Ran a cgi scan of a website and it came back with three exploit names,which are:
cart.pl
man.sh
bb-hist.sh
Can anyone give me a quick rundown of what these are and what I can do with them?
Thanks!
CGI scan
search google, and you'll most likely find everything your looking for, do your own dirty work please.
oh yeah, www.undug.net <- my link
oh yeah, www.undug.net <- my link
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 18
- Location: 127.0.0.1
- Contact:
How experienced are you? I would help you but I am not familiar with CGI. If i have time i will look this up. I don’t know why others are being a little on the snooty side. They will tell you how to run a Trojan but not help you on a CGI exploit. I am sure you are just wanting to know and not do, Right?
PEACE
PEACE
₣£ΘΘĐĦΘŮŇĐ
- bad_brain
- Site Owner
- Posts: 11639
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
those are no exploits anyway, just potentially vulnerable scripts. if the admin is not a complete idiot (um,well, some are ) it's pretty worthless, and I've also seen a lot of false positives by cgi scanners already so you need to verify the results manually.
look on the usual well-known sites for exploits, but I explicitly warn you do try them out because you will definitly be logged and have to face the possible consequences then.
if you have not enough experience yet try stuff on your own LAN, simply setup an old spare computer as server and experiment...this will keep you away from trouble.....
look on the usual well-known sites for exploits, but I explicitly warn you do try them out because you will definitly be logged and have to face the possible consequences then.
if you have not enough experience yet try stuff on your own LAN, simply setup an old spare computer as server and experiment...this will keep you away from trouble.....
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 18
- Location: 127.0.0.1
ran a scan and it gave you exploit names!!! Wow i thought when we scan it gives us only the vulnerabilities.. we have to code/borrow/beg/steal the exploits ourselves.. and i completely agree some of the scanners may give you false vulns.. i even had an experience in which the i was scanning linux and it gave me windows vuln.. i knew its linux since it was my own box on my own network.