SecLists icon indicating copy to clipboard operation
SecLists copied to clipboard

Published 20 hours ago verified publisher icon danielmiessler

added new backupfiles in wordpress fuzz list

Open abhishekmorla opened this issue 2 years ago • 3 comments

credits to : https://www.linkedin.com/feed/update/urn:li:activity:6979486318774923264/

abhishekmorla avatar Sep 25 '22 17:09 abhishekmorla

This needs to be cleaned up. wordpress.fuzz.txt is for fuzzing wordpress. Paths such as ".vscode" and ".viminfo" have nothing to do with wordpress, so they should be in a different wordlist. a general fuzzing wordlist.

Also, what could be the benefit of knowing of the .viminfo and .vscode paths?

ItsIgnacioPortal avatar Sep 27 '22 20:09 ItsIgnacioPortal

.viminfo stores the command line history which can be beneficial in the initial enumeration of the site. if it's about CTFs then .vscode can also contain juicy information for the next flag.

shall I add these paths in the general wordlist and remove them from WordPress list?

abhishekmorla avatar Sep 28 '22 06:09 abhishekmorla

The following filenames are already in this repository but in other wordlists, and aren't related to wordpress:

  • .viminfo
  • .vscode
  • cgi-bin
  • .htaccess
  • config.codekit

I think it makes sense to add the rest:

  • dup-installer-bootlog
  • wp-snapshots
  • installer-backup.php
  • installer.php
  • wordfence-waf.php

Expect for a couple: What's the context behind license.tet, and i.php @abhishekmorla?

ItsIgnacioPortal avatar Oct 01 '22 07:10 ItsIgnacioPortal

Thanks for this @abhishekmorla

g0tmi1k avatar Nov 22 '22 12:11 g0tmi1k

@g0tmi1k this pull request wasn't ready for merging. Please read my previous comment here.

ItsIgnacioPortal avatar Nov 23 '22 04:11 ItsIgnacioPortal