iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (3)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Wargame idea - CGI
  • chroniccommand
    Posts: 1,389
    While reading a section in Python for dummies about CGI scripting, and idea suddenly hit me for a wargame idea. Here it is:

    We create a web server in which we have a vulnerable python CGI script. The python script asks for users input and prints it. The idea is the user can also type in a system command and the script will use os.system() to preform commands. Of course the CGI script won't actually be vulnerable, we could emulate vulnerability.

    Anybody like the idea?
  • Sh3llc0d3
    Posts: 1,910
    Sounds a decent idea, I was looking at CGI scripting for the scoreboard for my perl script.
  • Xin
    Posts: 3,251
    Im not sure i understand, as if we let the users access os.system they can do anything
    Xin
  • Sh3llc0d3
    Posts: 1,910
    said:


    Im not sure i understand, as if we let the users access os.system they can do anything



    That is why I should learn py.
  • chroniccommand
    Posts: 1,389
    said:


    Im not sure i understand, as if we let the users access os.system they can do anything



    We create a fake page that prints what you type in a message box. But it also executes system commands. So the user can type ls and see the output of ls. Get it?
  • _st4ck3D*
    Posts: 83
    Yeah. It's nice chronic. I came across with something like this someday x]
Add a Comment