Plesk SMB 10.2.0 Vuln Report by NeXpose, XSS, CWE-79, CAPEC-86, Cross Site Scripting, DORK

Site Name	Start Time	End Time	Total Time	Status
plesk	October 10, 2010 11:49, EDT	October 10, 2010 12:25, EDT	36 minutes	Success

Node	Operating System	Risk	Aliases
vulnerable.plesk.smb.10.2.0.host	Microsoft Windows Server 2008 R2	7.41	plesk.cloudscan.me

3.1 Critical Vulnerabilities

3.1.1 HTTP Basic Authentication Enabled (http-basic-auth-cleartext)

Description:

The HTTP Basic Authentication scheme is not considered to be a secure method of user authentication (unless used in conjunction with some external secure system such as TLS/SSL), as the user name and password are passed over the network as cleartext.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/ADw-script AD4-alert(42) ADw-/ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/ADw-script AD4-alert(42) ADw-/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/ADw-script AD4-alert(42) ADw-/script AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/php/ADw-script AD4-alert(42) ADw-/script AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/CVS/ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/CVS/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/CVS/Entries ( http://vulnerable.plesk.smb.10.2.0.host/test/php/CVS/Entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/CVS/Root ( http://vulnerable.plesk.smb.10.2.0.host/test/php/CVS/Root ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host/test/php/DEADJOE ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.CGI ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.CGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.FCGI ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.FCGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php. ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php. ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php.old ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php~ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.php~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP3 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP4 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHP5 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PL ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PL ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PY ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.PY ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.RB ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.RB ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.SH ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.SH ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/test.SHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/php/test.SHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host/test/php/Trace.axd ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/php/WS_FTP.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/ ( http://vulnerable.plesk.smb.10.2.0.host/test/python/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/python/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/%23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/python/%23adojavas.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/%23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/python/%23adovbs.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host/test/python/%3f.jsp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/%3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host/test/python/%3f.jsp%5C ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/.svn/ ( http://vulnerable.plesk.smb.10.2.0.host/test/python/.svn/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/.svn/entries ( http://vulnerable.plesk.smb.10.2.0.host/test/python/.svn/entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adojavas.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/python/adovbs.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/ADw-script AD4-alert(42) ADw-/ ( http://vulnerable.plesk.smb.10.2.0.host/test/python/ADw-script AD4-alert(42) ADw-/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/ADw-script AD4-alert(42) ADw-/script AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/python/ADw-script AD4-alert(42) ADw-/script AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/CVS/ ( http://vulnerable.plesk.smb.10.2.0.host/test/python/CVS/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/CVS/Entries ( http://vulnerable.plesk.smb.10.2.0.host/test/python/CVS/Entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/CVS/Root ( http://vulnerable.plesk.smb.10.2.0.host/test/python/CVS/Root ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host/test/python/DEADJOE ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.CGI ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.CGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.FCGI ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.FCGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP3 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP4 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHP5 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PL ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PL ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.py ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.py ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PY ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.PY ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.py. ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.py. ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.RB ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.RB ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.SH ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.SH ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/test.SHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/python/test.SHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host/test/python/Trace.axd ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/python/WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/python/WS_FTP.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host/test/Trace.axd ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/WS_FTP.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/ ( http://vulnerable.plesk.smb.10.2.0.host/test/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host/test/%3f.jsp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/.svn/entries ( http://vulnerable.plesk.smb.10.2.0.host/test/.svn/entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/adojavas.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/adovbs.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/ADw-script AD4-alert(42) ADw-/script AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/ADw-script AD4-alert(42) ADw-/script AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%23adojavas.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%23adovbs.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%23test.aspx%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%23test.aspx%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%3f.jsp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/%3f.jsp%5C ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/.svn/ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/.svn/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/.svn/entries ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/.svn/entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adojavas.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/adovbs.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/ADw-script AD4-alert(42) ADw-/ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/ADw-script AD4-alert(42) ADw-/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/ADw-script AD4-alert(42) ADw-/script AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/ADw-script AD4-alert(42) ADw-/script AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/CVS/ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/CVS/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/CVS/Entries ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/CVS/Entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/CVS/Root ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/CVS/Root ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/DEADJOE ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx%3f.jsp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx%3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx%3f.jsp%5C ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx.old ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx~ ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/test.aspx~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/Trace.axd ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/aspnet/WS_FTP.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/CVS/Entries ( http://vulnerable.plesk.smb.10.2.0.host/test/CVS/Entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/CVS/Root ( http://vulnerable.plesk.smb.10.2.0.host/test/CVS/Root ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host/test/DEADJOE ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23adojavas.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23adovbs.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23info2www.cgi%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23info2www.cgi%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23info2www.pl%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23info2www.pl%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23test.pl%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%23test.pl%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%3f.jsp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/%3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/%3f.jsp%5C ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/.svn/ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/.svn/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/.svn/entries ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/.svn/entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adojavas.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/adovbs.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/ADw-script AD4-alert(42) ADw-/ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/ADw-script AD4-alert(42) ADw-/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/ADw-script AD4-alert(42) ADw-/script AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/ADw-script AD4-alert(42) ADw-/script AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/CVS/ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/CVS/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/CVS/Entries ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/CVS/Entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/CVS/Root ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/CVS/Root ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/DEADJOE ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.CGI ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.CGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi. ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi. ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi.old ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi~ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.cgi~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.FCGI ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.FCGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP3 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP4 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHP5 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PL ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PL ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl. ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl. ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.html ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.html ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.old ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.tdy ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.tdy ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl~ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.pl~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PY ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.PY ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.RB ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.RB ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.SH ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.SH ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.SHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/info2www.SHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.CGI ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.CGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.FCGI ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.FCGI ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP3 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP4 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHP5 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PL ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PL ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl. ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl. ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.html ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.html ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.old ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.tdy ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.tdy ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl~ ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.pl~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PY ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.PY ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.RB ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.RB ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.SH ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.SH ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.SHTML ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/test.SHTML ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/Trace.axd ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/perl/WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host/test/perl/WS_FTP.LOG ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host/test/php/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/%23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/php/%23adojavas.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/%23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/php/%23adovbs.inc%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/%23test.php%23 ( http://vulnerable.plesk.smb.10.2.0.host/test/php/%23test.php%23 ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host/test/php/%3f.jsp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/%3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host/test/php/%3f.jsp%5C ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/.svn/ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/.svn/ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/.svn/entries ( http://vulnerable.plesk.smb.10.2.0.host/test/php/.svn/entries ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc.old ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc.tmp ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adojavas.inc~ ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"
vulnerable.plesk.smb.10.2.0.host:80	Running vulnerable HTTP service. http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host/test/php/adovbs.inc.bak ) 1: Basic realm="vulnerable.plesk.smb.10.2.0.host"

References:

Source	Reference
URL	http://tools.ietf.org/html/rfc2617 ( http://tools.ietf.org/html/rfc2617 )

Vulnerability Solution:

Use Basic Authentication over TLS/SSL (HTTPS)

Enable HTTPS on the Web server. The TLS/SSL protocol will protect cleartext Basic Authentication credentials.
Use Digest Authentication

Replace Basic Authentication with the alternative Digest Authentication scheme. By modern cryptographic standards Digest Authentication is weak. But for a large range of purposes it is valuable as a replacement for Basic Authentication. It remedies some, but not all, weaknesses of Basic Authentication. See RFC 2617, section 4. Security Considerations ( http://tools.ietf.org/html/rfc2617#section-4 ) for more information.

3.1.2 MySQL Bug #32707: send_error() Buffer Overflow Vulnerability (mysql-bug-32707-send-error-bof)

Description:

A buffer overflow in MySQL 5.0 through 5.0.54 and 5.1 before 5.1.23 contains a flaw in the protocol layer. A long error message can cause a buffer overflow, potentially leading to execution of code.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
URL	http://bugs.mysql.com/bug.php?id=32707 ( http://bugs.mysql.com/bug.php?id=32707 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.54

Upgrade to MySQL v5.0.54

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.1.3 MySQL Bug #37428: User-Defind Function Remote Code Execution (mysql-bug-37428-user-defind-function-remote-codex)

Description:

MySQL server 5.0 before 5.0.67 contains a flaw in creating and dropping certain functions. Using MySQL's user-defined functions, an authenticated attacker can create a function in a shared library and run arbitrary code against the server.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
URL	http://bugs.mysql.com/bug.php?id=37428 ( http://bugs.mysql.com/bug.php?id=37428 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.67

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.1.4 MySQL dispatch_command() Multiple Format String Vulnerabilities (mysql-dispatch_command-multiple-format-string)

Description:

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
BID	35609 ( http://www.securityfocus.com/bid/35609 )
SECUNIA	35767 ( http://secunia.com/advisories/35767/ )
XF	mysql-dispatchcommand-format-string(51614) ( http://xforce.iss.net/xforce/xfdb/51614 )
CVE	CVE-2009-2446 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2446 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.84

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

3.1.5 MySQL yaSSL CertDecoder::GetName Multiple Buffer Overflows (mysql-yassl-certdecodergetname-multiple-bofs)

Description:

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
BID	37943 ( http://www.securityfocus.com/bid/37943 )
SECUNIA	38364 ( http://secunia.com/advisories/38364/ )
XF	mysql-unspecified-bo(55416) ( http://xforce.iss.net/xforce/xfdb/55416 )
CVE	CVE-2009-4484 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4484 )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html )
URL	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html ( http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html )
URL	http://bugs.mysql.com/bug.php?id=50227 ( http://bugs.mysql.com/bug.php?id=50227 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.90

Upgrade to MySQL v5.0.90

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.43

Upgrade to MySQL v5.1.43

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.1.6 MySQL yaSSL Multiple Buffer Overflow Vulnerabilities (mysql-yassl-multiple-bof)

Description:

When configured with SSL support, MySQL 5.0.x before 5.0.54a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4a is vulnerable to multiple buffer overflow vulnerabilities in the yaSSL package used to provide SSL support. The most severe of these vulnerabilities may allow unauthenticated remote code execution.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2008-0226 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0226 )
CVE	CVE-2008-0227 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0227 )
URL	http://bugs.mysql.com/bug.php?id=33814 ( http://bugs.mysql.com/bug.php?id=33814 )
BID	27140 ( http://www.securityfocus.com/bid/27140 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.54a

Upgrade to MySQL v5.0.54a

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^6.0.)

