New Web Application Attack - Insecure Indexing

An anonymous reader writes "Take a look at 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' by Amit Klein. This is a new article about 'insecure indexing.' It's a good read -- shows you how to find 'invisible files' on a web server and moreover, how to see contents of files you'd usually get a 401/403 response for, using a locally installed search engine that indexes files (not URLs)."

but its fixed in firefox now

[Prophetic_Truth]

right?

should have been from....

the department-of-the-bleedingly-obvious...

sounds like fun

[h4ter]

The attacker first loops through all possible words in English...

I get the idea this might take a while.

Re:sounds like fun

[h4ter]

Wait a minute. All possible? Couldn't be satisfied with just actual words? This is going to take a lot longer than I first thought.

(Sorry for the reply to self. It's like my own little dupe.)

does this mean more PRON?

[jephthah]

bastards always hiding their stash. this'll show 'em

application in porn

my mind being the way it is, i can't help but think of an application for this in porn ;). a lot of porn sites have extensive free previews, but its hard for someone to find all the free preview pics for a certain site (useful especially for a single model's site) unless you can find a direct link to every single unique free preview gallery from somewhere, and you'll undoubtedly miss some good stuff. i want to see a firefox extension that gets me all the free pics from a given site damnit!

New option for robots.txt

[michelcultivo]

Please put this new undocumented tag on your robots.txt file: "hackthis=false" "xss=false" "scriptkiddies=log,drop" And all you problems will be solved.