|
Penetration Testing
mailing list archives
RE: Word lists, again...
From: "Chris Tobkin" <tobkin () intersec com>
Date: Wed, 23 May 2001 22:31:19 -0500
Yep, whisker has a pretty good database, but I just found this one
yesterday..
http://www.ukrt.f2s.com/bugs.htm
Which has a pretty good and complete list of all sorts of CGIs and
vulnerabilities I've never seen before..
// Chris
tobkin () intersec com
-----Original Message-----
From: H D Moore [mailto:hdm () secureaustin com]
Sent: Wednesday, May 23, 2001 8:11 PM
To: Alberto Grazi; PEN-TEST () securityfocus com
Subject: Re: Word lists, again...
The database which comes with Whisker is fairly complete, albiet the
vulnerability checks are outdated. You can find a copy online at
http://www.wiretrip.net/rfp/
On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote:
Hi,
during a pen-test I have found a directory which probably has exec
permission.
Since I didn't have any name of files (listing is not allowed) my
approach was to try a sort of "dictionary attack" on the URL.
I tried with a normal English dictionary but it didn't find anything
(each word was truncated to the 8th char and ".exe" was appended)...
does anyone know if there is a list of common names of CGIs available
(for Unix and win platforms) ?
Thx
Alberto
----------------------------------------
Content-Type: application/x-pkcs7-signature; charset="iso-8859-1";
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Description:
----------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
