Vulnerability Development mailing list archives
Re: script locations
From: Dougal Campbell <dougal () gunters org>
Date: Thu, 7 Jun 2001 16:14:09 -0500 (CDT)
On Thu, 7 Jun 2001, Michal Zalewski wrote:
Hi, I am looking for a list of common locations, filenames and file extensions for cgi scripts, servlets and parsed html on miscleanous servers. My current "brain dump" would contain the following extensions: .cgi, .pl, .exe, .shtml, .php3, .asp, .dll, .nsf, .jsp, .exe and .class. The list of locations would be rather short: *-bin/, scripts/... The list of names would be pretty long, but I wonder if there are any actual statistics available? If you are aware of any already existing lists of this kind, it would be great. If you recall other common script filename extensions or locations, please let me know :) If there's no such list, I guess might be good to create it. Please do not respond with single suggestions to the list, I'd try to summarize later :) Thanks,
Have you looked at whisker yet? http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2 I haven't looked at the development version much, but the last "stable" version (1.4) has a fairly comprehensive list of paths/filenames for known vulnerabilities. -- Ernest MacDougal Campbell III, MCP+I, MCSE <dougal () gunters org> http://dougal.gunters.org/ http://spam.gunters.org/ Lumber Cartel Unit #1654 (tinlc): http://come.to/the.lumber.cartel/ This message is guaranteed to be 100% eror frea!
Current thread:
- script locations Michal Zalewski (Jun 07)
- RE: script locations Zane Hill (Jun 07)
- Re: script locations Dougal Campbell (Jun 07)
- Re: script locations Blue Boar (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations Vitaly Osipov (Jun 08)
- <Possible follow-ups>
- RE: script locations Alex Andrews (Jun 07)
- RE: script locations Michal Zalewski (Jun 07)
- Re: script locations Benjamin Elijah Griffin (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations securityforums (Jun 14)