RE: script locations

[Michal Zalewski <lcamtuf () bos bindview com>]

On Thu, 7 Jun 2001, Alex Andrews wrote:

> 1) is it not possible in apache or other server to set parse any form
> of page for php markup etc. Even .html or htm endings can be set to be
> parsed. 2) if i create the following lines of perl: /.../ and save it
> to a file named prog.al, and set apache and file permissions to the
> correct level, it will run as a cgi-script.

Of course. The key to my question is one single word: "common". I am
looking for commonly used extensions, locations and so on. I am perfectly
aware that you can place scripts anywhere and use arbitrary extensions,
but there are some common practices, and I am trying to find and address
as many of them as possible :>

The purpose is to provide useful list of extensions and locations for
scripts to be used in black-box webserver scanning scripts or anywhere
else, and in few other applications, as well.

Thanks for feedback so far,
-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=