Upgrade to MySQL v6.0.4a

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2 Severe Vulnerabilities

3.2.1 MySQL Bug #29801: Remote Federated Engine Crash (mysql-bug-29801-remote-federated-engine-crash)

Description:

Versions of MySQL server before 5.0.52 and 5.1.23 suffer from a denial of service vulnerability via a flaw in the federated engine. On issuance of a command to a remote server (e.g., SHOW TABLE STATUS LIKE 'table'), the local federated server expects a query to contain fourteen columns. A response with less than fourteen columns causes the federated server to crash.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
URL	http://bugs.mysql.com/bug.php?id=29801 ( http://bugs.mysql.com/bug.php?id=29801 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.52

Upgrade to MySQL v5.0.52

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.2 MySQL Bug #38296: Nested Boolean Query Exhaustion Denial of Service (mysql-bug-38296-nested-boolean-query-exhaustion-dos)

Description:

There is a flaw in parsing queries in MySQL 5.0 before 5.0.68 and MySQL 5.1 before 5.1.28. An attacker can potentially cause the server to crash by sending a query with multiple nested logic operators, e.g. 'SELECT * FROM TABLE WHERE ... OR ( ... OR ( ... OR ( ...' etc.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
URL	http://bugs.mysql.com/bug.php?id=38296 ( http://bugs.mysql.com/bug.php?id=38296 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.68

Upgrade to MySQL v5.0.68

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.28

Upgrade to MySQL v5.1.28

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.3 MySQL COM_FIELD_LIST Command Buffer Overflow Vulnerability (mysql-com_field_list-command-bof)

Description:

A buffer overflow in MySQL 5.0 before 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2010-1850 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1850 )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html )
URL	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html ( http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html )
URL	http://bugs.mysql.com/bug.php?id=53237 ( http://bugs.mysql.com/bug.php?id=53237 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.91

Upgrade to MySQL v5.0.91

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.47

Upgrade to MySQL v5.1.47

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.4 MySQL Directory Traversal and Arbitrary Table Access Vulnerability (mysql-directory-traversal-and-arbitrary-table-access)

Description:

Directory traversal vulnerability in MySQL 5.0 before 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2010-1848 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1848 )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html )
URL	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html ( http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html )
URL	http://bugs.mysql.com/bug.php?id=53371 ( http://bugs.mysql.com/bug.php?id=53371 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.91

Upgrade to MySQL v5.0.91

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.47

Upgrade to MySQL v5.1.47

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.5 MySQL MyISAM Table Privilege Check Bypass (mysql-myisam-table-privilege-check-bypass)

Description:

Certain versions of MySQL allow local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
BID	29106 ( http://www.securityfocus.com/bid/29106 )
CVE	CVE-2008-4097 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4097 )
CVE	CVE-2008-4098 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4098 )
SECUNIA	30134 ( http://secunia.com/advisories/30134/ )
URL	http://bugs.mysql.com/bug.php?id=32167 ( http://bugs.mysql.com/bug.php?id=32167 )
URL	http://lists.mysql.com/commits/50036 ( http://lists.mysql.com/commits/50036 )
URL	http://lists.mysql.com/commits/50773 ( http://lists.mysql.com/commits/50773 )

Vulnerability Solution:

MySQL (?:^6.0.)

Upgrade to MySQL v6.0.10

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.32

Upgrade to MySQL v5.1.32

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.0.0 and < 5.0.68

Upgrade to MySQL v5.0.77

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^4.1.)

Upgrade to MySQL v4.1.25

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/4.1.html ( http://dev.mysql.com/downloads/mysql/4.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.6 MySQL vio_verify_callback() Zero-Depth X.509 Certificate Vulnerability (mysql-vio_verify_callback-zero-depth-x-509-certificate)

Description:

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 accepts a value of zero for the depth of X.509 certificates when OpenSSL is used. This allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2009-4028 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4028 )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html )
URL	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html ( http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html )
URL	http://bugs.mysql.com/bug.php?id=47320 ( http://bugs.mysql.com/bug.php?id=47320 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.88

Upgrade to MySQL v5.0.88

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.41

Upgrade to MySQL v5.1.41

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.7 X.509 Certificate Subject CN Does Not Match the Entity Name (certificate-common-name-mismatch)

Description:

The subject common name (CN) field in the X.509 certificate does not match the name of the entity presenting the certificate.

Before issuing a certificate, a Certification Authority (CA) must check the identity of the entity requesting the certificate, as specified in the CA's Certification Practice Statement (CPS). Thus, standard certificate validation procedures require the subject CN field of a certificate to match the actual name of the entity presenting the certificate. For example, in a certificate presented by "https://www.example.com/", the CN should be "www.example.com".

In order to detect and prevent active eavesdropping attacks, the validity of a certificate must be verified, else an attacker could then launch a man-in-the-middle attack and gain full control of the data stream. Of particular importance is the validity of the subject's CN, that should match the name of the entity (hostname).

A CN mismatch most often occurs due to a configuration error, though it can also indicate that a man-in-the-middle attack is being conducted.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:443	The subject common name found in the X.509 certificate ('CN=Parallels Panel') does not seem to match the scan target 'vulnerable.plesk.smb.10.2.0.host': Subject CN 'Parallels Panel' does not match node name 'vulnerable.plesk.smb.10.2.0.host' Subject CN 'Parallels Panel' does not match DNS name 'plesk.cloudscan.me'
vulnerable.plesk.smb.10.2.0.host:8443	The subject common name found in the X.509 certificate ('CN=Parallels Panel') does not seem to match the scan target 'vulnerable.plesk.smb.10.2.0.host': Subject CN 'Parallels Panel' does not match node name 'vulnerable.plesk.smb.10.2.0.host' Subject CN 'Parallels Panel' does not match DNS name 'plesk.cloudscan.me'

Additional Information:

vulnerable.plesk.smb.10.2.0.host:443

The subject common name found in the X.509 certificate ('CN=Parallels Panel') does not seem to match the scan target 'vulnerable.plesk.smb.10.2.0.host':

Subject CN 'Parallels Panel' does not match node name 'vulnerable.plesk.smb.10.2.0.host'
Subject CN 'Parallels Panel' does not match DNS name 'plesk.cloudscan.me'

vulnerable.plesk.smb.10.2.0.host:8443

The subject common name found in the X.509 certificate ('CN=Parallels Panel') does not seem to match the scan target 'vulnerable.plesk.smb.10.2.0.host':

Subject CN 'Parallels Panel' does not match node name 'vulnerable.plesk.smb.10.2.0.host'
Subject CN 'Parallels Panel' does not match DNS name 'plesk.cloudscan.me'

References:

None

Vulnerability Solution:

The subject's common name (CN) field in the X.509 certificate should be fixed to reflect the name of the entity presenting the certificate (e.g., the hostname). This is done by generating a new certificate usually signed by a Certification Authority (CA) trusted by both the client and server.

3.2.8 Cross Site Scripting Vulnerability (http-cgi-0010)

Description:

The web application is vulnerable to cross-site scripting (XSS). Cross-site scripting vulnerabilities allow malicious attackers to take advantage of web server scripts to inject JavaScript or HTML code that is executed on the client-side browser. This is often caused by server-side scripts written in languages such as PHP, ASP, .NET, Perl or Java that do not adequately filter data sent along with page requests. This malicious code will appear to come from your web application when it runs in the browser of an unsuspecting user.

An exploit script can be made to:

access other sites inside another client's private intranet.
steal another client's cookie(s).
modify another client's cookie(s).
steal another client's submitted form data.
modify another client's submitted form data (before it reaches the server).
submit a form to your application on the user's behalf which modifies passwords or other application data

The two most common methods of attack are:

Clicking on a URL link sent in an e-mail
Clicking on a URL link while visiting a website

In both scenarios, the URL will generally link to the trusted site, but will contain additional data that is used to trigger the XSS attack.

Note that SSL connectivity does not protect against this issue.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:8443	Injected into the "login_name" form parameter on https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ) : 28: turnAutocompleteOff(); 29: loff(); 30: var std_context = 'login_up'; 31: SetHelpPrefix(''); SetContext(std_context, ''); 32: ...ButtonByName(" <script>nxpxsstest ");
vulnerable.plesk.smb.10.2.0.host:8443	Injected into the "passwd" form parameter on https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ) : 28: turnAutocompleteOff(); 29: loff(); 30: var std_context = 'login_up'; 31: SetHelpPrefix(''); SetContext(std_context, ''); 32: ...nByName("\'\'> <script>nxpxsstest ");
vulnerable.plesk.smb.10.2.0.host:8443	Injected into the "passwd" form parameter on https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ) : 28: turnAutocompleteOff(); 29: loff(); 30: var std_context = 'login_up'; 31: SetHelpPrefix(''); SetContext(std_context, ''); 32: ...onByName("\'\' <script>nxpxsstest ");
vulnerable.plesk.smb.10.2.0.host:8443	Injected into the "locale_id" form parameter on https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 ) : 28: turnAutocompleteOff(); 29: loff(); 30: var std_context = 'login_up'; 31: SetHelpPrefix(''); SetContext(std_context, ''); 32: ...ButtonByName(" </XSS/-/STYLE=xss:e/**/xpression(nxpsstest)> ");

References:

Source	Reference
CERT	CA-2000-02 ( http://www.cert.org/advisories/CA-2000-02.html )
URL	http://en.wikipedia.org/wiki/Cross_site_scripting ( http://en.wikipedia.org/wiki/Cross_site_scripting )

Vulnerability Solution:

Audit the affected url and other similar dynamic pages or scripts that could be relaying untrusted malicious data from the user input. In general, the following practices should be followed while developing dynamic web content:

Explicitly set the character set encoding for each page generated by the web server
Identify special characters
Encode dynamic output elements
Filter specific characters in dynamic elements
Examine cookies

For more information on the above practices, read the following CERT advisory: CERT Advisory CA-2000-02 ( http://www.cert.org/tech_tips/malicious_code_mitigation.html )

For ASP.NET applications, the validateRequest attribute can be added to the page or the web.config. For example:
```
        <%@ Page ... validateRequest="true" %>

        OR

        <system.web>
         <pages validateRequest="true" />
        </system.web>
      
```
In addition, all dynamic content should be HTML encoded using HTTPUtility.HTMLEncode.
For PHP applications, input data should be validated using functions such as strip_tags and utf8_decode. Dynamic content should be HTML encoded using htmlentities.
For Perl applications, input data should be validated whenever possible using regular expressions. Dynamic content should be HTML encoded using HTML::Entities::encode or Apache::Util::html_encode (when using mod_perl).

3.2.9 MySQL 'DATA DIRECTORY' and 'INDEX DIRECTORY' MyISAM Table Privilege Escalation Vulnerability (mysql-datadir-isam-table-privilege-escalation)

Description:

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2008-2079 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2079 )
URL	http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html ( http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html )
URL	http://bugs.mysql.com/32091 ( http://bugs.mysql.com/32091 )
XF	mysql-datadirectory-privilege-escalation(38988) ( http://xforce.iss.net/xforce/xfdb/38988 )

Vulnerability Solution:

MySQL (?:^4.1.)

Upgrade to MySQL v4.1.24

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/4.1.html ( http://dev.mysql.com/downloads/mysql/4.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.0.0 and < 5.0.60

Upgrade to MySQL v5.0.60

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.24

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^6.0.)

Upgrade to MySQL v6.0.5

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.10 MySQL Empty Bit-String Literal Denial of Service (mysql-empty-bit-string-dos)

Description:

Certain versions of MySQL do not correctly handle SQL requests containing empty literal bit-string, such as:

       select b'';

This could allow a remote authenticated user to crash the service.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2008-3963 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3963 )
SECUNIA	31769 ( http://secunia.com/advisories/31769/ )
URL	http://bugs.mysql.com/bug.php?id=35658 ( http://bugs.mysql.com/bug.php?id=35658 )

Vulnerability Solution:

MySQL (?:^5.0.)

Upgrade to MySQL v5.0.66

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.26

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^6.0.)

Upgrade to MySQL v6.0.6

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.11 MySQL Federated Engine SHOW TABLE STATUS query denial-of-service (mysql-federated-engine-show-table-status-dos)

Description:

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2007-6304 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6304 )
BID	26832 ( http://www.securityfocus.com/bid/26832 )
URL	http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html ( http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html )
URL	http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html ( http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html )
XF	mysql-federated-engine-dos(38990) ( http://xforce.iss.net/xforce/xfdb/38990 )

Vulnerability Solution:

MySQL (?:^5.0.)

Upgrade to MySQL v5.0.51a

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^6.0.)

