Exploit the possiblities
Showing 76 - 100 of 950 RSS Feed

CGI Files

Gnu Bash 4.3 CGI Scan Remote Command Injection
Posted Sep 26, 2014
Authored by Claudio Viviani, Stephane Chazelas

Gnu Bash versions 4.3 and below remote command injection exploit that leverages the User-Agent header via vulnerable CGI scripts. Written in Python.

tags | exploit, remote, cgi, python, bash
advisories | CVE-2014-6271, CVE-2014-7169
MD5 | 281fac3d5e80c4e0afe507e7c29d16f3
bashedCgi Remote Command Execution
Posted Sep 25, 2014
Authored by Shaun Colley, Stephane Chazelas | Site metasploit.com

bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.

tags | exploit, arbitrary, shell, cgi, bash
advisories | CVE-2014-6271
MD5 | 44848a3424a134914b0d1e857adb7c0b
Mandriva Linux Security Advisory 2014-142
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-142 - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.

tags | advisory, remote, denial of service, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | 5cc6454096e1740c662549e0e30c7831
D-Link info.cgi POST Request Buffer Overflow
Posted Jul 11, 2014
Authored by Craig Heffner | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the my_cgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasploit module has been successfully tested on D-Link DSP-W215 in an emulated environment.

tags | exploit, remote, web, overflow, cgi, code execution
MD5 | 6536bc2c5fe1aa932ecb74dca292aac3
Python CGIHTTPServer File Disclosure / Code Execution
Posted Jun 27, 2014
Site redteam-pentesting.de

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.

tags | exploit, arbitrary, cgi, root, python
advisories | CVE-2014-4650
MD5 | 366ebd78e93b049c2077b7f457cd3446
D-Link authentication.cgi Buffer Overflow
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.

tags | exploit, remote, web, overflow, cgi
advisories | OSVDB-95951
MD5 | e86843e76fd74450b6a58bebe5f22c7f
D-Link hedwig.cgi Buffer Overflow in Cookie Header
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.

tags | exploit, remote, web, cgi, code execution
advisories | OSVDB-95950
MD5 | f42a41ed103516610ddf009f7f6aba79
Web Terra 1.1 Remote Command Execution
Posted May 22, 2014
Authored by Felipe Andrian Peixoto

Web Terra version 1.1 suffers from a remote command execution vulnerability in books.cgi. Note that this finding houses site-specific data.

tags | exploit, remote, web, cgi
MD5 | 23608abdbb351cc7796ad5b14d1fce14
Mandriva Linux Security Advisory 2014-089
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-089 - Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service via a long message to cmd.cgi.

tags | advisory, remote, denial of service, overflow, cgi
systems | linux, mandriva
advisories | CVE-2014-1878
MD5 | 79cc376d0e2393406ff5c6dec3583762
Night Lion Security PHP Stress
Posted May 6, 2014
Authored by Vinny Troia | Site nightlionsecurity.com

Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.

tags | exploit, tool, web, denial of service, cgi, php, proof of concept
systems | linux
MD5 | cf5a1ebb66e0d9f766736399194e02b5
Red Hat Security Advisory 2014-0373-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0373-01 - JBoss Web Server is an enterprise ready web server designed for medium and large applications, and is based on Tomcat. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications. Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications.

tags | advisory, java, web, cgi, php, file upload
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0050
MD5 | a9efdc53a6f8acc17a2647204d97dd66
Diskstation Manager 4.3-3810 Data Append / Code Execution
Posted Mar 25, 2014
Authored by tiamat451

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

tags | advisory, remote, web, arbitrary, cgi
advisories | CVE-2013-6955, CVE-2013-6987
MD5 | 7155d6e39ef68cd839a292af56e2baa2
FastCGI.com searcharchive.cgi Remote Command Execution
Posted Mar 20, 2014
Authored by Felipe Andrian Peixoto

searcharchive.cgi from www.FastCGI.com suffers from a remote command execution vulnerability.

