('binary' encoding is not supported, stored as-is)
In-Reply-To: <17ADFE40-60CA-11D9-8241-000A95C42430_at_alexandria.cc>
Hi,
The main problem with linkable filenames like that is not that they are easily guessable, but that they are predictable from previous information.
Basically, if you can guess a future filename from a previous one, or an employee in the company can guess filenames based on the "algorithm" (i.e. date?, etc) then you have a problem.
The request to prove that it can be guessed should be approached in this manner. It's not really practical to guess the filename unless you can restrict the the possible names in some fashion - figure out how to do this and then you can prove something :)
As for a tool to view all URLS (you mean files) on a webserver - no, it's not possible unless the server provides some means to do it (i.e. enabled "directory browsing" in iis, etc). And typically this will be disabled.
-- Michael
>Hi Everyone,
>
>I am auditing a system where files are stored on a web server and
>accessed without authentication directly by an application that knows
>each file URL. I don't like it but the app owner wants me to
>demonstrate that someone could guess the URLs. I have tried a number
>of spider tools but they are based on links so they don't pull up
>anything.
>
>I am wondering if there is a tool or another method where I could find
>out all the URLs on the web site. The funny thing is I saw this same
>kind of system with the same explanation just the other week at another
>company. Maybe its a new trend...
>
>Regards,
>sakaba
Received on Jan 09 2005
Intro
