Directory Listing

GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers

mekros

Oct 25 2004, 08:50 AM

im a writer for a local paper and my editor assigned me to write an article about the security implications of having the parent directory (or any directory) of your system available to Internet users... something like this:

site:org intext:"Parent directory"

im quite new about that issue and maybe someone from this board can help me... thanks...

FuzZyBeeR

Oct 25 2004, 10:12 AM

You mean the open dir viewing? As far as i know it's not vuln. You can only see the version of apache running, but you can see that by simply logging oon with telnet to the webserver.

You can turn it off at the webserver by changing a line in the config or put a index.html in the dir. That way the contents of the folers won't show.

The only things you see is the contents of the webfolder and nothing on top of that. It's not about browsing the whole servers root. Except it the root of the server is the webroot of the webserver, but you must be really stupid to set your webserver up that way.

Maibe ou can browse to some configfiles of a webpage and read you the sql database login and pass, but only if you're lucky. If php is enabeled all php files will be parsed before sending it to the client so you can't read shit

Nothing more i can come up with for now.

de keutel

SyN/AcK

Oct 25 2004, 02:10 PM

I'd like to think you aren't talking about the unicode exploit since that is such old news. Seriously, this sounds like the stupidest topic for an article ever, and you should just tell your boss that the idea sucks.

FuzZyBeeR

Oct 25 2004, 02:15 PM

QUOTE(SyN/AcK @ Oct 25 2004, 02:10 PM)

heh that opinion is quite clear

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Directory Listing GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers mekros Oct 25 2004, 08:50 AM im a writer for a local paper and my editor assigned me to write an article about the security implications of having the parent directory (or any directory) of your system available to Internet users... something like this: site:org intext:"Parent directory" im quite new about that issue and maybe someone from this board can help me... thanks... FuzZyBeeR Oct 25 2004, 10:12 AM You mean the open dir viewing? As far as i know it's not vuln. You can only see the version of apache running, but you can see that by simply logging oon with telnet to the webserver. You can turn it off at the webserver by changing a line in the config or put a index.html in the dir. That way the contents of the folers won't show. The only things you see is the contents of the webfolder and nothing on top of that. It's not about browsing the whole servers root. Except it the root of the server is the webroot of the webserver, but you must be really stupid to set your webserver up that way. Maibe ou can browse to some configfiles of a webpage and read you the sql database login and pass, but only if you're lucky. If php is enabeled all php files will be parsed before sending it to the client so you can't read shit Nothing more i can come up with for now. de keutel SyN/AcK Oct 25 2004, 02:10 PM I'd like to think you aren't talking about the unicode exploit since that is such old news. Seriously, this sounds like the stupidest topic for an article ever, and you should just tell your boss that the idea sucks. FuzZyBeeR Oct 25 2004, 02:15 PM QUOTE(SyN/AcK @ Oct 25 2004, 02:10 PM) I'd like to think you aren't talking about the unicode exploit since that is such old news. Seriously, this sounds like the stupidest topic for an article ever, and you should just tell your boss that the idea sucks. heh that opinion is quite clear This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.