[mekros]

im a writer for a local paper and my editor assigned me to write an article about the security implications of having the parent directory (or any directory) of your system available to Internet users... something like this:

site:org intext:"Parent directory"

im quite new about that issue and maybe someone from this board can help me... thanks... :)

[FuzZyBeeR]

You mean the open dir viewing? As far as i know it's not vuln. You can only see the version of apache running, but you can see that by simply logging oon with telnet to the webserver.

You can turn it off at the webserver by changing a line in the config or put a index.html in the dir. That way the contents of the folers won't show.

The only things you see is the contents of the webfolder and nothing on top of that. It's not about browsing the whole servers root. Except it the root of the server is the webroot of the webserver, but you must be really stupid to set your webserver up that way.

Maibe ou can browse to some configfiles of a webpage and read you the sql database login and pass, but only if you're lucky. If php is enabeled all php files will be parsed before sending it to the client so you can't read shit :)


Nothing more i can come up with for now.

de keutel

[FuzZyBeeR]

SyN/AcK, on Oct 25 2004, 02:10 PM, said:

I'd like to think you aren't talking about the unicode exploit since that is such old news.  Seriously, this sounds like the stupidest topic for an article ever, and you should just tell your boss that the idea sucks.

<{POST_SNAPBACK}>

heh that opinion is quite clear :rolleyes: