1.6 KiB
Les URL à éviter :
Les URL d'admin
/admin/ /WebAdmin/ /administrator/ /system/ /manager/ /power/ /adminaccess/ /admin.php
Les éditeurs
/editor/ /editor/editor/ /editorold/editor/ /editor1/editor/
FCKEditor
/fckeditor/ /fck/editor/
TinyMCE
/tinymce/plugins/filemanager/ /apqvtinymce/plugins/filemanager/ /jscripts/tiny_mce/plugins/filemanager/ /tiny_mce/plugins/filemanager/ /hznttiny_mce/plugins/filemanager/ /tinymce/plugins/imagemanager/ /sabrtiny_mce/plugins/imagemanager/ /tiny_mce/plugins/imagemanager/ /edeutinymce/plugins/imagemanager/ /tiny_mce/plugins/tinybrowser/ /tinymce/plugins/tinybrowser/ /tiny_mce/plugins/ajaxfilemanager/ /tinymce/plugins/ajaxfilemanager/
Les plugins d'upload
/com_simplephotogallery/lib/uploadFile.php /php-ofc-library/ofc_upload_image.php /plugins/editors/idoeditor/themes/advanced/php/image.php /mod_artuploader/upload.php /com_joomsport/includes/imgres.php /com_pinboard/popup/popup.php /open-flash-chart/ofc_upload_image.php /com_extplorer/uploadhandler.php /uploadify/uploadify.php /pm_advancedsearch4/js/uploadify/uploadify.php /com_agileplmform/ /com_creativecontactform/fileupload/ /elfinder/connector/php/connector.php /lpxielfinder/connector/php/connector.php /spaw2/dialogs/dialog.php (https://www.exploit-db.com/exploits/12672)
Wordpress
/wp-admin/ /wp-content/plugins/revolution-slider/ /wp-content/plugins/revslider/ /wp-content/plugins/wp-symposium-pro/ /wp-login.php /wp-content/plugins/akismet/akismet.js /xmlrpc.php (?)
Divers
/webmaster/ /sys/ /include/ /cgi-sys/suspendedpage.cgi /FileZilla.xml /user (?)