
A public list of URLs generally useful to webapp testers and pentesters

Web App Defaults URL list

A public list of URLs generally useful to webapp testers and pentesters.

This will start off as a single list but could certainly grow into a much more organized set of lists.

Started here: https://etherpad.mozilla.org/weburl-easywins

The List

/?Workshop/valid_page_name_in_current_directory&login #CMSimple login panel
/administration/index.php #  (php fusion?)
/administrator/ #  (joomla) (idk if peeps still even use joomla xD)
/c99.php # and others(r57 pls)
/cgi-bin/cvsweb # <- RANCID
/cgi-bin/php # http://www.exploit-db.com/exploits/29290/ CVE-2012-1823
/cgi-bin/php5 # http://www.exploit-db.com/exploits/29290/ CVE-2012-1823
/index.php?url=admin #Tango admin panel when SEF not supported/enabled
/user.php #   (Zikula)

Other Tricks

  • Add a ~ to any .php you see.
  • Also add # to any .php you see; example wp-config.php# (for all the emacs users that somehow are still alive)
  • Add .bak or .old after any .php you see (Or replace .php with them) - may still get preprocessed though. e.g. index.php --> index.php.old, index.bak etc.
  • Try .phps for php source, alternate naming convention
  • Some places still use test.domain.tld for testing new configurations before deploying, may have different access controls that allow you to see directory listings, etc