@Simsor i’m assuming this has something to do with the base file name not being in my wordlist. I’m familiar with CGI and have enumerated all possible extensions along with basically every other type of extension (if you’re familiar with extensions_common.txt from dirb… it’s got quite a few…). At this point i’m assuming the actual vulnerable component is probably some iteration of the vulnerability, but i could be offtrack there. Just to give you an idea of using dirb wordlists big.txt with extensions_common.txt (adding a few in there of my own), we’re talking roughly 1.2M requests…