diff --git a/Discovery/Web-Content/CGI-HTTP-POST-Windows.fuzz.txt b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-HTTP-POST-Windows.fuzz.txt similarity index 100% rename from Discovery/Web-Content/CGI-HTTP-POST-Windows.fuzz.txt rename to Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-HTTP-POST-Windows.fuzz.txt diff --git a/Discovery/Web-Content/CGI-HTTP-POST.fuzz.txt b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-HTTP-POST.fuzz.txt similarity index 100% rename from Discovery/Web-Content/CGI-HTTP-POST.fuzz.txt rename to Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-HTTP-POST.fuzz.txt diff --git a/Discovery/Web-Content/CGI-Microsoft.fuzz.txt b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-Microsoft.fuzz.txt similarity index 100% rename from Discovery/Web-Content/CGI-Microsoft.fuzz.txt rename to Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-Microsoft.fuzz.txt diff --git a/Discovery/Web-Content/CGI-XPlatform.fuzz.txt b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-XPlatform.fuzz.txt similarity index 100% rename from Discovery/Web-Content/CGI-XPlatform.fuzz.txt rename to Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGI-XPlatform.fuzz.txt diff --git a/Discovery/Web-Content/CGIs.txt b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGIs.txt similarity index 100% rename from Discovery/Web-Content/CGIs.txt rename to Discovery/Web-Content/LEGACY-SERVICES/CGIs/CGIs.txt diff --git a/Discovery/Web-Content/LEGACY-SERVICES/CGIs/README.md b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/README.md new file mode 100644 index 00000000..1f0d2387 --- /dev/null +++ b/Discovery/Web-Content/LEGACY-SERVICES/CGIs/README.md @@ -0,0 +1,30 @@ +# CGIs + +These wordlists are for testing legacy systems that use **Common Gateway Interface** scripts. + +## CGI-HTTP-POST-Windows.fuzz.txt +Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage) + +Source: https://github.com/deepak0401/Front-Page-Exploit + +Date of last update: Aug 27, 2012 + +The last version of FrontPage was released on 2003. + +## CGI-HTTP-POST.fuzz.txt +Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". + +Date of last update: Aug 27, 2012 + +This wordlist tests for the following vulnerabilities: +- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167). +- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803) +- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036) +- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) +- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). + + +## CGI-Microsoft.fuzz.txt +Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. + +Date of last update: Aug 27, 2012 \ No newline at end of file diff --git a/Discovery/Web-Content/LEGACY-SERVICES/README.md b/Discovery/Web-Content/LEGACY-SERVICES/README.md new file mode 100644 index 00000000..5d767282 --- /dev/null +++ b/Discovery/Web-Content/LEGACY-SERVICES/README.md @@ -0,0 +1,5 @@ +# LEGACY-SERVICES + +What constitutes a "legacy" wordlist? +- The wordlist's content is more than 15 years old. +- The software for which the wordlist was made can no longer be obtained officially. \ No newline at end of file diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index e5558431..dd3fd249 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -8,34 +8,6 @@ Creation date: Aug 27, 2012 No updates have been made to this wordlist since its creation. -## CGI-HTTP-POST-Windows.fuzz.txt -Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage) - -Source: https://github.com/deepak0401/Front-Page-Exploit - -Date of last update: Aug 27, 2012 - -The last version of FrontPage was released on 2003. - -## CGI-HTTP-POST.fuzz.txt -Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". - -Date of last update: Aug 27, 2012 - -This wordlist tests for the following vulnerabilities: -- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167). -- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803) -- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036) -- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) -- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). - - -## CGI-Microsoft.fuzz.txt -Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. - -Date of last update: Aug 27, 2012 - - ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications.