RE: How to list all the URLs on a web server

["Ofer Shezaf" <Ofer.Shezaf () breach com>]

There is a good change that they are hard coded on the client side.

As I understand the scenario, the files are either stored permanently or generated on request, and the server sends a 
link to the page as part of a web page sent to the user that is supposed to read it. 

While the page that contains the link will be dynamically built by the server, in many cases it would contain plain 
normal A HREF links when received by the client. In such a case client side code (XSS for example) could get the link 
using standard DOM access.

~ Ofer

Ofer Shezaf
CTO, Breach Security

Tel: +972.9.956.0036 ext.212
Cell: +972.54.443.1119
ofers () breach com
http://www.breach.com 


> -----Original Message-----
> From: Rafael San Miguel Carrasco [mailto:smcsoc () yahoo es]
> Sent: Sunday, January 09, 2005 2:43 PM
> To: webappsec () securityfocus com
> Cc: ofershezaf () breach com
> Subject: Re: How to list all the URLs on a web server
>
>
> > Another option is XSS. If you have some XSS vulnerability, than what you
> > would want to steal from other users are these filenames.
>
> How would you do this? I think that might be possible only if links are
> hardcoded in the webpage, as in the case of URL rewriting.
>
> Greetings.
>
> -------------------------------
> Rafael San Miguel Carrasco
> Consultor Técnico - Jefe de Proyecto
> rafael.sanmiguel () dvc es
> + 34 660 856 647
> + 34 902 464 546
> Davinci Consulting - www.dvc.es
> Oficina Madrid - Parque empresarial Alvento
> Via de los Poblados 1 Edificio A 6ª planta
> 28033 Madrid
> -------------------------------