Upgrade to MySQL v6.0.4

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.12 TLS/SSL Server Supports SSLv2 (sslv2-and-up-enabled)

Description:

Although the server accepts clients using TLS or SSLv3, it also accepts clients using SSLv2. SSLv2 is an older implementation of the Secure Sockets Layer protocol. It suffers from a number of security flaws allowing attackers to capture and alter information passed between a client and the server, including the following weaknesses:

No protection from against man-in-the-middle attacks during the handshake.
Weak MAC construction and MAC relying solely on the MD5 hash function.
Exportable cipher suites unnecessarily weaken the MACs
Same cryptographic keys used for message authentication and encryption.
Vulnerable to truncation attarks by forged TCP FIN packets

SSLv2 has been deprecated and is no longer recommended. Note that neither SSLv2 nor SSLv3 meet the U.S. FIPS 140-2 standard, which governs cryptographic modules for use in federal information systems. Only the newer TLS (Transport Layer Security) protocol meets FIPS 140-2 requirements. In addition, the presence of an SSLv2-only service on a host is deemed a failure by the PCI (Payment Card Industry) Data Security Standard.

Note that this vulnerability will be reported when the remote server supports SSLv2 regardless of whether TLS or SSLv3 are also supported.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:443	SSLv2 is supported
vulnerable.plesk.smb.10.2.0.host:8443	SSLv2 is supported

Additional Information:

vulnerable.plesk.smb.10.2.0.host:443

SSLv2 is supported

vulnerable.plesk.smb.10.2.0.host:8443

SSLv2 is supported

References:

Source	Reference
URL	http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm ( http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm )
URL	https://www.pcisecuritystandards.org/pdfs/pcissc_assessors_nl_2008-11.pdf ( https://www.pcisecuritystandards.org/pdfs/pcissc_assessors_nl_2008-11.pdf )

Vulnerability Solution:

Configure the server to require clients to use at least SSLv3 or TLS.

For Microsoft IIS web servers, see Microsoft Knowledgebase article Q187498 ( http://support.microsoft.com/?id=187498 ) for instructions on disabling SSL 2.0.

For Apache web servers with mod_ssl, edit the Apache configuration file and change the SSLCipherSuite line to read:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!SSLv2

The ! (exclamation point) before SSLv2 is what disables this protocol.

3.2.13 MySQL Bug #29908: ALTER VIEW Privilege Escalation Vulnerability (mysql-bug-29908-alter-view-priv-esc)

Description:

A flaw in the ALTER VIEW routine of MySQL allows for the opportunity of an authenticated user to elevate their privileges in certain contexts.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
URL	http://bugs.mysql.com/bug.php?id=29908 ( http://bugs.mysql.com/bug.php?id=29908 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.52

Upgrade to MySQL v5.0.52

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.14 MySQL Bug #44798: Stored Procedures Server Crash (mysql-bug-44798-stored-procedures-server-crash)

Description:

Versions of MySQL server 5.0 before 5.0.84 and 5.1 before 5.1.36 suffer from a privilege interpretation flaw that causes a server crash. A user created with the privileges to create stored procedures but not execute them will trigger this issue.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
URL	http://bugs.mysql.com/bug.php?id=44798 ( http://bugs.mysql.com/bug.php?id=44798 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.84

Upgrade to MySQL v5.0.84

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.36

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.15 MySQL InnoDB Denial of Service (mysql-innodb-dos)

Description:

Certain versions of MySQL contain an assertion error within the InnoDB engine. The convert_search_mode_to_innobase function in ha_innodb.cc allows remote authenticated users to cause a denial of service (database crash) with a query using CONTAINS on a column that does not support SPATIAL indexes.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
BID	26353 ( http://www.securityfocus.com/bid/26353 )
CVE	CVE-2007-5925 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5925 )
SECUNIA	27568 ( http://secunia.com/advisories/27568/ )
URL	http://bugs.mysql.com/bug.php?id=32125 ( http://bugs.mysql.com/bug.php?id=32125 )

Vulnerability Solution:

MySQL (?:^5.0.)

Upgrade to MySQL v5.0.24

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^6.0.)

Upgrade to MySQL v6.0.4

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.16 MySQL my_net_skip_rest Packet Length Denial of Service Vulnerability (mysql-my_net_skip_rest-packet-length-dos)

Description:

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 before 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
CVE	CVE-2010-1849 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1849 )
URL	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html ( http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html )
URL	http://bugs.mysql.com/bug.php?id=53371 ( http://bugs.mysql.com/bug.php?id=53371 )
URL	http://bugs.mysql.com/bug.php?id=50974 ( http://bugs.mysql.com/bug.php?id=50974 )

Vulnerability Solution:

MySQL >= 5.0.0 and < 5.0.91

Upgrade to MySQL v5.0.91

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL >= 5.1.0 and < 5.1.47

Upgrade to MySQL v5.1.47

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.17 MySQL DATA DIRECTORY and INDEX DIRECTORY symlink system table overwrite (mysql-system-table-symlink-overwrite)

Description:

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:3306	Running vulnerable MySQL service: MySQL 5.0.45.

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
BID	26765 ( http://www.securityfocus.com/bid/26765 )
CVE	CVE-2007-5969 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5969 )
SECUNIA	27981 ( http://secunia.com/advisories/27981/ )

Vulnerability Solution:

MySQL (?:^5.0.)

Upgrade to MySQL v5.0.51

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.0.html ( http://dev.mysql.com/downloads/mysql/5.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^5.1.)

Upgrade to MySQL v5.1.23

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.
MySQL (?:^6.0.)

Upgrade to MySQL v6.0.4

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/6.0.html ( http://dev.mysql.com/downloads/mysql/6.0.html )

Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

3.2.18 Self-signed TLS/SSL certificate (ssl-self-signed-certificate)

Description:

The server's TLS/SSL certificate is self-signed. Self-signed certificates cannot be trusted by default, especially because TLS/SSL man-in-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.

Affected Nodes:

Additional Information:

vulnerable.plesk.smb.10.2.0.host:443

TLS/SSL certificate is self-signed.

vulnerable.plesk.smb.10.2.0.host:8443

TLS/SSL certificate is self-signed.

References:

None

Vulnerability Solution:

Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server. The exact instructions for obtaining a new certificate depend on your organization's requirements. Generally, you will need to generate a certificate request and save the request as a file. This file is then sent to a Certificate Authority (CA) for processing. Your organization may have its own internal Certificate Authority. If not, you may have to pay for a certificate from a trusted external Certificate Authority, such as Thawte ( http://www.thawte.com ) or Verisign ( http://www.verisign.com ) .

3.3 Moderate Vulnerabilities

3.3.1 Microsoft IIS Authentication Method Disclosure (http-iis-auth-method-disclosure)

Description:

Microsoft IIS supports Basic and NTLM authentication. The authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted.

When a valid authentication request is submitted for either message with an invalid username and password, an error message will be returned. This happens even if anonymous access to the requested resource is allowed. An attacker may be able to use this information to launch further intelligent attacks against the server, or to launch a brute force password attack against a known user name.

Affected Nodes:

Additional Information:

vulnerable.plesk.smb.10.2.0.host:80

The server responded with a 401/Unauthorized error code when requesting:

http://vulnerable.plesk.smb.10.2.0.host:80/ ( http://vulnerable.plesk.smb.10.2.0.host:80/ )

with the header:

Authorization: Negotiate TlRMTVNTUAABAAAAB4IoAAAAAAAAAAAAAAAAAAAAAA=

vulnerable.plesk.smb.10.2.0.host:8443

The server responded with a 401/Unauthorized error code when requesting:

https://vulnerable.plesk.smb.10.2.0.host:8443/ ( https://vulnerable.plesk.smb.10.2.0.host:8443/ )

with the header:

Authorization: Negotiate TlRMTVNTUAABAAAAB4IoAAAAAAAAAAAAAAAAAAAAAA=

References:

Source	Reference
CVE	CVE-2002-0419 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0419 )
BID	4235 ( http://www.securityfocus.com/bid/4235 )

Vulnerability Solution:

If the server is intended for public use then it may be possible to simply disable both basic and integrated Windows authentication. Sites that use form-based logins when users are authenticated against a database and track logged in users with cookies will be able to disable these authentication methods. Doing this will prevent such attacks.

If basic or integrated Windows authentication is required on the server, these steps should be considered:

Set the account lockout threshold to help minimize the risk of successful brute force attacks. Using the "passprop" utility it is possible to enable account lockout for the default "administrator" account.
Rename the administrator account if this has not already been done.

3.3.2 MySQL HTML Output Script Insertion Vulnerability (mysql-html-output-script-insertion)

Description:

A cross-site scripting (XSS) vulnerability exists in the command-line client when the "--html" option is enabled. This could allow attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by the client when composing an HTML document.

Affected Nodes:

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service: MySQL 5.0.45.

References:

Source	Reference
BID	31486 ( http://www.securityfocus.com/bid/31486 )
CVE	CVE-2008-4456 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4456 )
SECUNIA	32072 ( http://secunia.com/advisories/32072/ )
URL	http://bugs.mysql.com/bug.php?id=27884 ( http://bugs.mysql.com/bug.php?id=27884 )
URL	http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability ( http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability )

Vulnerability Solution:

MySQL (?:^5.1.)

Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql/5.1.html ( http://dev.mysql.com/downloads/mysql/5.1.html )

3.3.3 ICMP timestamp response (generic-icmp-timestamp)

Description:

The remote host responded to an ICMP timestamp request. The ICMP timestamp response contains the remote host's date and time. This information could theoretically be used against some systems to exploit weak time-based random number generators in other services.

In addition, the versions of some operating systems can be accurately fingerprinted by analyzing their responses to invalid ICMP timestamp requests.

Affected Nodes:

Additional Information:

vulnerable.plesk.smb.10.2.0.host

Remote system time: 12:04:06.000 EDT

References:

Source	Reference
XF	icmp-timestamp(322) ( http://xforce.iss.net/xforce/xfdb/322 )
CVE	CVE-1999-0524 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 )

Vulnerability Solution:

HP-UX

Disable ICMP timestamp responses on HP/UX

Execute the following command:

ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0

The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Cisco IOS

Disable ICMP timestamp responses on Cisco IOS

Use ACLs to block ICMP types 13 and 14. For example:
```
   deny icmp any any 13
```
```
   deny icmp any any 14
```
Note that it is generally preferable to use ACLs that block everything by default and then selectively allow certain types of traffic in. For example, block everything and then only allow ICMP unreachable, ICMP echo reply, ICMP time exceeded, and ICMP source quench:
```
   permit icmp any any unreachable
```
```
   permit icmp any any echo-reply
```
```
   permit icmp any any time-exceeded
```
```
   permit icmp any any source-quench
```
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
SGI Irix

Disable ICMP timestamp responses on SGI Irix

IRIX does not offer a way to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using ipfilterd, and/or block it at any external firewalls.

The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Linux

Disable ICMP timestamp responses on Linux

Linux offers neither a sysctl nor a /proc/sys/net/ipv4 interface to disable ICMP timestamp responses. Therefore, you should block ICMP on the affected host using iptables, and/or block it at the firewall. For example:
```
   ipchains -A input -p icmp --icmp-type timestamp-request -j DROP
```
```
   ipchains -A output -p icmp --icmp-type timestamp-reply -j DROP
```
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition

Disable ICMP timestamp responses on Windows NT 4

Windows NT 4 does not provide a way to block ICMP packets. Therefore, you should block them at the firewall.

The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
OpenBSD

Disable ICMP timestamp responses on OpenBSD

Set the "net.inet.icmp.tstamprepl" sysctl variable to 0.
```
   sysctl -w net.inet.icmp.tstamprepl=0
```
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Cisco PIX

Disable ICMP timestamp responses on Cisco PIX

A properly configured PIX firewall should never respond to ICMP packets on its external interface. In PIX Software versions 4.1(6) until 5.2.1, ICMP traffic to the PIX's internal interface is permitted; the PIX cannot be configured to NOT respond. Beginning in PIX Software version 5.2.1, ICMP is still permitted on the internal interface by default, but ICMP responses from its internal interfaces can be disabled with the icmp command, as follows, where <inside> is the name of the internal interface:
```
   icmp deny any 13 <inside>
```
```
   icmp deny any 14 <inside>
```
Don't forget to save the configuration when you are finished.

