Robert Moniot found followung. The May 1998 issue of SysAdmin
Magazine contains an article, "Web-Enabled Man Pages", which
includes source code for very nice cgi script named man.sh to feed
man pages to a web browser. The hypertext links to other man
pages are an especially attractive feature.

Unfortunately, this script is vulnerable to attack. Essentially,
anyone who can execute the cgi thru their web browser can run any
system commands with the user id of the web server and obtain the
output from them in a web page.

二十五.FormHandler.cgi
在表格里加上

你的邮箱里就有/etc/passwd

二十六.JFS
相信大家都看过"JFS 侵入 PCWEEK-Linux 主机的详细过程"这篇文章,他利用photoads
这个CGI模块攻入主机. 我没有实际攻击过,看文章的理解是这样

先lynx "http://securelinux.hackpcweek.com/photoads/cgi-bin/edit.cgi?

1.CGI漏洞(1)
2.CGI漏洞(2)
3.CGI漏洞(3)
4.CGI漏洞(4)
5.CGI漏洞(5)
6.CGI漏洞(6)
7.CGI漏洞(7)
8.CGI漏洞(8)
9.CGI漏洞(9)
10.CGI漏洞(10)
11.CGI漏洞(11)
12.CGI漏洞(12)
13.CGI漏洞(13)
14.CGI漏洞(14)
15.CGI漏洞(15)
16.CGI漏洞(16)
17.CGI漏洞(17)
18.CGI漏洞(18)
19.CGI漏洞(19)
20.CGI漏洞(20)
21.CGI漏洞(21)
22.CGI漏洞(22)
23.CGI漏洞(23)
24.CGI漏洞(24)
25.CGI漏洞(25)
26.CGI漏洞(26)
27.CGI漏洞(27)
28.CGI漏洞(28)
29.CGI漏洞(29)
30.CGI漏洞(30)
31.CGI漏洞(31)
32.CGI漏洞(32)
33.CGI漏洞(33)
34.CGI漏洞(34)
35.CGI漏洞(35)
36.CGI漏洞(36)
37.CGI漏洞(37)
38.CGI漏洞(38)
39.CGI漏洞(39)
40.CGI漏洞(40)
41.CGI漏洞(41)

共41页 9 7 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] 8 :>

CGI漏洞相关文章：

CGI漏洞相关软件：

特别声明：本站除部分特别声明禁止转载的专稿外的其他文章可以自由转载，但请务必注明出处和原始作者。文章版权归文章原始作者所有。对于被本站转载文章的个人和网站，我们表示深深的谢意。如果本站转载的文章有版权问题请联系编辑人员，我们尽快予以更正。
转载请注明来源：http://www.xgdown.com