Press "Enter" to skip to content

Tag: cgi

[SEC-T] Sprinkler system

Solution Firstly, we can take a look at robots.txt:

And i found that there are contains test-cgi in cgi-bin folder. After have some research, i have found that test-cgi have vulnerability. And it seems that it is able to list directory through this vulnerability. Exploit Url: http://sprinklers.alieni.se/cgi-bin/test-cgi?/* Output:

It works!!. So, i change the parameter to “*”. Which means list all the fire in current directory. Url: http://sprinklers.alieni.se/cgi-bin/test-cgi?* Output:

Finally, we access http://sprinklers.alieni.se/cgi-bin/enable_sprinkler_system . And it print flag.

Leave a Comment