Web CGI Exploits
Here's several exploits related to different web CGIs. I wrote those exploits in last few years.
How it works
Web app are basicly those layers:
- web frameworks
- script language engines
- web containers(servers)
- web front proxy(nginx etc.)
5could be the same thing.
4could the same thing too.
There are communications between each layer. each layer software are developed by different teams. they do have standards to communicate each other, but they always have misunderstandings or design faults. So we can take advantage of those faults to achieve our goals, like RCE, spwan a shell, port forward etc.
- Reference: PHP FastCGI Remote Exploit(Chinese)
fcgi_exp.gouse fastcgi to read or execute file if the fcgi port exposed to public( or with a
fcgi_jailbreak.phpuse fastcgi params to change some php ini configs and break php-based sandbox.
- Reference: PHP Port Reuse With Mod_php(Chinese)
mod_php_port_reuse.phpreuse the 80 connection to spawn a interactive shell. Bypass the firewall.
mod_php_port_proxy.pywork together with
mod_php_port_reuse.php, create a 80 tcp proxy to bypass the firewall.
- Reference: uWSGI RCE Exploit(Chinese)
uwsgi_exp.pyexploit uwsgi to execute any command remotely if the uwsgi port exposed to public( or with a