Vulnerability Development mailing list archives
Re: script locations
From: "spi" <securityguru () earthlink net>
Date: Thu, 7 Jun 2001 20:51:28 -0400
You can also find the existence of directories this way as well.. apache will append the "/" to the end if a directory exists.. http://www.redhat.com/foo 404 http://www.redhat.com/products 301 to http://www.redhat.com/products/ Not really usefull here.. but if hitting a tricky webserver, very usefull for instance this webserver returns a 200 OK to every request sent but you can distinguish the existence of directories by looking for the 301 http://www.webappsecurity.com/foo 200 http://www.webappsecurity.com/foo/ 200 http://www.webappsecurity.com/webservers 301 to http://www.webappsecurity.com/webservers/ Directory exists. ----- Original Message ----- From: "Benjamin Elijah Griffin" <bgriffin () gracenote com> To: <vuln-dev () securityfocus com> Sent: Thursday, June 07, 2001 7:40 PM Subject: Re: script locations
Easy trick for checking if a .html on an Apache server is a CGI or similar: append a '/' to the URL. If the page loads it wasn't plain html. Examples: http://www.apache.org/index.html 200 OK http://www.apache.org/index.html/ 404 Not Found http://www.wired.com/index.html 200 OK http://www.wired.com/index.html/ 200 OK Often times the links on the page (including images) break, but that's mere cosmetics. Benjamin
Current thread:
- script locations Michal Zalewski (Jun 07)
- RE: script locations Zane Hill (Jun 07)
- Re: script locations Dougal Campbell (Jun 07)
- Re: script locations Blue Boar (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations Vitaly Osipov (Jun 08)
- <Possible follow-ups>
- RE: script locations Alex Andrews (Jun 07)
- RE: script locations Michal Zalewski (Jun 07)
- Re: script locations Benjamin Elijah Griffin (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations securityforums (Jun 14)