Skip to content

Multi-language web CGI interfaces exploits.

License

Notifications You must be signed in to change notification settings

3em0/webcgi-exploits

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Web CGI Exploits

License README README

Here's several exploits related to different web CGIs. I wrote those exploits in last few years.

How it works

Web app are basicly those layers:

  1. applications
  2. web frameworks
  3. script language engines
  4. web containers(servers)
  5. web front proxy(nginx etc.)
  • 4 and 5 could be the same thing.3 and 4 could the same thing too.

There are communications between each layer. each layer software are developed by different teams. they do have standards to communicate each other, but they always have misunderstandings or design faults. So we can take advantage of those faults to achieve our goals, like RCE, spwan a shell, port forward etc.

Exploits

PHP

  • Fastcgi

    1. fcgi_exp.go use fastcgi to read or execute file if the fcgi port exposed to public( or with a SSRF).
    2. fcgi_jailbreak.php use fastcgi params to change some php ini configs and break php-based sandbox.
  • Apache Mod_php

    1. mod_php_port_reuse.php reuse the 80 connection to spawn a interactive shell. Bypass the firewall.
    2. mod_php_port_proxy.py work together with mod_php_port_reuse.php, create a 80 tcp proxy to bypass the firewall.

Python

  • Uwsgi
    1. uwsgi_exp.py exploit uwsgi to execute any command remotely if the uwsgi port exposed to public( or with a SSRF).

About

Multi-language web CGI interfaces exploits.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 48.5%
  • Go 27.9%
  • Python 23.6%