See Cisco's support document Handling ICMP Pings with the PIX Firewall ( http://www.cisco.com/warp/public/110/31.html ) for more information.

The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Sun Solaris

Disable ICMP timestamp responses on Solaris

Execute the following commands:
```
   /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0
```
```
   /usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
```
The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server

Disable ICMP timestamp responses on Windows 2000

Use the IPSec filter feature to define an apply an IP filter list that blocks ICMP types 13 and 14. Note that the standard TCP/IP blocking capability under the "Networking and Dialup Connections" control panel is NOT capable of blocking ICMP (only TCP and UDP). The IPSec filter features, while they may seem strictly related to the IPSec standards, will allow you to selectively block these ICMP packets. See http://support.microsoft.com/kb/313190 ( http://support.microsoft.com/kb/313190 ) for more information.

The easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).
Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional, Microsoft Windows Server 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003

Disable ICMP timestamp responses on Windows XP/2K3

ICMP timestamp responses can be disabled by deselecting the "allow incoming timestamp request" option in the ICMP configuration panel of Windows Firewall.
1. Go to the Network Connections control panel.
2. Right click on the network adapter and select "properties", or select the internet adapter and select File->Properties.
3. Select the "Advanced" tab.
4. In the Windows Firewall box, select "Settings".
5. Select the "General" tab.
6. Enable the firewall by selecting the "on (recommended)" option.
7. Select the "Advanced" tab.
8. In the ICMP box, select "Settings".
9. Deselect (uncheck) the "Allow incoming timestamp request" option.
10. Select "OK" to exit the ICMP Settings dialog and save the settings.
11. Select "OK" to exit the Windows Firewall dialog and save the settings.
12. Select "OK" to exit the internet adapter dialog.
For more information, see: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true ( http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true )
Microsoft Windows Vista, Microsoft Windows Vista Home, Basic Edition, Microsoft Windows Vista Home, Basic N Edition, Microsoft Windows Vista Home, Premium Edition, Microsoft Windows Vista Ultimate Edition, Microsoft Windows Vista Enterprise Edition, Microsoft Windows Vista Business Edition, Microsoft Windows Vista Business N Edition, Microsoft Windows Vista Starter Edition, Microsoft Windows Server 2008, Microsoft Windows Server 2008 Standard Edition, Microsoft Windows Server 2008 Enterprise Edition, Microsoft Windows Server 2008 Datacenter Edition, Microsoft Windows Server 2008 HPC Edition, Microsoft Windows Server 2008 Web Edition, Microsoft Windows Server 2008 Storage Edition, Microsoft Windows Small Business Server 2008, Microsoft Windows Essential Business Server 2008

Disable ICMP timestamp responses on Windows Vista/2008

ICMP timestamp responses can be disabled via the netsh command line utility.
1. Go to the Windows Control Panel.
2. Select "Windows Firewall".
3. In the Windows Firewall box, select "Change Settings".
4. Enable the firewall by selecting the "on (recommended)" option.
5. Open a Command Prompt.
6. Enter "netsh firewall set icmpsetting 13 disable"
For more information, see: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true ( http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/hnw_understanding_firewall.mspx?mfr=true )
Disable ICMP timestamp responses

Disable ICMP timestamp replies for the device. If the device does not support this level of configuration, the easiest and most effective solution is to configure your firewall to block incoming and outgoing ICMP packets with ICMP types 13 (timestamp request) and 14 (timestamp response).

3.3.4 Database Open Access (database-open-access)

Description:

The database allows any remote system the ability to connect to it. It is recommended to limit direct access to trusted systems because databases may contain sensitive data, and new vulnerabilities and exploits are discovered routinely for them. For this reason, it is a violation of PCI DSS section 1.3.7 to have databases listening on ports accessible from the Internet, even when protected with secure authentication mechanisms.

Affected Nodes:

Additional Information:

vulnerable.plesk.smb.10.2.0.host:3306

Running vulnerable MySQL service.

References:

Source	Reference
URL	https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf ( https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf )

Vulnerability Solution:

Configure the database server to only allow access to trusted systems. For example, the PCI DSS standard requires to place the database in an internal network zone, segregated from the DMZ

3.3.5 WebDAV Extensions are Enabled (http-generic-webdav-enabled)

Description:

WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. Many web servers enable WebDAV extensions by default, even when they are not needed. Because of its added complexity, it is considered good practice to disable WebDAV if it is not currently in use.

Affected Nodes:

Affected Nodes:	Additional Information:
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/common/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/css/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/css/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/images/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/images/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/apps/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/apps/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/common/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/glyph/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/glyph/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/icons/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/icons/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/include/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:80	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/include/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/css/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/apps/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/apps/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/common/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/common/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/glyph/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/glyph/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/icons/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/img/icons/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/include/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/include/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/images/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/images/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/css/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/', it is apparent that WebDAV is enabled.
vulnerable.plesk.smb.10.2.0.host:443	Because the HTTP methods 'GET, HEAD, OPTIONS, TRACE, COPY, PROPFIND, LOCK, UNLOCK' were found in the OPTIONS response on the directory '/', it is apparent that WebDAV is enabled.

References:

Source	Reference
URL	http://www.nextgenss.com/papers/iisrconfig.pdf ( http://www.nextgenss.com/papers/iisrconfig.pdf )

Vulnerability Solution:

IIS, PWS, Microsoft-IIS, Internet Information Server, Internet Information Services, Microsoft-PWS

Disable WebDAV for IIS

For Microsoft IIS, follow Microsoft's instructions ( http://support.microsoft.com/default.aspx?kbid=241520 ) to disable WebDAV for the entire server.
Apache

Disable WebDAV for Apache

Make sure the mod_dav module is disabled, or ensure that authentication is required on directories where DAV is required.
Apache Tomcat, Tomcat, Tomcat Web Server

Disable WebDAV for Apache Tomcat

Disable the WebDAV Servlet for all web applications found on the web server. This can be done by removing the servlet definition for WebDAV (the org.apache.catalina.servlets.WebdavServlet class) and remove all servlet mappings referring to the WebDAV servlet.
Java System Web Server, iPlanet, SunONE WebServer, Sun-ONE-Web-Server

Disable WebDAV for iPlanet/Sun ONE

Disable WebDAV on the web server. This can be done by disabling WebDAV for the server instance and for all virtual servers.

To disable WebDAV for the server instance, enter the Server Manager and uncheck the "Enable WebDAV Globally" checkbox then click the "OK" button.

To disable WebDAV for each virtual server, enter the Class Manager and uncheck the "Enable WebDAV Globally" checkbox next to each server instance then click the "OK" button.

9.1 http://vulnerable.plesk.smb.10.2.0.host:80

9.1.1 Common Default URLs

The following URLs were guessed. They are often included with default web server or web server add-on installations.

9.1.1.1 Access Error (403)

css ( http://vulnerable.plesk.smb.10.2.0.host:80/css/ )
images ( http://vulnerable.plesk.smb.10.2.0.host:80/images/ )
img ( http://vulnerable.plesk.smb.10.2.0.host:80/img/ )
include ( http://vulnerable.plesk.smb.10.2.0.host:80/include/ )

9.1.1.2 Error (500)

cgi-bin ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/ )
- printenv ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/printenv )
- test-cgi ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/test-cgi )

9.1.1.3 Requires Authentication (401)

test ( http://vulnerable.plesk.smb.10.2.0.host:80/test/ )

9.1.2 Guessed URLs

The following URLs were guessed using various tricks based on the discovered web site content.

9.1.2.1 Access Error (403)

Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/Trace.axd )
css
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/css/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/images/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/img/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/img/apps/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/img/common/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/img/glyph/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/img/icons/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/include/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/css/Trace.axd )
images
- Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/images/Trace.axd )
img
- Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/img/Trace.axd )
- apps ( http://vulnerable.plesk.smb.10.2.0.host:80/img/apps/ )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/img/apps/Trace.axd )
- common ( http://vulnerable.plesk.smb.10.2.0.host:80/img/common/ )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/img/common/Trace.axd )
- glyph ( http://vulnerable.plesk.smb.10.2.0.host:80/img/glyph/ )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/img/glyph/Trace.axd )
- icons ( http://vulnerable.plesk.smb.10.2.0.host:80/img/icons/ )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/img/icons/Trace.axd )
include
- Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/include/Trace.axd )

9.1.2.2 Error (400)

"<script>TestScriptValueHere< ( http://vulnerable.plesk.smb.10.2.0.host:80/"<script>TestScriptValueHere</ )
- script>" ( http://vulnerable.plesk.smb.10.2.0.host:80/"<script>TestScriptValueHere</script>" )
index.html
- <script>xss<
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/index.html/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/index.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page1.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page2.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page3.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page4.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page5.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page6.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/page7.php/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.html/<script>xss</script> )
  - script> ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php/<script>xss</script> )
index.php
page1.php
page2.php
page3.php
page4.php
page5.php
page6.php
page7.php
test
- aspnet
  - %3f.jsp%00 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/%3f.jsp%00 )
  - test.aspx%3f.jsp%00 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx%3f.jsp%00 )
  - test.aspx
- perl
  - %3f.jsp%00 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%3f.jsp%00 )
  - info2www.cgi%00 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi%00 )
  - test.pl.html
- php
  - %3f.jsp%00 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/%3f.jsp%00 )
  - test.php
- python
  - %3f.jsp%00 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/%3f.jsp%00 )

9.1.2.3 Error (500)

cgi-bin
- %3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/%3f.jsp )
- .svn
  - entries ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/.svn/entries )
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- ADw-script AD4-alert(42) ADw-
  - script AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/ADw-script AD4-alert(42) ADw-/script AD4- )
- CVS
  - Entries ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/CVS/Entries )
  - Root ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/CVS/Root )
- DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/DEADJOE )
- Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/Trace.axd )
- WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/WS_FTP.LOG )
- Web.sitemap ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/Web.sitemap )
- adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/adojavas.inc )
- adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/adovbs.inc )
- web.config ( http://vulnerable.plesk.smb.10.2.0.host:80/cgi-bin/web.config )

9.1.2.4 Requires Authentication (401)

test
- %3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/%3f.jsp )
- .svn
  - entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/.svn/entries )
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- ADw-script AD4-alert(42) ADw-
  - script AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/ADw-script AD4-alert(42) ADw-/script AD4- )
- CVS
  - Entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/CVS/Entries )
  - Root ( http://vulnerable.plesk.smb.10.2.0.host:80/test/CVS/Root )
- DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host:80/test/DEADJOE )
- Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/test/Trace.axd )
- WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/WS_FTP.LOG )
- adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/adojavas.inc )
- adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/adovbs.inc )
- aspnet ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/ )
  - %23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/%23adovbs.inc%23 )
  - %23test.aspx%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/%23test.aspx%23 )
  - %3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/%3f.jsp )
  - %3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/%3f.jsp%5C )
  - .svn ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/.svn/ )
    
    entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/CVS/ )
    
    Entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/CVS/Entries )
    
