Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2025-12-16 05:45:41 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1174 from ItsIgnacioPortal/sync

Browse source
This commit is contained in:
Ignacio J. Perez Portal 2025-02-21 21:03:14 -03:00 committed by GitHub
commit 1c4aa64037
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 35 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
Discovery/Web-Content/CGI-HTTP-POST-Windows.fuzz.txt → Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-HTTP-POST-Windows.fuzz.txt
View file

0
Discovery/Web-Content/CGI-HTTP-POST.fuzz.txt → Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-HTTP-POST.fuzz.txt
View file

0
Discovery/Web-Content/CGI-Microsoft.fuzz.txt → Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-Microsoft.fuzz.txt
View file

0
Discovery/Web-Content/CGI-XPlatform.fuzz.txt → Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-XPlatform.fuzz.txt
View file

0
Discovery/Web-Content/CGIs.txt → Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGIs.txt
View file

30
Discovery/Web-Content/LEGACY-SERVICES/CGIs/README.md Normal file
View file

@ -0,0 +1,30 @@
# CGIs
These wordlists are for testing legacy systems that use **Common Gateway Interface** scripts.
## CGI-HTTP-POST-Windows.fuzz.txt
Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)
Source: https://github.com/deepak0401/Front-Page-Exploit
Date of last update: Aug 27, 2012
The last version of FrontPage was released on 2003.
## CGI-HTTP-POST.fuzz.txt
Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI".
Date of last update: Aug 27, 2012
This wordlist tests for the following vulnerabilities:
- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167).
- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803)
- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036)
- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836)
- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt).
## CGI-Microsoft.fuzz.txt
Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems.
Date of last update: Aug 27, 2012

5
Discovery/Web-Content/LEGACY-SERVICES/README.md Normal file
View file

@ -0,0 +1,5 @@
# LEGACY-SERVICES
What constitutes a "legacy" wordlist?
- The wordlist's content is more than 15 years old.
- The software for which the wordlist was made can no longer be obtained officially.

28
Discovery/Web-Content/README.md
View file

@ -8,34 +8,6 @@ Creation date: Aug 27, 2012
No updates have been made to this wordlist since its creation.
## CGI-HTTP-POST-Windows.fuzz.txt
Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)
Source: https://github.com/deepak0401/Front-Page-Exploit
Date of last update: Aug 27, 2012
The last version of FrontPage was released on 2003.
## CGI-HTTP-POST.fuzz.txt
Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI".
Date of last update: Aug 27, 2012
This wordlist tests for the following vulnerabilities:
- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167).
- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803)
- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036)
- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836)
- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt).
## CGI-Microsoft.fuzz.txt
Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems.
Date of last update: Aug 27, 2012
## raft-* wordlists
Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications.