From ad28dd602408c95eaa12beb043907d26e4d1c97f Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 04:54:35 -0300 Subject: [PATCH] feat(docs): Added documentation for 'CGI-HTTP-POST.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index b07c8d92..52fed24d 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -24,6 +24,17 @@ Source: https://github.com/deepak0401/Front-Page-Exploit Date of last update: Aug 27, 2012 The last version of FrontPage was released on 2003. +## CGI-HTTP-POST.fuzz.txt +Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". +Date of last update: Aug 27, 2012 + +This wordlist tests for the following vulnerabilities: +- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167). +- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803) +- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036) +- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) +- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/)