Last article Table of contents Next article

www800.cgi by Energy

You'll be able to gain access to three (very little I must say) passfiles.

The xploit is:


So if you don't have it and want to add it.

Once a victim is found you have to go to enter the url in your browser and take a look
at the source if it contains the requiered infos for accessing the before mentioned passfiles.

Three examples follow: 

Datas for the POST: site_code=TWIN whereto=view 

Datas for the POST: site_code=AMGY whereto=view 

Datas for the POST: site_code=GGRL whereto=view 



to your list of xploits of your fav tool.

If successful then 

1) Grab the html from the site and CAREFULLY study it, you need to know the SITE_CODE and the WHERETO.

2) Do a POST with the url found with the following parameters:


Example: Go to 

and study the html code.

From it you'll find that SITE_CODE is "TWIN" and the desired WHERETO is "View current members"
so the parameters will be:

site_codeTWIN&whereto=View current members 

*NOTE* Use the url you got while xploiting, not the one the source html refers to,
i.e. the url of the POST must be: