07-30-2009
Usually, no.
But generally, 3 ways come to mind:
- If the HTTP server is configured wrong and doesn't recognize the scripts as executables, and serves the content instead
- If another application on the same server is vulnerable to relative path errors, eg instead of calling /xyz/abc.html the attacker can call /xyz/../../cgi-bin/script.pl
- If you've got a script that uses templates with variables passed through POST. Those could be set also via GET and potentially serve content you wanted hidden
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi Bros,
I am in a serious trouble with concurrency issue while using mailx. I have a shell script which reads all the emails of a unix user account and create a copy (another mbox for processing and archive purpose). This script works fine for 99.99% of the time but sometime it start creating... (2 Replies)
Discussion started by: Sumit_Fundoo
2 Replies
2. Shell Programming and Scripting
I am trying to use a script to replace the header of each file, whose filename are stored within the array $test, using the sed command within a Perl script as follows:
$count = 0;
while ( $count < $#test )
{
`sed -e 's/BIOGRF 321/BIOGRF 332/g' ${test} > 0`;
`cat 0 >... (2 Replies)
Discussion started by: userix
2 Replies
3. Shell Programming and Scripting
hi,,
i have perl scipt with line :
system('./try.sh $t $d $m');
in shell scipt try.sh i have the line:
echo $1
its not printing value of $t that i hav passed..y is it so..i am running it from apache web server (2 Replies)
Discussion started by: raksha.s
2 Replies
4. Web Development
hi,i hav a form in cgi perl script.this script accepts a value from user from another html form, and depending upon this value,i need to disable /enable radio buttons in cgi-perl script wen second page is displayed on executing cgi perl script.how do i do it using javascript? (0 Replies)
Discussion started by: raksha.s
0 Replies
5. Web Development
Hello,
Met a problem learning perl cgi script.
1 #!/usr/bin/perl -wT
2
3 use strict;
4 use CGI qw(:standard);
5
6 my $q = new CGI;
7
8 my $filename = $q->param('/home/yifangt/hello.cgi');
9 my $contenttype = $q->uploadInfo($filename)->{'Content-Type'};
10... (5 Replies)
Discussion started by: yifangt
5 Replies
6. Web Development
Can anyone tell me how to export a variable from one perl CGI script to another perl cgi script when using a redirect.
Upon running the login.pl the user is prompted to enter user name and password. Upon entering the correct credentials (admin/admin) the user is
redirected to welcome page.
My... (3 Replies)
Discussion started by: Arun_Linux
3 Replies
7. Programming
Hi
I have a bash script which takes parameters
sh /tmp/gdg.sh -b BASE-NAME -n 1 -s /source/data -p /dest/data/archive -m ARC
gdg.sh will scan the /source/data and will move the contents to /dest/data/archive after passing through some filters. Its working superb from bash
I have... (0 Replies)
Discussion started by: rakeshkumar
0 Replies
8. Shell Programming and Scripting
Hi All,
I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ??
print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">");
print("<input type = "text"... (1 Reply)
Discussion started by: scriptscript
1 Replies
9. Shell Programming and Scripting
Hi team,
I have a typical problem with cgi pages in apache webserver in WINDOWS
I am able to execute(display) the pages that are saved in cgi-bin folder.
But I am not able to execute the pages stored in htdocs or other folder other than cgi-bin folder.
Could anyone please let me know how... (1 Reply)
Discussion started by: scriptscript
1 Replies
10. Shell Programming and Scripting
Hi All,
I have written an cgi perl script that displays an image(Excel image) and when clicked on that Image I need to download a excel sheet.
I made sure that excel sheet exists in the folder with the given name but still I am not able to download the sheet.
print "<center><table... (2 Replies)
Discussion started by: scriptscript
2 Replies
LEARN ABOUT DEBIAN
wapiti
WAPITI(1) User Commands WAPITI(1)
NAME
wapiti - a web application vulnerability scanner.
SYNOPSIS
wapiti http://server.com/base/url/ [options]
DESCRIPTION
Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed
webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
OPTIONS
-s, --start <url>
specify an url to start with.
-x, --exclude <url>
exclude an url from the scan (for example logout scripts) you can also use a wildcard (*):
Example : -x "http://server/base/?page=*&module=test" or -x "http://server/base/admin/*" to exclude a directory
-p, --proxy <url_proxy>
specify a proxy (-p http://proxy:port/)
-c, --cookie <cookie_file>
use a cookie
-t, --timeout <timeout>
set the timeout (in seconds)
-a, --auth <login%password>
set credentials (for HTTP authentication) doesn't work with Python 2.4
-r, --remove <parameter_name>
removes a parameter from URLs
-m, --module <module>
use a predefined set of scan/attack options:
GET_ALL: only use GET request (no POST)
GET_XSS: only XSS attacks with HTTP GET method
POST_XSS: only XSS attacks with HTTP POST method
-u, --underline
use color to highlight vulnerable parameters in output
-v, --verbose <level>
set the verbosity level:
0: quiet (default),
1: print each url,
2: print every attack
-h, --help
print help page
EFFICIENCY
Wapiti is developed in Python and use a library called lswww. This web spider library does the most of the work. Unfortunately, the html
parsers module within python only works with well formed html pages so lswww fails to extract information from bad-coded webpages. Tidy can
clean these webpages on the fly for us so lswww will give pretty good results. In order to make Wapiti far more efficient, you should:
apt-get install python-utidylib python-ctypes
AUTHOR
Copyright (C) 2006-2007 Nicolas Surribas <nicolas.surribas@gmail.com>
Manpage created by Thomas Blasing <thomasbl@pool.math.tu-berlin.de>
http://wapiti.sourceforge.net/ July 2007 WAPITI(1)