I needed to do some fuzzing experiments on a web browser, and decided that a shell script and a webserver was all I needed to do that. This is how to use shell scripts for cgi, this is not about the fuzzing proccess.
First, I installed lighttpd and enabled the cgi module: sudo apt-get install lighttpd && sudo lighty-enable-mod cgi
Then, a handler should be configured in /etc/lighttpd/conf-enabled/10-cgi.conf, like this:
$HTTP["remoteip"] =~ "127.0.0.1" {
alias.url += ( "/cgi-bin/" => "/usr/lib/cgi-bin/" )
$HTTP["url"] =~ "^/cgi-bin/" {
cgi.assign = ( ".sh" => "/bin/sh" )
}
}
Now, make the server reload the config file using sudo /etc/init.d/lighttpd reload
And here is a simple shell script. Place the shellscript in /usr/lib/cgi-bin/example.sh and remember to set the right permissions for the file.
#!/bin/sh
cat << EOF
Content-Type: text/html
<html>
<head>
<title>cgi shell scripting example</title>
</head>
<body>
<h1>Stats for this computer</h1>
EOF
echo Date: $(date) "<br />"
echo Uptime: $(uptime) "<br />"
cat << EOF
</body>
</html>
EOF
Notice the extra newline between Content-Type: text/html and the actual webpage.
Navigate to http://127.0.0.1/cgi-bin/example.sh to see the script in action.
Related posts:
- Mapping host.domain.tld/path to /www/domain.tld/host/path in lighttpd
- Using a self-signed certificate with Lighttpd
- A simple reverse shell in jsp
- Does Google follow URL’s in JavaScript?
Tags: cgi, development, lighttpd
Copyright © 2010 Jannich Brendle's blog All rights reserved. Amazing Grace theme by