Yep, whisker has a pretty good database, but I just found this one yesterday.. http://www.ukrt.f2s.com/bugs.htm Which has a pretty good and complete list of all sorts of CGIs and vulnerabilities I've never seen before.. // Chris tobkinat_private -----Original Message----- From: H D Moore [mailto:hdmat_private] Sent: Wednesday, May 23, 2001 8:11 PM To: Alberto Grazi; PEN-TESTat_private Subject: Re: Word lists, again... The database which comes with Whisker is fairly complete, albiet the vulnerability checks are outdated. You can find a copy online at http://www.wiretrip.net/rfp/ On Wednesday 23 May 2001 04:53 am, Alberto Grazi wrote: > Hi, > during a pen-test I have found a directory which probably has exec > permission. > Since I didn't have any name of files (listing is not allowed) my > approach was to try a sort of "dictionary attack" on the URL. > I tried with a normal English dictionary but it didn't find anything > (each word was truncated to the 8th char and ".exe" was appended)... > does anyone know if there is a list of common names of CGIs available > (for Unix and win platforms) ? > > Thx > > Alberto ---------------------------------------- Content-Type: application/x-pkcs7-signature; charset="iso-8859-1"; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Description: ----------------------------------------
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 07:13:01 PDT