    Root ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/CVS/Root )
  - DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/DEADJOE )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/Trace.axd )
  - WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/WS_FTP.LOG )
  - adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adojavas.inc )
  - adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adojavas.inc.bak )
  - adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adojavas.inc.old )
  - adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adojavas.inc.tmp )
  - adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adojavas.inc~ )
  - adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adovbs.inc )
  - adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adovbs.inc.bak )
  - adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adovbs.inc.old )
  - adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adovbs.inc.tmp )
  - adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/adovbs.inc~ )
  - test.aspx%3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx%3f.jsp )
  - test.aspx%3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx%3f.jsp%5C )
  - test.aspx.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx.bak )
  - test.aspx.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx.old )
  - test.aspx.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx.tmp )
  - test.aspx~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx~ )
- perl ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/ )
  - %23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%23adovbs.inc%23 )
  - %23info2www.cgi%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%23info2www.cgi%23 )
  - %23info2www.pl%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%23info2www.pl%23 )
  - %23test.pl%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%23test.pl%23 )
  - %3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%3f.jsp )
  - %3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/%3f.jsp%5C )
  - .svn ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/.svn/ )
    
    entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/CVS/ )
    
    Entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/CVS/Entries )
    
    Root ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/CVS/Root )
  - DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/DEADJOE )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/Trace.axd )
  - WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/WS_FTP.LOG )
  - adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adojavas.inc )
  - adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adojavas.inc.bak )
  - adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adojavas.inc.old )
  - adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adojavas.inc.tmp )
  - adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adojavas.inc~ )
  - adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adovbs.inc )
  - adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adovbs.inc.bak )
  - adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adovbs.inc.old )
  - adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adovbs.inc.tmp )
  - adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/adovbs.inc~ )
  - info2www ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www )
  - info2www.CGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.CGI )
  - info2www.FCGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.FCGI )
  - info2www.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PHP )
  - info2www.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PHP3 )
  - info2www.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PHP4 )
  - info2www.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PHP5 )
  - info2www.PHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PHTML )
  - info2www.PL ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PL )
  - info2www.PY ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.PY )
  - info2www.RB ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.RB )
  - info2www.SH ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.SH )
  - info2www.SHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.SHTML )
  - info2www.cgi ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi )
  - info2www.cgi. ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi. )
  - info2www.cgi.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi.bak )
  - info2www.cgi.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi.old )
  - info2www.cgi.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi.tmp )
  - info2www.cgi~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.cgi~ )
  - info2www.pl ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl )
  - info2www.pl. ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl. )
  - info2www.pl.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl.LOG )
  - info2www.pl.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl.bak )
  - info2www.pl.html ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl.html )
  - info2www.pl.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl.old )
  - info2www.pl.tdy ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl.tdy )
  - info2www.pl.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl.tmp )
  - info2www.pl~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/info2www.pl~ )
  - test.CGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.CGI )
  - test.FCGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.FCGI )
  - test.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PHP )
  - test.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PHP3 )
  - test.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PHP4 )
  - test.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PHP5 )
  - test.PHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PHTML )
  - test.PL ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PL )
  - test.PY ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.PY )
  - test.RB ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.RB )
  - test.SH ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.SH )
  - test.SHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.SHTML )
  - test.pl. ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl. )
  - test.pl.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.LOG )
  - test.pl.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.bak )
  - test.pl.html ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.html )
  - test.pl.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.old )
  - test.pl.tdy ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.tdy )
  - test.pl.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl.tmp )
  - test.pl~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl~ )
- php ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/ )
  - %23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/%23adovbs.inc%23 )
  - %23test.php%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/%23test.php%23 )
  - %3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/%3f.jsp )
  - %3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/%3f.jsp%5C )
  - .svn ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/.svn/ )
    
    entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/CVS/ )
    
    Entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/CVS/Entries )
    
    Root ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/CVS/Root )
  - DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/DEADJOE )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/Trace.axd )
  - WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/WS_FTP.LOG )
  - adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adojavas.inc )
  - adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adojavas.inc.bak )
  - adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adojavas.inc.old )
  - adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adojavas.inc.tmp )
  - adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adojavas.inc~ )
  - adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adovbs.inc )
  - adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adovbs.inc.bak )
  - adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adovbs.inc.old )
  - adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adovbs.inc.tmp )
  - adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/adovbs.inc~ )
  - test.CGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.CGI )
  - test.FCGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.FCGI )
  - test.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PHP )
  - test.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PHP3 )
  - test.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PHP4 )
  - test.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PHP5 )
  - test.PHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PHTML )
  - test.PL ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PL )
  - test.PY ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.PY )
  - test.RB ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.RB )
  - test.SH ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.SH )
  - test.SHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.SHTML )
  - test.php. ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php. )
  - test.php.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php.bak )
  - test.php.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php.old )
  - test.php.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php.tmp )
  - test.php~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php~ )
- python ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/ )
  - %23adojavas.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/%23adovbs.inc%23 )
  - %3f.jsp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/%3f.jsp )
  - %3f.jsp%5C ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/%3f.jsp%5C )
  - .svn ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/.svn/ )
    
    entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/CVS/ )
    
    Entries ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/CVS/Entries )
    
    Root ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/CVS/Root )
  - DEADJOE ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/DEADJOE )
  - Trace.axd ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/Trace.axd )
  - WS_FTP.LOG ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/WS_FTP.LOG )
  - adojavas.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adojavas.inc )
  - adojavas.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adojavas.inc.bak )
  - adojavas.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adojavas.inc.old )
  - adojavas.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adojavas.inc.tmp )
  - adojavas.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adojavas.inc~ )
  - adovbs.inc ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adovbs.inc )
  - adovbs.inc.bak ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adovbs.inc.bak )
  - adovbs.inc.old ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adovbs.inc.old )
  - adovbs.inc.tmp ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adovbs.inc.tmp )
  - adovbs.inc~ ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/adovbs.inc~ )
  - test.CGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.CGI )
  - test.FCGI ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.FCGI )
  - test.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PHP )
  - test.PHP3 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PHP3 )
  - test.PHP4 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PHP4 )
  - test.PHP5 ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PHP5 )
  - test.PHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PHTML )
  - test.PL ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PL )
  - test.PY ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.PY )
  - test.RB ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.RB )
  - test.SH ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.SH )
  - test.SHTML ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.SHTML )
  - test.py. ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.py. )

9.1.2.5 Successful (200)

?P=+ADw-script+AD4-alert(42)+ADw-
- script+AD4- ( http://vulnerable.plesk.smb.10.2.0.host:80/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
index.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/index.PHP )
index.html ( http://vulnerable.plesk.smb.10.2.0.host:80/index.html )
index.php ( http://vulnerable.plesk.smb.10.2.0.host:80/index.php )
page1.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page1.PHP )
page2.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page2.PHP )
page3.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page3.PHP )
page4.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page4.PHP )
page5.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page5.PHP )
page6.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page6.PHP )
page7.PHP ( http://vulnerable.plesk.smb.10.2.0.host:80/page7.PHP )

9.1.3 Linked URLs

The following URLs were found as links in the content of other web pages.

9.1.3.1 Requires Authentication (401)

test
- aspnet
  - test.aspx ( http://vulnerable.plesk.smb.10.2.0.host:80/test/aspnet/test.aspx )
- perl
  - test.pl ( http://vulnerable.plesk.smb.10.2.0.host:80/test/perl/test.pl )
- php
  - test.php ( http://vulnerable.plesk.smb.10.2.0.host:80/test/php/test.php )
- python
  - test.py ( http://vulnerable.plesk.smb.10.2.0.host:80/test/python/test.py )

9.1.3.2 Successful (200)

css
- style.css ( http://vulnerable.plesk.smb.10.2.0.host:80/css/style.css )
- styles.css?template=personal-018&colorScheme=green&header=headers1&button=buttons1 ( http://vulnerable.plesk.smb.10.2.0.host:80/css/styles.css?template=personal-018&colorScheme=green&header=headers1&button=buttons1 )
header.js ( http://vulnerable.plesk.smb.10.2.0.host:80/header.js )
page1.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page1.php )
page2.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page2.php )
page3.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page3.php )
page4.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page4.php )
page5.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page5.php )
page6.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page6.php )
page7.php ( http://vulnerable.plesk.smb.10.2.0.host:80/page7.php )

9.2 https://vulnerable.plesk.smb.10.2.0.host:443

9.2.1 Common Default URLs

The following URLs were guessed. They are often included with default web server or web server add-on installations.

9.2.1.1 Access Error (403)

css ( https://vulnerable.plesk.smb.10.2.0.host:443/css/ )
images ( https://vulnerable.plesk.smb.10.2.0.host:443/images/ )
img ( https://vulnerable.plesk.smb.10.2.0.host:443/img/ )
include ( https://vulnerable.plesk.smb.10.2.0.host:443/include/ )

9.2.1.2 Error (500)

cgi-bin ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/ )
- printenv ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/printenv )
- test-cgi ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/test-cgi )

9.2.1.3 Requires Authentication (401)

test ( https://vulnerable.plesk.smb.10.2.0.host:443/test/ )

9.2.2 Guessed URLs

The following URLs were guessed using various tricks based on the discovered web site content.

9.2.2.1 Access Error (403)

Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/Trace.axd )
css
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/css/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/images/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/img/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/img/apps/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/img/common/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/img/glyph/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/img/icons/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/include/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/css/Trace.axd )
images
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/images/Trace.axd )
img
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/img/Trace.axd )
- apps ( https://vulnerable.plesk.smb.10.2.0.host:443/img/apps/ )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/img/apps/Trace.axd )
- common ( https://vulnerable.plesk.smb.10.2.0.host:443/img/common/ )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/img/common/Trace.axd )
- glyph ( https://vulnerable.plesk.smb.10.2.0.host:443/img/glyph/ )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/img/glyph/Trace.axd )
- icons ( https://vulnerable.plesk.smb.10.2.0.host:443/img/icons/ )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/img/icons/Trace.axd )
include
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/include/Trace.axd )

9.2.2.2 Error (400)

"<script>TestScriptValueHere< ( https://vulnerable.plesk.smb.10.2.0.host:443/"<script>TestScriptValueHere</ )
- script>" ( https://vulnerable.plesk.smb.10.2.0.host:443/"<script>TestScriptValueHere</script>" )
index.html
- <script>xss<
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/index.html/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/index.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page1.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page2.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page3.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page4.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page5.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page6.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/page7.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.html/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php/<script>xss</script> )
index.php
page1.php
page2.php
page3.php
page4.php
page5.php
page6.php
page7.php
test
- aspnet
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/%3f.jsp%00 )
  - test.aspx%3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx%3f.jsp%00 )
  - test.aspx
- perl
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%3f.jsp%00 )
  - info2www.cgi%00 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi%00 )
  - test.pl.html
- php
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/%3f.jsp%00 )
  - test.php
- python
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/%3f.jsp%00 )

9.2.2.3 Error (500)

cgi-bin
- %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/%3f.jsp )
- .svn
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/.svn/entries )
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- ADw-script AD4-alert(42) ADw-
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/ADw-script AD4-alert(42) ADw-/script AD4- )
- CVS
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/CVS/Root )
- DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/DEADJOE )
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/Trace.axd )
- WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/WS_FTP.LOG )
- Web.sitemap ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/Web.sitemap )
- adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/adojavas.inc )
- adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/adovbs.inc )
- web.config ( https://vulnerable.plesk.smb.10.2.0.host:443/cgi-bin/web.config )

