Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Web Application Attack - Insecure Indexing

Posted by timothy on Monday February 28, 2005 @11:53AM from the trawling-for-patterns dept.

An anonymous reader writes "Take a look at 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' by Amit Klein. This is a new article about 'insecure indexing.' It's a good read -- shows you how to find 'invisible files' on a web server and moreover, how to see contents of files you'd usually get a 401/403 response for, using a locally installed search engine that indexes files (not URLs)."

3 of 120 comments (clear)

Min score:

Reason:

Sort:

Mozilla Firefox fucking sucks by Anonymous Coward · 2005-02-28 11:56 · Score: -1, Troll

I want a translation in my language but days after it's been released, it still isn't up. These cunts really need to get their asses in gear with translations if they want to be taken seriously.
fris7 pGsot by Anonymous Coward · 2005-02-28 12:11 · Score: -1, Troll

We'll be able to of playing your against vigorQous arrogance was members all over
Re:Vs. Database-Driven Sites? by illumin8 · 2005-02-28 15:11 · Score: 0, Troll

If you're the kind to leave private XLS, DOC, MDB, and other sensitive data on a PUBLIC server thinking it's safe just because nobody can "see" it, to put it delicately, you're an idiot.

Or, you're a Diebold employee...

--
"When the president does it, that means it's not illegal." - Richard M. Nixon