Exploiting Net Administration Cgi's like nethosting.com
Written by:Lord Somer
Date:9/2/97
Well since nethosting.com either shutdown or whatever I figured what the hell before I forget how I did the more recent hacks etc... I'd tell you how so maybe you'll find the same sys elsewhere or be able to use it for ideas.
Basically Nethosting.com did all it's administration via cgi's at net-admin.nethosting.com, well you need an account, card it if necessary, log in to net-administration, you'll see crap like ftp administration, email, etc... who really cares about e-mail so we'll go to ftp. Click on ftp administration. Lets say you were logged in as 7thsphere.com your url would be something like:http://net-admin.nethosting.com/cgi-bin/add_ftp.cgi?7thsphere.com+ljad32432jl
Just change the 7thsphere.com to any domain on the sys or if in the chmod cgi just del that part but keep the + sign and you edit the /usr/home dir. In the ftp administration make a backdoor account to that domain by creating an ftp who's dir is / since multiple /// still means /.
Once you have your backdoor have fun. Oh yeah and in the email you can add aliases like I did to rhad's e-mail account at 7thsphere, why the hell is he on that winsock2.2 mailing list?
Well the basic theory of this type of exploitation is that:
- the cgi is passed a paramater which we change to something else to edit it's info
- since it uses the stuff after the + to check that it's a valid logged in account(like hotmail does), it dosen't check the password again.
- multiple ///'s in unix just mean a /, thus we can get access to people's dir or the entire /usr/home dir
I used this method for hacking a few well known places:
