Press "Enter" to skip to content

[SEC-T] Sprinkler system

Solution

Firstly, we can take a look at robots.txt:

And i found that there are contains test-cgi in cgi-bin folder.
After have some research, i have found that test-cgi have vulnerability. And it seems that it is able to list directory through this vulnerability.

Exploit

Url: http://sprinklers.alieni.se/cgi-bin/test-cgi?/*
Output:

It works!!. So, i change the parameter to "*". Which means list all the fire in current directory.
Url: http://sprinklers.alieni.se/cgi-bin/test-cgi?*
Output:

Finally, we access http://sprinklers.alieni.se/cgi-bin/enable_sprinkler_system . And it print flag.

Comments

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *