Skip to content

Instantly share code, notes, and snippets.

@milo2012

milo2012/uriList-exploits.csv

Created December 30, 2016 05:34
Show Gist options
  • Save milo2012/fc498afe40e3963ea8fe58222fabba3f to your computer and use it in GitHub Desktop.
Save milo2012/fc498afe40e3963ea8fe58222fabba3f to your computer and use it in GitHub Desktop.
Download ZIP
uriList-exploits.csv
Raw
uriList-exploits.csv
/soap/ exploits/freebsd/misc/citrix_netscaler_soap_bof
/glpi/ exploits/multi/http/glpi_install_rce
/invoker/JMXInvokerServlet/ exploits/multi/http/jboss_invoke_deploy
/moodle/ exploits/multi/http/moodle_cmd_exec
/console/ exploits/multi/http/werkzeug_debug_rce
/SiteScope/ exploits/multi/http/hp_sitescope_issuesiebelcmd
/phpwiki/ exploits/multi/http/phpwiki_ploticus_exec
/cuteflow_v.2.11.2/ exploits/multi/http/cuteflow_upload_exec
/phpmyadmin/ exploits/multi/http/phpmyadmin_preg_replace
/blank-struts2/login.action/ exploits/multi/http/struts_code_exec_parameters
/Zemra/Panel/Zemra/system/command.php/ exploits/multi/http/zemra_panel_rce
/www/ exploits/multi/http/webpagetest_upload_exec
/mma.php/ exploits/multi/http/mma_backdoor_upload
/qdPM/ exploits/multi/http/qdpm_upload_exec
/phptax/ exploits/multi/http/phptax_exec
/Auxiliumpetratepro/ exploits/multi/http/auxilium_upload_exec
/mt/ exploits/multi/http/movabletype_upgrade_exec
/jenkins/ exploits/multi/http/jenkins_script_console
/openx/ exploits/multi/http/openx_backdoor_php
/zpanel/ exploits/multi/http/zpanel_information_disclosure_rce
/manager/ exploits/multi/http/tomcat_mgr_upload
/wikka/ exploits/multi/http/wikka_spam_exec
/zabbix/ exploits/multi/http/zabbix_script_exec
/SiteScope/ exploits/multi/http/hp_sitescope_uploadfileshandler
/struts2-blank/example/HelloWorld.action/ exploits/multi/http/struts_dev_mode
/roller/ exploits/multi/http/apache_roller_ognl_injection
/sysaid/ exploits/multi/http/sysaid_auth_file_upload
/AjaXplorer-2.5.5/ exploits/multi/http/ajaxplorer_checkinstall_exec
/polarbearcms/ exploits/multi/http/polarcms_upload_exec
/com_extplorer_2.1.0/ exploits/multi/http/extplorer_upload_exec
/vtigercrm/ exploits/multi/http/vtiger_soap_upload
/interface/ exploits/multi/http/mutiny_subnetmask_exec
/gestioip/ exploits/multi/http/gestioip_exec
/ATutor/ exploits/multi/http/atutor_sqli
/struts2-blank/example/HelloWorld.action/ exploits/multi/http/struts_code_exec_classloader
/struts2-blank/example/HelloWorld.action/ exploits/multi/http/struts_include_params
/admin-console/login.seam/ exploits/multi/http/jboss_seam_upload_exec
/bf102/ exploits/multi/http/php_volunteer_upload_exec
/testlink-1.9.3/ exploits/multi/http/testlink_upload_exec
/jos.php/ exploits/multi/http/v0pcr3w_exec
/pandora_console/ exploits/multi/http/pandora_upload_exec
/x7chat2/ exploits/multi/http/x7chat2_php_exec
/php-utility-belt/ajax.php/ exploits/multi/http/php_utility_belt_rce
/IDC.php/ exploits/multi/http/stunshell_exec
/caidao.php/ exploits/multi/http/caidao_php_backdoor_exec
/IDC.php/ exploits/multi/http/stunshell_eval
/phpFileManager-0.9.8/index.php/ exploits/multi/http/phpfilemanager_rce
/appRain-q-0.1.5/ exploits/multi/http/apprain_upload_exec
/sflog/ exploits/multi/http/sflog_upload_exec
/mediawiki/ exploits/multi/http/mediawiki_thumb
/glossword/1.8/ exploits/multi/http/glossword_upload_exec
/struts2-blank/example/HelloWorld.action/ exploits/multi/http/struts_default_action_mapper
/log1cms2.0/ exploits/multi/http/log1cms_ajax_create_folder
