SecLists icon indicating copy to clipboard operation
SecLists copied to clipboard

Published 20 hours ago verified publisher icon danielmiessler

Create iis-systemweb.txt

Open J-GainSec opened this issue 2 years ago • 4 comments

Sourced from https://github.com/GainSec/TreeHouse-Wordlists/blob/master/IIS_Systemweb_fuzz-WL.txt

A IIS /system_web/ wordlist.

J-GainSec avatar Jun 27 '22 17:06 J-GainSec

What would be the purpose of this wordlist? Why would you want to fuzz that IIS folder?

I can only imagine it being useful for spidering

ItsIgnacioPortal avatar Jun 28 '22 11:06 ItsIgnacioPortal

There can be CGIs or other scripts accessible in the /aspnet_client/system_web/* directories even if the ladder two directories are inaccessible . I've encountered CKEditor being there before off the top of my head.

It's useful to help with discovery when the IIS instance is vulnerable to tilde enumeration since it only discloses a short bit of the directory:

https://github.com/irsdl/IIS-ShortName-Scanner

Also most IIS instances redirect when not including a trailing slash so you can enumerate which numbered directories exist via this wordlist using that as well.

J-GainSec avatar Jun 28 '22 13:06 J-GainSec

There can be CGIs

Do you mean "CGI" as in Common Gateway Interface?

ItsIgnacioPortal avatar Jun 29 '22 01:06 ItsIgnacioPortal

Yes

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/cgi

J-GainSec avatar Jun 29 '22 09:06 J-GainSec

Thank you!

g0tmi1k avatar Aug 02 '22 05:08 g0tmi1k