Windows and Linux Sensitive Directory Path Summary

Abstract: This article describes how to exploit file inclusion and arbitrary file download vulnerabilities. It provides file lookup commands for different operating systems, lists common configuration file names for Apache, MySQL, PHP, etc., and mentions sensitive files and information, such as probe pages, system files, and critical paths in content management systems (CMS). In addition, default paths for website building tools such as XAMPP and phpStudy are covered, along with relevant files for common CMS platforms.

0x01 Basic Information

When encountering vulnerabilities such as file inclusion or arbitrary file download, the information in this article can be utilised to facilitate subsequent attacks.

0x02 Configuration Files