Comment on page
cgi priv esc
The CGI scripts are perl scripts, so, if you have compromised a server that can execute .cgi scripts you can upload a perl reverse shell (
/usr/share/webshells/perl/perl-reverse-shell.pl), change the extension from .pl to .cgi, give execute permissions (
chmod +x) and access the reverse shell from the web browser to execute it. In order to test for CGI vulns it's recommended to use
nikto -C all(and all the plugins)
Upload the perl rev shell to the victim and run it. i.e) using LFI vuln that's executing with a root priv.