WebApp Sec mailing list archives
Re: bad url fragment
From: Sanjay Rawat <sanjayr () intoto com>
Date: Thu, 04 Aug 2005 09:58:59 +0530
At 08:15 PM 8/3/2005, development () crm20 com wrote:
Hi,I have a little list of url fragments that should not normally be accessed on the web server and are not in use, I have a mechanism in place that can block the ip requesting the url with a fragment from the list.Could someone help me with possibly removing some of the entries that might cause a legitimate request to trigger the block.If possible, please help me improve the list, is there any resource out there where such lists are posted?here it is:
my suggestion is:
% (remove) .. ./ .asa .asax .ascx .bat .cdx .cer (remove) .cgi (remove) .cmd .config .csproj .dat .dll .exe (remove) .htr .htw .ida .idc .idq .inc .ini .jsp .licx .log (remove) .pdb .pl (remove, its for Poland!!!!) .pol .printer .resources .resx .stm .vb .vbproj .vbs .vsdisco .webinfo .wsh .xsd .xsx /_vti_bin/ /admentor/ /Admin.dll /ash /autoexec /bash /bigipgui /bin/ /c32web.exe /cachemgr /campas /cgi/ /cgiemail/ /cgiscso/ /cmd /command.com /common/ /config/ /copy/ /counter/ /csh /default.ida /del /dir /echo /etc /exchange /exec /finger /format /formmail /ftp /get32.exe /global.asa /gwweb.exe /home /html /http /iisadmpwd /iissamples /iisstart.asp /index.cfm /ksh /modules.php /msadc /mysql.class /ncbook /nessus.htr /newuser /ntselementary.adp /nuke /passwd /ping.exe /piranha /pixfir~1 /puttest1.html /query /rename /root.exe /roots /rtm.log /sendmail /servlet /shtml.dll /sites /sqlqhit /ssi /status /tcsh /tftp /usage /webalizer /webcart /WINNT/ /wwwboard _mem_bin 404.html 404.php admin.dll awstats.pl.configdir cachefsd cgi-bin cmd.exe COPY (remove) * database (remove) * default.ida DELETE Fpexedll.dll LOCK MKCOL MOVE (remove)* msadc MSADC OPTIONS PROPFIND PROPPATCH PUT root.exe scripts (remove)* Shtml.dll UNLOCK vt_
*--should be in some combination Sanjay Rawat Senior Software Engineer INTOTO Software (India) Private Limited Uma Plaza, Above HSBC Bank, Nagarjuna Hills PunjaGutta,Hyderabad 500082 | India Office: + 91 40 23358927/28 Extn 423 Website : www.intoto.com Homepage: http://sanjay-rawat.tripod.com
Current thread:
- bad url fragment development (Aug 03)
- Re: bad url fragment Sanjay Rawat (Aug 04)