DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. [...]
Tag Archive | "information disclosure"
The File Disclosure Browser takes .DS_Store files found on websites and parses through them to find a list of all potential files in the directory. It can then either just display the URLs for the files or if you give it a proxy it can browse to the files itself. The author wrote it after [...]
Something which caused some kind of stir last week was the hacking of the Canadian dating site Plenty of Fish (sometimes known as PoF) which rose to fame on the Webmaster forums for SEO due to a picture of Markus Frind holding an Adsense cheque for $132,000 for two months earning. For anyone not familiar [...]
This is actually a very old flaw as it’s part of the core HTTP standards, it’s exploiting the very way in which the Internet works. Basically most browsers expose browsing history if probed in the right way, the fact was that it was just too resource intensive to get any useful data. Someone has refined [...]
This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is [...]