RE: Word lists, again...

["Chris Tobkin" <tobkin () intersec com>]

Yep, whisker has a pretty good database, but I just found this one
yesterday..
http://www.ukrt.f2s.com/bugs.htm

Which has a pretty good and complete list of all sorts of CGIs and
vulnerabilities I've never seen before..

// Chris
tobkin () intersec com

-----Original Message-----
From: H D Moore [mailto:hdm () secureaustin com]
Sent: Wednesday, May 23, 2001 8:11 PM
To: Alberto Grazi; PEN-TEST () securityfocus com
Subject: Re: Word lists, again...


The database which comes with Whisker is fairly complete, albiet the 
vulnerability checks are outdated.  You can find a copy online at 
http://www.wiretrip.net/rfp/



On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote:
> Hi,
>   during a pen-test I have found a directory which probably has exec
> permission.
> Since I didn't have any name of files (listing is not allowed) my
> approach was to try a sort of "dictionary attack" on the URL.
> I tried with a normal English dictionary but it didn't find anything
> (each word was truncated to the 8th char and ".exe" was appended)...
> does anyone know if there is a list of common names of CGIs available
> (for Unix and win platforms) ?
>
> Thx
>
> Alberto

----------------------------------------
Content-Type: application/x-pkcs7-signature; charset="iso-8859-1"; 
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Description: 
----------------------------------------