Query: Brute Forcing/Listing/Guessing Files in a directory

Networking/Security Forums -> Exploits // System Weaknesses

Author: s.surendharan PostPosted: Thu Jul 01, 2010 6:36 am    Post subject: Query: Brute Forcing/Listing/Guessing Files in a directory
    ----
Firstly i would like to thank the forum for giving me an opputunity to post. This is my first post

Coming to my question...

We have an application where a Certain Role (admin) uploads files by
selecting site ids. Users (non admin) mapped to these site id's can view and download
the files uploaded by the admin. If a file is uploaded in Site1; only the
admin and site1 users are provided the links to download the file. All the
files uploaded by the admin are in saved in a "Common Folder" in the server
and when Admin uploads the file: Test.xls (for example) in site1; it is
renamed as Test_site1_<current date>_random number.xls and saved in the
common folder.

When this application is accessed through a proxy in site1 user's login, we are
able to see the common folder and the file downloaded in the site map.

Manually we have called a site2 file in site1's login and we are able to
download it.
Can someone help me know if there anyway where any tool can discover all the
content present in "Common Folder" by using spider or any other option?

Your suggestion on this query will be of great help.

Thank You in advance....



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group