9.2.2.4 Requires Authentication (401)

test
- %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/%3f.jsp )
- .svn
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/.svn/entries )
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- ADw-script AD4-alert(42) ADw-
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/ADw-script AD4-alert(42) ADw-/script AD4- )
- CVS
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:443/test/CVS/Root )
- DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:443/test/DEADJOE )
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/test/Trace.axd )
- WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/WS_FTP.LOG )
- adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/adojavas.inc )
- adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/adovbs.inc )
- aspnet ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/ )
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/%23adovbs.inc%23 )
  - %23test.aspx%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/%23test.aspx%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/adovbs.inc~ )
  - test.aspx%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx%3f.jsp )
  - test.aspx%3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx%3f.jsp%5C )
  - test.aspx.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx.bak )
  - test.aspx.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx.old )
  - test.aspx.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx.tmp )
  - test.aspx~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx~ )
- perl ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/ )
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%23adovbs.inc%23 )
  - %23info2www.cgi%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%23info2www.cgi%23 )
  - %23info2www.pl%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%23info2www.pl%23 )
  - %23test.pl%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%23test.pl%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/adovbs.inc~ )
  - info2www ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www )
  - info2www.CGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.CGI )
  - info2www.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.FCGI )
  - info2www.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PHP )
  - info2www.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PHP3 )
  - info2www.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PHP4 )
  - info2www.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PHP5 )
  - info2www.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PHTML )
  - info2www.PL ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PL )
  - info2www.PY ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.PY )
  - info2www.RB ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.RB )
  - info2www.SH ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.SH )
  - info2www.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.SHTML )
  - info2www.cgi ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi )
  - info2www.cgi. ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi. )
  - info2www.cgi.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi.bak )
  - info2www.cgi.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi.old )
  - info2www.cgi.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi.tmp )
  - info2www.cgi~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.cgi~ )
  - info2www.pl ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl )
  - info2www.pl. ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl. )
  - info2www.pl.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl.LOG )
  - info2www.pl.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl.bak )
  - info2www.pl.html ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl.html )
  - info2www.pl.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl.old )
  - info2www.pl.tdy ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl.tdy )
  - info2www.pl.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl.tmp )
  - info2www.pl~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/info2www.pl~ )
  - test.CGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.CGI )
  - test.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.FCGI )
  - test.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PHP )
  - test.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PHP3 )
  - test.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PHP4 )
  - test.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PHP5 )
  - test.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PHTML )
  - test.PL ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PL )
  - test.PY ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.PY )
  - test.RB ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.RB )
  - test.SH ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.SH )
  - test.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.SHTML )
  - test.pl. ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl. )
  - test.pl.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.LOG )
  - test.pl.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.bak )
  - test.pl.html ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.html )
  - test.pl.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.old )
  - test.pl.tdy ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.tdy )
  - test.pl.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl.tmp )
  - test.pl~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl~ )
- php ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/ )
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/%23adovbs.inc%23 )
  - %23test.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/%23test.php%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/adovbs.inc~ )
  - test.CGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.CGI )
  - test.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.FCGI )
  - test.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PHP )
  - test.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PHP3 )
  - test.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PHP4 )
  - test.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PHP5 )
  - test.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PHTML )
  - test.PL ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PL )
  - test.PY ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.PY )
  - test.RB ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.RB )
  - test.SH ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.SH )
  - test.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.SHTML )
  - test.php. ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php. )
  - test.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php.bak )
  - test.php.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php.old )
  - test.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php.tmp )
  - test.php~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php~ )
- python ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/ )
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/%23adovbs.inc%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/adovbs.inc~ )
  - test.CGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.CGI )
  - test.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.FCGI )
  - test.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PHP )
  - test.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PHP3 )
  - test.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PHP4 )
  - test.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PHP5 )
  - test.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PHTML )
  - test.PL ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PL )
  - test.PY ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.PY )
  - test.RB ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.RB )
  - test.SH ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.SH )
  - test.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.SHTML )
  - test.py. ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.py. )

9.2.2.5 Successful (200)

?P=+ADw-script+AD4-alert(42)+ADw-
- script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:443/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
index.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/index.PHP )
index.html ( https://vulnerable.plesk.smb.10.2.0.host:443/index.html )
index.php ( https://vulnerable.plesk.smb.10.2.0.host:443/index.php )
page1.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page1.PHP )
page2.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page2.PHP )
page3.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page3.PHP )
page4.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page4.PHP )
page5.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page5.PHP )
page6.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page6.PHP )
page7.PHP ( https://vulnerable.plesk.smb.10.2.0.host:443/page7.PHP )

9.2.3 Linked URLs

The following URLs were found as links in the content of other web pages.

9.2.3.1 Requires Authentication (401)

test
- aspnet
  - test.aspx ( https://vulnerable.plesk.smb.10.2.0.host:443/test/aspnet/test.aspx )
- perl
  - test.pl ( https://vulnerable.plesk.smb.10.2.0.host:443/test/perl/test.pl )
- php
  - test.php ( https://vulnerable.plesk.smb.10.2.0.host:443/test/php/test.php )
- python
  - test.py ( https://vulnerable.plesk.smb.10.2.0.host:443/test/python/test.py )

9.2.3.2 Successful (200)

css
- style.css ( https://vulnerable.plesk.smb.10.2.0.host:443/css/style.css )
- styles.css?template=personal-018&colorScheme=green&header=headers1&button=buttons1 ( https://vulnerable.plesk.smb.10.2.0.host:443/css/styles.css?template=personal-018&colorScheme=green&header=headers1&button=buttons1 )
header.js ( https://vulnerable.plesk.smb.10.2.0.host:443/header.js )
page1.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page1.php )
page2.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page2.php )
page3.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page3.php )
page4.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page4.php )
page5.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page5.php )
page6.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page6.php )
page7.php ( https://vulnerable.plesk.smb.10.2.0.host:443/page7.php )

9.3 https://vulnerable.plesk.smb.10.2.0.host:8443

9.3.1 Common Default URLs

The following URLs were guessed. They are often included with default web server or web server add-on installations.

9.3.1.1 Access Error (403)

images ( https://vulnerable.plesk.smb.10.2.0.host:8443/images/ )
javascript ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/ )

9.3.1.2 Redirect (301)

aspnet_client
- system_web ( https://vulnerable.plesk.smb.10.2.0.host:8443/aspnet_client/system_web )

9.3.1.3 Successful (200)

login.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login.php3 )
plesk ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/ )

9.3.2 Guessed URLs

The following URLs were guessed using various tricks based on the discovered web site content.

9.3.2.1 Access Error (403)

aspnet_client ( https://vulnerable.plesk.smb.10.2.0.host:8443/aspnet_client/ )
- system_web
  - ?P=+ADw-script+AD4-alert(42)+ADw-
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/aspnet_client/system_web/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/images/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
    
    script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
images
javascript
skins ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/ )
- vista ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/ )
  - css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/ )
    
    main ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/ )
    
    top ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/top/ )
  - icons ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/icons/ )
    
    gauge ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/icons/gauge/ )
    
    tabs ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/icons/tabs/ )
  - images ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/images/ )
smb
- externals ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/ )
- images ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/images/ )
- scripts ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/ )
  - components ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/ )
    
    forms ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/ )
- styles ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/ )
  - css ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/ )
  - img ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/ )
    
    icons ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/ )
    
    big ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/ )

9.3.2.2 Error (400)

"<script>TestScriptValueHere<
- script>" ( https://vulnerable.plesk.smb.10.2.0.host:8443/"<script>TestScriptValueHere</script>" )
get_password.php
- <script>xss<
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/get_password.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/chk.js.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/login.php3/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.htm/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.html/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.shtml/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.htm/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.html/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php3/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.shtml/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.htm/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.html/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.shtml/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.htm/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.html/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php3/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.shtml/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php/<script>xss</script> )
  - script> ( https://vulnerable.plesk.smb.10.2.0.host:8443/top.php3/<script>xss</script> )
javascript
- chk.js.php
login.php3
login_up.php3
smb
- %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%3f.jsp%00 )
- change-password
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%3f.jsp%00 )
  - default.asp%81 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp%81 )
  - default.asp
  - default.aspx
  - default.htm
  - default.html
  - default.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp%00 )
  - default.php
  - default.shtml
  - index.asp%81 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp%81 )
  - index.asp
  - index.aspx
  - index.cgi%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi%00 )
  - index.htm
  - index.html
  - index.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp%00 )
  - index.php
  - index.php3
  - index.shtml
  - wp-login.php
- default.asp%81 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp%81 )
- default.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp%00 )
- externals
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/%3f.jsp%00 )
- index.asp%81 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp%81 )
- index.cgi%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi%00 )
- index.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp%00 )
- scripts
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/%3f.jsp%00 )
  - components
    
    %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/%3f.jsp%00 )
    
    forms
    
    %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/%3f.jsp%00 )
- styles
  - %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/%3f.jsp%00 )
  - css
    
    %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/%3f.jsp%00 )
  - img
    
    %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/%3f.jsp%00 )
    
    icons
    
    %3f.jsp%00 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/%3f.jsp%00 )
top.php3

9.3.2.3 Redirect (301)

smb ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb )

