what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,051 RSS Feed

CGI Files

PHP-CGI Argument Injection Remote Code Execution
Posted Nov 14, 2024
Authored by BTtea | Site github.com

Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.

tags | exploit, remote, cgi, php, code execution, proof of concept
advisories | CVE-2024-4577
SHA-256 | a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9
PHP-CGI Argument Injection Susceptibility Scanner
Posted Nov 14, 2024
Site github.com

This is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a list of domains are potentially vulnerable to this specific security issue. This issue affected PHP-CGI versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.

tags | tool, cgi, scanner, php, bash
systems | unix
advisories | CVE-2024-4577
SHA-256 | 58c9a80f92e4d182c0940c15a33aa87129477ec3f26f7c5c954d840e6f170fd4
Debian Security Advisory 5780-1
Posted Oct 3, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.

tags | advisory, cgi, php
systems | linux, debian
advisories | CVE-2024-8925, CVE-2024-8926, CVE-2024-8927
SHA-256 | bfa3e5a0c7655d65e84e614bda3fc8f53d019f36e25c18e9829db943709ca29b
Ubuntu Security Notice USN-7049-1
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions.

tags | advisory, remote, cgi, php
systems | linux, ubuntu
advisories | CVE-2024-8925, CVE-2024-8927, CVE-2024-9026
SHA-256 | 14e6ccaf04bbc5174ed15834051334a5b30f6e99b3c0e67287922b0ab80244b4
Supermicro Onboard IPMI CGI Scanner
Posted Sep 1, 2024
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.

tags | exploit, overflow, cgi, vulnerability
advisories | CVE-2013-3621, CVE-2013-3623
SHA-256 | 25146ab0a527b2c20a4d174368a8756c57f0f973644733c599eb8239270f30b0
Zen Load Balancer Directory Traversal
Posted Sep 1, 2024
Authored by Dhiraj Mishra, Basim Alabdullah | Site metasploit.com

This Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.

tags | exploit, arbitrary, cgi
SHA-256 | 011af6df07f2ee11564536666bb82966d29715170c3c7d030a6d4aaa8987376b
DnaLIMS Directory Traversal
Posted Sep 1, 2024
Authored by h00die, Nicholas von Pechmann | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.

tags | exploit, cgi
advisories | CVE-2017-6527
SHA-256 | 51e9c7257950972cb9c2f3eadb03402eb6967e9df8461564e00e53de1edcfeba
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
Posted Sep 1, 2024
Authored by Dhiraj Mishra, mekhalleh, Ash Daulton | Site metasploit.com

This Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

tags | exploit, remote, arbitrary, cgi, root
advisories | CVE-2021-41773, CVE-2021-42013
SHA-256 | 8661970ef7fbc7bc8a93b978a820b094101fa41f1545520eb469ee134ef69aa9
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
Posted Sep 1, 2024
Authored by Michal Zalewski, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.

tags | exploit, web, shell, cgi, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 87c833264ee49ea156b8462740c64928a943a3c37c5f3d9c388659dfaa1d03a0
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
Posted Sep 1, 2024
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.

tags | exploit, web, cgi
SHA-256 | 2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397
ZyXEL GS1510-16 Password Extractor
Posted Aug 31, 2024
Authored by Sven Vetsch, Daniel Manser | Site metasploit.com

This Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached end of life for support from the manufacturer, so it is unlikely this problem will be addressed.

tags | exploit, cgi
SHA-256 | f64ee1ebff3c90a08beadeb514409a3b5bbf36e3c99ab50125bfcad7485c04c5
Sophos Web Protection Appliance Patience.cgi Directory Traversal
Posted Aug 31, 2024
Authored by juan vazquez, Wolfgang Ettlingers | Site metasploit.com

This Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.

tags | exploit, web, cgi
advisories | CVE-2013-2641
SHA-256 | 3d4fc09d9f6482421e030cede564961a2b390c83045857868d24748e125478ec
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
Posted Aug 31, 2024
Authored by Grant Willcox, colorlight2019, SSD Disclosure | Site metasploit.com

This Metasploit module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exploit utilizes these privileges to enable the telnet server which allows attackers to connect to the target and execute commands as the admin user from within a BusyBox shell. Users can connect to this telnet server by running the command "telnet *target IP*".

tags | exploit, overflow, shell, cgi, root, code execution
advisories | CVE-2021-31802
SHA-256 | 042eaa7026a5227a1b186fee630ffdae53cf707f495f6cf7879c9d6f44e1ac01
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been tested successfully with Webmin 1.580 over Ubuntu 10.04.

tags | exploit, arbitrary, cgi, root
systems | linux, ubuntu
advisories | CVE-2012-2983
SHA-256 | 6c0a9a2b80ec4a4d227511510ff034d0be1d1387d4299cbb7189ca3bd983eb19
C2S DVR Management Password Disclosure
Posted Aug 31, 2024
Authored by h00die, Yakir Wizman | Site metasploit.com

C2S DVR allows an unauthenticated user to disclose the username and password by requesting the javascript page read.cgi?page=2. This may also work on some cameras including IRDOME-II-C2S, IRBOX-II-C2S.

tags | exploit, cgi, javascript
SHA-256 | f14eb376c1dcefd1b99e4b5370da22899ba91385ab2b1509b470c463d912db0f
NETGEAR Administrator Password Disclosure
Posted Aug 31, 2024
Authored by Simon Kenin, thecarterb | Site metasploit.com

This Metasploit module will collect the password for the admin user. The exploit will not complete if password recovery is set on the router. The password is received by passing the token generated from unauth.cgi to passwordrecovered.cgi. This exploit works on many different NETGEAR products. The full list of affected products is available in the References section.

tags | exploit, cgi
advisories | CVE-2017-5521
SHA-256 | aa53592f4c2de5f7742c7914a0b26fa42e6e62f00e84c3a8ce2e442d825edf56
JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure
Posted Aug 31, 2024
Authored by h00die, Yakir Wizman | Site metasploit.com

SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU), and Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allow an unauthenticated user to disclose the username and password by requesting the javascript page readfile.cgi?query=ADMINID. Siemens firmwares affected: x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, x.2.2.1235.

tags | exploit, cgi, javascript
SHA-256 | 75f290c73dd9cc43a56aaf952cb417b04741e27f28826be5a9ebfc52ebd9c6c9
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Posted Aug 20, 2024
Authored by LiquidWorm | Site zeroscience.mk

Akuvox Smart Intercom/Doorphone suffers from an unauthenticated live stream disclosure when requesting video.cgi endpoint on port 8080. Many versions are affected.

tags | exploit, cgi
SHA-256 | b9109fbd6b81561f43a64e422162fa5e99ed650e66b857057e94fc3b868986d0
PHP CGI Argument Injection Remote Code Execution
Posted Jun 18, 2024
Authored by Orange Tsai, sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

tags | exploit, web, cgi, php
systems | windows
advisories | CVE-2024-4577
SHA-256 | c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38ef
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
Posted Feb 22, 2024
Authored by Spencer McIntyre, jheysel-r7, sfewer-r7 | Site metasploit.com

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS device. This component is intended to be used during either manual or cloud based provisioning of a QNAP NAS device. Once a device has been successfully initialized, the quick.cgi component is disabled on the system. An attacker with network access to an uninitialized QNAP NAS device may perform unauthenticated command injection, allowing the attacker to execute arbitrary commands on the device.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2023-47218
SHA-256 | 512c538bc485b9095fb0fb14daba0e91a985496262d3017dc3aaf05f8005e9ad
Nikto Web Scanner 2.5.0
Posted Dec 4, 2023
Authored by Sullo | Site cirt.net

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Changes: Breaking changes to JSON and XML output may have occurred. IPv6 support added. Updated db_checks format uses multiple reference. Hundreds of OSVDB and BID references replaced. Removal of some very old and false-positive prone tests. Decodes Netscaler cookies. Added -usecookies flag to send received cookies with subsequent requests. Added -followredirects flag to signal 3xx responses should be fetched and tested. Added -noslash to remove trailing slash from directories. Check for indexing on redirect paths. Alert on alt-svc header. Hundreds of bug fixes, test updates and enhancements, and other optimization changes.
tags | tool, web, cgi
systems | unix
SHA-256 | fb0dc4b2bc92cb31f8069f64ea4d47295bcd11067a7184da955743de7d97709d
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Posted Dec 4, 2023
Authored by LiquidWorm | Site zeroscience.mk

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

tags | exploit, cgi
SHA-256 | 957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54d
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
Posted Oct 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.

tags | exploit, denial of service, cgi
SHA-256 | b9b0622841f3107d917cdcd1705a85c49fc9e8558ff56a20647b6b895f6e0b05
Lexmark Device Embedded Web Server Remote Code Execution
Posted Sep 19, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.

tags | exploit, remote, arbitrary, cgi, code execution, bash
advisories | CVE-2023-26067, CVE-2023-26068
SHA-256 | 55b25ea44278a5136992f906756ff24cc7e2991ab7847a6388c6522fffc7a70a
Tinycontrol LAN Controller 3 Denial Of Service
Posted Sep 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.

tags | exploit, remote, denial of service, cgi
SHA-256 | 9b6ba51344fefe8dd52543c161ab1ed42968403a056b495c0371ffad0323a48c
Page 1 of 43
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close