tags | exploit, remote, cgi
MD5 | f1ac4bfdfbdf431b9e604f2510ccda60
Cosmoshop pwd.cgi htaccess Creation
Posted Mar 15, 2014
Authored by l0om

Cosmoshop suffers from having an unrestricted pwd.cgi script that allows for arbitrary creation of an htaccess file that can be leveraged to block access or perform phishing attacks.

tags | exploit, arbitrary, cgi
MD5 | e871b9476cf87b8e9d8a372f255acfc2
Linksys Worm Remote Root
Posted Feb 17, 2014
Authored by infodox

Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.

tags | exploit, worm, cgi, proof of concept
MD5 | 98029f878e6fe6748f2a3f31170306c5
PHP-CGI Remote Code Execution Scanner
Posted Feb 17, 2014
Authored by infodox

This small python script scans for a number of variations on the PHP-CGI remote code execution vulnerability, includes "apache magica" and plesk paths, along with other misconfigurations.

tags | tool, remote, cgi, scanner, php, code execution, python
systems | unix
MD5 | c043d2636d722f6c633d0653ab1ca8f5
Mandriva Linux Security Advisory 2014-004
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi
systems | linux, mandriva
advisories | CVE-2013-7108, CVE-2013-7205
MD5 | 36ee9c14e0e6826f2f6d357a431cb2a9
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
Posted Dec 23, 2013
Authored by Markus Wulftange | Site metasploit.com

This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a so called SLICEUPLOAD functionality, which can be triggered by an unauthenticated user with a specially crafted HTTP request. This is exploited by this module to append the given commands to /redirect.cgi, which is a regular shell script file, and can be invoked with another HTTP request. Synology reported that the vulnerability has been fixed with versions 4.0-2259, 4.2-3243, and 4.3-3810 Update 1, respectively; the 4.1 branch remains vulnerable.

tags | exploit, web, arbitrary, shell, cgi, root
advisories | CVE-2013-6955
MD5 | c2f7ccadd1aa8e6f7f9ba47191a96fb7
Mandriva Linux Security Advisory 2013-285
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.

tags | advisory, remote, web, arbitrary, cgi, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743
MD5 | f13e8ba9f8db87507ac43dc7f30e8c56
Mandriva Linux Security Advisory 2013-277
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-277 - lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. In lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often; in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too. In lighttpd before 1.4.34, if fam is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS.

tags | advisory, remote, cgi, root
systems | linux, mandriva
advisories | CVE-2013-4508, CVE-2013-4559, CVE-2013-4560
MD5 | 66510844b76d68ade1fb8fa2f9403a33
Supermicro Onboard IPMI close_window.cgi Buffer Overflow
Posted Nov 17, 2013
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This Metasploit module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214.

tags | exploit, web, overflow, arbitrary, cgi
advisories | CVE-2013-3623
MD5 | 93402586b187bf6a3206c59f7317c96f
Apache + PHP 5.x Remote Code Execution Python Exploit #2
Posted Oct 31, 2013
Authored by noptrix | Site nullsecurity.net

Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python. Version 2 of this exploit.

Changes: Multi-threaded scanner and connect-back shell added. Various bug fixes and it now allows an input file for scanning.
tags | exploit, remote, cgi, php, python
advisories | CVE-2012-1823
MD5 | a79b540dfe48bc91f755a82796e83f2c
Apache Magicka Code Execution
Posted Oct 29, 2013
Authored by Kingcope

Apache and PHP remote command execution exploit that leverages php5-cgi.

tags | exploit, remote, cgi, php
advisories | CVE-2012-1823
MD5 | bdb5dbeddbd99bb47e41085bb02a8b97
Apache / PHP Remote Command Execution
Posted Oct 29, 2013
Authored by noptrix | Site nullsecurity.net

Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.

tags | exploit, remote, cgi, php, python
advisories | CVE-2012-1823
MD5 | 1b8cde875eff98bf11b70ba0d00606d8
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
MD5 | 6aca173027c40771cf3490070e12b3b4
Page 4 of 38
Back23456Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close