Another way to find the URLs of hidden files is to gain access to the
server logs or to some statistics derived from these logs.
More often than not webmasters generate web site statistics (HTML
documents with graphics) and publish these statistics on the same site,
using some easy to remember/guess name (for example,
www.websites.com/stats/). Sometimes, these are password-protected, but
attacking the passwords would be usually easier than trying to
bruteforce filenames that you have no information of. These statistics
usually contain a list of all accessed URLs.
Also, if you can get the application code, it will be fairly easy to get
the exact URLs. Another option would be to run a sniffer on the same
network segment where the application works.
Anyway, automated brute-forcing should be your last resort.
Regards,
tie
>>-----Original Message-----
>>From: Lists [mailto:sakaba_at_alexandria.cc]
>>Sent: Friday, January 07, 2005 6:35 PM
>>To: webappsec_at_securityfocus.com
>>Subject: How to list all the URLs on a web server
>>
>>Hi Everyone,
>>
>>I am auditing a system where files are stored on a web server and
>>accessed without authentication directly by an application that knows
>>each file URL. I don't like it but the app owner wants me to
>>demonstrate that someone could guess the URLs. I have tried a number
>>of spider tools but they are based on links so they don't pull up
>>anything.
>>
>>I am wondering if there is a tool or another method where I could find
>>out all the URLs on the web site. The funny thing is I saw this same
>>kind of system with the same explanation just the other week at
>>
>>
>another
>
>
>>company. Maybe its a new trend...
>>
>>Regards,
>>sakaba
>>
>>
>
>
>
>
>
>
Received on Jan 10 2005
Intro
