2015-09-11 23:39:11 +00:00
|
|
|
Notes:
|
|
|
|
|
|
2015-09-16 02:46:27 +00:00
|
|
|
**source-disc-cmd-exec-traversal.txt**
|
2015-09-16 02:46:49 +00:00
|
|
|
|
2015-09-11 23:39:11 +00:00
|
|
|
single directory traversals that have caused showcode or command exec issues in the past
|
2015-09-16 02:47:08 +00:00
|
|
|
|
2015-09-16 02:45:46 +00:00
|
|
|
``` GET /path/*payload*relative/path/to/target/file/ ```
|
2015-09-11 23:39:11 +00:00
|
|
|
|
2015-09-16 02:46:27 +00:00
|
|
|
**source-disclosure-generic.txt**
|
2015-09-16 02:46:49 +00:00
|
|
|
|
2015-09-11 23:39:11 +00:00
|
|
|
known cross platform source Code, file disclosure attack patterns - append after file or dir path
|
|
|
|
|
|
2015-09-16 02:46:27 +00:00
|
|
|
**source-disclosure-microsoft.txt**
|
2015-09-16 02:46:49 +00:00
|
|
|
|
2015-09-11 23:39:11 +00:00
|
|
|
microsoft-specific - appends after filename - try the generic list for microsoft, too
|
|
|
|
|
|
|
|
|
|
|
