RE: script locations

["Zane Hill" <zhill () xato net>]

.js, .bat, .com, .cmd, .cfm, .shs, .shtm, shtml, .stm, .vbs, .vbe, .wsf,
.wsh, .htr, .ida, .idc, .idq, .plx, .printer, .wsdl, .htw, to name a few.


Z. Hill
Xato Network Security, Inc.
www.xato.net





> -----Original Message-----
> From: Michal Zalewski [mailto:lcamtuf () bos bindview com]
> Sent: Thursday, June 07, 2001 9:10 AM
> To: vuln-dev () securityfocus com
> Subject: script locations
>
>
>
> Hi,
>
> I am looking for a list of common locations, filenames and file extensions
> for cgi scripts, servlets and parsed html on miscleanous servers.
>
> My current "brain dump" would contain the following extensions: .cgi, .pl,
> .exe, .shtml, .php3, .asp, .dll, .nsf, .jsp, .exe and .class. The list of
> locations would be rather short: *-bin/, scripts/... The list of names
> would be pretty long, but I wonder if there are any actual statistics
> available? If you are aware of any already existing lists of this kind, it
> would be great. If you recall other common script filename extensions or
> locations, please let me know :)
>
> If there's no such list, I guess might be good to create it.
>
> Please do not respond with single suggestions to the list, I'd try to
> summarize later :)
>
> Thanks,
> --
> _____________________________________________________
> Michal Zalewski [lcamtuf () bos bindview com] [security]
> [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
> =-=> Did you know that clones never use mirrors? <=-=