cgi priv esc

The CGI scripts are perl scripts, so, if you have compromised a server that can execute .cgi scripts you can upload a perl reverse shell (/usr/share/webshells/perl/perl-reverse-shell.pl), change the extension from .pl to .cgi, give execute permissions (chmod +x) and access the reverse shell from the web browser to execute it.
In order to test for CGI vulns it's recommended to use nikto -C all (and all the plugins)
source:https://book.hacktricks.xyz/pentesting/pentesting-web/cgi​
Upload the perl rev shell to the victim and run it. i.e) using LFI vuln that's executing with a root priv. 
​
phpmyadmin
Phreesoft 5.2.3
Last modified 11mo ago