Posted: Thu Jul 01, 2010 6:36 am Post subject: Query: Brute Forcing/Listing/Guessing Files in a directory
Firstly i would like to thank the forum for giving me an opputunity to post. This is my first post
Coming to my question...
We have an application where a Certain Role (admin) uploads files by
selecting site ids. Users (non admin) mapped to these site id's can view and download
the files uploaded by the admin. If a file is uploaded in Site1; only the
admin and site1 users are provided the links to download the file. All the
files uploaded by the admin are in saved in a "Common Folder" in the server
and when Admin uploads the file: Test.xls (for example) in site1; it is
renamed as Test_site1_<current date>_random number.xls and saved in the
common folder.
When this application is accessed through a proxy in site1 user's login, we are
able to see the common folder and the file downloaded in the site map.
Manually we have called a site2 file in site1's login and we are able to
download it.
Can someone help me know if there anyway where any tool can discover all the
content present in "Common Folder" by using spider or any other option?
Your suggestion on this query will be of great help.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum