[WEB SECURITY] Web App Defaults DB

Rob Fuller jd.mubix at gmail.com
Sun Mar 10 21:19:34 EDT 2013


Last year at Derbycon, Gillis Jones ( https://twitter.com/Gillis57 )
released something he'd been working on for a number of years. He called it
"BAdmin". Basically it was a list of information, including default
credentials and paths for a large number of CMSs

I attended his talk and loved the resource. I approached him at ShmooCon
this year about it being difficult to contribute to the DB. We came up with
a combined effort to get in onto Github to make it public and easy to
access like BAdmin was, but also add in the ability for it to grow with
community support.

Hence https://github.com/WebAppDefaultsDB was born.

There are two repos, the first is cmsdefaultsdb which is basically homage
to Gillis' original work and once completed from his original work wont
change or be updated.

The other is https://github.com/WebAppDefaultsDB/webappdefaultsdb where we
plan to expand past CMSs to every type of web app we can imagine.

Right now this is in a real alpha phase and we are still learning what is
the best format for consumption by the community, but we could use your
help, thought, opinions, and knowledge of defaults.

Looking forward to making this a great resource for all. Thanks for your
time.

Also, if you aren't a Git fan and don't want to mess with it, I've created
an email account you can just shoot us info in any format you wish:
webappdefaultsdb_submissions at room362.com

(yes, I'll take PDFs, ZIPs, RARs, and DOCXM if you want to send exploits my
way) ;-)

--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130310/ea506662/attachment-0003.html>


More information about the websecurity mailing list