CGI scan

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
daz2712
Newbie
Newbie
Posts: 3
Joined: 22 Sep 2006, 16:00
15

CGI scan

Post by daz2712 »

Ran a cgi scan of a website and it came back with three exploit names,which are:

cart.pl
man.sh
bb-hist.sh

Can anyone give me a quick rundown of what these are and what I can do with them?

Thanks!

robbins
forum buddy
forum buddy
Posts: 15
Joined: 25 Sep 2006, 16:00
15

Post by robbins »

search google, and you'll most likely find everything your looking for, do your own dirty work please.

oh yeah, www.undug.net <- my link :)

User avatar
daz2712
Newbie
Newbie
Posts: 3
Joined: 22 Sep 2006, 16:00
15

Post by daz2712 »

I've been searching google.I can find descriptions of the exploits but don't know where to look to get software to actually utilise them.

User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
16
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

Post by Nerdz »

Then code your own :)
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.

User avatar
daz2712
Newbie
Newbie
Posts: 3
Joined: 22 Sep 2006, 16:00
15

Post by daz2712 »

nerdzoncrack wrote:Then code your own :)
:twisted: Ignorant get!

User avatar
floodhound2
∑lectronic counselor
∑lectronic counselor
Posts: 2117
Joined: 03 Sep 2006, 16:00
15
Location: 127.0.0.1
Contact:

Post by floodhound2 »

How experienced are you? I would help you but I am not familiar with CGI. If i have time i will look this up. I don’t know why others are being a little on the snooty side. They will tell you how to run a Trojan but not help you on a CGI exploit. I am sure you are just wanting to know and not do, Right?

PEACE
₣£ΘΘĐĦΘŮŇĐ

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11610
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

those are no exploits anyway, just potentially vulnerable scripts. if the admin is not a complete idiot (um,well, some are :lol: ) it's pretty worthless, and I've also seen a lot of false positives by cgi scanners already so you need to verify the results manually.
look on the usual well-known sites for exploits, but I explicitly warn you do try them out because you will definitly be logged and have to face the possible consequences then.
if you have not enough experience yet try stuff on your own LAN, simply setup an old spare computer as server and experiment...this will keep you away from trouble.....

:wink:

pseudo_opcode
cyber messiah
cyber messiah
Posts: 1201
Joined: 30 Apr 2006, 16:00
15
Location: 127.0.0.1

Post by pseudo_opcode »

ran a scan and it gave you exploit names!!! Wow i thought when we scan it gives us only the vulnerabilities.. we have to code/borrow/beg/steal the exploits ourselves.. and i completely agree some of the scanners may give you false vulns.. i even had an experience in which the i was scanning linux and it gave me windows vuln.. i knew its linux since it was my own box on my own network.

Post Reply