feat(docs): Added documentation for 'iis-systemweb.txt' wordlist

2026-02-15 20:16:38 +01:00 · 2024-10-09 06:34:19 -03:00 · 2024-10-09 06:34:19 -03:00 · d1344a99c2
commit d1344a99c2
parent 2191d02d4f
1 changed files with 32 additions and 1 deletions
--- a/Discovery/Web-Content/README.md
+++ b/Discovery/Web-Content/README.md
@ -138,4 +138,35 @@ Use for: Fuzzing for common filepaths in webpages served with **[Glassfish - Sun
 Year of the first release of Glassfish: [2005](https://en.wikipedia.org/wiki/GlassFish)
 Glassfish is still in recieving updates as of 2024.

-Date of last update: Oct 14, 2010
+Date of last update: Oct 14, 2010
+
+
+## Oracle-EBS-wordlist.txt
+Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11.
+
+EBS v11 exposes:
+- usernames
+- ports
+- OS information
+- protocol information
+- Unauthenticated file upload
+- Cookie contents
+- SHA-1 hashed passwords
+
+As an Unauthenticated user it's also possible to:
+- Create forms
+- Get servlets status
+- Get certain configuration files
+
+Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/
+
+Date of last update: Oct 7, 2019
+
+
+## iis-systemweb.txt
+Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible.
+
+Reference: https://github.com/irsdl/IIS-ShortName-Scanner
+Discussion: https://github.com/danielmiessler/SecLists/pull/783
+
+Date of last update: Jun 27, 2022