There is a good change that they are hard coded on the client side.
As I understand the scenario, the files are either stored permanently or generated on request, and the server sends a link to the page as part of a web page sent to the user that is supposed to read it.
While the page that contains the link will be dynamically built by the server, in many cases it would contain plain normal A HREF links when received by the client. In such a case client side code (XSS for example) could get the link using standard DOM access.
~ Ofer
Ofer Shezaf
CTO, Breach Security
Tel: +972.9.956.0036 ext.212
Cell: +972.54.443.1119
ofers_at_breach.com
http://www.breach.com
> -----Original Message-----
> From: Rafael San Miguel Carrasco [mailto:smcsoc_at_yahoo.es]
> Sent: Sunday, January 09, 2005 2:43 PM
> To: webappsec_at_securityfocus.com
> Cc: ofershezaf_at_breach.com
> Subject: Re: How to list all the URLs on a web server
>
>
> >Another option is XSS. If you have some XSS vulnerability, than what you
> >would want to steal from other users are these filenames.
> >
> >
>
> How would you do this? I think that might be possible only if links are
> hardcoded in the webpage, as in the case of URL rewriting.
>
> Greetings.
>
> -------------------------------
> Rafael San Miguel Carrasco
> Consultor Técnico - Jefe de Proyecto
> rafael.sanmiguel_at_dvc.es
> + 34 660 856 647
> + 34 902 464 546
> Davinci Consulting - www.dvc.es
> Oficina Madrid - Parque empresarial Alvento
> Via de los Poblados 1 Edificio A 6ª planta
> 28033 Madrid
> -------------------------------
Received on Jan 10 2005
Intro
