scenario for directory indexing. There have been numerous
vulnerabilities identified on many web servers, which will result
in directory indexing if specific HTTP requests are sent.
3)
Google cache database may contain historical data that would
include directory indexes from past scans of a specific web site.
References
Directory Indexing Vulnerability Alerts
http://www.securityfocus.com/bid/1063
http://www.securityfocus.com/bid/6721
http://www.securityfocus.com/bid/8898
Nessus "Remote File Access" Plugin Web page
http://cgi.nessus.org/plugins/dump.php3?family=Remote%20file%20a
ccess
Web Site Indexer Tools
http://www.download freeware
shareware.com/Internet.php?Theme=112
Intrustion Prevention for Web
http://www.modsecurity.org
Search Engines as a Security Threat
http://it.korea.ac.kr/class/2002/software/Reading%20List/Search%20
Engines%20as%20a%20Security%20Threat.pdf
The Google Hacker s Guide
http://johnny.ihackstuff.com/security/premium/The_Google_Hackers_
Guide_v1.0.pdf
47
Copyright 2004, Web Application Security Consortium. All rights reserved.
Unlimited Web Hosting
|
|
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |