.com

This Metasploit module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exploit utilizes these privileges to enable the telnet server which allows attackers to connect to the target and execute commands as the admin user from within a BusyBox shell. Users can connect to this telnet server by running the command "telnet *target IP*".

tags | exploit, overflow, shell, cgi, root, code execution
advisories | CVE-2021-31802
SHA-256 | 042eaa7026a5227a1b186fee630ffdae53cf707f495f6cf7879c9d6f44e1ac01
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been tested successfully with Webmin 1.580 over Ubuntu 10.04.

tags | exploit, arbitrary, cgi, root
systems | linux, ubuntu
advisories | CVE-2012-2983
SHA-256 | 6c0a9a2b80ec4a4d227511510ff034d0be1d1387d4299cbb7189ca3bd983eb19
C2S DVR Management Password Disclosure
Posted Aug 31, 2024
Authored by h00die, Yakir Wizman | Site metasploit.com

C2S DVR allows an unauthenticated user to disclose the username and password by requesting the javascript page read.cgi?page=2. This may also work on some cameras including IRDOME-II-C2S, IRBOX-II-C2S.

tags | exploit, cgi, javascript
SHA-256 | f14eb376c1dcefd1b99e4b5370da22899ba91385ab2b1509b470c463d912db0f
NETGEAR Administrator Password Disclosure
Posted Aug 31, 2024
Authored by Simon Kenin, thecarterb | Site metasploit.com

This Metasploit module will collect the password for the admin user. The exploit will not complete if password recovery is set on the router. The password is received by passing the token generated from unauth.cgi to passwordrecovered.cgi. This exploit works on many different NETGEAR products. The full list of affected products is available in the References section.

tags | exploit, cgi
advisories | CVE-2017-5521
SHA-256 | aa53592f4c2de5f7742c7914a0b26fa42e6e62f00e84c3a8ce2e442d825edf56
JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure
Posted Aug 31, 2024
Authored by h00die, Yakir Wizman | Site metasploit.com

SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU), and Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allow an unauthenticated user to disclose the username and password by requesting the javascript page readfile.cgi?query=ADMINID. Siemens firmwares affected: x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, x.2.2.1235.

tags | exploit, cgi, javascript
SHA-256 | 75f290c73dd9cc43a56aaf952cb417b04741e27f28826be5a9ebfc52ebd9c6c9
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Posted Aug 20, 2024
Authored by LiquidWorm | Site zeroscience.mk

Akuvox Smart Intercom/Doorphone suffers from an unauthenticated live stream disclosure when requesting video.cgi endpoint on port 8080. Many versions are affected.

tags | exploit, cgi
SHA-256 | b9109fbd6b81561f43a64e422162fa5e99ed650e66b857057e94fc3b868986d0
PHP CGI Argument Injection Remote Code Execution
Posted Jun 18, 2024
Authored by Orange Tsai, sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

tags | exploit, web, cgi, php
systems | windows
advisories | CVE-2024-4577
SHA-256 | c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38ef
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
Posted Feb 22, 2024
Authored by Spencer McIntyre, jheysel-r7, sfewer-r7 | Site metasploit.com

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS device. This component is intended to be used during either manual or cloud based provisioning of a QNAP NAS device. Once a device has been successfully initialized, the quick.cgi component is disabled on the system. An attacker with network access to an uninitialized QNAP NAS device may perform unauthenticated command injection, allowing the attacker to execute arbitrary commands on the device.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2023-47218
SHA-256 | 512c538bc485b9095fb0fb14daba0e91a985496262d3017dc3aaf05f8005e9ad
Nikto Web Scanner 2.5.0
Posted Dec 4, 2023
Authored by Sullo | Site cirt.net

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Changes: Breaking changes to JSON and XML output may have occurred. IPv6 support added. Updated db_checks format uses multiple reference. Hundreds of OSVDB and BID references replaced. Removal of some very old and false-positive prone tests. Decodes Netscaler cookies. Added -usecookies flag to send received cookies with subsequent requests. Added -followredirects flag to signal 3xx responses should be fetched and tested. Added -noslash to remove trailing slash from directories. Check for indexing on redirect paths. Alert on alt-svc header. Hundreds of bug fixes, test updates and enhancements, and other optimization changes.
tags | tool, web, cgi
systems | unix
SHA-256 | fb0dc4b2bc92cb31f8069f64ea4d47295bcd11067a7184da955743de7d97709d
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Posted Dec 4, 2023
Authored by LiquidWorm | Site zeroscience.mk

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

tags | exploit, cgi
SHA-256 | 957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54d
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
Posted Oct 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.

tags | exploit, denial of service, cgi
SHA-256 | b9b0622841f3107d917cdcd1705a85c49fc9e8558ff56a20647b6b895f6e0b05
Lexmark Device Embedded Web Server Remote Code Execution
Posted Sep 19, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.

tags | exploit, remote, arbitrary, cgi, code execution, bash
advisories | CVE-2023-26067, CVE-2023-26068
SHA-256 | 55b25ea44278a5136992f906756ff24cc7e2991ab7847a6388c6522fffc7a70a
Tinycontrol LAN Controller 3 Denial Of Service
Posted Sep 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.

tags | exploit, remote, denial of service, cgi
SHA-256 | 9b6ba51344fefe8dd52543c161ab1ed42968403a056b495c0371ffad0323a48c
Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
Ubuntu Security Notice USN-6181-1
Posted Jun 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | f634308d9f8170226b080952b6f1730c28beb18e02e1b9af7f1902121a0a253c
SecurePoint UTM 12.x Memory Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, memory leak
advisories | CVE-2023-22897
SHA-256 | 15ddc40a5043fe4407a10fa673fb39fdb12a08b717f9167e70ad626fbe024350
SecurePoint UTM 12.x Session ID Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, info disclosure
advisories | CVE-2023-22620
SHA-256 | 1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69
Page 1 of 42
Back12345Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    38 Files
  • 24
    Sep 24th
    65 Files
  • 25
    Sep 25th
    24 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close