I'd like a little hint here...
I'm trying to test the security of a site, using some of the tools described in the various missions of this nice site, but i'm stuck...
I came on a site :
Apache/1.3.41 Server at web.***.*** Port 80
In the home search field of
http://web.***.***/
i tried some SSI commands : <!--#exec cmd=" " -->
Any command returns the same error :
http://web.***.***/bin/cgicso?query=%3C!--%23exec+cmd%3D%22ls%22+--%3E
- Code: Select all
' results //-->
User data loaded as of Jul 22, Staff data loaded as of Jul 22.
cmd:unknown field.
Did not understand query.
It l0oks like the server is responding to the request because if i type a standard name like homer simpson i get the following error message :
http://web.***.***/bin/cgicso?query=homer+simpson
- Code: Select all
User data loaded as of Jul 22, Staff data loaded as of Jul 22.
No matches to your query.
So i'm stuck and i'm wandering why commands aren't run even if server looks like he reads them?
Oh And what does the "+" mean in the error adress :
http://web.***.***/bin/cgicso?query=%3C!--%23exec+cmd%3D%22ls%22+--%3E cause i didn't typed it!?
sorry if this is the wrong place for posting, and Many Thanks
