How to Identify CGI Vulnerabilities using TCS CGI Scanner
The TCS Common Gateway Interface (CGI ) Scanner application is designed to find targets that have vulnerable CGI Script errors. These errors are normally due to systems that have not been patched or updated.
Click to highlight the default target of htpp://www.tpp.ru and click on the at the top left of the application to delete the current target.
On the gray bar along the top left of the application, enter the IP address or hostname of the target and click on the gray-colored arrow to insert the new target. Repeat this process for multiple targets. The TCS CGI Scanner is now ready to scan the target.
In this example, each To execute, right-click on a script and left-click on Copy String. Open Internet Explorer and paste the line in the address bar. Press the Enter key. The directory listing of the target’s C: drive will appear.
The line that should be in the address bar is:
To list the contents of the Program Files directory, edit the address bar to
Create directory command within the script:
Notice that the beenhacked directory is now created in the root of the C: drive on the target.
The gray bar along the top right of the application allows you to enter
0 comments:
Post a Comment