/kordil_edms/ exploits/multi/http/kordil_edms_upload_exec
/mobilecartly/ exploits/multi/http/mobilecartly_upload_exec
/vtigercrm/ exploits/multi/http/vtiger_php_exec
/ATutor/ exploits/linux/http/atutor_filemanager_traversal
/WeBid/ exploits/linux/http/webid_converter
/railo-context/ exploits/linux/http/railo_cfml_rfi
/iControl/iControlPortal.cgi/ exploits/linux/http/f5_icall_cmd
/ping.ccp/ exploits/linux/http/multi_ncc_ping_exec
/centreon/ exploits/linux/http/centreon_sqli_exec
/WebCalendar-1.2.4/ exploits/linux/http/webcalendar_settings_exec
/pandora_console/ exploits/linux/http/pandora_fms_sqli
/spywall/pbcontrol.php/ exploits/linux/http/symantec_web_gateway_pbcontrol
/dolibarr/ exploits/linux/http/dolibarr_cmd_exec
/vcms/ exploits/linux/http/vcms_upload
/zabbix/ exploits/linux/http/zabbix_sqli
/nagios3/cgi-bin/history.cgi/ exploits/unix/webapp/nagios3_history_cgi
/forums/ exploits/unix/webapp/invision_pboard_unserialize_exec
/seportal/ exploits/unix/webapp/seportal_sqli_exec
/opensis/ exploits/unix/webapp/opensis_modname_exec
/kimai/ exploits/unix/webapp/kimai_sqli
/joomla/ exploits/unix/webapp/joomla_media_upload_exec
/ProjectSend/ exploits/unix/webapp/projectsend_upload_exec
/hastymail2/ exploits/unix/webapp/hastymail_exec
/pp088/ exploits/unix/webapp/projectpier_upload_exec
/chat/ exploits/unix/webapp/flashchat_upload_exec
/narcissus-master/ exploits/unix/webapp/narcissus_backend_exec
/hybridauth/ exploits/unix/webapp/hybridauth_install_php_exec
/xoda/ exploits/unix/webapp/xoda_file_upload
/zm/ exploits/unix/webapp/zoneminder_packagecontrol_exec
/joomla/ exploits/unix/webapp/joomla_akeeba_unserialize
/index.php/ exploits/unix/webapp/carberp_backdoor_exec
/simple_e_document_v_1_31/ exploits/unix/webapp/simple_e_document_upload_exec
/librettoCMS_v.2.2.2/ exploits/unix/webapp/libretto_upload_exec
/lite/ exploits/unix/webapp/actualanalyzer_ant_cookie_exec
/zimbraAdmin/ exploits/unix/webapp/zimbra_lfi
/webtester5/ exploits/unix/webapp/webtester_exec
/sample/ exploits/unix/webapp/egallery_upload_exec
/horde/ exploits/unix/webapp/horde_unserialize_exec
/php-ofc-library/ exploits/unix/webapp/open_flash_chart_upload_exec
/basilic-1.5.14/ exploits/unix/webapp/basilic_diff_exec
/openemr/ exploits/unix/webapp/openemr_sqli_privesc_upload
/sugarcrm/ exploits/unix/webapp/sugarcrm_unserialize_exec
/tiki/ exploits/unix/webapp/tikiwiki_unserialize_exec
/php-charts_v1.0/ exploits/unix/webapp/php_charts_exec
/openemr/ exploits/unix/webapp/openemr_upload_exec
/GetSimpleCMS/ exploits/unix/webapp/get_simple_cms_upload_exec
/cgi-bin/mt/ exploits/unix/webapp/sixapart_movabletype_storable_exec
/do/view/Main/WebHome/ exploits/unix/http/twiki_debug_plugins
/SiteScope/ exploits/windows/http/hp_sitescope_dns_tool
/SiteScope/ exploits/windows/http/hp_sitescope_runomagentcommand
/cms400min/ exploits/windows/http/ektron_xslt_exec
/vfolder.ghp/ exploits/windows/http/efs_fmws_userid_bof
/umbraco/ exploits/windows/http/umbraco_upload_aspx
/ctc/servlet/ exploits/windows/http/sap_configservlet_exec_noauth
/cgi-bin/function.php?argument=/ exploits/windows/http/generic_http_dll_injection
/ws/control/ exploits/windows/http/oracle_endeca_exec
/php/test.php/ exploits/windows/http/php_apache_request_headers_bof
/autopass/ exploits/windows/http/hp_autopass_license_traversal
/index.jsp/ exploits/windows/http/bea_weblogic_post_bof
/imc/ exploits/windows/http/hp_imc_mibfileupload
/d4d/statusFilter.php/ exploits/windows/http/sonicwall_scrutinizer_sqli
/ exploits/freebsd/http/watchguard_cmd_exec
/ exploits/multi/http/nibbleblog_file_upload
/ exploits/multi/http/gitlab_shell_exec
/ exploits/multi/http/uptime_file_upload_1
/ exploits/multi/http/openfire_auth_bypass
/ exploits/multi/http/dexter_casinoloader_exec
/ exploits/multi/http/mantisbt_php_exec
/ exploits/multi/http/sonicwall_gms_upload
/ exploits/multi/http/drupal_drupageddon
/ exploits/multi/http/rails_secret_deserialization
/ exploits/multi/http/jira_hipchat_template
/ exploits/multi/http/cisco_dcnm_upload
/ exploits/multi/http/bolt_file_upload
/ exploits/multi/http/glassfish_deployer
/ exploits/multi/http/phpmoadmin_exec
/ exploits/multi/http/rails_json_yaml_code_exec
/ exploits/multi/http/vtiger_install_rce
/ exploits/multi/http/ispconfig_php_exec
/ exploits/multi/http/vbulletin_unserialize
/ exploits/multi/http/hyperic_hq_script_console
/ exploits/multi/elasticsearch/script_mvel_rce
/ exploits/multi/elasticsearch/search_groovy_script
/ exploits/linux/misc/jenkins_java_deserialize
/ exploits/linux/http/foreman_openstack_satellite_code_exec
/ exploits/linux/http/pandora_fms_exec
/ exploits/linux/http/kloxo_sqli
/ exploits/linux/http/astium_sqli_upload
/ exploits/linux/http/mutiny_frontend_upload
/ exploits/linux/http/alienvault_sqli_exec
/ exploits/linux/http/gitlist_exec
/ exploits/linux/http/f5_icontrol_exec
/ exploits/linux/http/sophos_wpa_iface_exec
/ exploits/linux/http/cfme_manageiq_evm_upload_exec
/ exploits/linux/http/seagate_nas_php_exec_noauth
/ exploits/linux/http/lifesize_uvc_ping_rce
/ exploits/linux/http/symantec_web_gateway_restore
/ exploits/linux/antivirus/escan_password_exec
/ exploits/unix/webapp/graphite_pickle_exec
/ exploits/unix/webapp/arkeia_upload_exec
/ exploits/unix/webapp/foswiki_maketext
/ exploits/unix/webapp/moinmoin_twikidraw
/ exploits/unix/webapp/joomla_comjce_imgmanager
/ exploits/unix/webapp/skybluecanvas_exec
/ exploits/unix/webapp/joomla_contenthistory_sqli_rce
/ exploits/unix/webapp/spip_connect_exec
/ exploits/unix/webapp/instantcms_exec
/ exploits/unix/webapp/clipbucket_upload_exec
/ exploits/unix/webapp/datalife_preview_exec
/ exploits/unix/webapp/maarch_letterbox_file_upload
/ exploits/unix/webapp/freepbx_config_exec
/ exploits/unix/webapp/havalite_upload_exec
/ exploits/unix/webapp/wp_advanced_custom_fields_exec
/ exploits/unix/webapp/zpanel_username_exec
/ exploits/unix/webapp/squash_yaml_exec
/ exploits/unix/webapp/twiki_maketext
/ exploits/unix/webapp/wp_google_document_embedder_exec
/ exploits/unix/webapp/tuleap_unserialize_exec
/ exploits/unix/webapp/zeroshell_exec
/ exploits/unix/ftp/proftpd_modcopy_exec
/ exploits/windows/http/jira_collector_traversal
/ exploits/windows/http/cyclope_ess_sqli
/ exploits/windows/http/avaya_ccr_imageupload_exec
/ exploits/windows/http/netgear_nms_rce
/ exploits/windows/http/oracle_beehive_prepareaudiotoplay
/ exploits/windows/http/sepm_auth_bypass_rce
/ exploits/windows/http/lexmark_markvision_gfd_upload
/ exploits/windows/http/sysax_create_folder
/ exploits/windows/http/novell_mdm_lfi
/ exploits/windows/http/manageengine_connectionid_write
/ exploits/windows/http/solarwinds_fsm_userlogin
/ exploits/windows/http/oracle_beehive_evaluation
/ exploits/windows/http/rejetto_hfs_exec
/ exploits/windows/scada/ge_proficy_cimplicity_gefebt
/ exploits/windows/antivirus/symantec_endpoint_manager_rce
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment