Is it possible for an attacker to list the contents of a directory they are in by entering something into the URL?
For example, attacker is doing reconn and is in:
http://www.foobar.com/foo1/foo2/foo3
foo3 is a directory where they are currently looknig at an html page can they enter or append anything to that URL string to list the contents of the directory?
Thanks,
CIADS