mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 21:35:27 +00:00
Merge pull request #219 from clem9669/patch-4
Add useful always existing windows file
This commit is contained in:
commit
e9ee3bb59b
@ -123,6 +123,14 @@ An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software
|
|||||||
|
|
||||||
### Interesting Windows files
|
### Interesting Windows files
|
||||||
|
|
||||||
|
Always existing file in recent Windows machine.
|
||||||
|
Ideal to test path traversal but nothing much interesting inside...
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
c:\windows\system32\license.rtf
|
||||||
|
c:\windows\system32\eula.txt
|
||||||
|
```
|
||||||
|
|
||||||
Interesting files to check out (Extracted from https://github.com/soffensive/windowsblindread)
|
Interesting files to check out (Extracted from https://github.com/soffensive/windowsblindread)
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
@ -167,5 +175,6 @@ The following log files are controllable and can be included with an evil payloa
|
|||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
* [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
|
||||||
* [Directory traversal attack - Wikipedia](https://en.wikipedia.org/wiki/Directory_traversal_attack)
|
* [Directory traversal attack - Wikipedia](https://en.wikipedia.org/wiki/Directory_traversal_attack)
|
||||||
* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)
|
* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)
|
||||||
|
Loading…
Reference in New Issue
Block a user