Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec: How to list all the URLs on a web server

How to list all the URLs on a web server

From: Lists <sakaba_at_alexandria.cc>
Date: Sat, 8 Jan 2005 01:35:08 +0900

Hi Everyone,

I am auditing a system where files are stored on a web server and
accessed without authentication directly by an application that knows
each file URL. I don't like it but the app owner wants me to
demonstrate that someone could guess the URLs. I have tried a number
of spider tools but they are based on links so they don't pull up
anything.

I am wondering if there is a tool or another method where I could find
out all the URLs on the web site. The funny thing is I saw this same
kind of system with the same explanation just the other week at another
company. Maybe its a new trend...

Regards,
sakaba
Received on Jan 07 2005

This message: [ Message body ]
Next message: Weiler, Jim: "RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications""
Previous message: Alfred Hitchcock: "HTMLEncode"
Next in thread: Ofer Shezaf: "RE: How to list all the URLs on a web server"
Maybe reply: Ofer Shezaf: "RE: How to list all the URLs on a web server"
Reply: skill2die4_at_secguru.com: "Re: How to list all the URLs on a web server"
Reply: Lyal Collins: "RE: How to list all the URLs on a web server"
Maybe reply: michaelsilk_at_gmail.com: "Re: How to list all the URLs on a web server"
Reply: GuidoZ: "Re: How to list all the URLs on a web server"
Reply: Dan Connelly: "Re: How to list all the URLs on a web server"
Reply: PCSage Information Services: "Re: How to list all the URLs on a web server"
Maybe reply: Ofer Shezaf: "RE: How to list all the URLs on a web server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]