WebApp Sec mailing list archives
Re: How to list all the URLs on a web server
From: PCSage Information Services <info () pcsage biz>
Date: Mon, 10 Jan 2005 06:03:13 -0500
I need some clarification of your environment to properly be of help... Is the application not using https?If not just sit a client on the same subnet and watch normal traffic to the webserver with a tool like ethereal or etherpeek... your client will soon see that there are plenty of ways to skin a cat...
It's all about networking after all... njoy the looks on their faces. Sean Swayze swayze AT pcsage DOT biz On 7-Jan-05, at 11:35 AM, Lists wrote:
Hi Everyone,I am auditing a system where files are stored on a web server and accessed without authentication directly by an application that knows each file URL. I don't like it but the app owner wants me to demonstrate that someone could guess the URLs. I have tried a number of spider tools but they are based on links so they don't pull up anything.I am wondering if there is a tool or another method where I could find out all the URLs on the web site. The funny thing is I saw this same kind of system with the same explanation just the other week at another company. Maybe its a new trend...Regards, sakaba
Current thread:
- How to list all the URLs on a web server Lists (Jan 07)
- Re: How to list all the URLs on a web server skill2die4 (Jan 08)
- RE: How to list all the URLs on a web server Lyal Collins (Jan 08)
- Re: How to list all the URLs on a web server GuidoZ (Jan 08)
- Re: How to list all the URLs on a web server Dan Connelly (Jan 09)
- Re: How to list all the URLs on a web server PCSage Information Services (Jan 10)
- <Possible follow-ups>
- RE: How to list all the URLs on a web server Ofer Shezaf (Jan 08)
- Re: How to list all the URLs on a web server Rafael San Miguel Carrasco (Jan 09)
- Re: How to list all the URLs on a web server tie (Jan 09)
- Re: How to list all the URLs on a web server michaelsilk (Jan 08)
- RE: How to list all the URLs on a web server Ofer Shezaf (Jan 10)