Web Hacking · sabyasachi Aug, pm #1. During execution of dirb I found a cgi-bin folder with status code bltadwin.ru The root folder of every web server includes the cgi-bin directory; used by cybercriminals to perform a white-hat, ethical hack on your organization. I newbie to web programming, so I setup an apache2 sever for my practice. It seems that someone succeeded to hack my apache server. I have notice in my access. When the php5-cgi package is installed on Debian and Ubuntu or php-cgi is installed manually the php-cgi binary is accessible under /cgi-bin/php5 and /cgi-bin/php. The vulnerability makes it possible to execute the binary because this binary has a security check enabled when installed with Apache http server and this security check is Estimated Reading Time: 9 mins. file=bltadwin.ru: we are going to suppose that there is a "file" parameter. Since the bltadwin.ru script is already hosted in the cgi-bin/ directory, we can directly request bltadwin.ru file; Here is what it produces: The source code of the page gives us the information we are looking for: Step 2: delete list. Access this page. apple hack server xml itunes cgi apache internet-radio-player internet-radio-stations itunes-radio audio-streams internet-radio mac-os-x cgi-bin kerbango Updated HTML.
0コメント