9.3.2.4 Redirect (302)

help.php?context= ( https://vulnerable.plesk.smb.10.2.0.host:8443/help.php?context= )
smb
- %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23adojavas.inc%23 )
- %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23adovbs.inc%23 )
- %23default.asp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23default.asp%23 )
- %23default.aspx%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23default.aspx%23 )
- %23default.jsp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23default.jsp%23 )
- %23default.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23default.php%23 )
- %23index.asp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23index.asp%23 )
- %23index.aspx%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23index.aspx%23 )
- %23index.cfm%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23index.cfm%23 )
- %23index.cgi%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23index.cgi%23 )
- %23index.jsp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23index.jsp%23 )
- %23index.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23index.php%23 )
- %23wp-login.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%23wp-login.php%23 )
- %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%3f.jsp )
- %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/%3f.jsp%5C )
- .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/.svn/ )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/.svn/entries )
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/.svn/entries )
- ?P=+ADw-script+AD4-alert(42)+ADw-
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
  - script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/ADw-script AD4-alert(42) ADw-/ )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/ADw-script AD4-alert(42) ADw-/script AD4- )
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/ADw-script AD4-alert(42) ADw-/script AD4- )
- CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/CVS/ )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/CVS/Root )
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/CVS/Root )
- DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/DEADJOE )
- README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/README )
- README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/README.TXT )
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/Trace.axd )
- WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WEB-INF/wp-login.php )
- WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/WS_FTP.LOG )
- _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bin/wp-login.php )
- _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_bot/wp-login.php )
- _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_cnf/wp-login.php )
- _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_cnf/ )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_log/wp-login.php )
- _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_cnf/ )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_log/ )
  - _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_pvt/wp-login.php )
- _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_cnf/ )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_log/ )
  - _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_pvt/ )
  - _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_script/wp-login.php )
- _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_cnf/ )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_log/ )
  - _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_pvt/ )
  - _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_script/ )
  - _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_shm/wp-login.php )
- _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_cnf/ )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_log/ )
  - _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_pvt/ )
  - _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_script/ )
  - _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_shm/ )
  - _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/_vti_txt/wp-login.php )
- adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adojavas.inc )
- adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adojavas.inc.bak )
- adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adojavas.inc.old )
- adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adojavas.inc.tmp )
- adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adojavas.inc~ )
- adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adovbs.inc )
- adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adovbs.inc.bak )
- adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adovbs.inc.old )
- adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adovbs.inc.tmp )
- adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/adovbs.inc~ )
- change-password ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/ )
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23adovbs.inc%23 )
  - %23default.asp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23default.asp%23 )
  - %23default.aspx%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23default.aspx%23 )
  - %23default.jsp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23default.jsp%23 )
  - %23default.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23default.php%23 )
  - %23index.asp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23index.asp%23 )
  - %23index.aspx%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23index.aspx%23 )
  - %23index.cfm%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23index.cfm%23 )
  - %23index.cgi%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23index.cgi%23 )
  - %23index.jsp%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23index.jsp%23 )
  - %23index.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23index.php%23 )
  - %23wp-login.php%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%23wp-login.php%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WEB-INF/wp-login.php )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bin/wp-login.php )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_bot/wp-login.php )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_cnf/wp-login.php )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_log/wp-login.php )
  - _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_pvt/wp-login.php )
  - _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_script/wp-login.php )
  - _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_shm/wp-login.php )
  - _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/_vti_txt/wp-login.php )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/adovbs.inc~ )
  - default.CGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.CGI )
  - default.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.FCGI )
  - default.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PHP )
  - default.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PHP3 )
  - default.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PHP4 )
  - default.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PHP5 )
  - default.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PHTML )
  - default.PL ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PL )
  - default.PY ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.PY )
  - default.RB ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.RB )
  - default.SH ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.SH )
  - default.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.SHTML )
  - default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp )
  - default.asp%2E ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp%2E )
  - default.asp%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp%3f.jsp )
  - default.asp. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp. )
  - default.asp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp.bak )
  - default.asp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp.old )
  - default.asp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp.tmp )
  - default.asp::$DATA ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp::$DATA )
  - default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx )
  - default.aspx%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx%3f.jsp )
  - default.aspx.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx.bak )
  - default.aspx.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx.old )
  - default.aspx.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx.tmp )
  - default.aspx~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.aspx~ )
  - default.asp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.asp~ )
  - default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.htm )
  - default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.html )
  - default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp )
  - default.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp%5C )
  - default.jsp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp.bak )
  - default.jsp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp.old )
  - default.jsp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp.tmp )
  - default.jsp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.jsp~ )
  - default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php )
  - default.php. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php. )
  - default.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php.bak )
  - default.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php.old )
  - default.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php.tmp )
  - default.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.php~ )
  - default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.shtml )
  - default.shtml. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.shtml. )
  - default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/default.wml )
  - index.CGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.CGI )
  - index.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.FCGI )
  - index.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PHP )
  - index.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PHP3 )
  - index.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PHP4 )
  - index.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PHP5 )
  - index.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PHTML )
  - index.PL ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PL )
  - index.PY ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.PY )
  - index.RB ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.RB )
  - index.SH ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.SH )
  - index.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.SHTML )
  - index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp )
  - index.asp%2E ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp%2E )
  - index.asp%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp%3f.jsp )
  - index.asp. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp. )
  - index.asp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp.bak )
  - index.asp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp.old )
  - index.asp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp.tmp )
  - index.asp::$DATA ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp::$DATA )
  - index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx )
  - index.aspx%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx%3f.jsp )
  - index.aspx.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx.bak )
  - index.aspx.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx.old )
  - index.aspx.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx.tmp )
  - index.aspx~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.aspx~ )
  - index.asp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.asp~ )
  - index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.bak )
  - index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cfm )
  - index.cfm.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cfm.bak )
  - index.cfm.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cfm.old )
  - index.cfm.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cfm.tmp )
  - index.cfm~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cfm~ )
  - index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi )
  - index.cgi. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi. )
  - index.cgi.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi.bak )
  - index.cgi.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi.old )
  - index.cgi.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi.tmp )
  - index.cgi~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.cgi~ )
  - index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.chtml )
  - index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.htm )
  - index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.html )
  - index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp )
  - index.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp%5C )
  - index.jsp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp.bak )
  - index.jsp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp.old )
  - index.jsp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp.tmp )
  - index.jsp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.jsp~ )
  - index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.old )
  - index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php )
  - index.php. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php. )
  - index.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php.bak )
  - index.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php.old )
  - index.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php.tmp )
  - index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php3 )
  - index.php3. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php3. )
  - index.php?paged=-1 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php?paged=-1 )
  - index.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.php~ )
  - index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.shtml )
  - index.shtml. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.shtml. )
  - index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/index.swf )
  - info2www ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/info2www )
  - info2www.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/info2www.cgi )
  - info2www.pl ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/info2www.pl )
  - readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/readme.txt )
  - servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/servlet/wp-login.php )
  - sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/sitemap.xml )
  - web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/ )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/DEADJOE )
    
    README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/README )
    
    README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/README.TXT )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/Trace.axd )
    
    WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/WEB-INF/ )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/WS_FTP.LOG )
    
    _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_bin/ )
    
    _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_bot/ )
    
    _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_cnf/ )
    
    _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_log/ )
    
    _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_pvt/ )
    
    _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_script/ )
    
    _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_shm/ )
    
    _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/_vti_txt/ )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/adovbs.inc )
    
    default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.asp )
    
    default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.aspx )
    
    default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.htm )
    
    default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.html )
    
    default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.jsp )
    
    default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.php )
    
    default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.shtml )
    
    default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/default.wml )
    
    index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.asp )
    
    index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.aspx )
    
    index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.bak )
    
    index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.cfm )
    
    index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.cgi )
    
    index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.chtml )
    
    index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.htm )
    
    index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.html )
    
    index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.jsp )
    
    index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.old )
    
    index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.php )
    
    index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.php3 )
    
    index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.shtml )
    
    index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/index.swf )
    
    readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/readme.txt )
    
    servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/web-inf/wp-login.php )
  - wp-config.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.bak )
  - wp-config.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.old )
  - wp-config.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.php.bak )
  - wp-config.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.php.old )
  - wp-config.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.php.tmp )
  - wp-config.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.php~ )
  - wp-config.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-config.tmp )
  - wp-login.CGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.CGI )
  - wp-login.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.FCGI )
  - wp-login.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PHP )
  - wp-login.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PHP3 )
  - wp-login.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PHP4 )
  - wp-login.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PHP5 )
  - wp-login.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PHTML )
  - wp-login.PL ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PL )
  - wp-login.PY ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.PY )
  - wp-login.RB ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.RB )
  - wp-login.SH ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.SH )
  - wp-login.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.SHTML )
  - wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php )
  - wp-login.php. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php. )
  - wp-login.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php.bak )
  - wp-login.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php.old )
  - wp-login.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php.tmp )
  - wp-login.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-login.php~ )
  - wp-settings.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/wp-settings.php )
- default.CGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.CGI )
- default.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.FCGI )
- default.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PHP )
- default.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PHP3 )
- default.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PHP4 )
- default.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PHP5 )
- default.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PHTML )
- default.PL ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PL )
- default.PY ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.PY )
- default.RB ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.RB )
- default.SH ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.SH )
- default.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.SHTML )
- default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp )
- default.asp%2E ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp%2E )
- default.asp%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp%3f.jsp )
- default.asp. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp. )
- default.asp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp.bak )
- default.asp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp.old )
- default.asp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp.tmp )
- default.asp::$DATA ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp::$DATA )
- default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx )
- default.aspx%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx%3f.jsp )
- default.aspx.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx.bak )
- default.aspx.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx.old )
- default.aspx.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx.tmp )
- default.aspx~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.aspx~ )
- default.asp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.asp~ )
- default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.htm )
- default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.html )
- default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp )
- default.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp%5C )
- default.jsp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp.bak )
- default.jsp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp.old )
- default.jsp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp.tmp )
- default.jsp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.jsp~ )
- default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php )
- default.php. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php. )
- default.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php.bak )
- default.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php.old )
- default.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php.tmp )
- default.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.php~ )
- default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.shtml )
- default.shtml. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.shtml. )
- default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/default.wml )
- externals
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/%23adovbs.inc%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/adovbs.inc~ )
- index.CGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.CGI )
- index.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.FCGI )
- index.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PHP )
- index.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PHP3 )
- index.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PHP4 )
- index.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PHP5 )
- index.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PHTML )
- index.PL ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PL )
- index.PY ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.PY )
- index.RB ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.RB )
- index.SH ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.SH )
- index.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.SHTML )
- index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp )
- index.asp%2E ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp%2E )
- index.asp%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp%3f.jsp )
- index.asp. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp. )
- index.asp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp.bak )
- index.asp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp.old )
- index.asp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp.tmp )
- index.asp::$DATA ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp::$DATA )
- index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx )
- index.aspx%3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx%3f.jsp )
- index.aspx.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx.bak )
- index.aspx.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx.old )
- index.aspx.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx.tmp )
- index.aspx~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.aspx~ )
- index.asp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.asp~ )
- index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.bak )
- index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cfm )
- index.cfm.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cfm.bak )
- index.cfm.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cfm.old )
- index.cfm.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cfm.tmp )
- index.cfm~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cfm~ )
- index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi )
- index.cgi. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi. )
- index.cgi.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi.bak )
- index.cgi.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi.old )
- index.cgi.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi.tmp )
- index.cgi~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.cgi~ )
- index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.chtml )
- index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.htm )
- index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.html )
- index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp )
- index.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp%5C )
- index.jsp.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp.bak )
- index.jsp.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp.old )
- index.jsp.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp.tmp )
- index.jsp~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.jsp~ )
- index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.old )
- index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php )
- index.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php.bak )
- index.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php.old )
- index.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php.tmp )
- index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php3 )
- index.php3. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php3. )
- index.php?paged=-1 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php?paged=-1 )
- index.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.php~ )
- index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.shtml )
- index.shtml. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.shtml. )
- index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/index.swf )
- info2www ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/info2www )
- info2www.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/info2www.cgi )
- info2www.pl ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/info2www.pl )
- readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/readme.txt )
- scripts
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/%23adovbs.inc%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/adovbs.inc~ )
  - components
    
    %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/%23adojavas.inc%23 )
    
    %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/%23adovbs.inc%23 )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/%3f.jsp )
    
    %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/%3f.jsp%5C )
    
    .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/.svn/entries )
    
    ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/CVS/Root )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/DEADJOE )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/Trace.axd )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/WS_FTP.LOG )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adojavas.inc )
    
    adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adojavas.inc.bak )
    
    adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adojavas.inc.old )
    
    adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adojavas.inc.tmp )
    
    adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adojavas.inc~ )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adovbs.inc )
    
    adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adovbs.inc.bak )
    
    adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adovbs.inc.old )
    
    adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adovbs.inc.tmp )
    
    adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/adovbs.inc~ )
    
    forms
    
    %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/%23adojavas.inc%23 )
    
    %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/%23adovbs.inc%23 )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/%3f.jsp )
    
    %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/%3f.jsp%5C )
    
    .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/.svn/entries )
    
    ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/CVS/Root )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/DEADJOE )
    
    Smb.Login ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/Smb.Login )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/Trace.axd )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/WS_FTP.LOG )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adojavas.inc )
    
    adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adojavas.inc.bak )
    
    adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adojavas.inc.old )
    
    adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adojavas.inc.tmp )
    
    adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adojavas.inc~ )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adovbs.inc )
    
    adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adovbs.inc.bak )
    
    adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adovbs.inc.old )
    
    adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adovbs.inc.tmp )
    
    adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/adovbs.inc~ )
- servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/ )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/%3f.jsp )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/DEADJOE )
  - README ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/README )
  - README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/README.TXT )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/Trace.axd )
  - WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/WEB-INF/ )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/WS_FTP.LOG )
  - _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_bin/ )
  - _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_bot/ )
  - _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_cnf/ )
  - _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_log/ )
  - _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_pvt/ )
  - _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_script/ )
  - _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_shm/ )
  - _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/_vti_txt/ )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/adojavas.inc )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/adovbs.inc )
  - default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.asp )
  - default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.aspx )
  - default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.htm )
  - default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.html )
  - default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.jsp )
  - default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.php )
  - default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.shtml )
  - default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/default.wml )
  - index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.asp )
  - index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.aspx )
  - index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.bak )
  - index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.cfm )
  - index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.cgi )
  - index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.chtml )
  - index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.htm )
  - index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.html )
  - index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.jsp )
  - index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.old )
  - index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.php )
  - index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.php3 )
  - index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.shtml )
  - index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/index.swf )
  - readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/readme.txt )
  - servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/servlet/ )
    
    sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/sitemap.xml )
    
    web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/web-inf/ )
    
    wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/servlet/wp-login.php )
- sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/sitemap.xml )
- styles
  - %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/%23adojavas.inc%23 )
  - %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/%23adovbs.inc%23 )
  - %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/%3f.jsp )
  - %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/%3f.jsp%5C )
  - .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/.svn/entries )
  - ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/ADw-script AD4-alert(42) ADw-/script AD4- )
  - CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/CVS/Root )
  - DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/DEADJOE )
  - Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/Trace.axd )
  - WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/WS_FTP.LOG )
  - adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adojavas.inc )
  - adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adojavas.inc.bak )
  - adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adojavas.inc.old )
  - adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adojavas.inc.tmp )
  - adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adojavas.inc~ )
  - adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adovbs.inc )
  - adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adovbs.inc.bak )
  - adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adovbs.inc.old )
  - adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adovbs.inc.tmp )
  - adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/adovbs.inc~ )
  - css
    
