You can also find the existence of directories this way as well.. apache will append the "/" to the end if a directory exists.. http://www.redhat.com/foo 404 http://www.redhat.com/products 301 to http://www.redhat.com/products/ Not really usefull here.. but if hitting a tricky webserver, very usefull for instance this webserver returns a 200 OK to every request sent but you can distinguish the existence of directories by looking for the 301 http://www.webappsecurity.com/foo 200 http://www.webappsecurity.com/foo/ 200 http://www.webappsecurity.com/webservers 301 to http://www.webappsecurity.com/webservers/ Directory exists. ----- Original Message ----- From: "Benjamin Elijah Griffin" <bgriffinat_private> To: <vuln-devat_private> Sent: Thursday, June 07, 2001 7:40 PM Subject: Re: script locations > > Easy trick for checking if a .html on an Apache server is a CGI or > similar: append a '/' to the URL. If the page loads it wasn't plain > html. Examples: > > http://www.apache.org/index.html 200 OK > http://www.apache.org/index.html/ 404 Not Found > > http://www.wired.com/index.html 200 OK > http://www.wired.com/index.html/ 200 OK > > Often times the links on the page (including images) break, but > that's mere cosmetics. > > Benjamin
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 18:43:55 PDT