Penetration Testing mailing list archives
Re: donloading jsp for pen-test
From: "arvind doraiswamy" <arvind.doraiswamy () gmail com>
Date: Sat, 12 Apr 2008 14:41:16 +0530
Hi Victor, I don't think this is going to be possible unless you can find out what directories the developers have stored the source of the pages(the Html ones) in. Most probably those directories will be hidden and not available by clicking links on the website. So unless you can brute force and guess the name of the directories you won't be able to get at the JSP's itself. For eg. All the HTML pages will be in something like: http://www.abc.com/public while the jsp's would be in http://www.abc.com/source/jsp ... Now unless you know that such a directory structure exists in the first place you wont be able to access it directly through a browser. You might want to try checking if a robots.txt file exists. You may be able to enumerate more directories from there. Brute forcing directory structure through a quickly written piece of code is an option as well but likely to be fruitless as mostly the sources directory; even if you find it will have strong permissions which'll prevent you from viewing content inside it. Its my first post so I'm not sure the list ID is correct; so do post it there if it doesnt appear :) Cheers Arvind ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- donloading jsp for pen-test victorfrankenstein (Apr 11)
- Re: donloading jsp for pen-test Todd Haverkos (Apr 12)
- Re: donloading jsp for pen-test Shreyas Zare (Apr 12)
- Re: donloading jsp for pen-test Deniz CEVIK (Apr 12)
- <Possible follow-ups>
- Re: donloading jsp for pen-test xx yy (Apr 12)
- Re: donloading jsp for pen-test arvind doraiswamy (Apr 12)