    %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/%23adojavas.inc%23 )
    
    %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/%23adovbs.inc%23 )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/%3f.jsp )
    
    %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/%3f.jsp%5C )
    
    .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/.svn/entries )
    
    ADw-script AD4-alert(42) ADw- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/ADw-script AD4-alert(42) ADw-/ )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/ADw-script AD4-alert(42) ADw-/script AD4- )
    
    CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/CVS/Root )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/DEADJOE )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/Trace.axd )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/WS_FTP.LOG )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adojavas.inc )
    
    adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adojavas.inc.bak )
    
    adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adojavas.inc.old )
    
    adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adojavas.inc.tmp )
    
    adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adojavas.inc~ )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adovbs.inc )
    
    adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adovbs.inc.bak )
    
    adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adovbs.inc.old )
    
    adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adovbs.inc.tmp )
    
    adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/adovbs.inc~ )
  - img
    
    %23adojavas.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/%23adojavas.inc%23 )
    
    %23adovbs.inc%23 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/%23adovbs.inc%23 )
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/%3f.jsp )
    
    %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/%3f.jsp%5C )
    
    .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/.svn/entries )
    
    CVS ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/CVS/ )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/CVS/Root )
    
    Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/CVS/Entries )
    
    Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/CVS/Root )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/DEADJOE )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/Trace.axd )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/WS_FTP.LOG )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adojavas.inc )
    
    adojavas.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adojavas.inc.bak )
    
    adojavas.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adojavas.inc.old )
    
    adojavas.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adojavas.inc.tmp )
    
    adojavas.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adojavas.inc~ )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adovbs.inc )
    
    adovbs.inc.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adovbs.inc.bak )
    
    adovbs.inc.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adovbs.inc.old )
    
    adovbs.inc.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adovbs.inc.tmp )
    
    adovbs.inc~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/adovbs.inc~ )
    
    icons
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/%3f.jsp )
    
    %3f.jsp%5C ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/%3f.jsp%5C )
    
    .svn ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/.svn/ )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/.svn/entries )
    
    entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/.svn/entries )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/DEADJOE )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/Trace.axd )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/WS_FTP.LOG )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/adovbs.inc )
    
    big
    
    %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/%3f.jsp )
    
    DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/DEADJOE )
    
    Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/Trace.axd )
    
    WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/WS_FTP.LOG )
    
    adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/adojavas.inc )
    
    adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/img/icons/big/adovbs.inc )
- web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/web-inf/ )
- wp-config.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.bak )
- wp-config.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.old )
- wp-config.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.php.bak )
- wp-config.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.php.old )
- wp-config.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.php.tmp )
- wp-config.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.php~ )
- wp-config.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-config.tmp )
- wp-login.CGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.CGI )
- wp-login.FCGI ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.FCGI )
- wp-login.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PHP )
- wp-login.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PHP3 )
- wp-login.PHP4 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PHP4 )
- wp-login.PHP5 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PHP5 )
- wp-login.PHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PHTML )
- wp-login.PL ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PL )
- wp-login.PY ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.PY )
- wp-login.RB ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.RB )
- wp-login.SH ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.SH )
- wp-login.SHTML ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.SHTML )
- wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php )
- wp-login.php. ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php. )
- wp-login.php.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php.bak )
- wp-login.php.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php.old )
- wp-login.php.tmp ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php.tmp )
- wp-login.php~ ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-login.php~ )
- wp-settings.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/wp-settings.php )

9.3.2.5 Successful (200)

?P=+ADw-script+AD4-alert(42)+ADw-
- script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
- script+AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- )
get_password.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/get_password.PHP )
index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/index.php )
javascript
- chk.js.PHP ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/chk.js.PHP )
login.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login.PHP3 )
login_up.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.PHP3 )
plesk
- %3f.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/%3f.jsp )
- .svn
  - entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/.svn/entries )
- ADw-script AD4-alert(42) ADw-
  - script AD4- ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/ADw-script AD4-alert(42) ADw-/script AD4- )
- CVS
  - Entries ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/CVS/Entries )
  - Root ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/CVS/Root )
- DEADJOE ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/DEADJOE )
- README ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/README )
- README.TXT ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/README.TXT )
- Trace.axd ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/Trace.axd )
- WEB-INF ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/WEB-INF/ )
- WS_FTP.LOG ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/WS_FTP.LOG )
- _vti_bin ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_bin/ )
- _vti_bot ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_bot/ )
- _vti_cnf ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_cnf/ )
- _vti_log ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_log/ )
- _vti_pvt ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_pvt/ )
- _vti_script ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_script/ )
- _vti_shm ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_shm/ )
- _vti_txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/_vti_txt/ )
- adojavas.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/adojavas.inc )
- adovbs.inc ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/adovbs.inc )
- default.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.asp )
- default.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.aspx )
- default.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.htm )
- default.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.html )
- default.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.jsp )
- default.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.php )
- default.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.shtml )
- default.wml ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/default.wml )
- index.asp ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.asp )
- index.aspx ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.aspx )
- index.bak ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.bak )
- index.cfm ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.cfm )
- index.cgi ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.cgi )
- index.chtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.chtml )
- index.htm ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.htm )
- index.html ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.html )
- index.jsp ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.jsp )
- index.old ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.old )
- index.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.php )
- index.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.php3 )
- index.shtml ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.shtml )
- index.swf ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/index.swf )
- readme.txt ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/readme.txt )
- servlet ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/servlet/ )
- sitemap.xml ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/sitemap.xml )
- web-inf ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/web-inf/ )
- wp-login.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/plesk/wp-login.php )
skins
- vista
  - css
    
    ie.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/ie.css )
    
    ie.css?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/ie.css?1278564502 )
    
    ie8.css?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/ie8.css?1278564502 )
smb
- styles
top.PHP3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/top.PHP3 )

9.3.3 Linked URLs

The following URLs were found as links in the content of other web pages.

9.3.3.1 Access Error (403)

aspnet_client
- system_web ( https://vulnerable.plesk.smb.10.2.0.host:8443/aspnet_client/system_web/ )

9.3.3.2 Redirect (301)

9.3.3.3 Redirect (302)

smb ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/ )
- styles
  - DXImageTransform.Microsoft.AlphaImageLoader ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/DXImageTransform.Microsoft.AlphaImageLoader )

9.3.3.4 Successful (200)

get_password.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/get_password.php )
javascript
- chk.js.php ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/chk.js.php )
- common.js?plesk_version=psa-10.2.0-20100707.19 ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/common.js?plesk_version=psa-10.2.0-20100707.19 )
- hover.htc ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/hover.htc )
- prototype.js?plesk_version=psa-10.2.0-20100707.19 ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/prototype.js?plesk_version=psa-10.2.0-20100707.19 )
- service.js ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/service.js )
- tooltip.js?plesk_version=psa-10.2.0-20100707.19 ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/tooltip.js?plesk_version=psa-10.2.0-20100707.19 )
- widget.js?plesk_version=psa-10.2.0-20100707.19 ( https://vulnerable.plesk.smb.10.2.0.host:8443/javascript/widget.js?plesk_version=psa-10.2.0-20100707.19 )
login_up.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/login_up.php3 )
skins
- vista
  - css
    
    general.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/general.css )
    
    main
    
    apps-control.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/apps-control.css )
    
    buttons.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/buttons.css )
    
    custom.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/custom.css )
    
    desktop.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/desktop.css )
    
    double-list-control.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/double-list-control.css )
    
    layout.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/layout.css )
    
    tabs.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/main/tabs.css )
    
    misc.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/misc.css )
    
    top
    
    custom.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/top/custom.css )
    
    layout.css ( https://vulnerable.plesk.smb.10.2.0.host:8443/skins/vista/css/top/layout.css )
    
    base.css?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/base.css?1278564502 )
    
    btns.css?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/btns.css?1278564502 )
    
    form.css?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/css/form.css?1278564502 )
smb
- change-password
  - get-link ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/change-password/get-link )
- externals
  - prototype.js?1278564498 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/externals/prototype.js?1278564498 )
- login?returnUrl=%2F ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/login?returnUrl=%2F )
- scripts
  - components
    
    forms
    
    login.js?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/components/forms/login.js?1278564502 )
  - jsw.js?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/jsw.js?1278564502 )
  - smb.js?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/scripts/smb.js?1278564502 )
- styles
  - iepngfix.htc?1278564502 ( https://vulnerable.plesk.smb.10.2.0.host:8443/smb/styles/iepngfix.htc?1278564502 )
top.php3 ( https://vulnerable.plesk.smb.10.2.0.host:8443/top.php3 )

Device	Protocol	Port	Vulnerabilities	Additional Information
vulnerable.plesk.smb.10.2.0.host	tcp	443	3	Microsoft IIS 7.5 .NET CLR: ASP.NET: WebDAV: http.banner: Microsoft-IIS/7.5 http.banner.server: Microsoft-IIS/7.5 http.banner.x-powered-by: ASP.NET https.cert.issuer.dn: EMAILADDRESS=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O="Parallels, Inc.", L=Herndon, ST=Virginia, C=US https.cert.key.alg.name: RSA https.cert.not.valid.after: Fri, 30 Sep 2011 22:25:08 EDT https.cert.not.valid.before: Thu, 30 Sep 2010 22:25:08 EDT https.cert.selfsigned: true https.cert.serial.number: 462886 https.cert.sig.alg.name: SHA1withRSA https.cert.subject.dn: EMAILADDRESS=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O="Parallels, Inc.", L=Herndon, ST=Virginia, C=US https.cert.validsignature: true tls: true tls.version.ssl20: true verbs-1: COPY verbs-2: GET verbs-3: HEAD verbs-4: LOCK verbs-5: OPTIONS verbs-6: PROPFIND verbs-7: TRACE verbs-8: UNLOCK verbs-count: 8
vulnerable.plesk.smb.10.2.0.host	tcp	8443	3	Microsoft IIS 7.5 http.banner: Microsoft-IIS/7.5 http.banner.server: Microsoft-IIS/7.5 http.banner.x-powered-by: ASP.NET https.cert.issuer.dn: EMAILADDRESS=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O="Parallels, Inc.", L=Herndon, ST=Virginia, C=US https.cert.key.alg.name: RSA https.cert.not.valid.after: Fri, 30 Sep 2011 22:25:08 EDT https.cert.not.valid.before: Thu, 30 Sep 2010 22:25:08 EDT https.cert.selfsigned: true https.cert.serial.number: 462886 https.cert.sig.alg.name: SHA1withRSA https.cert.subject.dn: EMAILADDRESS=info@parallels.com, CN=Parallels Panel, OU=Parallels Panel, O="Parallels, Inc.", L=Herndon, ST=Virginia, C=US https.cert.validsignature: true tls: true tls.version.ssl20: true verbs-1: GET verbs-2: HEAD verbs-3: OPTIONS verbs-4: TRACE verbs-count: 4