Vulnerability Development mailing list archives

Re: script locations

From: Dougal Campbell <dougal () gunters org>
Date: Thu, 7 Jun 2001 16:14:09 -0500 (CDT)

On Thu, 7 Jun 2001, Michal Zalewski wrote:

Hi,

I am looking for a list of common locations, filenames and file extensions
for cgi scripts, servlets and parsed html on miscleanous servers.

My current "brain dump" would contain the following extensions: .cgi, .pl,
.exe, .shtml, .php3, .asp, .dll, .nsf, .jsp, .exe and .class. The list of
locations would be rather short: *-bin/, scripts/... The list of names
would be pretty long, but I wonder if there are any actual statistics
available? If you are aware of any already existing lists of this kind, it
would be great. If you recall other common script filename extensions or
locations, please let me know :)

If there's no such list, I guess might be good to create it.

Please do not respond with single suggestions to the list, I'd try to
summarize later :)

Thanks,


Have you looked at whisker yet?

  http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2

I haven't looked at the development version much, but the last "stable"
version (1.4) has a fairly comprehensive list of paths/filenames for
known vulnerabilities.

-- 
Ernest MacDougal Campbell III, MCP+I, MCSE <dougal () gunters org>
http://dougal.gunters.org/        http://spam.gunters.org/
Lumber Cartel Unit #1654 (tinlc): http://come.to/the.lumber.cartel/
This message is guaranteed to be 100% eror frea!

Current thread:

script locations Michal Zalewski (Jun 07)
- RE: script locations Zane Hill (Jun 07)
- Re: script locations Dougal Campbell (Jun 07)
- Re: script locations Blue Boar (Jun 07)
  - Re: script locations spi (Jun 07)
- Re: script locations Vitaly Osipov (Jun 08)
- <Possible follow-ups>
- RE: script locations Alex Andrews (Jun 07)
  - RE: script locations Michal Zalewski (Jun 07)
- Re: script locations Benjamin Elijah Griffin (Jun 07)
  - Re: script locations spi (Jun 07)
- Re: script locations securityforums (Jun 14)