-
March 3rd, 2002, 11:40 PM
#1
Junior Member
directory listing from URL string
Is it possible for an attacker to list the contents of a directory they are in by entering something into the URL?
For example, attacker is doing reconn and is in:
http://www.foobar.com/foo1/foo2/foo3
foo3 is a directory where they are currently looknig at an html page can they enter or append anything to that URL string to list the contents of the directory?
Thanks,
CIADS
-
March 3rd, 2002, 11:58 PM
#2
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 3rd, 2002, 11:59 PM
#3
Junior Member
the os is Red Hat Linux / Apache
-
March 4th, 2002, 12:05 AM
#4
If foo2 is the parent directorty, how about deleting foo3 & hit the Enter key?
That has worked for me in the past.
I wouldn't think that appending information to the URL would lead to the parent directory.
That is my $.02 worth.
-
March 4th, 2002, 12:11 AM
#5
Yes, this possible. If you are parse a query string to a url that runs a CGI script, it is possible to run commands such as a directory listing (or much worse) on the remote machine. That's why when you write CGI programs, you can't trust user input. You have to validate everything. And it doesn't matter what operating system you're running. You are still vulnerable to this type of exploit.
OpenBSD - The proactively secure operating system.
-
March 4th, 2002, 12:11 AM
#6
Junior Member
bucket -
that won't work in this case because it would just take someone to the default page for foo2 I want to know if someone could list all the files in foo3
Thanks,
CIADS
-
March 4th, 2002, 01:00 AM
#7
HeyCiads:
Twice using that method I seem to have activated applets and unleashed an attack by: JS.Exception.Exploit
Those pornmasters are tricky.
-
March 4th, 2002, 01:05 AM
#8
Junior Member
bucket -
agreed, it can yield results - but in this case know that can't work because i made the dir structure so I am wondering if in this case, where each dir has a seperate set of web pages each with their own index page etc, can someone list all the files and dirs contained in foo3?
Thanks for your replys.
CIADS
-
March 4th, 2002, 03:14 AM
#9
You could try adding /?C=M&O=A to the end of your URL, for example http://www.oops.net/foo1/foo2/foo3/?C=M&O=A .... It might work...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|