CGI scan

[daz2712]

Ran a cgi scan of a website and it came back with three exploit names,which are:

cart.pl
man.sh
bb-hist.sh

Can anyone give me a quick rundown of what these are and what I can do with them?

Thanks!

[robbins]

search google, and you'll most likely find everything your looking for, do your own dirty work please.

oh yeah, www.undug.net <- my link

[daz2712]

I've been searching google.I can find descriptions of the exploits but don't know where to look to get software to actually utilise them.

[Nerdz]

Then code your own

[daz2712]

Then code your own

Ignorant get!

[floodhound2]

How experienced are you? I would help you but I am not familiar with CGI. If i have time i will look this up. I don’t know why others are being a little on the snooty side. They will tell you how to run a Trojan but not help you on a CGI exploit. I am sure you are just wanting to know and not do, Right?

PEACE

[bad_brain]

those are no exploits anyway, just potentially vulnerable scripts. if the admin is not a complete idiot (um,well, some are ) it's pretty worthless, and I've also seen a lot of false positives by cgi scanners already so you need to verify the results manually.
look on the usual well-known sites for exploits, but I explicitly warn you do try them out because you will definitly be logged and have to face the possible consequences then.
if you have not enough experience yet try stuff on your own LAN, simply setup an old spare computer as server and experiment...this will keep you away from trouble.....

[pseudo_opcode]

ran a scan and it gave you exploit names!!! Wow i thought when we scan it gives us only the vulnerabilities.. we have to code/borrow/beg/steal the exploits ourselves.. and i completely agree some of the scanners may give you false vulns.. i even had an experience in which the i was scanning linux and it gave me windows vuln.. i knew its linux since it was my own box on my own network.