directory listing from URL string

[ciads]

Is it possible for an attacker to list the contents of a directory they are in by entering something into the URL?

For example, attacker is doing reconn and is in:

http://www.foobar.com/foo1/foo2/foo3

foo3 is a directory where they are currently looknig at an html page can they enter or append anything to that URL string to list the contents of the directory?

Thanks,

CIADS

[Tedob1]

what os?

[ciads]

the os is Red Hat Linux / Apache

[bucket]

If foo2 is the parent directorty, how about deleting foo3 & hit the Enter key?
That has worked for me in the past.
I wouldn't think that appending information to the URL would lead to the parent directory.
That is my $.02 worth.

[smirc]

Yes, this possible. If you are parse a query string to a url that runs a CGI script, it is possible to run commands such as a directory listing (or much worse) on the remote machine. That's why when you write CGI programs, you can't trust user input. You have to validate everything. And it doesn't matter what operating system you're running. You are still vulnerable to this type of exploit.

[ciads]

bucket -

that won't work in this case because it would just take someone to the default page for foo2 I want to know if someone could list all the files in foo3

Thanks,

CIADS

[bucket]

HeyCiads:
Twice using that method I seem to have activated applets and unleashed an attack by: JS.Exception.Exploit

Those pornmasters are tricky.

[ciads]

bucket -

agreed, it can yield results - but in this case know that can't work because i made the dir structure so I am wondering if in this case, where each dir has a seperate set of web pages each with their own index page etc, can someone list all the files and dirs contained in foo3?
Thanks for your replys.

CIADS

[ac1dsp3ctrum]

You could try adding /?C=M&O=A to the end of your URL, for example http://www.oops.net/foo1/foo2/foo3/?C=M&O=A .... It might work...