During execution of dirb I found a cgi-bin folder with status code 302
https://example.com/cgi-bin/
Surprisingly, when I execute dirb on the above again I got another cgi-bin as follows with same 302 status code.
https://example.com/cgi-bin/cgi-bin
What should be my next action item ? Either the site has used some old technologies and moved it to some different location altogether or their might be something that can be hacked further. Please help.
Hi @sabyasachi,
for me it’s difficult to tell without further testing and context.
I am doing pentest on a site example.com and just trying with dirb. Each time I am running dirb it is showing a cgi-bin folder with status code 302.
1st execution.
dirb https://example.com
Result: https://example.com/cgi-bin/ (status code 302).
2nd execution.
dirb https://example.com/cgi-bin/
Result: https://example.com/cgi-bin/cgi-bin/ (status code 302). and so on…
I would also like to test it further but not getting any idea to further execute more tests. It seems that there are nested cgi-bin folder with 302 status code (quite uncommon).
If you want to test it personally, I can provide you the details. Please mail me in that case.
Hi @sabyasachi.
I don’t see the issue really. There is a redirection. Does it only happen when you do /cgi-bin/ or when you do /xx-xx/ too?
Try adding some newline character if you want to check if it’s possible to inject new lines in the response, like https://example.com/cgi-bin/
xxx or https://example.com/cgi-bin/?
xxx.
Best.
1 Like