What is an Exploitable URL?
DNR mentioned one in this thread:
http://suck-o.com/modules.php?name=Foru ... pic&t=5534
Exploitable URL
Exploitable URL
Sprich mit mir!
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
hm, in general it's simply an URL that exploits a vulnerability in a website.
how such an URL looks depends on the vulnerability, have a look at:
http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Remote_File_Inclusion
http://en.wikipedia.org/wiki/Cross-site_scripting
those are the most common techniques to exploit a vulnerability via browser...
how such an URL looks depends on the vulnerability, have a look at:
http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Remote_File_Inclusion
http://en.wikipedia.org/wiki/Cross-site_scripting
those are the most common techniques to exploit a vulnerability via browser...
i know it's an old post but i was looking around and something caught my eyesDNR wrote:yes, thanks BB, also there is directory traversing, which may still work on some servers.
DNR
what is a directory traversing ???
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"
directory traversal is due to bad priviledges assigned to certain directories, if you properly traverse the directory you can view everything in it.
For example you check out a site or a link like:
http://conference.hackinthebox.org/hitb ... agenda.pdf
you find a link for a paper ..
http://conference.hackinthebox.org/hitb ... e%20Go.pdf
Directories with PDF are vulnerable to this traversal - so any time you get a link to a PDF - cut the URL down to get to the directory..
http://conference.hackinthebox.org/hitb ... materials/
now you have all the documents to browse through - some of these docs or files were assumed to be hidden and can be interesting to read.
So, search for "Filetype:pdf <whatever subject>" and as the PDF is loading, stop the page, and cut back the URL...
Use "Parent Directory" link in the page to advance another directory...
I am not sure if directory traversal is illegal, as anyone could 'fudge up' typing in a URL... or clicking on this and that...
DNR
For example you check out a site or a link like:
http://conference.hackinthebox.org/hitb ... agenda.pdf
you find a link for a paper ..
http://conference.hackinthebox.org/hitb ... e%20Go.pdf
Directories with PDF are vulnerable to this traversal - so any time you get a link to a PDF - cut the URL down to get to the directory..
http://conference.hackinthebox.org/hitb ... materials/
now you have all the documents to browse through - some of these docs or files were assumed to be hidden and can be interesting to read.
So, search for "Filetype:pdf <whatever subject>" and as the PDF is loading, stop the page, and cut back the URL...
Use "Parent Directory" link in the page to advance another directory...
I am not sure if directory traversal is illegal, as anyone could 'fudge up' typing in a URL... or clicking on this and that...
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
wooow that's amazing
it's like a tutorial + a step by step guide + ...
we should have more post like this one around
amazing
thanks DNR
and about if it's illegal i don't have any idea... but i agree with you
it's like a tutorial + a step by step guide + ...
we should have more post like this one around
amazing
thanks DNR
and about if it's illegal i don't have any idea... but i agree with you
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"
I'll show you how to load the gun and shoot it very well. What you do with the skill is up to you.
If you use the skill for good reasons, then you are a positive, worthy warrior for the cause.
If you use it for evil, then you are going to be a part of my food chain - bad people are my job security.
What we teach is not good or bad - its how you will use the knowledge that makes it good or bad.
Shoot and Scoot
DNR
If you use the skill for good reasons, then you are a positive, worthy warrior for the cause.
If you use it for evil, then you are going to be a part of my food chain - bad people are my job security.
What we teach is not good or bad - its how you will use the knowledge that makes it good or bad.
Shoot and Scoot
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
i agree with both of you
in a simple way the hacking knowledge is neutral, it is us, we can be bad or good
it is up to us how we use this knowledge,for good or bad thing...
in a simple way the hacking knowledge is neutral, it is us, we can be bad or good
it is up to us how we use this knowledge,for good or bad thing...
There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly. "The Jester"